[Webkit-unassigned] [Bug 254633] REGRESSION: JSC: Crash under JSC::MarkedBlock::aboutToMark

Tue Mar 28 17:37:46 PDT 2023

https://bugs.webkit.org/show_bug.cgi?id=254633

--- Comment #1 from Fujii Hironori <Hironori.Fujii at sony.com> ---
Backtrace of WinCairo Debug MiniBrowser 262233 at main:

Exception thrown at 0x00007FFA42E6A001 (JavaScriptCore.dll) in WebKitWebProcess.exe: 0xC0000005: Access violation reading location 0xFFFFFFFFFFFFFFFF.

JavaScriptCore.dll!std::_Atomic_storage<unsigned char,1>::compare_exchange_strong(unsigned char & _Expected, const unsigned char _Desired, const std::memory_order _Order) Line 756     C++
JavaScriptCore.dll!std::atomic<unsigned char>::compare_exchange_weak(unsigned char & _Expected, const unsigned char _Desired, const std::memory_order _Order) Line 2208 C++
JavaScriptCore.dll!WTF::Atomic<unsigned char>::compareExchangeWeak(unsigned char expected, unsigned char desired, std::memory_order order) Line 90      C++
JavaScriptCore.dll!WTF::LockAlgorithm<unsigned char,1,2,WTF::EmptyLockHooks<unsigned char>>::lockFastAssumingZero(WTF::Atomic<unsigned char> & lock) Line 54    C++
JavaScriptCore.dll!WTF::Lock::lock() Line 65    C++
JavaScriptCore.dll!WTF::Locker<WTF::Lock>::Locker<WTF::Lock>(WTF::Lock & lock) Line 159 C++
JavaScriptCore.dll!JSC::MarkedBlock::aboutToMarkSlow(unsigned int markingVersion) Line 207      C++
JavaScriptCore.dll!JSC::MarkedBlock::aboutToMark(unsigned int markingVersion) Line 587  C++
JavaScriptCore.dll!JSC::SlotVisitor::appendUnbarriered(JSC::JSCell * cell) Line 57      C++
JavaScriptCore.dll!JSC::SlotVisitor::appendUnbarriered(JSC::JSValue value) Line 71      C++
JavaScriptCore.dll!JSC::SlotVisitor::append<enum JSC::Unknown,WTF::RawValueTraits<enum JSC::Unknown>>(const JSC::WriteBarrierBase<enum JSC::Unknown,WTF::RawValueTraits<enum JSC::Unknown>> & slot) Line 111    C++
JavaScriptCore.dll!JSC::SlotVisitor::appendValues(const JSC::WriteBarrierBase<enum JSC::Unknown,WTF::RawValueTraits<enum JSC::Unknown>> * barriers, unsigned __int64 count) Line 139    C++
JavaScriptCore.dll!JSC::JSBoundFunction::visitChildrenImpl<JSC::SlotVisitor>(JSC::JSCell * cell, JSC::SlotVisitor & visitor) Line 403   C++
JavaScriptCore.dll!JSC::JSBoundFunction::visitChildren(JSC::JSCell * cell, JSC::SlotVisitor & visitor) Line 406 C++
JavaScriptCore.dll!JSC::MethodTable::visitChildren(JSC::JSCell * cell, JSC::SlotVisitor & visitor) Line 115     C++
JavaScriptCore.dll!JSC::SlotVisitor::visitChildren(const JSC::JSCell * cell) Line 398   C++
JavaScriptCore.dll!JSC::SlotVisitor::drain::__l11::<lambda_1>::operator()(JSC::MarkStackArray & stack) Line 504 C++
JavaScriptCore.dll!JSC::SlotVisitor::forEachMarkStack<`JSC::SlotVisitor::drain'::`11'::<lambda_1>>(const JSC::SlotVisitor::drain::__l11::<lambda_1> & func) Line 184    C++
JavaScriptCore.dll!JSC::SlotVisitor::drain(WTF::MonotonicTime timeout) Line 494 C++
JavaScriptCore.dll!JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode sharedDrainMode, WTF::MonotonicTime timeout) Line 697    C++
JavaScriptCore.dll!JSC::Heap::runBeginPhase::__l2::<lambda_2>::operator()() Line 1400   C++
JavaScriptCore.dll!WTF::SharedTaskFunctor<void __cdecl(void),`JSC::Heap::runBeginPhase'::`2'::<lambda_2>>::run() Line 92        C++
WTF.dll!WTF::ParallelHelperClient::runTask(const WTF::RefPtr<WTF::SharedTask<void __cdecl(void)>,WTF::RawPtrTraits<WTF::SharedTask<void __cdecl(void)>>,WTF::DefaultRefDerefTraits<WTF::SharedTask<void __cdecl(void)>>> & task) Line 113       C++
WTF.dll!WTF::ParallelHelperPool::Thread::work() Line 202        C++
WTF.dll!WTF::AutomaticThread::start::__l2::<lambda_1>::operator()() Line 229    C++
WTF.dll!WTF::Detail::CallableWrapper<`WTF::AutomaticThread::start'::`2'::<lambda_1>,void>::call() Line 53       C++
WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 83 C++
WTF.dll!WTF::Thread::entryPoint(WTF::Thread::NewThreadContext * newThreadContext) Line 250      C++
WTF.dll!WTF::wtfThreadEntryPoint(void * data) Line 151  C++
ucrtbase.dll!00007ffaf1f61bb2() Unknown
kernel32.dll!00007ffaf30e7614() Unknown
ntdll.dll!00007ffaf45026a1()    Unknown

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230329/fecf121d/attachment.htm>