164989 2016-11-19 09:49:05 -0800 Crash in WTF::FastBitVectorWordOwner::numBits() in GC thread. 2016-11-19 09:50:24 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified NEW P2 Normal --- 1 mark.lam webkit-unassigned fpizlo oldest_to_newest 1253085 0 mark.lam 2016-11-19 09:49:05 -0800 See https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK2%20(Tests)/r208921%20(771)/fast/events/tab-focus-hidden-crash-log.txt Relevant crash trace: Crashed Thread: 11 WTF::AutomaticThread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000060 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] Thread 11 Crashed:: WTF::AutomaticThread 0 com.apple.JavaScriptCore 0x00000001126cb8dc WTF::FastBitVectorWordOwner::numBits() const + 12 (FastBitVector.h:129) 1 com.apple.JavaScriptCore 0x00000001126cb2a5 WTF::FastBitVectorImpl<WTF::FastBitVectorWordOwner>::numBits() const + 21 (FastBitVector.h:271) 2 com.apple.JavaScriptCore 0x0000000112788668 WTF::FastBitVectorImpl<WTF::FastBitVectorWordOwner>::atImpl(unsigned long) const + 40 (FastBitVector.h:426) 3 com.apple.JavaScriptCore 0x0000000112788598 WTF::FastBitVector::operator[](unsigned long) const + 40 (FastBitVector.h:512) 4 com.apple.JavaScriptCore 0x000000011292295c JSC::MarkedAllocator::isAllocated(unsigned long) const + 44 (MarkedAllocator.h:181) 5 com.apple.JavaScriptCore 0x00000001129227c0 JSC::MarkedAllocator::isAllocated(JSC::MarkedBlock::Handle*) const + 48 (MarkedAllocator.h:181) 6 com.apple.JavaScriptCore 0x0000000113300525 JSC::MarkedBlock::aboutToMarkSlow(unsigned int) + 197 (MarkedBlock.cpp:385) 7 com.apple.JavaScriptCore 0x000000011353597c JSC::MarkedBlock::aboutToMark(unsigned int) + 60 (MarkedBlock.h:502) 8 com.apple.JavaScriptCore 0x0000000113533a6b void JSC::SlotVisitor::setMarkedAndAppendToMarkStack<JSC::MarkedBlock>(JSC::MarkedBlock&, JSC::JSCell*) + 43 (SlotVisitor.cpp:204) 9 com.apple.JavaScriptCore 0x000000011353370a JSC::SlotVisitor::setMarkedAndAppendToMarkStack(JSC::JSCell*) + 218 (SlotVisitor.cpp:197) 10 com.apple.JavaScriptCore 0x0000000113533622 JSC::SlotVisitor::append(JSC::JSValue) + 178 (SlotVisitor.cpp:171) 11 com.apple.JavaScriptCore 0x000000011289db65 void JSC::SlotVisitor::append<JSC::Unknown>(JSC::WriteBarrierBase<JSC::Unknown>*) + 53 (SlotVisitorInlines.h:69) 12 com.apple.JavaScriptCore 0x000000011356ac72 JSC::Structure::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 402 (Structure.cpp:1033) 13 com.apple.JavaScriptCore 0x000000011353441d JSC::SlotVisitor::visitChildren(JSC::JSCell const*) + 269 (SlotVisitor.cpp:335) 14 com.apple.JavaScriptCore 0x0000000113534228 JSC::SlotVisitor::drain(WTF::MonotonicTime) + 344 (SlotVisitor.cpp:381) 15 com.apple.JavaScriptCore 0x0000000113534c9e JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 1998 (SlotVisitor.cpp:408) 16 com.apple.JavaScriptCore 0x0000000112f62670 JSC::Heap::markToFixpoint(double)::$_1::operator()() const + 768 (Heap.cpp:529) 17 com.apple.JavaScriptCore 0x0000000112f622c9 WTF::SharedTaskFunctor<void (), JSC::Heap::markToFixpoint(double)::$_1>::run() + 25 (SharedTask.h:90) 18 com.apple.JavaScriptCore 0x000000011379aead WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()> >) + 173 (ParallelHelperPool.cpp:115) 19 com.apple.JavaScriptCore 0x000000011379bc1f WTF::ParallelHelperPool::Thread::work() + 63 (ParallelHelperPool.cpp:194) 20 com.apple.JavaScriptCore 0x00000001137c1248 WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0::operator()() const + 552 (AutomaticThread.cpp:194) 21 com.apple.JavaScriptCore 0x00000001137c100d void std::__1::__invoke_void_return_wrapper<void>::__call<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0&>(WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0&&&) + 45 (__functional_base:469) 22 com.apple.JavaScriptCore 0x00000001137c0da9 std::__1::__function::__func<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0, std::__1::allocator<WTF::AutomaticThread::start(WTF::Locker<WTF::LockBase> const&)::$_0>, void ()>::operator()() + 41 (functional:1437) 23 com.apple.JavaScriptCore 0x0000000112cc5eca std::__1::function<void ()>::operator()() const + 26 (functional:1817) 24 com.apple.JavaScriptCore 0x00000001137d2087 WTF::threadEntryPoint(void*) + 151 (Threading.cpp:60) 25 com.apple.JavaScriptCore 0x00000001137d3a51 WTF::wtfThreadEntryPoint(void*) + 289 (ThreadingPthreads.cpp:164) 26 libsystem_pthread.dylib 0x00007fffbe5f3abb _pthread_body + 180 27 libsystem_pthread.dylib 0x00007fffbe5f3a07 _pthread_start + 286 28 libsystem_pthread.dylib 0x00007fffbe5f3231 thread_start + 13 1253086 1 mark.lam 2016-11-19 09:50:24 -0800 This was seen on a debug build layout test failure from a bot: https://build.webkit.org/builders/Apple%20Sierra%20Debug%20WK2%20%28Tests%29/builds/771