41454 2010-07-01 04:32:07 -0700 Crash in JSC::JSValue::operator bool when loading postimees.ee 2010-11-04 02:38:17 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) PC Linux RESOLVED DUPLICATE 41948 http://www.postimees.ee InRadar P1 Normal --- 0 plaes webkit-unassigned ap barraclough ggaren gustavo ismail oliver uzytkownik2 oldest_to_newest 245252 0 plaes 2010-07-01 04:32:07 -0700 When opening following site: http://www.postimees.ee I'm getting crash: Webkit-gtk-1.3.2 with epiphany-2.30.2 Traceback (most recent call last): File "/usr/share/gdb/auto-load/usr/lib64/libgobject-2.0.so.0.2400.1-gdb.py", line 9, in <module> from gobject import register File "/usr/share/glib-2.0/gdb/gobject.py", line 3, in <module> import gdb.backtrace ImportError: No module named backtrace [Thread debugging using libthread_db enabled] [New Thread 0x7f9ba59a4710 (LWP 5469)] [New Thread 0x7f9ba62a5710 (LWP 5468)] 0x00007f9bbcbf4cdd in __libc_waitpid (pid=5542, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 in ../sysdeps/unix/sysv/linux/waitpid.c #0 0x00007f9bbcbf4cdd in __libc_waitpid (pid=5542, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 #1 0x00007f9bbd3c0121 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff2f828038) at gspawn.c:386 #2 0x00007f9bbd3c0439 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff2f828038) at gspawn.c:700 #3 0x00007f9bab64fd61 in run_bug_buddy (signum=<value optimized out>) at gnome-breakpad.cc:369 #4 check_if_gdb (signum=<value optimized out>) at gnome-breakpad.cc:440 #5 bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:223 #6 <signal handler called> #7 JSC::JSValue::operator bool (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:824 #8 JSC::ExecState::hadException (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at ./JavaScriptCore/interpreter/CallFrame.h:83 #9 callDefaultValueFunction (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:253 #10 JSC::JSObject::defaultValue (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:272 #11 0x00007f9bc0ca412d in JSC::JSObject::toPrimitive (this=0x0, exec=0x4000007f9b9f8c1d, preferredType=2677260689) at ./JavaScriptCore/runtime/JSObject.h:631 #12 0x00007f9bc14b4414 in JSC::JSObject::toString (this=0x0, exec=0x7f9b9f93c190) at JavaScriptCore/runtime/JSObject.cpp:476 #13 0x00007f9bc14e0844 in JSC::JSValue::toThisString (exec=0x7f9b9f93c190) at JavaScriptCore/runtime/JSObject.h:739 #14 stringProtoFuncSubstring (exec=0x7f9b9f93c190) at JavaScriptCore/runtime/StringPrototype.cpp:764 #15 0x00007f9bc27261aa in ?? () #16 0xffff000000000002 in ?? () #17 0x00007f9ba4e71aba in ?? () #18 0x0000000000000000 in ?? () Thread 3 (Thread 0x7f9ba62a5710 (LWP 5468)): #0 pthread_cond_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162 No locals. #1 0x00007f9bc14eccd4 in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7f9bc1ea9ba0) at JavaScriptCore/wtf/FastMalloc.cpp:2380 No locals. #2 0x00007f9bc14eccf9 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0x7f9bc1eb7c74) at JavaScriptCore/wtf/FastMalloc.cpp:1501 No locals. #3 0x00007f9bbcbec8e4 in start_thread (arg=<value optimized out>) at pthread_create.c:297 __res = <value optimized out> pd = 0x7f9ba62a5710 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140306484451088, 8797029185233484727, 140306863321312, 0, 140306961006592, 3, -8853479575251453001, -8853467656871609417}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #4 0x00007f9bbc95e27d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 2 (Thread 0x7f9ba59a4710 (LWP 5469)): #0 pthread_cond_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162 No locals. #1 0x00007f9bc11b1c48 in WebCore::IconDatabase::syncThreadMainLoop (this=0x7f9ba59baa00) at WebCore/loader/icon/IconDatabase.cpp:1412 didAnyWork = <value optimized out> #2 0x00007f9bc11b1d18 in WebCore::IconDatabase::iconDatabaseSyncThread (this=0x7f9ba59baa00) at WebCore/loader/icon/IconDatabase.cpp:1030 journalFilename = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7f9ba59bcf20}} #3 0x00007f9bbcbec8e4 in start_thread (arg=<value optimized out>) at pthread_create.c:297 __res = <value optimized out> pd = 0x7f9ba59a4710 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140306475009808, 8797029185233484727, 140306863321312, 0, 140306961006592, 3, -8853487138151990345, -8853467656871609417}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #4 0x00007f9bbc95e27d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 1 (Thread 0x7f9bc28ce8c0 (LWP 5467)): #0 0x00007f9bbcbf4cdd in __libc_waitpid (pid=5542, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 _a3 = 0 _a1 = 5542 resultvar = <value optimized out> _a4 = 0 _a2 = 140733990469280 oldtype = 0 result = <value optimized out> #1 0x00007f9bbd3c0121 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff2f828038) at gspawn.c:386 outpipe = -1 errpipe = -1 pid = 5542 fds = {__fds_bits = {0, 16, 16, 0, 75640824, 140733990469688, 74736128, 75640800, 3, 0, 75640824, 140306871322109, 140733990469288, 140733990469280, 140733990469400, 0}} ret = <value optimized out> outstr = 0x0 errstr = 0x0 failed = 0 status = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_spawn_sync" #2 0x00007f9bbd3c0439 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff2f828038) at gspawn.c:700 retval = 0 argv = 0x4822fe0 __PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync" #3 0x00007f9bab64fd61 in run_bug_buddy (signum=<value optimized out>) at gnome-breakpad.cc:369 res = <value optimized out> warning_file = 0x0 exec_str = 0x471e1e0 "bug-buddy --appname=\"epiphany\" --pid=5467" args_str = <value optimized out> error = 0x0 #4 check_if_gdb (signum=<value optimized out>) at gnome-breakpad.cc:440 gdb = 0x1e91ea0 "/usr/bin/gdb" pid = 5467 mypath = 0x481a840 "\200\314\302\004" has_debug_symbols = <value optimized out> appname = 0x185e180 "epiphany" #5 bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:223 in_segv = 1 #6 <signal handler called> No symbol table info available. #7 JSC::JSValue::operator bool (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:824 No locals. #8 JSC::ExecState::hadException (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at ./JavaScriptCore/interpreter/CallFrame.h:83 No locals. #9 callDefaultValueFunction (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:253 callData = {native = {function = 0x7f9bc14df1c0 <stringProtoFuncToString>}, js = {functionExecutable = 0x7f9bc14df1c0, scopeChain = 0x8}} callType = <value optimized out> #10 JSC::JSObject::defaultValue (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:272 No locals. #11 0x00007f9bc0ca412d in JSC::JSObject::toPrimitive (this=0x0, exec=0x4000007f9b9f8c1d, preferredType=2677260689) at ./JavaScriptCore/runtime/JSObject.h:631 No locals. #12 0x00007f9bc14b4414 in JSC::JSObject::toString (this=0x0, exec=0x7f9b9f93c190) at JavaScriptCore/runtime/JSObject.cpp:476 primitive = <value optimized out> #13 0x00007f9bc14e0844 in JSC::JSValue::toThisString (exec=0x7f9b9f93c190) at JavaScriptCore/runtime/JSObject.h:739 No locals. #14 stringProtoFuncSubstring (exec=0x7f9b9f93c190) at JavaScriptCore/runtime/StringPrototype.cpp:764 thisValue = {m_ptr = 0x7f9b9f8e8900} s = {static NotFound = <optimized out>, m_rep = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}, static s_nullUString = 0x7f9ba59a60f0} end = <value optimized out> start = <value optimized out> #15 0x00007f9bc27261aa in ?? () No symbol table info available. #16 0xffff000000000002 in ?? () No symbol table info available. #17 0x00007f9ba4e71aba in ?? () No symbol table info available. #18 0x0000000000000000 in ?? () No symbol table info available. A debugging session is active. 245467 1 ap 2010-07-01 12:09:42 -0700 This looks cross platform, but I couldn't reproduce this in Safari. Maybe it's a different revision. Geoff, Oliver, any ideas? 245487 2 ggaren 2010-07-01 12:36:55 -0700 Not much to go on here. 245838 3 plaes 2010-07-02 02:45:15 -0700 (In reply to comment #2) > Not much to go on here. I'm getting it also with ToT. Any hints for printf debugging? 245932 4 oliver 2010-07-02 09:35:07 -0700 (In reply to comment #3) > (In reply to comment #2) > > Not much to go on here. > > I'm getting it also with ToT. Any hints for printf debugging? Do you get it with a debug build? 245936 5 plaes 2010-07-02 09:42:37 -0700 (In reply to comment #4) > > I'm getting it also with ToT. Any hints for printf debugging? > > Do you get it with a debug build? I cannot build debug because of bug 29244 :S 245982 6 plaes 2010-07-02 11:12:25 -0700 Got following: ASSERTION FAILED: vptr() == JSGlobalData::jsArrayVPtr (JavaScriptCore/runtime/JSArray.cpp:191 virtual JSC::JSArray::~JSArray()) #5 <signal handler called> #6 0x00007f0e22779ac7 in ~JSArray (this=0x7f0e048c0800, __in_chrg=<value optimized out>) at JavaScriptCore/runtime/JSArray.cpp:191 #7 0x00007f0e22740001 in JSC::Heap::sweep (this=0x24c6c18) at JavaScriptCore/runtime/Collector.cpp:1058 #8 0x00007f0e22740e2e in JSC::Heap::collectAllGarbage (this=0x24c6c18) at JavaScriptCore/runtime/Collector.cpp:1259 #9 0x00007f0e21c7c5ac in collect () at WebCore/bindings/js/GCController.cpp:46 #10 0x00007f0e221add33 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7c5ce0) at WebCore/platform/ThreadTimers.cpp:112 #11 0x00007f0e225c5d42 in timeout_cb () at WebCore/platform/gtk/SharedTimerGtk.cpp:48 #12 0x00007f0e174ae41b in g_timeout_dispatch (source=0x2682e60, callback=0, user_data=0x4a) at gmain.c:3480 #13 0x00007f0e174adc41 in g_main_dispatch (context=0x656880) at gmain.c:2044 #14 g_main_context_dispatch (context=0x656880) at gmain.c:2597 #15 0x00007f0e174b1b78 in g_main_context_iterate (context=0x656880, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2675 #16 0x00007f0e174b2085 in g_main_loop_run (loop=0x24a7980) at gmain.c:2883 #17 0x00007f0e1cd17717 in IA__gtk_main () at gtkmain.c:1237 #18 0x000000000040281f in main (argc=1, argv=0x7fff611e7608) at WebKitTools/GtkLauncher/main.c:224 And bt full: #5 <signal handler called> No symbol table info available. #6 0x00007f0e22779ac7 in ~JSArray (this=0x7f0e048c0800, __in_chrg=<value optimized out>) at JavaScriptCore/runtime/JSArray.cpp:191 No locals. #7 0x00007f0e22740001 in JSC::Heap::sweep (this=0x24c6c18) at JavaScriptCore/runtime/Collector.cpp:1058 cell = 0x7f0e048c0800 __PRETTY_FUNCTION__ = "void JSC::Heap::sweep()" dummyMarkableCellStructure = 0x24add80 #8 0x00007f0e22740e2e in JSC::Heap::collectAllGarbage (this=0x24c6c18) at JavaScriptCore/runtime/Collector.cpp:1259 No locals. #9 0x00007f0e21c7c5ac in collect () at WebCore/bindings/js/GCController.cpp:46 No locals. #10 0x00007f0e221add33 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7c5ce0) at WebCore/platform/ThreadTimers.cpp:112 interval = <value optimized out> fireTime = 1278097612.7114789 timeToQuit = 1278097612.7614789 #11 0x00007f0e225c5d42 in timeout_cb () at WebCore/platform/gtk/SharedTimerGtk.cpp:48 No locals. #12 0x00007f0e174ae41b in g_timeout_dispatch (source=0x2682e60, callback=0, user_data=0x4a) at gmain.c:3480 No locals. #13 0x00007f0e174adc41 in g_main_dispatch (context=0x656880) at gmain.c:2044 dispatch = 0x7f0e174ae400 <g_timeout_dispatch> user_data = 0x0 callback = 0x7f0e225c5d30 <timeout_cb> cb_funcs = 0x7f0e1776a5d0 cb_data = 0x2530520 current_source_link = {data = 0x2682e60, next = 0x0} source = 0x2682e60 current = 0x74ff90 i = 1 #14 g_main_context_dispatch (context=0x656880) at gmain.c:2597 No locals. #15 0x00007f0e174b1b78 in g_main_context_iterate (context=0x656880, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2675 max_priority = 0 timeout = 0 some_ready = 1 nfds = 3 allocated_nfds = 390851152 fds = <value optimized out> __PRETTY_FUNCTION__ = "g_main_context_iterate" 246017 7 ggaren 2010-07-02 12:16:35 -0700 One way this could happen would be if, in your build/link system, WebCore and JavaScriptCore used different vtables for their objects. 246788 8 ap 2010-07-05 14:47:38 -0700 *** Bug 41609 has been marked as a duplicate of this bug. *** 248841 9 plaes 2010-07-09 01:59:26 -0700 Phew.. got it bisected :) c9623c29ebd05196543eff26ff51157e13ea6360 is the first bad commit commit c9623c29ebd05196543eff26ff51157e13ea6360 Author: oliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Date: Mon Jun 21 17:43:03 2010 +0000 2010-06-19 Oliver Hunt <oliver@apple.com> Reviewed by Geoffrey Garen. Need to ensure that we grow the RegisterFile when creating a callframe for host code https://bugs.webkit.org/show_bug.cgi?id=40858 <rdar://problem/8108986> In the past the use of the callframe in hostcode was much more limited. Now that we expect the callframe to always be valid we need to grow the RegisterFile so that this is actually the case. In this particular case the problem was failing to grow the registerfile could lead to a callframe that extended beyond RegisterFiler::end(), so vm re-entry would clobber the callframe other scenarios could also lead to badness. I was unable to construct a simple testcase to trigger badness, and any such testcase would be so dependent on exact vm stack layout that it would be unlikely to work as a testcase following any callframe or register allocation changes anyway. Thankfully the new assertion I added should help to catch these failures in future, and triggers on a couple of tests currently. * interpreter/CallFrame.cpp: (JSC::CallFrame::registerFile): * interpreter/CallFrame.h: (JSC::ExecState::init): * interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@61553 268f45cc-cd09-0410-ab3c-d52691b4dbfc :040000 040000 72d529932785e4ccd65dbcf9a1852782842b220c 8ad86d61e4ac201ba4b7aa33e9fd1e4315f53de9 M JavaScriptCore 250438 10 61353 plaes 2010-07-13 04:42:11 -0700 Created attachment 61353 crashfix.patch After commenting out one of the assertions, things work again... 253453 11 ap 2010-07-19 16:24:14 -0700 *** Bug 42585 has been marked as a duplicate of this bug. *** 253455 12 ap 2010-07-19 16:25:07 -0700 Per a duplicate, this also affects Mac. 255943 13 ismail 2010-07-26 01:44:10 -0700 Still reproducable with ToT also effects http://gazetevatan.com , a big Turkish newspapers website. 257620 14 ismail 2010-07-29 03:55:05 -0700 postimees.ee is no longer crashing but http://gazetevatan.com still crashes, are we sure those are the same problems? 258736 15 ap 2010-08-01 23:43:42 -0700 <rdar://problem/8260963> 261208 16 ismail 2010-08-06 05:47:42 -0700 This bug prevents me from testing WebKit on my machine, it would be real nice if it could be fixed. 262646 17 ismail 2010-08-10 06:12:11 -0700 No longer crashes with r65052 284502 18 uzytkownik2 2010-09-24 10:29:18 -0700 Reproduced with 1.3.4 + patch: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6e7c7c4 in operator bool (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:793 793 ./JavaScriptCore/runtime/JSValue.h: No such file or directory. in ./JavaScriptCore/runtime/JSValue.h Thread 24 (Thread 0x7fff5112f710 (LWP 4747)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 164703000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff5112ecb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 164703} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a5ab60 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x7fffe0024920) at gthread.c:1897 thread = 0x7fffe0024920 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 23 (Thread 0x7fff51a30710 (LWP 4746)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 200311000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff51a2fcb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 200311} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x19b6580 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x7fffe00122c0) at gthread.c:1897 thread = 0x7fffe00122c0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 22 (Thread 0x7fff52231710 (LWP 4745)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 76748000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff52230cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 76748} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a5ab00 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x7fffe001f370) at gthread.c:1897 thread = 0x7fffe001f370 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 21 (Thread 0x7fff52a32710 (LWP 4744)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 85663000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff52a31cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 85663} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a0ae40 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x7fffe0012590) at gthread.c:1897 thread = 0x7fffe0012590 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 20 (Thread 0x7fff53e3a710 (LWP 4743)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 47249000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff53e39cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 47249} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x7fffe0026d80 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x1a2dbc0) at gthread.c:1897 thread = 0x1a2dbc0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 19 (Thread 0x7fff54e3c710 (LWP 4742)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 49291000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff54e3bcb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 49291} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x19b6b00 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x1a4c510) at gthread.c:1897 thread = 0x1a4c510 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 18 (Thread 0x7fff55f89710 (LWP 4741)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 200651000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff55f88cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 200651} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a51b00 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x1a3d900) at gthread.c:1897 thread = 0x1a3d900 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 17 (Thread 0x7fff5573d710 (LWP 4740)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 50888000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff5573ccb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 50888} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a5a8c0 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x1a3cfc0) at gthread.c:1897 thread = 0x1a3cfc0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 16 (Thread 0x7fffd75c5710 (LWP 4739)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 90264000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fffd75c4cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 90264} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0xd21860 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x192b1f0) at gthread.c:1897 thread = 0x192b1f0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 15 (Thread 0x7fff5463b710 (LWP 4738)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 103598000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff5463acb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 103598} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x19b6580 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x18c1df0) at gthread.c:1897 thread = 0x18c1df0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 14 (Thread 0x7fff53639710 (LWP 4737)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 120788000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff53638cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 120788} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x7fffe0026c60 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x18c3230) at gthread.c:1897 thread = 0x18c3230 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 4 (Thread 0x7fffd8b08710 (LWP 4723)): #0 0x00007ffff181f62c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff64a5302 in WebCore::IconDatabase::syncThreadMainLoop ( this=0x7fffd8b11800) at WebCore/loader/icon/IconDatabase.cpp:1420 didAnyWork = <value optimized out> shouldReenableSuddenTermination = <value optimized out> #2 0x00007ffff64a6d20 in WebCore::IconDatabase::iconDatabaseSyncThread ( this=0x7fffd8b11800) at WebCore/loader/icon/IconDatabase.cpp:1044 journalFilename = { m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7fffd8b1ff00}} #3 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #4 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 3 (Thread 0x7fffd9409710 (LWP 4722)): #0 0x00007ffff181f62c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff6ecd874 in WTF::TCMalloc_PageHeap::scavengerThread ( this=0x7ffff7584a20) at JavaScriptCore/wtf/FastMalloc.cpp:2400 No locals. #2 0x00007ffff6ecd899 in WTF::TCMalloc_PageHeap::runScavengerThread ( context=0x7ffff7592af4) at JavaScriptCore/wtf/FastMalloc.cpp:1517 No locals. #3 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #4 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 2 (Thread 0x7fffe5503710 (LWP 4721)): #0 0x00007ffff15707f3 in __poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=<value optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87 resultvar = 18446744073709551100 oldtype = 0 result = <value optimized out> #1 0x00007ffff1fb9cb5 in g_main_context_poll (context=0x79a9b0, block=1, dispatch=1, self=<value optimized out>) at gmain.c:3093 poll_func = 0x7ffff1fca750 <g_poll> #2 g_main_context_iterate (context=0x79a9b0, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2775 max_priority = 2147483647 timeout = -1 some_ready = <value optimized out> nfds = 1 allocated_nfds = <value optimized out> fds = 0x79c2f0 #3 0x00007ffff1fba722 in g_main_loop_run (loop=0x79aa90) at gmain.c:2988 __PRETTY_FUNCTION__ = "g_main_loop_run" #4 0x00007ffff299d074 in gdbus_shared_thread_func (data=<value optimized out>) at gdbusprivate.c:277 No locals. #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x79aab0) at gthread.c:1897 thread = 0x79aab0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 1 (Thread 0x7ffff7fa18c0 (LWP 4694)): #0 0x00007ffff6e7c7c4 in operator bool (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:793 No locals. #1 hadException (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at ./JavaScriptCore/interpreter/CallFrame.h:83 No locals. #2 callDefaultValueFunction (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:253 callData = {native = {function = 0x7ffff6eafbf0 <JSC::stringProtoFuncToString(JSC::ExecState*)>}, js = { functionExecutable = 0x7ffff6eafbf0, scopeChain = 0x7fffffffc3e0}} callType = 1450963377 result = {m_ptr = 0x7fff506c8540} #3 JSC::JSObject::defaultValue (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:272 No locals. #4 0x00007ffff60f2aed in JSC::JSObject::toPrimitive ( this=<value optimized out>, exec=<value optimized out>, preferredType=<value optimized out>) at ./JavaScriptCore/runtime/JSObject.h:637 No locals. #5 0x00007ffff6e7b3b4 in JSC::JSObject::toString (this=<value optimized out>, exec=0x7fff567bf1b0) at JavaScriptCore/runtime/JSObject.cpp:476 primitive = <value optimized out> #6 0x00007ffff6eb035c in toThisString (exec=0x7fff567bf1b0) at JavaScriptCore/runtime/JSObject.h:751 No locals. #7 JSC::stringProtoFuncSubstring (exec=0x7fff567bf1b0) at JavaScriptCore/runtime/StringPrototype.cpp:785 thisValue = {m_ptr = 0x7fff506c8500} s = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x8}} len = <value optimized out> end = <value optimized out> start = <value optimized out> #8 0x00007fff56bbf1aa in ?? () No symbol table info available. #9 0xffff000000000000 in ?? () No symbol table info available. #10 0x00007fff56dc5366 in ?? () No symbol table info available. #11 0x0000000000000000 in ?? () No symbol table info available. A debugging session is active. 291484 19 plaes 2010-10-08 00:33:33 -0700 Yestarday I built my webkit *without* the patch submitted here and I ran into crashes again (so the patch really helps): #6 <signal handler called> #7 operator bool (this=<value optimized out>, exec=0x7fea5ddfa190, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:793 #8 hadException (this=<value optimized out>, exec=0x7fea5ddfa190, hint=<value optimized out>) at ./JavaScriptCore/interpreter/CallFrame.h:83 #9 callDefaultValueFunction (this=<value optimized out>, exec=0x7fea5ddfa190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:253 #10 JSC::JSObject::defaultValue (this=<value optimized out>, exec=0x7fea5ddfa190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:272 #11 0x00007fea79808c5d in JSC::JSObject::toPrimitive (this=0x0, exec=0x4000007fe9d24b84, preferredType=1574936977) at ./JavaScriptCore/runtime/JSObject.h:637 #12 0x00007fea7a497c74 in JSC::JSObject::toString (this=0x0, exec=0x7fea5ddfa190) at JavaScriptCore/runtime/JSObject.cpp:476 #13 0x00007fea7a4ce446 in toThisString (exec=0x7fea5ddfa190) at JavaScriptCore/runtime/JSObject.h:751 #14 JSC::stringProtoFuncSubstring (exec=0x7fea5ddfa190) at JavaScriptCore/runtime/StringPrototype.cpp:785 291492 20 uzytkownik2 2010-10-08 01:04:38 -0700 (In reply to comment #19) > Yestarday I built my webkit *without* the patch submitted here and I ran into crashes again (so the patch really helps): > Hmm. Could you look on the my stacktrace (comment #18)? I can reproduce it with patch so it did not solve 100% od problem. 291511 21 plaes 2010-10-08 02:16:16 -0700 (In reply to comment #20) > (In reply to comment #19) > > Yestarday I built my webkit *without* the patch submitted here and I ran into crashes again (so the patch really helps): > > > > Hmm. Could you look on the my stacktrace (comment #18)? I can reproduce it with patch so it did not solve 100% od problem. You sure that you had the patch applied, because the line numbers look unique (at least for the first 4 callframes). 291528 22 uzytkownik2 2010-10-08 02:45:27 -0700 (In reply to comment #21) > (In reply to comment #20) > > (In reply to comment #19) > > > Yestarday I built my webkit *without* the patch submitted here and I ran into crashes again (so the patch really helps): > > > > > > > Hmm. Could you look on the my stacktrace (comment #18)? I can reproduce it with patch so it did not solve 100% od problem. > > You sure that you had the patch applied, because the line numbers look unique (at least for the first 4 callframes). From ebuild: # Fix invalid? assertion check # https://bugs.webkit.org/show_bug.cgi?id=41454 epatch "${FILESDIR}"/${PN}-1.3.x-disable-jsc-assertion.patch Patch is identical 291532 23 plaes 2010-10-08 02:59:47 -0700 OK, http://www.joemonster.org/ causes the crash even *with* the patch... :S 291670 24 oliver 2010-10-08 08:38:16 -0700 That patch is really wrong (it essentially elides the stack overflow protection in the vm. I believe we understand this bug, but haven't yet determined the correct fix, can you try commenting out the lines: // Shrink the JS stack, in case stack overflow made it huge. m_registerFile.shrink(callFrame->registers() + callFrame->codeBlock()->m_numCalleeRegisters); in Interpreter.cpp -- it's around line 644 (i have a large patch in my tree so i can't guarantee exact line number) 292342 25 plaes 2010-10-10 12:17:04 -0700 (In reply to comment #24) > That patch is really wrong (it essentially elides the stack overflow protection in the vm. > > I believe we understand this bug, but haven't yet determined the correct fix, can you try commenting out the lines: > > // Shrink the JS stack, in case stack overflow made it huge. > m_registerFile.shrink(callFrame->registers() + callFrame->codeBlock()->m_numCalleeRegisters); > > in Interpreter.cpp -- it's around line 644 (i have a large patch in my tree so i can't guarantee exact line number) Seems to be working after I removed these lines. 296332 26 barraclough 2010-10-19 12:28:34 -0700 Fix nearly complete for this, one regression fail to track down. *** This bug has been marked as a duplicate of bug 41948 *** 304502 27 ap 2010-11-04 00:00:17 -0700 Could you please verify that this is fixed now? 304545 28 plaes 2010-11-04 02:38:17 -0700 (In reply to comment #27) > Could you please verify that this is fixed now? Ok, with the patch from 41948 neither postimees.ee or joemonster.org crash. Thanks ;) 61353 2010-07-13 04:42:11 -0700 2010-07-13 04:42:11 -0700 crashfix.patch 0001-Crashfix.patch text/plain 1242 plaes RnJvbSAwYzBlZTkwNzVmZjc0ZWNhOGZiZDNjODEzNTY5NTRkNDQzZTVjM2MxIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBQcmlpdCBMYWVzIDxwbGFlc0BwbGFlcy5vcmc+CkRhdGU6IFR1 ZSwgMTMgSnVsIDIwMTAgMTU6MjM6MjAgKzAzMDAKU3ViamVjdDogW1BBVENIXSBDcmFzaGZpeAoK LS0tCiBKYXZhU2NyaXB0Q29yZS9qaXQvSklUU3R1YnMuY3BwIHwgICAgMiArKwogMSBmaWxlcyBj aGFuZ2VkLCAyIGluc2VydGlvbnMoKyksIDAgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvSmF2 YVNjcmlwdENvcmUvaml0L0pJVFN0dWJzLmNwcCBiL0phdmFTY3JpcHRDb3JlL2ppdC9KSVRTdHVi cy5jcHAKaW5kZXggODViZDU0Zi4uNTk1YTA2NiAxMDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUv aml0L0pJVFN0dWJzLmNwcAorKysgYi9KYXZhU2NyaXB0Q29yZS9qaXQvSklUU3R1YnMuY3BwCkBA IC0yMjMyLDEwICsyMjMyLDEyIEBAIERFRklORV9TVFVCX0ZVTkNUSU9OKEVuY29kZWRKU1ZhbHVl LCBvcF9jb25zdHJ1Y3RfTm90SlNDb25zdHJ1Y3QpCiAgICAgICAgIGludCBhcmdDb3VudCA9IHN0 YWNrRnJhbWUuYXJnc1syXS5pbnQzMigpOwogICAgICAgICBDYWxsRnJhbWUqIHByZXZpb3VzQ2Fs bEZyYW1lID0gc3RhY2tGcmFtZS5jYWxsRnJhbWU7CiAgICAgICAgIENhbGxGcmFtZSogY2FsbEZy YW1lID0gQ2FsbEZyYW1lOjpjcmVhdGUocHJldmlvdXNDYWxsRnJhbWUtPnJlZ2lzdGVycygpICsg cmVnaXN0ZXJPZmZzZXQpOworI2lmIDAKICAgICAgICAgaWYgKCFzdGFja0ZyYW1lLnJlZ2lzdGVy RmlsZS0+Z3JvdyhjYWxsRnJhbWUtPnJlZ2lzdGVycygpKSkgewogICAgICAgICAgICAgdGhyb3dT dGFja092ZXJmbG93RXJyb3IocHJldmlvdXNDYWxsRnJhbWUsIHN0YWNrRnJhbWUuZ2xvYmFsRGF0 YSwgY2FsbEZyYW1lLT5yZXR1cm5QQygpLCBTVFVCX1JFVFVSTl9BRERSRVNTKTsKICAgICAgICAg ICAgIFZNX1RIUk9XX0VYQ0VQVElPTigpOwogICAgICAgICB9CisjZW5kaWYKIAogICAgICAgICBj YWxsRnJhbWUtPmluaXQoMCwgc3RhdGljX2Nhc3Q8SW5zdHJ1Y3Rpb24qPigoU1RVQl9SRVRVUk5f QUREUkVTUykudmFsdWUoKSksIHByZXZpb3VzQ2FsbEZyYW1lLT5zY29wZUNoYWluKCksIHByZXZp b3VzQ2FsbEZyYW1lLCBhcmdDb3VudCwgYXNPYmplY3QoY29uc3RyVmFsKSk7CiAgICAgICAgIHN0 YWNrRnJhbWUuY2FsbEZyYW1lID0gY2FsbEZyYW1lOwotLSAKMS43LjEuMQoK