61064 2011-05-18 09:05:17 -0700 Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests) 2011-05-18 17:58:34 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac OS X 10.6 RESOLVED FIXED http://build.webkit.org/results/SnowLeopard%20Intel%20Release%20(WebKit2%20Tests)/r86761%20(11774)/dom/html/level1/core/hc_nodeelementnodeattributes-crash-log.txt InRadar, LayoutTestFailure, MakingBotsRed P2 Normal --- 1 aroben oliver ggaren oliver oldest_to_newest 405764 0 aroben 2011-05-18 09:05:17 -0700 dom/html/level1/core/hc_nodeelementnodeattributes.html crashed once in JSC::MarkStack::validateValue on SnowLeopard Intel Release (WebKit2 Tests). http://build.webkit.org/results/SnowLeopard%20Intel%20Release%20(WebKit2%20Tests)/r86761%20(11774)/dom/html/level1/core/hc_nodeelementnodeattributes-crash-log.txt Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x000000011088c3c8 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010083038e JSC::MarkStack::validateValue(JSC::JSValue) + 62 (WriteBarrier.h:97) 1 com.apple.JavaScriptCore 0x000000010083099a JSC::MarkStack::visitChildren(JSC::JSCell*) + 554 (MarkStack.cpp:138) 2 com.apple.JavaScriptCore 0x00000001008306c7 JSC::MarkStack::drain() + 455 (MarkStack.h:162) 3 com.apple.JavaScriptCore 0x000000010082d23c JSC::Heap::markRoots() + 268 (Heap.cpp:227) 4 com.apple.JavaScriptCore 0x000000010082d685 JSC::Heap::reset(JSC::Heap::SweepToggle) + 37 (Heap.cpp:396) 5 com.apple.JavaScriptCore 0x000000010082d783 JSC::Heap::allocateSlowCase(unsigned long) + 19 (Heap.cpp:124) 6 com.apple.JavaScriptCore 0x000000010080048a JSC::Structure::addPropertyTransition(JSC::JSGlobalData&, JSC::Structure*, JSC::Identifier const&, unsigned int, JSC::JSCell*, unsigned long&) + 2762 (JSCell.h:409) 7 com.apple.JavaScriptCore 0x000000010063664d JSC::JSObject::putDirectInternal(JSC::JSGlobalData&, JSC::Identifier const&, JSC::JSValue, unsigned int, bool, JSC::PutPropertySlot&, JSC::JSCell*) + 2365 (JSObject.h:657) 8 com.apple.JavaScriptCore 0x00000001006b9d6b JSC::ErrorInstance::ErrorInstance(JSC::JSGlobalData*, JSC::Structure*) + 315 (RefPtr.h:58) 9 com.apple.JavaScriptCore 0x00000001006ba8bd JSC::ErrorPrototype::ErrorPrototype(JSC::ExecState*, JSC::JSGlobalObject*, JSC::Structure*) + 45 (ErrorPrototype.cpp:54) 10 com.apple.JavaScriptCore 0x0000000100751e5e JSC::JSGlobalObject::reset(JSC::JSValue) + 4798 (JSValueInlineMethods.h:386) 11 com.apple.WebCore 0x0000000100f51691 WebCore::JSDOMGlobalObject::JSDOMGlobalObject(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWrapperWorld>, JSC::JSObject*) + 833 (JSDOMGlobalObject.cpp:48) 12 com.apple.WebCore 0x0000000100fa0d56 WebCore::JSDOMWindowBase::JSDOMWindowBase(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 54 (PassRefPtr.h:74) 13 com.apple.WebCore 0x0000000100f72ba3 WebCore::JSDOMWindow::JSDOMWindow(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 35 (PassRefPtr.h:74) 14 com.apple.WebCore 0x0000000100faa1de WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 526 (PassRefPtr.h:74) 15 com.apple.WebCore 0x000000010156a609 WebCore::ScriptController::clearWindowShell(bool) + 217 (PassRefPtr.h:74) 16 com.apple.WebCore 0x0000000100cbb215 WebCore::FrameLoader::clear(bool, bool, bool) + 389 (FrameLoader.cpp:630) 17 com.apple.WebCore 0x0000000100b7af05 WebCore::DocumentWriter::begin(WebCore::KURL const&, bool, WebCore::SecurityOrigin*) + 197 (DocumentWriter.cpp:128) 18 com.apple.WebCore 0x0000000100cc3a93 WebCore::FrameLoader::receivedFirstData() + 51 (FrameLoader.cpp:660) 19 com.apple.WebCore 0x0000000100b7ab99 WebCore::DocumentWriter::setEncoding(WTF::String const&, bool) + 41 (RefPtr.h:60) 20 com.apple.WebCore 0x0000000100b6be01 WebCore::DocumentLoader::commitData(char const*, int) + 81 (DocumentLoader.cpp:321) 21 com.apple.WebKit2 0x0000000100232c26 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 70 (RefPtr.h:60) 22 com.apple.WebKit2 0x0000000100233c55 WebKit::WebFrameLoaderClient::finishedLoading(WebCore::DocumentLoader*) + 59 (WebFrameLoaderClient.cpp:820) 23 com.apple.WebCore 0x0000000100cc36b2 WebCore::FrameLoader::finishedLoadingDocument(WebCore::DocumentLoader*) + 130 (FrameLoader.cpp:2352) 24 com.apple.WebCore 0x0000000100b69bc0 WebCore::DocumentLoader::finishedLoading() + 48 (DocumentLoader.cpp:288) 25 com.apple.WebCore 0x0000000100cc2bda WebCore::FrameLoader::finishedLoading() + 90 (FrameLoader.cpp:2277) 26 com.apple.WebCore 0x0000000101364f13 WebCore::MainResourceLoader::didFinishLoading(double) + 147 (MainResourceLoader.cpp:485) 27 com.apple.WebCore 0x0000000101365976 WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction, WebCore::ResourceResponse const&) + 982 (MainResourceLoader.cpp:319) 28 com.apple.WebCore 0x0000000101365baf WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction) + 127 (MainResourceLoader.cpp:333) 29 com.apple.WebCore 0x00000001013e4162 WebCore::PolicyChecker::continueAfterContentPolicy(WebCore::PolicyAction) + 834 (PolicyChecker.cpp:191) 30 com.apple.WebKit2 0x00000001002351b2 WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse(void (WebCore::PolicyChecker::*)(WebCore::PolicyAction), WebCore::ResourceResponse const&, WebCore::ResourceRequest const&) + 200 (WebFrameLoaderClient.cpp:592) 31 com.apple.WebCore 0x0000000101367e04 WebCore::MainResourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 2260 (RefCounted.h:91) 32 com.apple.WebCore 0x0000000101366003 WebCore::MainResourceLoader::handleEmptyLoad(WebCore::KURL const&, bool) + 323 (RetainPtr.h:72) 33 com.apple.WebCore 0x0000000101369766 WebCore::MainResourceLoader::loadNow(WebCore::ResourceRequest&) + 534 (MainResourceLoader.cpp:583) 34 com.apple.WebCore 0x000000010136a908 WebCore::MainResourceLoader::load(WebCore::ResourceRequest const&, WebCore::SubstituteData const&) + 1192 (MainResourceLoader.cpp:612) 35 com.apple.WebCore 0x0000000100b6a5e3 WebCore::DocumentLoader::startLoadingMainResource(unsigned long) + 131 (DocumentLoader.cpp:809) 36 com.apple.WebCore 0x0000000100cba0b5 WebCore::FrameLoader::continueLoadAfterWillSubmitForm() + 213 (FrameLoader.cpp:2554) 37 com.apple.WebCore 0x0000000100cc6d47 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 551 (FrameLoader.cpp:3085) 38 com.apple.WebCore 0x0000000100cc6db5 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 37 (PassRefPtr.h:74) 39 com.apple.WebCore 0x00000001013e0d01 WebCore::PolicyCallback::call(bool) + 81 (PassRefPtr.h:74) 40 com.apple.WebCore 0x00000001013e370a WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) + 1770 (PolicyChecker.cpp:164) 41 com.apple.WebKit2 0x00000001002355cc WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(void (WebCore::PolicyChecker::*)(WebCore::PolicyAction), WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>) + 314 (WebFrameLoaderClient.cpp:653) 42 com.apple.WebCore 0x00000001013e48c3 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 1859 (PassRefPtr.h:74) 43 com.apple.WebCore 0x0000000100cc8af0 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1664 (PassRefPtr.h:74) 44 com.apple.WebCore 0x0000000100cc977a WebCore::FrameLoader::load(WebCore::DocumentLoader*) + 186 (PassRefPtr.h:74) 45 com.apple.WebCore 0x0000000100cc99fb WebCore::FrameLoader::load(WebCore::ResourceRequest const&, WebCore::SubstituteData const&, bool) + 347 (PassRefPtr.h:58) 46 com.apple.WebCore 0x0000000100ccfcaa WebCore::FrameLoader::load(WebCore::ResourceRequest const&, bool) + 122 (RefPtr.h:58) 47 com.apple.WebKit2 0x000000010023ec13 WebKit::WebPage::loadURLRequest(WebCore::ResourceRequest const&, WebKit::SandboxExtension::Handle const&) + 55 (MessageSender.h:38) 48 com.apple.WebKit2 0x000000010023ecae WebKit::WebPage::loadURL(WTF::String const&, WebKit::SandboxExtension::Handle const&) + 126 (ResourceRequest.h:49) 49 com.apple.WebKit2 0x000000010028c59c void CoreIPC::handleMessage<Messages::WebPage::LoadURL, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)) + 89 (Arguments.h:93) 50 com.apple.WebKit2 0x0000000100203e02 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 138 (Connection.cpp:690) 51 com.apple.WebKit2 0x0000000100203f10 CoreIPC::Connection::dispatchMessages() + 156 (Connection.cpp:711) 52 com.apple.WebKit2 0x000000010021e5b3 RunLoop::performWork() + 135 (OwnPtrCommon.h:59) 53 com.apple.WebKit2 0x000000010021ec05 RunLoop::performWork(void*) + 83 (RunLoopMac.mm:38) 54 com.apple.CoreFoundation 0x00007fff806c6401 __CFRunLoopDoSources0 + 1361 55 com.apple.CoreFoundation 0x00007fff806c45f9 __CFRunLoopRun + 873 56 com.apple.CoreFoundation 0x00007fff806c3dbf CFRunLoopRunSpecific + 575 57 com.apple.HIToolbox 0x00007fff888f27ee RunCurrentEventLoopInMode + 333 58 com.apple.HIToolbox 0x00007fff888f25f3 ReceiveNextEventCommon + 310 59 com.apple.HIToolbox 0x00007fff888f24ac BlockUntilNextEventMatchingListInMode + 59 60 com.apple.AppKit 0x00007fff85bdde64 _DPSNextEvent + 718 61 com.apple.AppKit 0x00007fff85bdd7a9 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155 62 com.apple.AppKit 0x00007fff85ba348b -[NSApplication run] + 395 63 com.apple.WebKit2 0x0000000100264858 WebKit::WebProcessMain(WebKit::CommandLine const&) + 635 (RetainPtr.h:72) 64 com.apple.WebKit2 0x0000000100239b44 WebKitMain + 293 (WebKitMain.cpp:48) 65 com.apple.WebProcess 0x0000000100000d88 start + 52 405765 1 aroben 2011-05-18 09:05:56 -0700 <rdar://problem/9460616> 405801 2 aroben 2011-05-18 10:13:57 -0700 Here's a very similar crash on a different test: http://build.webkit.org/results/SnowLeopard%20Intel%20Release%20(WebKit2%20Tests)/r86769%20(11776)/sputnik/Conformance/07_Lexical_Conventions/7.2_White_Space/S7.2_A4.1_T2-crash-log.txt 406144 3 94012 oliver 2011-05-18 17:41:11 -0700 Created attachment 94012 Patch 406147 4 94012 barraclough 2011-05-18 17:43:35 -0700 Comment on attachment 94012 Patch That's a world of subtle. :-( 406149 5 oliver 2011-05-18 17:46:22 -0700 Committed r86809: <http://trac.webkit.org/changeset/86809> 406154 6 ggaren 2011-05-18 17:58:34 -0700 Anonymous storage is evil. It must die. 94012 2011-05-18 17:41:11 -0700 2011-05-18 17:43:35 -0700 Patch bug-61064-20110518174110.patch text/plain 1727 oliver U3VidmVyc2lvbiBSZXZpc2lvbjogODY3ODUKZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0 Q29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCmluZGV4IGJi OGY3YzBlYWVlNjZlYjU1ZDQzNWVkNzVlYTQzYWU4MTIwNzc3Y2IuLmFlMWU3ZWI3MDBlODE2MzFj ZmVlMGQ3NTMzZGVhNTkwOWQ0NzY2NjEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9KYXZhU2NyaXB0Q29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwpAQCAtMSw1 ICsxLDE4IEBACiAyMDExLTA1LTE4ICBPbGl2ZXIgSHVudCAgPG9saXZlckBhcHBsZS5jb20+CiAK KyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgU29tZSB0ZXN0 cyBjcmFzaGluZyBpbiBKU0M6Ok1hcmtTdGFjazo6dmFsaWRhdGVWYWx1ZSBiZW5lYXRoIFNjcmlw dENvbnRyb2xsZXI6OmNsZWFyV2luZG93U2hlbGwgb24gU25vd0xlb3BhcmQgSW50ZWwgUmVsZWFz ZSAoV2ViS2l0MiBUZXN0cykKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19i dWcuY2dpP2lkPTYxMDY0CisKKyAgICAgICAgU3dpdGNoIE5vbkZpbmFsT2JqZWN0IHRvIHVzaW5n IFdyaXRlQmFycmllcjw+IHJhdGhlciB0aGFuIFdyaXRlQmFycmllckJhc2U8PgorICAgICAgICBm b3IgaXRzIGlubGluZSBzdG9yYWdlLiAgVGhpcyByZXNvbHZlcyB0aGUgcHJvYmxlbSBvZiBHQyBv Y2N1cnJpbmcgYmVmb3JlCisgICAgICAgIGEgc3ViY2xhc3MgaGFzIGluaXRpYWxpc2VkIGl0cyBh bm9ueW1vdXMgc3RvcmFnZS4KKworICAgICAgICAqIHJ1bnRpbWUvSlNPYmplY3QuaDoKKworMjAx MS0wNS0xOCAgT2xpdmVyIEh1bnQgIDxvbGl2ZXJAYXBwbGUuY29tPgorCiAgICAgICAgIFJldmll d2VkIGJ5IFNhbSBXZWluaWcuCiAKICAgICAgICAgSlNHbG9iYWxPYmplY3QgYW5kIHNvbWUgb3Ro ZXJzIGRvIEdDIGFsbG9jYXRpb24gZHVyaW5nIGluaXRpYWxpemF0aW9uLCB3aGljaCBjYW4gY2F1 c2UgaGVhcCBjb3JydXB0aW9uCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVu dGltZS9KU09iamVjdC5oIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNPYmplY3Qu aAppbmRleCBhNmI3OGJkM2VjMWE3OTZjYmI3NTQ2MWZmZTgxMmJlOTkzNGQ2ZTI4Li5lNTQyMDA0 Mjc0YTAyN2RkMGQyMjEwZmY3YTNjMjFiMzUxMTQ1Y2QwIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2 YVNjcmlwdENvcmUvcnVudGltZS9KU09iamVjdC5oCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29y ZS9ydW50aW1lL0pTT2JqZWN0LmgKQEAgLTM0Myw3ICszNDMsNyBAQCBDT01QSUxFX0FTU0VSVCgo SlNGaW5hbE9iamVjdF9pbmxpbmVTdG9yYWdlQ2FwYWNpdHkgPj0gSlNOb25GaW5hbE9iamVjdF9p bmxpbmVTdAogICAgICAgICB9CiAKICAgICBwcml2YXRlOgotICAgICAgICBXcml0ZUJhcnJpZXJC YXNlPFVua25vd24+IG1faW5saW5lU3RvcmFnZVtKU05vbkZpbmFsT2JqZWN0X2lubGluZVN0b3Jh Z2VDYXBhY2l0eV07CisgICAgICAgIFdyaXRlQmFycmllcjxVbmtub3duPiBtX2lubGluZVN0b3Jh Z2VbSlNOb25GaW5hbE9iamVjdF9pbmxpbmVTdG9yYWdlQ2FwYWNpdHldOwogICAgIH07CiAKICAg ICAvLyBKU0ZpbmFsT2JqZWN0IGlzIGEgdHlwZSBvZiBKU09iamVjdCB0aGF0IGNvbnRhaW5zIHN1 ZmZpY2VudCBpbnRlcm5hbAo=