Bug 119881

Summary: Crash while loading Gmail
Product: WebKit Reporter: Philippe Wittenbergh <phiw2>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Critical CC: ap, ggaren, oliver, zan
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Philippe Wittenbergh 2013-08-16 00:50:42 PDT 
Before the Gmail page has finished loading…


Thread 0:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000108679afe JSC::JIT::privateCompileSlowCases() + 894
1   com.apple.JavaScriptCore      	0x000000010867a967 JSC::JIT::privateCompile(JSC::MacroAssemblerCodePtr*, JSC::JITCompilationEffort) + 1783
2   com.apple.JavaScriptCore      	0x0000000108663ab2 JSC::jitCompileFunctionIfAppropriateImpl(JSC::ExecState*, JSC::FunctionCodeBlock*, WTF::RefPtr<JSC::JITCode>&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) + 258
3   com.apple.JavaScriptCore      	0x000000010866284c JSC::jitCompileFunctionIfAppropriate(JSC::ExecState*, JSC::FunctionCodeBlock*, WTF::RefPtr<JSC::JITCode>&, JSC::MacroAssemblerCodePtr&, JSC::JITCode::JITType, unsigned int, JSC::JITCompilationEffort) + 44
4   com.apple.JavaScriptCore      	0x0000000108661732 JSC::FunctionExecutable::jitCompileForCall(JSC::ExecState*) + 50
5   com.apple.JavaScriptCore      	0x000000010873a0a1 JSC::LLInt::jitCompileAndSetHeuristics(JSC::CodeBlock*, JSC::ExecState*) + 129
6   com.apple.JavaScriptCore      	0x00000001087338f3 llint_replace + 147
7   com.apple.JavaScriptCore      	0x000000010873d3b8 llint_op_ret + 28
8   com.apple.JavaScriptCore      	0x0000000108690071 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
9   com.apple.JavaScriptCore      	0x0000000108675d8a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
10  com.apple.JavaScriptCore      	0x0000000108553215 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
11  com.apple.JavaScriptCore      	0x00000001086c525e JSC::boundFunctionCall(JSC::ExecState*) + 526
12  ???                           	0x00005363e1601045 0 + 91688448036933
13  com.apple.JavaScriptCore      	0x0000000108690071 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
14  com.apple.JavaScriptCore      	0x0000000108675d8a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
15  com.apple.JavaScriptCore      	0x0000000108553215 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
16  com.apple.JavaScriptCore      	0x00000001086c525e JSC::boundFunctionCall(JSC::ExecState*) + 526
17  ???                           	0x00005363e1601045 0 + 91688448036933
18  com.apple.JavaScriptCore      	0x0000000108690071 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) + 49
19  com.apple.JavaScriptCore      	0x0000000108675d8a JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 650
20  com.apple.JavaScriptCore      	0x0000000108553215 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69
21  com.apple.WebCore             	0x00000001094794a9 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 441
22  com.apple.WebCore             	0x00000001094790fa WebCore::ScheduledAction::execute(WebCore::Document*) + 154
23  com.apple.WebCore             	0x0000000108c6bc51 WebCore::DOMTimer::fired() + 273
24  com.apple.WebCore             	0x000000010961556f WebCore::ThreadTimers::sharedTimerFiredInternal() + 175
25  com.apple.WebCore             	0x00000001094ca2b3 WebCore::timerFired(__CFRunLoopTimer*, void*) + 51
26  com.apple.CoreFoundation      	0x00007fff8f58c804 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
27  com.apple.CoreFoundation      	0x00007fff8f58c31d __CFRunLoopDoTimer + 557
28  com.apple.CoreFoundation      	0x00007fff8f571ad9 __CFRunLoopRun + 1529
29  com.apple.CoreFoundation      	0x00007fff8f5710e2 CFRunLoopRunSpecific + 290
30  com.apple.HIToolbox           	0x00007fff8ed2aeb4 RunCurrentEventLoopInMode + 209
31  com.apple.HIToolbox           	0x00007fff8ed2ac52 ReceiveNextEventCommon + 356
32  com.apple.HIToolbox           	0x00007fff8ed2aae3 BlockUntilNextEventMatchingListInMode + 62
33  com.apple.AppKit              	0x00007fff8ca6c533 _DPSNextEvent + 685
34  com.apple.AppKit              	0x00007fff8ca6bdf2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
35  com.apple.AppKit              	0x00007fff8ca631a3 -[NSApplication run] + 517
36  com.apple.WebCore             	0x0000000109474ee2 WebCore::RunLoop::run() + 82
37  com.apple.WebKit2             	0x000000010817db72 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 614
38  com.apple.WebProcess          	0x0000000108094e23 main + 337
39  libdyld.dylib                 	0x00007fff854b57e1 start + 1
Comment 1 Alexey Proskuryakov 2013-08-16 09:50:11 PDT 
This stack trace is not useful, because the crash happens on a different thread. In the future, please attach a complete crash log as a file.

I can reproduce this, getting this crash:

Thread 15 Crashed:: JSC Compilation Thread
0   com.apple.JavaScriptCore      	0x000000010d89b3de WTFCrash + 62
1   com.apple.JavaScriptCore      	0x000000010d8b1bb9 WTF::CrashOnOverflow::overflowed() + 9
2   com.apple.JavaScriptCore      	0x000000010d76eb6a JSC::DFG::JITCompiler::link(JSC::LinkBuffer&) + 5514
3   com.apple.JavaScriptCore      	0x000000010d903507 JSC::DFG::JITCompiler::linkFunction() + 103
4   com.apple.JavaScriptCore      	0x000000010d909edb JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) + 971
5   com.apple.JavaScriptCore      	0x000000010d909986 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&) + 214
6   com.apple.JavaScriptCore      	0x000000010d924044 JSC::DFG::Worklist::runThread() + 500
7   com.apple.JavaScriptCore      	0x000000010d60f88f WTF::wtfThreadEntryPoint(void*) + 15
8   libsystem_pthread.dylib       	0x00007fff8bdb38a9 _pthread_body + 138
9   libsystem_pthread.dylib       	0x00007fff8bdb373a _pthread_start + 137
10  libsystem_pthread.dylib       	0x00007fff8bdb7fd9 thread_start + 13
Comment 2 Alexey Proskuryakov 2013-08-16 09:50:30 PDT 
<rdar://problem/14757855>
Comment 3 Alexey Proskuryakov 2013-08-16 09:52:28 PDT 
Oops, this was filed earlier already.

*** This bug has been marked as a duplicate of bug 119872 ***