Bug 95516
| Summary: | [Mac Release] sporadic crashes under JSC::Heap::deleteUnmarkedCompiledCode() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Jessie Berlin <jberlin> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | jberlin, mhahnenberg, slewis, thorton, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Jessie Berlin
I don't know when these started, but sometimes fast/profiler tests will crash with the below backtrace. I have yet to see it on Lion, WK1, or Debug, but I will update the bug if I do.
http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK2%20(Tests)/r127193%20(446)/fast/profiler/built-in-function-calls-anonymous-crash-log.txt
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010
VM Regions Near 0x10:
-->
__TEXT 00000001057a0000-00000001057a1000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.JavaScriptCore 0x0000000105daf1c3 JSC::Heap::deleteUnmarkedCompiledCode() + 115 (JSTypeInfo.h:66)
1 com.apple.JavaScriptCore 0x0000000105dad812 JSC::Heap::collect(JSC::Heap::SweepToggle) + 290 (Heap.cpp:741)
2 com.apple.JavaScriptCore 0x0000000105f2c52a JSC::DefaultGCActivityCallback::doWork() + 234 (TimeoutChecker.h:57)
3 com.apple.JavaScriptCore 0x0000000105f2bf03 JSC::HeapTimer::timerDidFire(__CFRunLoopTimer*, void*) + 179 (TimeoutChecker.h:57)
4 com.apple.CoreFoundation 0x00007fff8d82c4b4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
5 com.apple.CoreFoundation 0x00007fff8d82bfcd __CFRunLoopDoTimer + 557
6 com.apple.CoreFoundation 0x00007fff8d8117b9 __CFRunLoopRun + 1513
7 com.apple.CoreFoundation 0x00007fff8d810dd2 CFRunLoopRunSpecific + 290
8 com.apple.HIToolbox 0x00007fff88c3a774 RunCurrentEventLoopInMode + 209
9 com.apple.HIToolbox 0x00007fff88c3a512 ReceiveNextEventCommon + 356
10 com.apple.HIToolbox 0x00007fff88c3a3a3 BlockUntilNextEventMatchingListInMode + 62
11 com.apple.AppKit 0x00007fff8773efa3 _DPSNextEvent + 685
12 com.apple.AppKit 0x00007fff8773e862 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
13 com.apple.AppKit 0x00007fff87735c03 -[NSApplication run] + 517
14 com.apple.WebCore 0x0000000106ba79c3 WebCore::RunLoop::run() + 67 (RunLoopMac.mm:36)
15 com.apple.WebKit2 0x00000001058cb77b WebKit::WebProcessMain(WebKit::CommandLine const&) + 2858 (WebProcessMainMac.mm:228)
16 com.apple.WebKit2 0x0000000105879169 WebKitMain + 311 (WebKitMain.cpp:50)
17 com.apple.WebProcess 0x00000001057a0e7b main + 214
18 libdyld.dylib 0x00007fff893067e1 start + 1
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/12211793>
Mark Hahnenberg
Looks like the Structure is null.
Jessie Berlin
This can apparently happen on Lion WK1 as well http://build.webkit.org/results/Apple%20Lion%20Release%20WK1%20(Tests)/r127325%20(3058)/fast/profiler/document-dot-write-crash-log.txt
Tim Horton
This looks to have gotten a lot worse in recent days, but I can't pinpoint it to a particular revision; something since Thursday or Friday, anyway. We see it a few times every run on Mountain Lion Release WK1: http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK1%20(Tests)/r128201%20(853)/results.html
Tim Horton
(In reply to comment #4)
> This looks to have gotten a lot worse in recent days, but I can't pinpoint it to a particular revision; something since Thursday or Friday, anyway. We see it a few times every run on Mountain Lion Release WK1: http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK1%20(Tests)/r128201%20(853)/results.html
I believe this regressed significantly with http://trac.webkit.org/changeset/128146, actually.
Alexey Proskuryakov
We believe that bug 96464 fixed it.
*** This bug has been marked as a duplicate of bug 96464 ***