WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED DUPLICATE of
bug 164897
164840
Crash in com.apple.JavaScriptCore: JSC::JSObject::visitButterfly + 302
https://bugs.webkit.org/show_bug.cgi?id=164840
Summary
Crash in com.apple.JavaScriptCore: JSC::JSObject::visitButterfly + 302
Ryan Haddad
Reported
2016-11-16 15:34:33 PST
Crash in com.apple.JavaScriptCore: JSC::JSObject::visitButterfly + 302 Seen with LayoutTest sputnik/Unicode/Unicode_510/S7.6_A3.2.html
https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r208806%20(16264)/results.html
Process: com.apple.WebKit.WebContent.Development [61271] Path: /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Identifier: com.apple.WebKit.WebContent Version: 603+ (603.1.12+) Code Type: X86-64 (Native) Parent Process: ??? [1] Responsible: com.apple.WebKit.WebContent.Development [61271] User ID: 501 Date/Time: 2016-11-16 14:49:45.400 -0800 OS Version: Mac OS X 10.10.5 (14F1909) Report Version: 11 Anonymous UUID: C9EC8ADD-8E2F-2A5C-D1B0-4BDF54F896B6 Time Awake Since Boot: 3600000 seconds Crashed Thread: 14 WTF::AutomaticThread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 00000001053ef000-00000001053f4000 [ 20K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: CRASHING TEST: sputnik/Unicode/Unicode_510/S7.6_A3.2.html Thread 0:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x00007fff86f8d136 __psynch_cvwait + 10 1 com.apple.JavaScriptCore 0x0000000109faefc0 WTF::ThreadCondition::wait(WTF::Mutex&) + 48 2 com.apple.JavaScriptCore 0x0000000109faf068 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 104 3 com.apple.JavaScriptCore 0x0000000109f766c2 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 418 4 com.apple.JavaScriptCore 0x0000000109732ef0 WTF::ParkingLot::ParkResult WTF::ParkingLot::parkConditionally<WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned int, unsigned int>(WTF::Atomic<unsigned int> const*, unsigned int)::'lambda'(), WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned int, unsigned int>(WTF::Atomic<unsigned int> const*, unsigned int)::'lambda0'()>(void const*, unsigned int const&, unsigned int const&, WTF::TimeWithDynamicClockType const&) + 96 5 com.apple.JavaScriptCore 0x00000001097203cd WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned int, unsigned int>(WTF::Atomic<unsigned int> const*, unsigned int) + 77 6 com.apple.JavaScriptCore 0x000000010971b093 JSC::Heap::stopIfNecessarySlow(unsigned int) + 291 7 com.apple.JavaScriptCore 0x000000010971af46 JSC::Heap::stopIfNecessarySlow() + 54 8 com.apple.JavaScriptCore 0x00000001097208ce JSC::Heap::stopIfNecessary() + 62 9 com.apple.JavaScriptCore 0x00000001097155fb JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*) + 155 10 com.apple.JavaScriptCore 0x000000010971c5ef JSC::Heap::decrementDeferralDepthAndGCIfNeeded() + 79 11 com.apple.JavaScriptCore 0x0000000108e99188 JSC::DeferGC::~DeferGC() + 24 12 com.apple.JavaScriptCore 0x0000000108e969e5 JSC::DeferGC::~DeferGC() + 21 13 com.apple.JavaScriptCore 0x0000000108eacbdf bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&) + 1759 14 com.apple.JavaScriptCore 0x0000000108ea8b4d JSC::JSObject::putDirect(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int) + 269 15 com.apple.JavaScriptCore 0x000000010991b379 JSC::JSFunction::createBuiltinFunction(JSC::VM&, JSC::FunctionExecutable*, JSC::JSGlobalObject*) + 169 16 com.apple.JavaScriptCore 0x00000001099cdad0 JSC::JSObject::putDirectBuiltinFunction(JSC::VM&, JSC::JSGlobalObject*, JSC::PropertyName const&, JSC::FunctionExecutable*, unsigned int) + 176 17 com.apple.JavaScriptCore 0x00000001099d2d37 JSC::reifyStaticProperty(JSC::VM&, JSC::PropertyName const&, JSC::HashTableValue const&, JSC::JSObject&) + 247 18 com.apple.JavaScriptCore 0x0000000109aba634 JSC::setUpStaticFunctionSlot(JSC::VM&, JSC::HashTableValue const*, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&) + 292 19 com.apple.JavaScriptCore 0x00000001099d26a8 JSC::getStaticPropertySlotFromTable(JSC::VM&, JSC::HashTable const&, JSC::JSObject*, JSC::PropertyName, JSC::PropertySlot&) + 168 20 com.apple.JavaScriptCore 0x00000001099c9448 JSC::JSObject::getOwnStaticPropertySlot(JSC::VM&, JSC::PropertyName, JSC::PropertySlot&) + 120 21 com.apple.JavaScriptCore 0x0000000108e94eb5 JSC::JSObject::getOwnNonIndexPropertySlot(JSC::VM&, JSC::Structure*, JSC::PropertyName, JSC::PropertySlot&) + 165 22 com.apple.JavaScriptCore 0x0000000108e9440a JSC::JSObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 90 23 com.apple.JavaScriptCore 0x0000000109d1bf60 JSC::StringObject::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 128 24 com.apple.JavaScriptCore 0x0000000108eb3b75 JSC::JSObject::getNonIndexPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 533 25 com.apple.JavaScriptCore 0x0000000108eb3786 JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) + 294 26 com.apple.JavaScriptCore 0x0000000108eb736a JSC::JSValue::getPropertySlot(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 266 27 com.apple.JavaScriptCore 0x0000000108eaba35 JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 53 28 com.apple.JavaScriptCore 0x0000000109aacf0a llint_slow_path_get_by_id + 346 29 com.apple.JavaScriptCore 0x0000000109abdf50 llint_entry + 12444 30 com.apple.JavaScriptCore 0x0000000109ac23d5 llint_entry + 29985 31 com.apple.JavaScriptCore 0x0000000109ac23d5 llint_entry + 29985 32 com.apple.JavaScriptCore 0x0000000109abac9e vmEntryToJavaScript + 334 33 com.apple.JavaScriptCore 0x000000010988a81c JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 332 34 com.apple.JavaScriptCore 0x00000001098052ce JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 4878 35 com.apple.JavaScriptCore 0x00000001090d55d5 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 677 36 com.apple.JavaScriptCore 0x00000001090d572e JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 94 37 com.apple.WebCore 0x000000010e97c9eb WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 75 38 com.apple.WebCore 0x000000010e976378 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 312 39 com.apple.WebCore 0x000000010e97649d WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*) + 61 40 com.apple.WebCore 0x000000010e98b40a WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 730 41 com.apple.WebCore 0x000000010e989cb8 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 2376 42 com.apple.WebCore 0x000000010d28245c WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 364 43 com.apple.WebCore 0x000000010d28226a WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 138 44 com.apple.WebCore 0x000000010d1a33a2 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 1362 45 com.apple.WebCore 0x000000010d1a3526 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) + 214 46 com.apple.WebCore 0x000000010d1a268d WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 445 47 com.apple.WebCore 0x000000010d1a2daf WebCore::HTMLDocumentParser::resumeParsingAfterYield() + 47 48 com.apple.WebCore 0x000000010d26b048 WebCore::HTMLParserScheduler::continueNextChunkTimerFired() + 152 49 com.apple.WebCore 0x000000010d26c928 void std::__1::__invoke_void_return_wrapper<void>::__call<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&>(std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>&&&) + 248 50 com.apple.WebCore 0x000000010d26c7fc std::__1::__function::__func<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*>, std::__1::allocator<std::__1::__bind<void (WebCore::HTMLParserScheduler::*&)(), WebCore::HTMLParserScheduler*> >, void ()>::operator()() + 44 51 com.apple.WebCore 0x000000010c56fe8a std::__1::function<void ()>::operator()() const + 26 52 com.apple.WebCore 0x000000010c56fd9c WebCore::Timer::fired() + 28 53 com.apple.WebCore 0x000000010ee5e9ea WebCore::ThreadTimers::sharedTimerFiredInternal() + 394 54 com.apple.WebCore 0x000000010ee5fc31 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 55 com.apple.WebCore 0x000000010ee5fbfd void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 56 com.apple.WebCore 0x000000010ee5fb9c std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()() + 44 57 com.apple.WebCore 0x000000010c56fe8a std::__1::function<void ()>::operator()() const + 26 58 com.apple.WebCore 0x000000010e134f4f WebCore::MainThreadSharedTimer::fired() + 111 59 com.apple.WebCore 0x000000010e135359 WebCore::timerFired(__CFRunLoopTimer*, void*) + 41 60 com.apple.CoreFoundation 0x00007fff8d0532e4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 61 com.apple.CoreFoundation 0x00007fff8d052f73 __CFRunLoopDoTimer + 1059 62 com.apple.CoreFoundation 0x00007fff8d0c653d __CFRunLoopDoTimers + 301 63 com.apple.CoreFoundation 0x00007fff8d00e608 __CFRunLoopRun + 2024 64 com.apple.CoreFoundation 0x00007fff8d00dbd8 CFRunLoopRunSpecific + 296 65 com.apple.HIToolbox 0x00007fff8bd5356f RunCurrentEventLoopInMode + 235 66 com.apple.HIToolbox 0x00007fff8bd532ea ReceiveNextEventCommon + 431 67 com.apple.HIToolbox 0x00007fff8bd5312b _BlockUntilNextEventMatchingListInModeWithFilter + 71 68 com.apple.AppKit 0x00007fff8570d8ab _DPSNextEvent + 978 69 com.apple.AppKit 0x00007fff8570ce58 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 346 70 com.apple.AppKit 0x00007fff85702af3 -[NSApplication run] + 594 71 com.apple.AppKit 0x00007fff8567f244 NSApplicationMain + 1832 72 libxpc.dylib 0x00007fff8c158928 _xpc_objc_main + 793 73 libxpc.dylib 0x00007fff8c15a030 xpc_main + 490 74 com.apple.WebKit.WebContent 0x00000001053f0710 main + 800 75 libdyld.dylib 0x00007fff848fc5c9 start + 1
Attachments
Crash log
(94.91 KB, text/plain)
2016-11-16 15:35 PST
,
Ryan Haddad
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Ryan Haddad
Comment 1
2016-11-16 15:35:14 PST
Created
attachment 294984
[details]
Crash log
Alexey Proskuryakov
Comment 2
2016-11-18 16:05:49 PST
*** This bug has been marked as a duplicate of
bug 164897
***
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug