Bug 183070 - GC crash in stress/arrowfunction-lexical-bind-superproperty.js.dfg-eager-no-cjit-validate
Summary: GC crash in stress/arrowfunction-lexical-bind-superproperty.js.dfg-eager-no-c...
Status: RESOLVED DUPLICATE of bug 183229
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Saam Barati
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-02-22 18:34 PST by Saam Barati
Modified: 2018-03-01 10:21 PST (History)
11 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Saam Barati 2018-02-22 18:34:56 PST 
ran jsc stress tests, this variant crashed:
```
stress/arrowfunction-lexical-bind-superproperty.js.dfg-eager-no-cjit-validate: test_script_15828: line 2: 74285 Segmentation fault: 11  ( "$@" ../../.vm/JavaScriptCore.framework/Resources/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --validateGraph\=true --useConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 --scribbleFreeCells\=true --thresholdForJITAfterWarmUp\=10 --thresholdForJITSoon\=10 --thresholdForOptimizeAfterWarmUp\=20 --thresholdForOptimizeAfterLongWarmUp\=20 --thresholdForOptimizeSoon\=20 --thresholdForFTLOptimizeAfterWarmUp\=20 --thresholdForFTLOptimizeSoon\=20 --maximumEvalCacheableSourceLength\=150000 --useEagerCodeBlockJettisonTiming\=true --collectContinuously\=true --useGenerationalGC\=false arrowfunction-lexical-bind-superproperty.js )
```


Crashed Thread:        12  WTF::AutomaticThread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000040
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

VM Regions Near 0x40:
--> 
    __TEXT                 000000010fc0f000-000000010fc3b000 [  176K] r-x/rwx SM=COW  /Users/USER/*/JavaScriptCore.framework/Versions/A/Resources/jsc

Thread 0:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x00000001108677da WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 122 (ThreadingPthreads.cpp:569)
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001102c3737 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 1623 (TimeWithDynamicClockType.h:48)
6   com.apple.JavaScriptCore      	0x00000001102a00eb JSC::Heap::runFixpointPhase(JSC::GCConductor) + 2507 (SlotVisitor.h:263)
7   com.apple.JavaScriptCore      	0x000000011029ee27 JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) + 215 (Heap.cpp:1166)
8   com.apple.JavaScriptCore      	0x00000001102a79eb WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_0>::implFunction(void*, JSC::CurrentThreadState&) + 27 (Heap.cpp:1778)
9   com.apple.JavaScriptCore      	0x00000001102b6e04 JSC::callWithCurrentThreadState(WTF::ScopedLambda<void (JSC::CurrentThreadState&)> const&) + 100 (MachineStackMarker.cpp:226)
10  com.apple.JavaScriptCore      	0x00000001102a21fd JSC::Heap::collectInMutatorThread() + 93 (CollectingScope.h:43)
11  com.apple.JavaScriptCore      	0x00000001102a20e8 JSC::Heap::stopIfNecessarySlow() + 72 (atomic:893)
12  com.apple.JavaScriptCore      	0x000000011029bff4 JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*) + 132 (Heap.cpp:2546)
13  com.apple.JavaScriptCore      	0x000000011058bbc4 JSC::UnlinkedEvalCodeBlock* JSC::generateUnlinkedCodeBlock<JSC::UnlinkedEvalCodeBlock, JSC::DirectEvalExecutable>(JSC::VM&, JSC::DirectEvalExecutable*, JSC::SourceCode const&, JSC::JSParserStrictMode, JSC::JSParserScriptMode, JSC::DebuggerMode, JSC::ParserError&, JSC::EvalContextType, JSC::VariableEnvironment const*) + 1012 (HeapInlines.h:188)
14  com.apple.JavaScriptCore      	0x000000011058b6c1 JSC::DirectEvalExecutable::create(JSC::ExecState*, JSC::SourceCode const&, bool, JSC::DerivedContextType, bool, JSC::EvalContextType, JSC::VariableEnvironment const*) + 369 (DirectEvalExecutable.cpp:57)
15  com.apple.JavaScriptCore      	0x000000011034920e JSC::eval(JSC::ExecState*) + 1454 (Interpreter.cpp:164)
16  com.apple.JavaScriptCore      	0x00000001103fcf04 llint_slow_path_call_eval + 276 (LLIntSlowPaths.cpp:1583)
17  com.apple.JavaScriptCore      	0x000000010fc638e0 llint_entry + 31438 (LowLevelInterpreter.asm:897)
18  com.apple.JavaScriptCore      	0x000000010fc5bc2a vmEntryToJavaScript + 304 (LowLevelInterpreter64.asm:259)
19  com.apple.JavaScriptCore      	0x0000000110383383 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 147 (JITCode.cpp:82)
20  com.apple.JavaScriptCore      	0x0000000110349f7a JSC::Interpreter::execute(JSC::EvalExecutable*, JSC::ExecState*, JSC::JSValue, JSC::JSScope*) + 2538 (Interpreter.cpp:1301)
21  com.apple.JavaScriptCore      	0x00000001103493c2 JSC::eval(JSC::ExecState*) + 1890 (Interpreter.cpp:175)
22  com.apple.JavaScriptCore      	0x00000001103af123 operationCallEval + 147 (JITOperations.cpp:859)
23  ???                           	0x000058feac45395f 0 + 97850835155295
24  ???                           	0x000058feac444de9 0 + 97850835095017
25  ???                           	0x000058feac40e214 0 + 97850834870804
26  com.apple.JavaScriptCore      	0x000000010fc5bc2a vmEntryToJavaScript + 304 (LowLevelInterpreter64.asm:259)
27  com.apple.JavaScriptCore      	0x0000000110383383 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 147 (JITCode.cpp:82)
28  com.apple.JavaScriptCore      	0x000000011034e163 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::ExecState*, JSC::JSObject*) + 11875 (Interpreter.cpp:969)
29  com.apple.JavaScriptCore      	0x000000011057b9a3 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 307 (Completion.cpp:103)
30  jsc                           	0x000000010fc1372e jscmain(int, char**) + 3646 (jsc.cpp:2303)
31  jsc                           	0x000000010fc128db main + 27 (jsc.cpp:2135)
32  libdyld.dylib                 	0x00007fff517f5115 start + 1

Thread 1:
0   libsystem_kernel.dylib        	0x00007fff51945562 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff51a8026f _pthread_wqthread + 1552
2   libsystem_pthread.dylib       	0x00007fff51a7fc4d start_wqthread + 13

Thread 2:
0   libsystem_kernel.dylib        	0x00007fff51945562 __workq_kernreturn + 10
1   libsystem_pthread.dylib       	0x00007fff51a8006a _pthread_wqthread + 1035
2   libsystem_pthread.dylib       	0x00007fff51a7fc4d start_wqthread + 13

Thread 3:
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   libc++.1.dylib                	0x00007fff4f82dd43 std::__1::condition_variable::__do_timed_wait(std::__1::unique_lock<std::__1::mutex>&, std::__1::chrono::time_point<std::__1::chrono::system_clock, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > >) + 93
3   com.apple.JavaScriptCore      	0x0000000110872da5 std::__1::cv_status std::__1::condition_variable::wait_until<std::__1::chrono::steady_clock, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > >(std::__1::unique_lock<std::__1::mutex>&, std::__1::chrono::time_point<std::__1::chrono::steady_clock, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > > const&) + 117 (__mutex_base:419)
4   com.apple.JavaScriptCore      	0x0000000110872c90 std::__1::cv_status std::__1::condition_variable_any::wait_until<std::__1::unique_lock<bmalloc::Mutex>, std::__1::chrono::steady_clock, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > >(std::__1::unique_lock<bmalloc::Mutex>&, std::__1::chrono::time_point<std::__1::chrono::steady_clock, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > > const&) + 96 (condition_variable:224)
5   com.apple.JavaScriptCore      	0x00000001108728b9 bmalloc::Scavenger::threadRunLoop() + 361 (condition_variable:235)
6   com.apple.JavaScriptCore      	0x0000000110872649 bmalloc::Scavenger::threadEntryPoint(bmalloc::Scavenger*) + 9
7   com.apple.JavaScriptCore      	0x0000000110872988 void* std::__1::__thread_proxy<std::__1::tuple<std::__1::unique_ptr<std::__1::__thread_struct, std::__1::default_delete<std::__1::__thread_struct> >, void (*)(bmalloc::Scavenger*), bmalloc::Scavenger*> >(void*) + 40 (memory:2602)
8   libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
9   libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
10  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 4:: jsc Timeout Thread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x00000001108677da WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 122 (ThreadingPthreads.cpp:569)
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x000000011082b747 WTF::sleep(WTF::Seconds) + 71 (Atomics.h:248)
6   jsc                           	0x000000010fc16ad2 WTF::Function<void ()>::CallableWrapper<startTimeoutThreadIfNeeded()::$_7>::call() + 34 (jsc.cpp:2082)
7   com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
8   com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
9   libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
10  libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
11  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 5:: JSC DEBUG Continuous GC
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x00000001108677da WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 122 (ThreadingPthreads.cpp:569)
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001102a9dff WTF::Function<void ()>::CallableWrapper<JSC::Heap::notifyIsSafeToCollect()::$_35>::call() + 463 (TimeWithDynamicClockType.h:48)
6   com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
7   com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
8   libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
9   libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
10  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 6:: WTF::AutomaticThread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x00000001108677da WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 122 (ThreadingPthreads.cpp:569)
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001108233d5 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 165 (AutomaticThread.cpp:210)
6   com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
7   com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
8   libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
9   libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
10  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 7:: WTF::AutomaticThread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x000000011086779f WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 63
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001102c3311 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 561 (Condition.h:99)
6   com.apple.JavaScriptCore      	0x00000001102a681c WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() + 156 (SlotVisitor.h:263)
7   com.apple.JavaScriptCore      	0x000000011084b79c WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > >) + 44 (DumbPtrTraits.h:41)
8   com.apple.JavaScriptCore      	0x000000011084c210 WTF::ParallelHelperPool::Thread::work() + 48 (utility:890)
9   com.apple.JavaScriptCore      	0x0000000110823458 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 296 (AutomaticThread.cpp:223)
10  com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
11  com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
12  libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
13  libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
14  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 8:: WTF::AutomaticThread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x000000011086779f WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 63
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001102c3311 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 561 (Condition.h:99)
6   com.apple.JavaScriptCore      	0x00000001102a681c WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() + 156 (SlotVisitor.h:263)
7   com.apple.JavaScriptCore      	0x000000011084b79c WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > >) + 44 (DumbPtrTraits.h:41)
8   com.apple.JavaScriptCore      	0x000000011084c210 WTF::ParallelHelperPool::Thread::work() + 48 (utility:890)
9   com.apple.JavaScriptCore      	0x0000000110823458 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 296 (AutomaticThread.cpp:223)
10  com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
11  com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
12  libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
13  libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
14  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 9:: WTF::AutomaticThread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x000000011086779f WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 63
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001102c3311 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 561 (Condition.h:99)
6   com.apple.JavaScriptCore      	0x00000001102a681c WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() + 156 (SlotVisitor.h:263)
7   com.apple.JavaScriptCore      	0x000000011084b79c WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > >) + 44 (DumbPtrTraits.h:41)
8   com.apple.JavaScriptCore      	0x000000011084c210 WTF::ParallelHelperPool::Thread::work() + 48 (utility:890)
9   com.apple.JavaScriptCore      	0x0000000110823458 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 296 (AutomaticThread.cpp:223)
10  com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
11  com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
12  libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
13  libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
14  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 10:: WTF::AutomaticThread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x000000011086779f WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 63
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001102c3311 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 561 (Condition.h:99)
6   com.apple.JavaScriptCore      	0x00000001102a681c WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() + 156 (SlotVisitor.h:263)
7   com.apple.JavaScriptCore      	0x000000011084b79c WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > >) + 44 (DumbPtrTraits.h:41)
8   com.apple.JavaScriptCore      	0x000000011084c210 WTF::ParallelHelperPool::Thread::work() + 48 (utility:890)
9   com.apple.JavaScriptCore      	0x0000000110823458 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 296 (AutomaticThread.cpp:223)
10  com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
11  com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
12  libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
13  libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
14  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 11:: WTF::AutomaticThread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x000000011086779f WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 63
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001102c3311 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 561 (Condition.h:99)
6   com.apple.JavaScriptCore      	0x00000001102a681c WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() + 156 (SlotVisitor.h:263)
7   com.apple.JavaScriptCore      	0x000000011084b79c WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > >) + 44 (DumbPtrTraits.h:41)
8   com.apple.JavaScriptCore      	0x000000011084c210 WTF::ParallelHelperPool::Thread::work() + 48 (utility:890)
9   com.apple.JavaScriptCore      	0x0000000110823458 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 296 (AutomaticThread.cpp:223)
10  com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
11  com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
12  libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
13  libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
14  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 12 Crashed:: WTF::AutomaticThread
0   com.apple.JavaScriptCore      	0x00000001102c5a89 JSC::SlotVisitor::drain(WTF::MonotonicTime)::$_3::operator()(JSC::MarkStackArray&) const + 329 (Poisoned.h:114)
1   com.apple.JavaScriptCore      	0x00000001102c2ca2 JSC::SlotVisitor::drain(WTF::MonotonicTime) + 146 (SlotVisitorInlines.h:188)
2   com.apple.JavaScriptCore      	0x00000001102c359d JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 1213 (SlotVisitor.cpp:670)
3   com.apple.JavaScriptCore      	0x00000001102a681c WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() + 156 (SlotVisitor.h:263)
4   com.apple.JavaScriptCore      	0x000000011084b79c WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > >) + 44 (DumbPtrTraits.h:41)
5   com.apple.JavaScriptCore      	0x000000011084c210 WTF::ParallelHelperPool::Thread::work() + 48 (utility:890)
6   com.apple.JavaScriptCore      	0x0000000110823458 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 296 (AutomaticThread.cpp:223)
7   com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
8   com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
9   libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
10  libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
11  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 13:: WTF::AutomaticThread
0   libsystem_kernel.dylib        	0x00007fff51944cee __psynch_cvwait + 10
1   libsystem_pthread.dylib       	0x00007fff51a81662 _pthread_cond_wait + 732
2   com.apple.JavaScriptCore      	0x000000011086779f WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 63
3   com.apple.JavaScriptCore      	0x000000011084ce38 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2728 (ParkingLot.cpp:604)
4   com.apple.JavaScriptCore      	0x00000001101d69da bool WTF::Condition::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 154 (ParkingLot.h:81)
5   com.apple.JavaScriptCore      	0x00000001102c3311 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 561 (Condition.h:99)
6   com.apple.JavaScriptCore      	0x00000001102a681c WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() + 156 (SlotVisitor.h:263)
7   com.apple.JavaScriptCore      	0x000000011084b79c WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > >) + 44 (DumbPtrTraits.h:41)
8   com.apple.JavaScriptCore      	0x000000011084c210 WTF::ParallelHelperPool::Thread::work() + 48 (utility:890)
9   com.apple.JavaScriptCore      	0x0000000110823458 WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 296 (AutomaticThread.cpp:223)
10  com.apple.JavaScriptCore      	0x00000001108658e4 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 228 (memory:2602)
11  com.apple.JavaScriptCore      	0x0000000110866f89 WTF::wtfThreadEntryPoint(void*) + 9 (ThreadingPthreads.cpp:224)
12  libsystem_pthread.dylib       	0x00007fff51a806c1 _pthread_body + 340
13  libsystem_pthread.dylib       	0x00007fff51a8056d _pthread_start + 377
14  libsystem_pthread.dylib       	0x00007fff51a7fc5d thread_start + 13

Thread 12 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x00000000ffffff9f  rcx: 0x0000000000000000  rdx: 0x0000000000000000
  rdi: 0x0000000000000000  rsi: 0x00000001111ee620  rbp: 0x0000700005453ce0  rsp: 0x0000700005453cb0
   r8: 0x00007ffedffeceb0   r9: 0xffffffff00000000  r10: 0x0078df000078e001  r11: 0x0000000000000246
  r12: 0x0000000111676300  r13: 0x00000001109876f8  r14: 0x00000001111ee620  r15: 0x00000001111ee620
  rip: 0x00000001102c5a89  rfl: 0x0000000000010246  cr2: 0x00007ffee1732ff8
Comment 1 JF Bastien 2018-02-22 21:20:07 PST 
This looks like the crash I've been investigating as part of <rdar://problem/32767615>
Comment 2 Saam Barati 2018-03-01 10:21:11 PST 

*** This bug has been marked as a duplicate of bug 183229 ***