Bug 48311 - [CRASH] While using the Web Inspector on zimbra.com
Summary: [CRASH] While using the Web Inspector on zimbra.com
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Normal
Assignee: Nobody
URL:
Keywords: InRadar, NeedsReduction
Depends on:
Blocks:
 
Reported: 2010-10-26 00:10 PDT by Adam Barth
Modified: 2016-08-01 11:46 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2010-10-26 00:10:47 PDT 
I was enabling resource tracking and clicking around the inspector tabs.  The value of |this| in the top frame is 0x3f00000046.

#0	0x10077eabc in JSC::TypeInfo::type at JSTypeInfo.h:62
#1	0x1007b4f05 in JSC::MarkStack::drain at JSArray.h:247
#2	0x1007aceeb in JSC::Heap::markConservatively at Collector.cpp:688
#3	0x100845405 in JSC::RegisterFile::markGlobals at RegisterFile.h:134
#4	0x1008406d5 in JSC::JSGlobalObject::markChildren at JSGlobalObject.cpp:354
#5	0x101b261b8 in WebCore::JSDOMGlobalObject::markChildren at JSDOMGlobalObject.cpp:52
#6	0x101b59d5d in WebCore::JSDOMWindow::markChildren at JSDOMWindowCustom.cpp:97
#7	0x1007b4cdc in JSC::MarkStack::markChildren at JSArray.h:220
#8	0x1007b4fd7 in JSC::MarkStack::drain at JSArray.h:261
#9	0x1007aceeb in JSC::Heap::markConservatively at Collector.cpp:688
#10	0x1007ad232 in JSC::Heap::markCurrentThreadConservativelyInternal at Collector.cpp:699
#11	0x1007ad26c in JSC::Heap::markCurrentThreadConservatively at Collector.cpp:721
#12	0x1007ad28b in JSC::Heap::markStackObjectsConservatively at Collector.cpp:873
#13	0x1007ad442 in JSC::Heap::markRoots at Collector.cpp:1043
#14	0x1007ae22f in JSC::Heap::reset at Collector.cpp:1179
#15	0x1007ae57c in JSC::Heap::allocate at Collector.cpp:344
#16	0x10078e092 in JSC::JSCell::operator new at JSCell.h:177
#17	0x100813b2a in cti_op_push_activation at JITStubs.cpp:2166
#18	0x10080bb11 in WTF::doubleHash at HashTable.h:447
#19	0x1007ea5c6 in JSC::JITCode::execute at JITCode.h:77
#20	0x1007e5916 in JSC::Interpreter::executeCall at Interpreter.cpp:825
#21	0x10079cdf3 in JSC::call at CallData.cpp:38
#22	0x101ad0df5 in WebCore::JSMainThreadExecState::call at JSMainThreadExecState.h:48
#23	0x101b6d396 in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:124
#24	0x10181fbcc in WebCore::EventTarget::fireEventListeners at EventTarget.cpp:335
#25	0x101820236 in WebCore::EventTarget::fireEventListeners at EventTarget.cpp:304
#26	0x101dc3573 in WebCore::Node::handleLocalEvents at Node.cpp:2484
#27	0x101dc3c1f in WebCore::Node::dispatchGenericEvent at Node.cpp:2602
#28	0x101dc40cd in WebCore::Node::dispatchEvent at Node.cpp:2547
#29	0x101985d9e in WebCore::HTMLScriptElement::dispatchLoadEvent at HTMLScriptElement.cpp:189
#30	0x101fc0842 in WebCore::ScriptElementData::execute at ScriptElement.cpp:223
#31	0x101506ede in WebCore::AsyncScriptRunner::timerFired at AsyncScriptRunner.cpp:87
#32	0x1015075c3 in WebCore::Timer<WebCore::AsyncScriptRunner>::fired at Timer.h:98
#33	0x10212ee56 in WebCore::ThreadTimers::sharedTimerFiredInternal at ThreadTimers.cpp:112
#34	0x10212efe5 in WebCore::ThreadTimers::sharedTimerFired at ThreadTimers.cpp:90
#35	0x10200000b in WebCore::timerFired at SharedTimerMac.mm:166
#36	0x7fff800aa678 in __CFRunLoopRun
#37	0x7fff800a884f in CFRunLoopRunSpecific
#38	0x7fff815ed91a in RunCurrentEventLoopInMode
#39	0x7fff815ed71f in ReceiveNextEventCommon
#40	0x7fff815ed5d8 in BlockUntilNextEventMatchingListInMode
#41	0x7fff869c229e in _DPSNextEvent
#42	0x7fff869c1bed in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
#43	0x1000165d8 in ??
#44	0x7fff869878d3 in -[NSApplication run]
#45	0x7fff869805f8 in NSApplicationMain
#46	0x10000a4a4 in ??
Comment 1 Adam Barth 2010-10-26 00:23:54 PDT 
Another seemingly related stack.  Maybe related to using the debugger?  This happened soon after enabling the debugger:


#0	0x100762447 in JSC::CollectorBitmap::getset at Collector.h:235
#1	0x100762481 in JSC::Heap::checkMarkCell at Collector.h:302
#2	0x1007b4ea6 in JSC::MarkStack::drain at JSArray.h:239
#3	0x1007aceeb in JSC::Heap::markConservatively at Collector.cpp:688
#4	0x100845405 in JSC::RegisterFile::markGlobals at RegisterFile.h:134
#5	0x1008406d5 in JSC::JSGlobalObject::markChildren at JSGlobalObject.cpp:354
#6	0x101b261b8 in WebCore::JSDOMGlobalObject::markChildren at JSDOMGlobalObject.cpp:52
#7	0x101b59d5d in WebCore::JSDOMWindow::markChildren at JSDOMWindowCustom.cpp:97
#8	0x1007b4cdc in JSC::MarkStack::markChildren at JSArray.h:220
#9	0x1007b4f67 in JSC::MarkStack::drain at JSArray.h:258
#10	0x1007aceeb in JSC::Heap::markConservatively at Collector.cpp:688
#11	0x1007ad232 in JSC::Heap::markCurrentThreadConservativelyInternal at Collector.cpp:699
#12	0x1007ad26c in JSC::Heap::markCurrentThreadConservatively at Collector.cpp:721
#13	0x1007ad28b in JSC::Heap::markStackObjectsConservatively at Collector.cpp:873
#14	0x1007ad442 in JSC::Heap::markRoots at Collector.cpp:1043
#15	0x1007ae22f in JSC::Heap::reset at Collector.cpp:1179
#16	0x1007ae57c in JSC::Heap::allocate at Collector.cpp:344
#17	0x10078e092 in JSC::JSCell::operator new at JSCell.h:177
#18	0x10087d14e in JSC::jsOwnedString at JSString.h:548
#19	0x100779c9a in JSC::BytecodeGenerator::emitLoad at BytecodeGenerator.cpp:1094
#20	0x1008a06df in JSC::StringNode::emitBytecode at NodesCodegen.cpp:142
#21	0x10079c6e6 in JSC::BytecodeGenerator::emitNode at BytecodeGenerator.h:217
#22	0x10089b689 in JSC::BinaryOpNode::emitStrcat at NodesCodegen.cpp:947
#23	0x10089c7ba in JSC::BinaryOpNode::emitBytecode at NodesCodegen.cpp:979
#24	0x10079c6e6 in JSC::BytecodeGenerator::emitNode at BytecodeGenerator.h:217
#25	0x100899c96 in JSC::AssignBracketNode::emitBytecode at NodesCodegen.cpp:1282
#26	0x10079c6e6 in JSC::BytecodeGenerator::emitNode at BytecodeGenerator.h:217
#27	0x100896edf in JSC::ExprStatementNode::emitBytecode at NodesCodegen.cpp:1414
#28	0x10079c6e6 in JSC::BytecodeGenerator::emitNode at BytecodeGenerator.h:217
#29	0x1008a2df7 in JSC::SourceElements::emitBytecode at NodesCodegen.cpp:1370
#30	0x100896d5c in JSC::BlockNode::emitBytecode at NodesCodegen.cpp:1388
#31	0x10079c6e6 in JSC::BytecodeGenerator::emitNode at BytecodeGenerator.h:217
#32	0x1008a2df7 in JSC::SourceElements::emitBytecode at NodesCodegen.cpp:1370
#33	0x1008a2e5b in JSC::ScopeNode::emitStatementsBytecode at NodesCodegen.cpp:1998
#34	0x1008971cf in JSC::FunctionBodyNode::emitBytecode at NodesCodegen.cpp:2036
#35	0x10077e399 in JSC::BytecodeGenerator::generate at BytecodeGenerator.cpp:144
#36	0x1007d2cb7 in JSC::FunctionExecutable::compileForCallInternal at Executable.cpp:197
#37	0x10076cb22 in JSC::FunctionExecutable::compileForCall at Executable.h:315
#38	0x100814009 in cti_vm_lazyLinkCall at JITStubs.cpp:2106
#39	0x10080bb11 in WTF::doubleHash at HashTable.h:447
#40	0x1007ea5c6 in JSC::JITCode::execute at JITCode.h:77
#41	0x1007e5916 in JSC::Interpreter::executeCall at Interpreter.cpp:825
#42	0x10079cdf3 in JSC::call at CallData.cpp:38
#43	0x101ad0df5 in WebCore::JSMainThreadExecState::call at JSMainThreadExecState.h:48
#44	0x101b6d396 in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:124
#45	0x10181fbcc in WebCore::EventTarget::fireEventListeners at EventTarget.cpp:335
#46	0x101820236 in WebCore::EventTarget::fireEventListeners at EventTarget.cpp:304
#47	0x101dc3573 in WebCore::Node::handleLocalEvents at Node.cpp:2484
#48	0x101dc3d1b in WebCore::Node::dispatchGenericEvent at Node.cpp:2614
#49	0x101dc40cd in WebCore::Node::dispatchEvent at Node.cpp:2547
#50	0x101dc248f in WebCore::Node::dispatchMouseEvent at Node.cpp:2811
#51	0x101dc2973 in WebCore::Node::dispatchMouseEvent at Node.cpp:2720
#52	0x10180e4dc in WebCore::EventHandler::dispatchMouseEvent at EventHandler.cpp:1843
#53	0x101811fa0 in WebCore::EventHandler::handleMouseReleaseEvent at EventHandler.cpp:1569
#54	0x10181a71d in WebCore::EventHandler::mouseUp at EventHandlerMac.mm:545
#55	0x100f6f4f1 in -[WebHTMLView mouseUp:] at WebHTMLView.mm:3761
#56	0x7fff86abb7ed in -[NSWindow sendEvent:]
#57	0x10004261d in ??
#58	0x1000425aa in ??
#59	0x7fff869f0ee2 in -[NSApplication sendEvent:]
#60	0x1000392ee in ??
#61	0x7fff86987922 in -[NSApplication run]
#62	0x7fff869805f8 in NSApplicationMain
#63	0x10000a4a4 in ??
Comment 2 Adam Barth 2010-10-26 00:26:59 PDT 
Yeah, repros very quickly on Zimbra by enabling the debugger and then clicking around the page:


#0	0x100762447 in JSC::CollectorBitmap::getset at Collector.h:235
#1	0x100762481 in JSC::Heap::checkMarkCell at Collector.h:302
#2	0x1007b4ea6 in JSC::MarkStack::drain at JSArray.h:239
#3	0x1007aceeb in JSC::Heap::markConservatively at Collector.cpp:688
#4	0x100845405 in JSC::RegisterFile::markGlobals at RegisterFile.h:134
#5	0x1008406d5 in JSC::JSGlobalObject::markChildren at JSGlobalObject.cpp:354
#6	0x101b261b8 in WebCore::JSDOMGlobalObject::markChildren at JSDOMGlobalObject.cpp:52
#7	0x101b59d5d in WebCore::JSDOMWindow::markChildren at JSDOMWindowCustom.cpp:97
#8	0x1007b4cdc in JSC::MarkStack::markChildren at JSArray.h:220
#9	0x1007b4fd7 in JSC::MarkStack::drain at JSArray.h:261
#10	0x1007aceeb in JSC::Heap::markConservatively at Collector.cpp:688
#11	0x1007ad232 in JSC::Heap::markCurrentThreadConservativelyInternal at Collector.cpp:699
#12	0x1007ad26c in JSC::Heap::markCurrentThreadConservatively at Collector.cpp:721
#13	0x1007ad28b in JSC::Heap::markStackObjectsConservatively at Collector.cpp:873
#14	0x1007ad442 in JSC::Heap::markRoots at Collector.cpp:1043
#15	0x1007ae22f in JSC::Heap::reset at Collector.cpp:1179
#16	0x1007ae57c in JSC::Heap::allocate at Collector.cpp:344
#17	0x10078e092 in JSC::JSCell::operator new at JSCell.h:177
#18	0x1008135d4 in cti_op_create_arguments_no_params at JITStubs.cpp:2226
#19	0x10080bb11 in WTF::doubleHash at HashTable.h:447
#20	0x1007ea5c6 in JSC::JITCode::execute at JITCode.h:77
#21	0x1007e5916 in JSC::Interpreter::executeCall at Interpreter.cpp:825
#22	0x10079cdf3 in JSC::call at CallData.cpp:38
#23	0x101ad0df5 in WebCore::JSMainThreadExecState::call at JSMainThreadExecState.h:48
#24	0x101b6d396 in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:124
#25	0x10181fbcc in WebCore::EventTarget::fireEventListeners at EventTarget.cpp:335
#26	0x101820236 in WebCore::EventTarget::fireEventListeners at EventTarget.cpp:304
#27	0x101dc3573 in WebCore::Node::handleLocalEvents at Node.cpp:2484
#28	0x101dc3d1b in WebCore::Node::dispatchGenericEvent at Node.cpp:2614
#29	0x101dc40cd in WebCore::Node::dispatchEvent at Node.cpp:2547
#30	0x101dc248f in WebCore::Node::dispatchMouseEvent at Node.cpp:2811
#31	0x101dc2973 in WebCore::Node::dispatchMouseEvent at Node.cpp:2720
#32	0x10180e3a4 in WebCore::EventHandler::updateMouseEventTargetNode at EventHandler.cpp:1824
#33	0x10180e48e in WebCore::EventHandler::dispatchMouseEvent at EventHandler.cpp:1838
#34	0x10181372c in WebCore::EventHandler::handleMouseMoveEvent at EventHandler.cpp:1514
#35	0x101813813 in WebCore::EventHandler::mouseMoved at EventHandler.cpp:1395
#36	0x10181a5a4 in WebCore::EventHandler::mouseMoved at EventHandlerMac.mm:625
#37	0x100f78d2d in -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:] at WebHTMLView.mm:1654
#38	0x100f62de5 in -[WebHTMLView mouseMovedNotification:] at WebHTMLView.mm:3770
#39	0x7fff876e984e in _nsnote_callback
#40	0x7fff800b5a90 in __CFXNotificationPost
#41	0x7fff800a2008 in _CFXNotificationPostNotification
#42	0x7fff876e07b8 in -[NSNotificationCenter postNotificationName:object:userInfo:]
#43	0x7fff869ee5ee in forwardMethod
#44	0x7fff869ee5ee in forwardMethod
#45	0x7fff869ee5ee in forwardMethod
#46	0x7fff869ee5ee in forwardMethod
#47	0x7fff869ee5ee in forwardMethod
#48	0x7fff869ee5ee in forwardMethod
#49	0x7fff869ee5ee in forwardMethod
#50	0x7fff869ee5ee in forwardMethod
#51	0x7fff86abc483 in -[NSWindow sendEvent:]
#52	0x10004261d in ??
#53	0x1000425aa in ??
#54	0x7fff869f0cd9 in -[NSApplication sendEvent:]
#55	0x1000392ee in ??
#56	0x7fff86987922 in -[NSApplication run]
#57	0x7fff869805f8 in NSApplicationMain
#58	0x10000a4a4 in ??
Comment 3 Geoffrey Garen 2010-10-28 11:57:16 PDT 
<rdar://problem/8606082>
Comment 4 Alexey Proskuryakov 2011-03-14 14:54:34 PDT 
Adam, is this still reproducible for you?
Comment 5 Adam Barth 2011-03-14 14:56:47 PDT 
I haven't tried since I reported the bug.
Comment 6 BJ Burg 2016-08-01 11:46:30 PDT 
Not reproducible, closing.