WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
61064
Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
https://bugs.webkit.org/show_bug.cgi?id=61064
Summary
Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController...
Adam Roben (:aroben)
Reported
2011-05-18 09:05:17 PDT
dom/html/level1/core/hc_nodeelementnodeattributes.html crashed once in JSC::MarkStack::validateValue on SnowLeopard Intel Release (WebKit2 Tests).
http://build.webkit.org/results/SnowLeopard%20Intel%20Release%20(WebKit2%20Tests)/r86761%20(11774)/dom/html/level1/core/hc_nodeelementnodeattributes-crash-log.txt
Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x000000011088c3c8 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010083038e JSC::MarkStack::validateValue(JSC::JSValue) + 62 (WriteBarrier.h:97) 1 com.apple.JavaScriptCore 0x000000010083099a JSC::MarkStack::visitChildren(JSC::JSCell*) + 554 (MarkStack.cpp:138) 2 com.apple.JavaScriptCore 0x00000001008306c7 JSC::MarkStack::drain() + 455 (MarkStack.h:162) 3 com.apple.JavaScriptCore 0x000000010082d23c JSC::Heap::markRoots() + 268 (Heap.cpp:227) 4 com.apple.JavaScriptCore 0x000000010082d685 JSC::Heap::reset(JSC::Heap::SweepToggle) + 37 (Heap.cpp:396) 5 com.apple.JavaScriptCore 0x000000010082d783 JSC::Heap::allocateSlowCase(unsigned long) + 19 (Heap.cpp:124) 6 com.apple.JavaScriptCore 0x000000010080048a JSC::Structure::addPropertyTransition(JSC::JSGlobalData&, JSC::Structure*, JSC::Identifier const&, unsigned int, JSC::JSCell*, unsigned long&) + 2762 (JSCell.h:409) 7 com.apple.JavaScriptCore 0x000000010063664d JSC::JSObject::putDirectInternal(JSC::JSGlobalData&, JSC::Identifier const&, JSC::JSValue, unsigned int, bool, JSC::PutPropertySlot&, JSC::JSCell*) + 2365 (JSObject.h:657) 8 com.apple.JavaScriptCore 0x00000001006b9d6b JSC::ErrorInstance::ErrorInstance(JSC::JSGlobalData*, JSC::Structure*) + 315 (RefPtr.h:58) 9 com.apple.JavaScriptCore 0x00000001006ba8bd JSC::ErrorPrototype::ErrorPrototype(JSC::ExecState*, JSC::JSGlobalObject*, JSC::Structure*) + 45 (ErrorPrototype.cpp:54) 10 com.apple.JavaScriptCore 0x0000000100751e5e JSC::JSGlobalObject::reset(JSC::JSValue) + 4798 (JSValueInlineMethods.h:386) 11 com.apple.WebCore 0x0000000100f51691 WebCore::JSDOMGlobalObject::JSDOMGlobalObject(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWrapperWorld>, JSC::JSObject*) + 833 (JSDOMGlobalObject.cpp:48) 12 com.apple.WebCore 0x0000000100fa0d56 WebCore::JSDOMWindowBase::JSDOMWindowBase(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 54 (PassRefPtr.h:74) 13 com.apple.WebCore 0x0000000100f72ba3 WebCore::JSDOMWindow::JSDOMWindow(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 35 (PassRefPtr.h:74) 14 com.apple.WebCore 0x0000000100faa1de WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 526 (PassRefPtr.h:74) 15 com.apple.WebCore 0x000000010156a609 WebCore::ScriptController::clearWindowShell(bool) + 217 (PassRefPtr.h:74) 16 com.apple.WebCore 0x0000000100cbb215 WebCore::FrameLoader::clear(bool, bool, bool) + 389 (FrameLoader.cpp:630) 17 com.apple.WebCore 0x0000000100b7af05 WebCore::DocumentWriter::begin(WebCore::KURL const&, bool, WebCore::SecurityOrigin*) + 197 (DocumentWriter.cpp:128) 18 com.apple.WebCore 0x0000000100cc3a93 WebCore::FrameLoader::receivedFirstData() + 51 (FrameLoader.cpp:660) 19 com.apple.WebCore 0x0000000100b7ab99 WebCore::DocumentWriter::setEncoding(WTF::String const&, bool) + 41 (RefPtr.h:60) 20 com.apple.WebCore 0x0000000100b6be01 WebCore::DocumentLoader::commitData(char const*, int) + 81 (DocumentLoader.cpp:321) 21 com.apple.WebKit2 0x0000000100232c26 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 70 (RefPtr.h:60) 22 com.apple.WebKit2 0x0000000100233c55 WebKit::WebFrameLoaderClient::finishedLoading(WebCore::DocumentLoader*) + 59 (WebFrameLoaderClient.cpp:820) 23 com.apple.WebCore 0x0000000100cc36b2 WebCore::FrameLoader::finishedLoadingDocument(WebCore::DocumentLoader*) + 130 (FrameLoader.cpp:2352) 24 com.apple.WebCore 0x0000000100b69bc0 WebCore::DocumentLoader::finishedLoading() + 48 (DocumentLoader.cpp:288) 25 com.apple.WebCore 0x0000000100cc2bda WebCore::FrameLoader::finishedLoading() + 90 (FrameLoader.cpp:2277) 26 com.apple.WebCore 0x0000000101364f13 WebCore::MainResourceLoader::didFinishLoading(double) + 147 (MainResourceLoader.cpp:485) 27 com.apple.WebCore 0x0000000101365976 WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction, WebCore::ResourceResponse const&) + 982 (MainResourceLoader.cpp:319) 28 com.apple.WebCore 0x0000000101365baf WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction) + 127 (MainResourceLoader.cpp:333) 29 com.apple.WebCore 0x00000001013e4162 WebCore::PolicyChecker::continueAfterContentPolicy(WebCore::PolicyAction) + 834 (PolicyChecker.cpp:191) 30 com.apple.WebKit2 0x00000001002351b2 WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse(void (WebCore::PolicyChecker::*)(WebCore::PolicyAction), WebCore::ResourceResponse const&, WebCore::ResourceRequest const&) + 200 (WebFrameLoaderClient.cpp:592) 31 com.apple.WebCore 0x0000000101367e04 WebCore::MainResourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 2260 (RefCounted.h:91) 32 com.apple.WebCore 0x0000000101366003 WebCore::MainResourceLoader::handleEmptyLoad(WebCore::KURL const&, bool) + 323 (RetainPtr.h:72) 33 com.apple.WebCore 0x0000000101369766 WebCore::MainResourceLoader::loadNow(WebCore::ResourceRequest&) + 534 (MainResourceLoader.cpp:583) 34 com.apple.WebCore 0x000000010136a908 WebCore::MainResourceLoader::load(WebCore::ResourceRequest const&, WebCore::SubstituteData const&) + 1192 (MainResourceLoader.cpp:612) 35 com.apple.WebCore 0x0000000100b6a5e3 WebCore::DocumentLoader::startLoadingMainResource(unsigned long) + 131 (DocumentLoader.cpp:809) 36 com.apple.WebCore 0x0000000100cba0b5 WebCore::FrameLoader::continueLoadAfterWillSubmitForm() + 213 (FrameLoader.cpp:2554) 37 com.apple.WebCore 0x0000000100cc6d47 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 551 (FrameLoader.cpp:3085) 38 com.apple.WebCore 0x0000000100cc6db5 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 37 (PassRefPtr.h:74) 39 com.apple.WebCore 0x00000001013e0d01 WebCore::PolicyCallback::call(bool) + 81 (PassRefPtr.h:74) 40 com.apple.WebCore 0x00000001013e370a WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) + 1770 (PolicyChecker.cpp:164) 41 com.apple.WebKit2 0x00000001002355cc WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(void (WebCore::PolicyChecker::*)(WebCore::PolicyAction), WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>) + 314 (WebFrameLoaderClient.cpp:653) 42 com.apple.WebCore 0x00000001013e48c3 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 1859 (PassRefPtr.h:74) 43 com.apple.WebCore 0x0000000100cc8af0 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1664 (PassRefPtr.h:74) 44 com.apple.WebCore 0x0000000100cc977a WebCore::FrameLoader::load(WebCore::DocumentLoader*) + 186 (PassRefPtr.h:74) 45 com.apple.WebCore 0x0000000100cc99fb WebCore::FrameLoader::load(WebCore::ResourceRequest const&, WebCore::SubstituteData const&, bool) + 347 (PassRefPtr.h:58) 46 com.apple.WebCore 0x0000000100ccfcaa WebCore::FrameLoader::load(WebCore::ResourceRequest const&, bool) + 122 (RefPtr.h:58) 47 com.apple.WebKit2 0x000000010023ec13 WebKit::WebPage::loadURLRequest(WebCore::ResourceRequest const&, WebKit::SandboxExtension::Handle const&) + 55 (MessageSender.h:38) 48 com.apple.WebKit2 0x000000010023ecae WebKit::WebPage::loadURL(WTF::String const&, WebKit::SandboxExtension::Handle const&) + 126 (ResourceRequest.h:49) 49 com.apple.WebKit2 0x000000010028c59c void CoreIPC::handleMessage<Messages::WebPage::LoadURL, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)) + 89 (Arguments.h:93) 50 com.apple.WebKit2 0x0000000100203e02 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 138 (Connection.cpp:690) 51 com.apple.WebKit2 0x0000000100203f10 CoreIPC::Connection::dispatchMessages() + 156 (Connection.cpp:711) 52 com.apple.WebKit2 0x000000010021e5b3 RunLoop::performWork() + 135 (OwnPtrCommon.h:59) 53 com.apple.WebKit2 0x000000010021ec05 RunLoop::performWork(void*) + 83 (RunLoopMac.mm:38) 54 com.apple.CoreFoundation 0x00007fff806c6401 __CFRunLoopDoSources0 + 1361 55 com.apple.CoreFoundation 0x00007fff806c45f9 __CFRunLoopRun + 873 56 com.apple.CoreFoundation 0x00007fff806c3dbf CFRunLoopRunSpecific + 575 57 com.apple.HIToolbox 0x00007fff888f27ee RunCurrentEventLoopInMode + 333 58 com.apple.HIToolbox 0x00007fff888f25f3 ReceiveNextEventCommon + 310 59 com.apple.HIToolbox 0x00007fff888f24ac BlockUntilNextEventMatchingListInMode + 59 60 com.apple.AppKit 0x00007fff85bdde64 _DPSNextEvent + 718 61 com.apple.AppKit 0x00007fff85bdd7a9 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155 62 com.apple.AppKit 0x00007fff85ba348b -[NSApplication run] + 395 63 com.apple.WebKit2 0x0000000100264858 WebKit::WebProcessMain(WebKit::CommandLine const&) + 635 (RetainPtr.h:72) 64 com.apple.WebKit2 0x0000000100239b44 WebKitMain + 293 (WebKitMain.cpp:48) 65 com.apple.WebProcess 0x0000000100000d88 start + 52
Attachments
Patch
(1.69 KB, patch)
2011-05-18 17:41 PDT
,
Oliver Hunt
barraclough
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1
2011-05-18 09:05:56 PDT
<
rdar://problem/9460616
>
Adam Roben (:aroben)
Comment 2
2011-05-18 10:13:57 PDT
Here's a very similar crash on a different test:
http://build.webkit.org/results/SnowLeopard%20Intel%20Release%20(WebKit2%20Tests)/r86769%20(11776)/sputnik/Conformance/07_Lexical_Conventions/7.2_White_Space/S7.2_A4.1_T2-crash-log.txt
Oliver Hunt
Comment 3
2011-05-18 17:41:11 PDT
Created
attachment 94012
[details]
Patch
Gavin Barraclough
Comment 4
2011-05-18 17:43:35 PDT
Comment on
attachment 94012
[details]
Patch That's a world of subtle. :-(
Oliver Hunt
Comment 5
2011-05-18 17:46:22 PDT
Committed
r86809
: <
http://trac.webkit.org/changeset/86809
>
Geoffrey Garen
Comment 6
2011-05-18 17:58:34 PDT
Anonymous storage is evil. It must die.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug