Bug 61064 - Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController::clearWindowShell on SnowLeopard Intel Release (WebKit2 Tests)
Summary: Some tests crashing in JSC::MarkStack::validateValue beneath ScriptController...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.6
: P2 Normal
Assignee: Oliver Hunt
URL: http://build.webkit.org/results/SnowL...
Keywords: InRadar, LayoutTestFailure, MakingBotsRed
Depends on:
Blocks:
 
Reported: 2011-05-18 09:05 PDT by Adam Roben (:aroben)
Modified: 2011-05-18 17:58 PDT (History)
2 users (show)

See Also:

Attachments
Patch (1.69 KB, patch)
2011-05-18 17:41 PDT, Oliver Hunt 		barraclough: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2011-05-18 09:05:17 PDT 
dom/html/level1/core/hc_nodeelementnodeattributes.html crashed once in JSC::MarkStack::validateValue on SnowLeopard Intel Release (WebKit2 Tests).

http://build.webkit.org/results/SnowLeopard%20Intel%20Release%20(WebKit2%20Tests)/r86761%20(11774)/dom/html/level1/core/hc_nodeelementnodeattributes-crash-log.txt


Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x000000011088c3c8
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000010083038e JSC::MarkStack::validateValue(JSC::JSValue) + 62 (WriteBarrier.h:97)
1   com.apple.JavaScriptCore      	0x000000010083099a JSC::MarkStack::visitChildren(JSC::JSCell*) + 554 (MarkStack.cpp:138)
2   com.apple.JavaScriptCore      	0x00000001008306c7 JSC::MarkStack::drain() + 455 (MarkStack.h:162)
3   com.apple.JavaScriptCore      	0x000000010082d23c JSC::Heap::markRoots() + 268 (Heap.cpp:227)
4   com.apple.JavaScriptCore      	0x000000010082d685 JSC::Heap::reset(JSC::Heap::SweepToggle) + 37 (Heap.cpp:396)
5   com.apple.JavaScriptCore      	0x000000010082d783 JSC::Heap::allocateSlowCase(unsigned long) + 19 (Heap.cpp:124)
6   com.apple.JavaScriptCore      	0x000000010080048a JSC::Structure::addPropertyTransition(JSC::JSGlobalData&, JSC::Structure*, JSC::Identifier const&, unsigned int, JSC::JSCell*, unsigned long&) + 2762 (JSCell.h:409)
7   com.apple.JavaScriptCore      	0x000000010063664d JSC::JSObject::putDirectInternal(JSC::JSGlobalData&, JSC::Identifier const&, JSC::JSValue, unsigned int, bool, JSC::PutPropertySlot&, JSC::JSCell*) + 2365 (JSObject.h:657)
8   com.apple.JavaScriptCore      	0x00000001006b9d6b JSC::ErrorInstance::ErrorInstance(JSC::JSGlobalData*, JSC::Structure*) + 315 (RefPtr.h:58)
9   com.apple.JavaScriptCore      	0x00000001006ba8bd JSC::ErrorPrototype::ErrorPrototype(JSC::ExecState*, JSC::JSGlobalObject*, JSC::Structure*) + 45 (ErrorPrototype.cpp:54)
10  com.apple.JavaScriptCore      	0x0000000100751e5e JSC::JSGlobalObject::reset(JSC::JSValue) + 4798 (JSValueInlineMethods.h:386)
11  com.apple.WebCore             	0x0000000100f51691 WebCore::JSDOMGlobalObject::JSDOMGlobalObject(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWrapperWorld>, JSC::JSObject*) + 833 (JSDOMGlobalObject.cpp:48)
12  com.apple.WebCore             	0x0000000100fa0d56 WebCore::JSDOMWindowBase::JSDOMWindowBase(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 54 (PassRefPtr.h:74)
13  com.apple.WebCore             	0x0000000100f72ba3 WebCore::JSDOMWindow::JSDOMWindow(JSC::JSGlobalData&, JSC::Structure*, WTF::PassRefPtr<WebCore::DOMWindow>, WebCore::JSDOMWindowShell*) + 35 (PassRefPtr.h:74)
14  com.apple.WebCore             	0x0000000100faa1de WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtr<WebCore::DOMWindow>) + 526 (PassRefPtr.h:74)
15  com.apple.WebCore             	0x000000010156a609 WebCore::ScriptController::clearWindowShell(bool) + 217 (PassRefPtr.h:74)
16  com.apple.WebCore             	0x0000000100cbb215 WebCore::FrameLoader::clear(bool, bool, bool) + 389 (FrameLoader.cpp:630)
17  com.apple.WebCore             	0x0000000100b7af05 WebCore::DocumentWriter::begin(WebCore::KURL const&, bool, WebCore::SecurityOrigin*) + 197 (DocumentWriter.cpp:128)
18  com.apple.WebCore             	0x0000000100cc3a93 WebCore::FrameLoader::receivedFirstData() + 51 (FrameLoader.cpp:660)
19  com.apple.WebCore             	0x0000000100b7ab99 WebCore::DocumentWriter::setEncoding(WTF::String const&, bool) + 41 (RefPtr.h:60)
20  com.apple.WebCore             	0x0000000100b6be01 WebCore::DocumentLoader::commitData(char const*, int) + 81 (DocumentLoader.cpp:321)
21  com.apple.WebKit2             	0x0000000100232c26 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 70 (RefPtr.h:60)
22  com.apple.WebKit2             	0x0000000100233c55 WebKit::WebFrameLoaderClient::finishedLoading(WebCore::DocumentLoader*) + 59 (WebFrameLoaderClient.cpp:820)
23  com.apple.WebCore             	0x0000000100cc36b2 WebCore::FrameLoader::finishedLoadingDocument(WebCore::DocumentLoader*) + 130 (FrameLoader.cpp:2352)
24  com.apple.WebCore             	0x0000000100b69bc0 WebCore::DocumentLoader::finishedLoading() + 48 (DocumentLoader.cpp:288)
25  com.apple.WebCore             	0x0000000100cc2bda WebCore::FrameLoader::finishedLoading() + 90 (FrameLoader.cpp:2277)
26  com.apple.WebCore             	0x0000000101364f13 WebCore::MainResourceLoader::didFinishLoading(double) + 147 (MainResourceLoader.cpp:485)
27  com.apple.WebCore             	0x0000000101365976 WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction, WebCore::ResourceResponse const&) + 982 (MainResourceLoader.cpp:319)
28  com.apple.WebCore             	0x0000000101365baf WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction) + 127 (MainResourceLoader.cpp:333)
29  com.apple.WebCore             	0x00000001013e4162 WebCore::PolicyChecker::continueAfterContentPolicy(WebCore::PolicyAction) + 834 (PolicyChecker.cpp:191)
30  com.apple.WebKit2             	0x00000001002351b2 WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse(void (WebCore::PolicyChecker::*)(WebCore::PolicyAction), WebCore::ResourceResponse const&, WebCore::ResourceRequest const&) + 200 (WebFrameLoaderClient.cpp:592)
31  com.apple.WebCore             	0x0000000101367e04 WebCore::MainResourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 2260 (RefCounted.h:91)
32  com.apple.WebCore             	0x0000000101366003 WebCore::MainResourceLoader::handleEmptyLoad(WebCore::KURL const&, bool) + 323 (RetainPtr.h:72)
33  com.apple.WebCore             	0x0000000101369766 WebCore::MainResourceLoader::loadNow(WebCore::ResourceRequest&) + 534 (MainResourceLoader.cpp:583)
34  com.apple.WebCore             	0x000000010136a908 WebCore::MainResourceLoader::load(WebCore::ResourceRequest const&, WebCore::SubstituteData const&) + 1192 (MainResourceLoader.cpp:612)
35  com.apple.WebCore             	0x0000000100b6a5e3 WebCore::DocumentLoader::startLoadingMainResource(unsigned long) + 131 (DocumentLoader.cpp:809)
36  com.apple.WebCore             	0x0000000100cba0b5 WebCore::FrameLoader::continueLoadAfterWillSubmitForm() + 213 (FrameLoader.cpp:2554)
37  com.apple.WebCore             	0x0000000100cc6d47 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 551 (FrameLoader.cpp:3085)
38  com.apple.WebCore             	0x0000000100cc6db5 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 37 (PassRefPtr.h:74)
39  com.apple.WebCore             	0x00000001013e0d01 WebCore::PolicyCallback::call(bool) + 81 (PassRefPtr.h:74)
40  com.apple.WebCore             	0x00000001013e370a WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) + 1770 (PolicyChecker.cpp:164)
41  com.apple.WebKit2             	0x00000001002355cc WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(void (WebCore::PolicyChecker::*)(WebCore::PolicyAction), WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>) + 314 (WebFrameLoaderClient.cpp:653)
42  com.apple.WebCore             	0x00000001013e48c3 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 1859 (PassRefPtr.h:74)
43  com.apple.WebCore             	0x0000000100cc8af0 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1664 (PassRefPtr.h:74)
44  com.apple.WebCore             	0x0000000100cc977a WebCore::FrameLoader::load(WebCore::DocumentLoader*) + 186 (PassRefPtr.h:74)
45  com.apple.WebCore             	0x0000000100cc99fb WebCore::FrameLoader::load(WebCore::ResourceRequest const&, WebCore::SubstituteData const&, bool) + 347 (PassRefPtr.h:58)
46  com.apple.WebCore             	0x0000000100ccfcaa WebCore::FrameLoader::load(WebCore::ResourceRequest const&, bool) + 122 (RefPtr.h:58)
47  com.apple.WebKit2             	0x000000010023ec13 WebKit::WebPage::loadURLRequest(WebCore::ResourceRequest const&, WebKit::SandboxExtension::Handle const&) + 55 (MessageSender.h:38)
48  com.apple.WebKit2             	0x000000010023ecae WebKit::WebPage::loadURL(WTF::String const&, WebKit::SandboxExtension::Handle const&) + 126 (ResourceRequest.h:49)
49  com.apple.WebKit2             	0x000000010028c59c void CoreIPC::handleMessage<Messages::WebPage::LoadURL, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::SandboxExtension::Handle const&)) + 89 (Arguments.h:93)
50  com.apple.WebKit2             	0x0000000100203e02 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 138 (Connection.cpp:690)
51  com.apple.WebKit2             	0x0000000100203f10 CoreIPC::Connection::dispatchMessages() + 156 (Connection.cpp:711)
52  com.apple.WebKit2             	0x000000010021e5b3 RunLoop::performWork() + 135 (OwnPtrCommon.h:59)
53  com.apple.WebKit2             	0x000000010021ec05 RunLoop::performWork(void*) + 83 (RunLoopMac.mm:38)
54  com.apple.CoreFoundation      	0x00007fff806c6401 __CFRunLoopDoSources0 + 1361
55  com.apple.CoreFoundation      	0x00007fff806c45f9 __CFRunLoopRun + 873
56  com.apple.CoreFoundation      	0x00007fff806c3dbf CFRunLoopRunSpecific + 575
57  com.apple.HIToolbox           	0x00007fff888f27ee RunCurrentEventLoopInMode + 333
58  com.apple.HIToolbox           	0x00007fff888f25f3 ReceiveNextEventCommon + 310
59  com.apple.HIToolbox           	0x00007fff888f24ac BlockUntilNextEventMatchingListInMode + 59
60  com.apple.AppKit              	0x00007fff85bdde64 _DPSNextEvent + 718
61  com.apple.AppKit              	0x00007fff85bdd7a9 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
62  com.apple.AppKit              	0x00007fff85ba348b -[NSApplication run] + 395
63  com.apple.WebKit2             	0x0000000100264858 WebKit::WebProcessMain(WebKit::CommandLine const&) + 635 (RetainPtr.h:72)
64  com.apple.WebKit2             	0x0000000100239b44 WebKitMain + 293 (WebKitMain.cpp:48)
65  com.apple.WebProcess          	0x0000000100000d88 start + 52
Comment 1 Adam Roben (:aroben) 2011-05-18 09:05:56 PDT 
<rdar://problem/9460616>
Comment 3 Oliver Hunt 2011-05-18 17:41:11 PDT 
Created attachment 94012 [details]
Patch
Comment 4 Gavin Barraclough 2011-05-18 17:43:35 PDT 
Comment on attachment 94012 [details]
Patch

That's a world of subtle. :-(
Comment 5 Oliver Hunt 2011-05-18 17:46:22 PDT 
Committed r86809: <http://trac.webkit.org/changeset/86809>
Comment 6 Geoffrey Garen 2011-05-18 17:58:34 PDT 
Anonymous storage is evil. It must die.