90664 – REGRESSION(r121925): It made PerformanceTests/Dromaeo/cssquery-prototype.html crash

Bug 90664 - REGRESSION(r121925): It made PerformanceTests/Dromaeo/cssquery-prototype.html crash

Summary: REGRESSION(r121925): It made PerformanceTests/Dromaeo/cssquery-prototype.html...

Status:	RESOLVED DUPLICATE of bug 90703

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P1 Critical
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	90347
	Show dependency tree / graph

Reported:	2012-07-06 01:32 PDT by Csaba Osztrogonác
Modified:	2012-07-09 03:23 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Csaba Osztrogonác 2012-07-06 01:32:24 PDT

It crashes on perf bots (Qt and Lion too). Here is the GDB backtrace created on Qt:

$ gdb WebKitBuild/Debug/bin/DumpRenderTree
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree...done.
(gdb) run --no-timeout PerformanceTests/Dromaeo/cssquery-prototype.html
Starting program: /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree --no-timeout PerformanceTests/Dromaeo/cssquery-prototype.html
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffa667b700 (LWP 20254)]
[Thread 0x7fffa667b700 (LWP 20254) exited]
[New Thread 0x7fffa667b700 (LWP 20255)]
[New Thread 0x7fffa6270700 (LWP 20256)]
[New Thread 0x7fffa606f700 (LWP 20257)]
[New Thread 0x7fffa5e6e700 (LWP 20258)]
[New Thread 0x7fffa5c6d700 (LWP 20259)]
[New Thread 0x7fffa5a6c700 (LWP 20260)]
[New Thread 0x7fffa586b700 (LWP 20261)]
[New Thread 0x7fffa5191700 (LWP 20262)]
main frame - has 1 onunload handler(s)
frame "<!--framePath //<!--frame0-->-->" - has 1 onunload handler(s)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff41f505a in JSC::WriteBarrierBase<JSC::Structure>::get (this=0x8) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h:102
102             if (m_cell)
(gdb) bt
#0  0x00007ffff41f505a in JSC::WriteBarrierBase<JSC::Structure>::get (this=0x8) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/WriteBarrier.h:102
#1  0x00007ffff41f3584 in JSC::JSCell::structure (this=0x0) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSCell.h:192
#2  0x00007ffff41f41aa in JSC::Structure::typeInfo (this=0x0) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Structure.h:138
#3  0x00007ffff5a13f40 in JSC::getCallableObjectSlow (cell=0x7ffff7c58c20) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:49
#4  0x00007ffff42299ec in JSC::getCallableObject (value=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:55
#5  0x00007ffff5a1480e in JSC::JSObject::put (cell=0x7fffa422e380, exec=0x7fffa524c108, propertyName=..., value=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.cpp:176
#6  0x00007ffff59f6e96 in JSC::JSFunction::put (cell=0x7fffa422e380, exec=0x7fffa524c108, propertyName=..., value=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSFunction.cpp:351
#7  0x00007ffff588f0e7 in JSC::JSValue::put (this=0x7fffffffb810, exec=0x7fffa524c108, propertyName=..., value=..., slot=...) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:915
#8  0x00007ffff593cf08 in cti_op_put_by_val (args=0x7fffffffb890) at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:2509
#9  0x00007ffff59368cc in JSC::JITThunks::tryCacheGetByID (callFrame=0x7ffff593fc0b, codeBlock=0x7fffa422e380, returnAddress=..., baseValue=..., propertyName=..., slot=..., stubInfo=0x4dcd70)
    at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITStubs.cpp:975
#10 0x00007ffff590d180 in JSC::JITCode::execute (this=0x7fffa4318bc8, registerFile=0x4f1bf8, callFrame=0x7fffa524c038, globalData=0x4dcd70) at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.h:133
#11 0x00007ffff59096f8 in JSC::Interpreter::execute (this=0x4f1be0, program=0x7fffa4318ba0, callFrame=0x7fffa51dee90, scopeChain=0x7fffa4346280, thisObj=0x7fffa43462c0)
    at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:1231
#12 0x00007ffff59c8504 in JSC::evaluate (exec=0x7fffa51dee90, scopeChain=0x7fffa4346280, source=..., thisValue=..., returnedException=0x7fffffffcf20) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:75
#13 0x00007ffff4258b6d in WebCore::JSMainThreadExecState::evaluate (exec=0x7fffa51dee90, chain=0x7fffa4346280, source=..., thisValue=..., exception=0x7fffffffcf20)
    at /home/oszi/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:77
#14 0x00007ffff428a153 in WebCore::ScriptController::evaluateInWorld (this=0x6cd810, sourceCode=..., world=0x4ee330) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:145
#15 0x00007ffff428a2b6 in WebCore::ScriptController::evaluate (this=0x6cd810, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:162
#16 0x00007ffff45c4f71 in WebCore::ScriptElement::executeScript (this=0x6d5400, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/dom/ScriptElement.cpp:300
#17 0x00007ffff47e4f4d in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent (this=0x5f49b0, pendingScript=...) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:139
#18 0x00007ffff47e4d50 in WebCore::HTMLScriptRunner::executeParsingBlockingScript (this=0x5f49b0) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:118
#19 0x00007ffff47e5399 in WebCore::HTMLScriptRunner::executeParsingBlockingScripts (this=0x5f49b0) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:195
#20 0x00007ffff47e5510 in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad (this=0x5f49b0, cachedScript=0x6de080) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:206
#21 0x00007ffff47d7aac in WebCore::HTMLDocumentParser::notifyFinished (this=0x6d93c0, cachedResource=0x6de080) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:516
#22 0x00007ffff497404d in WebCore::CachedResource::checkNotify (this=0x6de080) at /home/oszi/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:245
#23 0x00007ffff497e54b in WebCore::CachedScript::data (this=0x6de080, data=..., allDataReceived=true) at /home/oszi/WebKit/Source/WebCore/loader/cache/CachedScript.cpp:104
#24 0x00007ffff49eb33c in WebCore::SubresourceLoader::didFinishLoading (this=0x6dff20, finishTime=0) at /home/oszi/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:278
#25 0x00007ffff49dfd01 in WebCore::ResourceLoader::didFinishLoading (this=0x6dff20, finishTime=0) at /home/oszi/WebKit/Source/WebCore/loader/ResourceLoader.cpp:436
#26 0x00007ffff4ec9ea3 in WebCore::QNetworkReplyHandler::finish (this=0x4d17a0) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:455
#27 0x00007ffff4ec7e28 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x4d17d8) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:196
#28 0x00007ffff4ec7b11 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x4d17d8, method=0x7ffff4ec9cd0 <WebCore::QNetworkReplyHandler::finish()>) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:162
#29 0x00007ffff4ec930e in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x6da640) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:350
#30 0x00007ffff4ecc779 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x6da640, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffd660) at ./moc_QNetworkReplyHandler.cpp:132
#31 0x00007fffed8bbb76 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#32 0x00007fffed8b77fe in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#33 0x00007fffee17319c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtGui.so.4
#34 0x00007fffee17a06d in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtGui.so.4
#35 0x00007fffed8a50ec in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#36 0x00007fffed8a9953 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#37 0x00007fffed8d6623 in ?? () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#38 0x00007fffefaf16f2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#39 0x00007fffefaf5568 in ?? () from /lib/libglib-2.0.so.0
#40 0x00007fffefaf571c in g_main_context_iteration () from /lib/libglib-2.0.so.0
#41 0x00007fffed8d6163 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#42 0x00007fffee21fa9e in ?? () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtGui.so.4
#43 0x00007fffed8a3ca2 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#44 0x00007fffed8a4114 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#45 0x00007fffed8a9d19 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#46 0x000000000042d9d5 in main (argc=3, argv=0x7fffffffe3b8) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/main.cpp:254

Comment 1 Csaba Osztrogonác 2012-07-09 03:23:40 PDT

This bug fixed by http://trac.webkit.org/changeset/122047 (https://bugs.webkit.org/show_bug.cgi?id=90703)

*** This bug has been marked as a duplicate of bug 90703 ***