RESOLVED DUPLICATE of bug 9646495516
[Mac Release] sporadic crashes under JSC::Heap::deleteUnmarkedCompiledCode() 
https://bugs.webkit.org/show_bug.cgi?id=95516
Summary [Mac Release] sporadic crashes under JSC::Heap::deleteUnmarkedCompiledCode()
Jessie Berlin
Reported 2012-08-30 16:56:27 PDT
I don't know when these started, but sometimes fast/profiler tests will crash with the below backtrace. I have yet to see it on Lion, WK1, or Debug, but I will update the bug if I do. http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK2%20(Tests)/r127193%20(446)/fast/profiler/built-in-function-calls-anonymous-crash-log.txt Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000010 VM Regions Near 0x10: --> __TEXT 00000001057a0000-00000001057a1000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000105daf1c3 JSC::Heap::deleteUnmarkedCompiledCode() + 115 (JSTypeInfo.h:66) 1 com.apple.JavaScriptCore 0x0000000105dad812 JSC::Heap::collect(JSC::Heap::SweepToggle) + 290 (Heap.cpp:741) 2 com.apple.JavaScriptCore 0x0000000105f2c52a JSC::DefaultGCActivityCallback::doWork() + 234 (TimeoutChecker.h:57) 3 com.apple.JavaScriptCore 0x0000000105f2bf03 JSC::HeapTimer::timerDidFire(__CFRunLoopTimer*, void*) + 179 (TimeoutChecker.h:57) 4 com.apple.CoreFoundation 0x00007fff8d82c4b4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 5 com.apple.CoreFoundation 0x00007fff8d82bfcd __CFRunLoopDoTimer + 557 6 com.apple.CoreFoundation 0x00007fff8d8117b9 __CFRunLoopRun + 1513 7 com.apple.CoreFoundation 0x00007fff8d810dd2 CFRunLoopRunSpecific + 290 8 com.apple.HIToolbox 0x00007fff88c3a774 RunCurrentEventLoopInMode + 209 9 com.apple.HIToolbox 0x00007fff88c3a512 ReceiveNextEventCommon + 356 10 com.apple.HIToolbox 0x00007fff88c3a3a3 BlockUntilNextEventMatchingListInMode + 62 11 com.apple.AppKit 0x00007fff8773efa3 _DPSNextEvent + 685 12 com.apple.AppKit 0x00007fff8773e862 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 13 com.apple.AppKit 0x00007fff87735c03 -[NSApplication run] + 517 14 com.apple.WebCore 0x0000000106ba79c3 WebCore::RunLoop::run() + 67 (RunLoopMac.mm:36) 15 com.apple.WebKit2 0x00000001058cb77b WebKit::WebProcessMain(WebKit::CommandLine const&) + 2858 (WebProcessMainMac.mm:228) 16 com.apple.WebKit2 0x0000000105879169 WebKitMain + 311 (WebKitMain.cpp:50) 17 com.apple.WebProcess 0x00000001057a0e7b main + 214 18 libdyld.dylib 0x00007fff893067e1 start + 1
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2012-08-30 16:57:00 PDT
<rdar://problem/12211793>
Mark Hahnenberg
Comment 2 2012-08-30 16:59:12 PDT
Looks like the Structure is null.
Tim Horton
Comment 4 2012-09-11 11:18:07 PDT
This looks to have gotten a lot worse in recent days, but I can't pinpoint it to a particular revision; something since Thursday or Friday, anyway. We see it a few times every run on Mountain Lion Release WK1: http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK1%20(Tests)/r128201%20(853)/results.html
Tim Horton
Comment 5 2012-09-11 11:29:42 PDT
(In reply to comment #4) > This looks to have gotten a lot worse in recent days, but I can't pinpoint it to a particular revision; something since Thursday or Friday, anyway. We see it a few times every run on Mountain Lion Release WK1: http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK1%20(Tests)/r128201%20(853)/results.html I believe this regressed significantly with http://trac.webkit.org/changeset/128146, actually.
Alexey Proskuryakov
Comment 6 2012-09-12 13:56:33 PDT
We believe that bug 96464 fixed it. *** This bug has been marked as a duplicate of bug 96464 ***
Note You need to log in before you can comment on or make changes to this bug.