Opened 8 years ago

Closed 6 years ago

Last modified 5 years ago

#13251 closed bug (fixed)

Crash in JSC::MarkedBlock::clearMarks()

Reported by: humdinger Owned by: pulkomandy
Priority: normal Milestone: R1/beta2
Component: Applications/WebPositive Version: R1/Development
Keywords: Cc:
Blocked By: Blocking:
Platform: All

Description

This is hrev50873.

Web+ crashed after sending a comment and closing a ticket on Trac. That transaction was successful though.

Part of the crash report, complete report attached: 

0x72a98c18	0x4b30825	JSC::MarkedBlock::clearMarks() + 0x15 
	Disassembly:
		JSC::MarkedBlock::clearMarks():
		0x04b30810:               55  push %ebp
		0x04b30811:             89e5  mov %esp, %ebp
		0x04b30813:           83ec08  sub $0x8, %esp
		0x04b30816:           8b4508  mov 0x8(%ebp), %eax
		0x04b30819:           895df8  mov %ebx, -0x8(%ebp)
		0x04b3081c:           8975fc  mov %esi, -0x4(%ebp)
		0x04b3081f:     8b90b4000000  mov 0xb4(%eax), %edx
		0x04b30825:         837a4803  cmp $0x3, 0x48(%edx) <--

	Frame memory:
		[0x72a98c10]  ....|J..   b4 84 f9 04 7c 4a c0 19
0x72a98c58	0x4b32a96	JSC::MarkedSpace::clearMarks() + 0x1a6 
0x72a98c78	0x4b22dd8	JSC::Heap::clearLivenessData() + 0x28 
0x72a98f08	0x4b23cbe	JSC::Heap::markRoots(double, void*, void*, __jmp_buf_tag[1]&) + 0x1de 
0x72a98f78	0x4b29b04	JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, __jmp_buf_tag[1]&) + 0x1b4 
0x72a98ff8	0x4b29d9c	JSC::Heap::collect(JSC::HeapOperation) + 0x7c 
0x72a99028	0x4b29e7d	JSC::Heap::collectAndSweep(JSC::HeapOperation) + 0x3d 
0x72a99058	0x3ea44df	WebCore::GCController::gcTimerFired() + 0x3f 
0x72a99078	0x3ea4891	std::_Function_handler<void ()(), std::_Bind<std::_Mem_fn<void (WebCore::GCController::*)()> ()(WebCore::GCController*)> >::_M_invoke(std::_Any_data const&) + 0x21 
0x72a99098	0x33df3a2	WebCore::Timer::fired() + 0x22 
0x72a990e8	0x384699f	WebCore::ThreadTimers::sharedTimerFiredInternal() + 0xaf 
0x72a99108	0x3846a0d	WebCore::ThreadTimers::sharedTimerFired() + 0x1d 
0x72a99118	0x3c24f46	WebCore::SharedTimerHaiku::MessageReceived(BMessage*) + 0x16 
0x72a99140	0x246c3e9	BLooper::DispatchMessage(BMessage*, BHandler*) + 0x51 
0x72a99330	0x24646fd	BApplication::DispatchMessage(BMessage*, BHandler*) + 0x29 
0x72a99380	0x246c761	BLooper::task_looper() + 0x1db 
0x72a993a0	0x2461319	BApplication::Run() + 0x57 
0x72a993e0	0x1be8c7c	main + 0x40 
0x72a99408	0x1bdd186	_start + 0x4b 
0x72a99438	0x27ebcf0	runtime_loader + 0x130 
00000000	0x6132c250	commpage_thread_exit + 0

Attachments (1)

WebPositive-907-debug-25-01-2017-15-22-25.report (99.7 KB ) - added by humdinger 8 years ago.
crash report

Download all attachments as: .zip

Change History (3)

by humdinger, 8 years ago

Attachment: WebPositive-907-debug-25-01-2017-15-22-25.report added

crash report

comment:1 by waddlesplash, 6 years ago

Resolution: fixed
Status: newclosed

Doesn't seem reproducible, probably fixed.

comment:2 by nielx, 5 years ago

Milestone: UnscheduledR1/beta2

Assign tickets with status=closed and resolution=fixed within the R1/beta2 development window to the R1/beta2 Milestone

Note: See TracTickets for help on using tickets.