Crash

[zcbenz]

Crash reason:  EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0xfffffffff29c9010

Thread 0 (crashed)
 0  libc++.1.dylib + 0x3a4d3
    rbx = 0x00007f9093d4d95f   r12 = 0x0000000000000000
    r13 = 0x00007f9093d39800   r14 = 0xffffffffffffffff
    r15 = 0x0000000000000000   rip = 0x00007fff9078e4d3
    rsp = 0x00007fff54554740   rbp = 0x00007fff54554750
    Found by: given as instruction pointer in context
 1  onig_scanner.node!__ZN11OnigScanner13FindNextMatchEN2v86HandleINS0_6StringEEENS1_INS0_6NumberEEENS1_INS0_5ValueEEE + 0x1ce
    rip = 0x0000000116eda31a   rsp = 0x00007fff54554760
    rbp = 0x00007fff545547f0
    Found by: stack scanning
 2  onig_scanner.node!__ZN11OnigScanner13FindNextMatchERKN2v820FunctionCallbackInfoINS0_5ValueEEE + 0x9b
    rip = 0x0000000116eda0ed   rsp = 0x00007fff54554800
    rbp = 0x00007fff54554840
    Found by: stack scanning

[zcbenz]

Another more detailed report:

Crash reason:  EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0xfffffffffffffff0

Thread 0 (crashed)
 0  libsystem_malloc.dylib + 0xdd40
    rbx = 0x00000000e2e9f40c   r12 = 0x0000000000000002
    r13 = 0x0000000000000001   r14 = 0x000000010c74a800
    r15 = 0x00007fc94243f110   rip = 0x00007fff86742d40
    rsp = 0x00007fff58426b50   rbp = 0x00007fff58426b80
    Found by: given as instruction pointer in context
 1  libsystem_malloc.dylib + 0xe3d7
    rip = 0x00007fff867433d7   rsp = 0x00007fff58426b90
    rbp = 0x00007fff58426c60
    Found by: stack scanning
 2  libchromiumcontent.dylib!v8::String::WriteUtf8(char*, int, int*, int) const [api.cc : 4865 + 0x5]
    rip = 0x0000000108fa83bf   rsp = 0x00007fff58426bf0
    rbp = 0x00007fff58426c60
    Found by: stack scanning
 3  libsystem_malloc.dylib + 0x1afff
    rip = 0x00007fff8674ffff   rsp = 0x00007fff58426c30
    rbp = 0x00007fff58426c60
    Found by: stack scanning
 4  libchromiumcontent.dylib!base::(anonymous namespace)::oom_killer_malloc(_malloc_zone_t*, unsigned long) [memory_mac.mm : 279 + 0x6]
    rip = 0x0000000107f06200   rsp = 0x00007fff58426c70
    rbp = 0x00007fff58426c80
    Found by: stack scanning
 5  libsystem_malloc.dylib + 0x1087c
    rip = 0x00007fff8674587c   rsp = 0x00007fff58426c90
    rbp = 0x00007fff58426cb0
    Found by: stack scanning
 6  libsystem_malloc.dylib + 0x11290
    rip = 0x00007fff86746290   rsp = 0x00007fff58426cc0
    rbp = 0x00007fff58426cd0
    Found by: stack scanning
 7  onig_scanner.node!_onig_region_new + 0xe
    rip = 0x00000001136d7fea   rsp = 0x00007fff58426ce0
    rbp = 0x00007fff58426ce0
    Found by: stack scanning
 8  onig_scanner.node!__ZN10OnigRegExp6SearchERKNSt3__112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEEm + 0x2f
    rip = 0x00000001136cee47   rsp = 0x00007fff58426cf0
    rbp = 0x00007fff58426d20
    Found by: stack scanning
 9  onig_scanner.node!__ZN11OnigScanner13FindNextMatchEN2v86HandleINS0_6StringEEENS1_INS0_6NumberEEENS1_INS0_5ValueEEE + 0x181
    rip = 0x00000001136cf2cd   rsp = 0x00007fff58426d30
    rbp = 0x00007fff58426dc0
    Found by: stack scanning
10  onig_scanner.node!__ZN11OnigScanner13FindNextMatchERKN2v820FunctionCallbackInfoINS0_5ValueEEE + 0x9b
    rip = 0x00000001136cf0ed   rsp = 0x00007fff58426dd0
    rbp = 0x00007fff58426e10
    Found by: stack scanning

[zcbenz]

A detailed crash generated on my machine:

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000

Application Specific Information:
abort() called
*** error for object 0x7fe5d3831178: incorrect checksum for freed object - object was probably modified after being freed.


Thread 0 Crashed:: CrRendererMain  Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib          0x00007fff881bf866 __pthread_kill + 10
1   libsystem_pthread.dylib         0x00007fff8b59335c pthread_kill + 92
2   libsystem_c.dylib               0x00007fff81a11bba __abort + 145
3   libsystem_c.dylib               0x00007fff81a11b29 abort + 140
4   libsystem_malloc.dylib          0x00007fff8b5a2690 szone_error + 587
5   libsystem_malloc.dylib          0x00007fff8b5a6dfb tiny_malloc_from_free_list + 359
6   libsystem_malloc.dylib          0x00007fff8b5a73c3 szone_malloc_should_clear + 320
7   libchromiumcontent.dylib        0x0000000100c07280 base::(anonymous namespace)::oom_killer_malloc(_malloc_zone_t*, unsigned long) + 16 (memory_mac.mm:279)
8   libsystem_malloc.dylib          0x00007fff8b5a9868 malloc_zone_malloc + 71
9   libsystem_malloc.dylib          0x00007fff8b5aa27c malloc + 42
10  onig_scanner.node               0x000000010cbcdf2c onig_region_resize + 116 (regexec.c:180)
11  onig_scanner.node               0x000000010cbce2b8 onig_region_resize_clear + 14 (regexec.c:206)
12  onig_scanner.node               0x000000010cbd1b50 onig_search + 80 (regexec.c:3397)
13  onig_scanner.node               0x000000010cbc4e5e OnigRegExp::Search(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, unsigned long) + 102 (onig-reg-exp.cc:35)
14  onig_scanner.node               0x000000010cbc52ad OnigScanner::FindNextMatch(v8::Handle<v8::String>, v8::Handle<v8::Number>, v8::Handle<v8::Value>) + 385 (onig-scanner.cc:87)
15  onig_scanner.node               0x000000010cbc50cd OnigScanner::FindNextMatch(v8::FunctionCallbackInfo<v8::Value> const&) + 155 (onig-scanner.cc:33)

This is caused by a memory corruption somewhere in the application, but since there are lots of crashes happened from OnigRegExp::Search, hopefully we could find the root cause here.

[zcbenz]

Saw a new crash now, seems that we still have memory corruption somewhere:

Operating system: Mac OS X
                  10.9.1 13B42
CPU: amd64
     family 6 model 58 stepping 9
     4 CPUs

Crash reason:  EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0x8d1

Thread 0 (crashed)
 0  onig_scanner.node!_onig_region_free + 0x15
    rbx = 0x00000000000008d1   r12 = 0x0000000000000000
    r13 = 0x00007fdf38c2a370   r14 = 0x0000000000000001
    r15 = 0x0000000000000000   rip = 0x00000001134c9010
    rsp = 0x00007fff579aa500   rbp = 0x00007fff579aa520
    Found by: given as instruction pointer in context
 1  onig_scanner.node!__ZNSt3__120__shared_ptr_pointerIP10OnigResultNS_14default_deleteIS1_EENS_9allocatorIS1_EEE16__on_zero_sharedEv + 0x17
    rip = 0x00000001134c0b8d   rsp = 0x00007fff579aa530
    rbp = 0x00007fff579aa540
    Found by: stack scanning
 2  libc++.1.dylib + 0x3a4d6
    rip = 0x00007fff8805b4d6   rsp = 0x00007fff579aa550
    rbp = 0x00007fff579aa560
    Found by: stack scanning
 3  onig_scanner.node + 0x12fa
    rip = 0x00000001146362fa   rsp = 0x00007fff579aa570
    rbp = 0x00007fff579aa600
    Found by: stack scanning
 4  onig_scanner.node + 0x10cd
    rip = 0x00000001146360cd   rsp = 0x00007fff579aa610
    rbp = 0x00007fff579aa650
    Found by: stack scanning
 5  libchromiumcontent.dylib!v8::internal::JSObject::IsDirty() [objects-inl.h : 1219 + 0x4]
    rip = 0x0000000109ba6900   rsp = 0x00007fff579aa630
    rbp = 0x00007fff579aa650
    Found by: stack scanning
 6  onig_scanner.node + 0x1032
    rip = 0x0000000114636032   rsp = 0x00007fff579aa648
    rbp = 0x00007fff579aa650
    Found by: stack scanning
 7  libchromiumcontent.dylib!v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [arguments.cc : 56 + 0x3]
    rip = 0x0000000109a3857e   rsp = 0x00007fff579aa660
    rbp = 0x00007fff579aa6c0
    Found by: stack scanning
 8  onig_scanner.node + 0x1032
    rip = 0x0000000114636032   rsp = 0x00007fff579aa690
    rbp = 0x00007fff579aa6c0
    Found by: stack scanning
 9  libchromiumcontent.dylib!v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) [builtins.cc : 1272 + 0xc]
    rip = 0x0000000109a53249   rsp = 0x00007fff579aa6d0
    rbp = 0x00007fff579aa770
    Found by: stack scanning
10  onig_scanner.node + 0x1032
    rip = 0x0000000114636032   rsp = 0x00007fff579aa6d8
    rbp = 0x00007fff579aa770
    Found by: stack scanning
11  libchromiumcontent.dylib + 0x11630c0
    rip = 0x0000000109a530c0   rsp = 0x00007fff579aa750
    rbp = 0x00007fff579aa770
    Found by: stack scanning

[kevinsawicki]

I got a couple of these recently:

Process:         Atom Helper [45256]
Path:            /Applications/Atom.app/Contents/Frameworks/Atom Helper.app/Contents/MacOS/Atom Helper
Identifier:      com.github.atom.helper
Version:         0.75.0 (0.75.0)
Code Type:       X86-64 (Native)
Parent Process:  Atom [96300]
User ID:         501

Date/Time:       2014-03-21 09:31:35.539 -0700
OS Version:      Mac OS X 10.8.5 (12F45)
Report Version:  10

Crashed Thread:  0  CrRendererMain  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000

Application Specific Information:
*** error for object 0x7fa5112848f8: incorrect checksum for freed object - object was probably modified after being freed.


Thread 0 Crashed:: CrRendererMain  Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib          0x00007fff8ccfd212 __pthread_kill + 10
1   libsystem_c.dylib               0x00007fff923feb24 pthread_kill + 90
2   libsystem_c.dylib               0x00007fff92443031 __abort + 159
3   libsystem_c.dylib               0x00007fff92442f92 abort + 192
4   libsystem_c.dylib               0x00007fff9241e8d5 szone_error + 580
5   libsystem_c.dylib               0x00007fff924232c2 tiny_malloc_from_free_list + 378
6   libsystem_c.dylib               0x00007fff92423b08 szone_malloc_should_clear + 971
7   libchromiumcontent.dylib        0x000000010717c150 0x1070ed000 + 586064
8   libsystem_c.dylib               0x00007fff92416183 malloc_zone_malloc + 71
9   libsystem_c.dylib               0x00007fff92416bd7 malloc + 41
10  libstdc++.6.dylib               0x00007fff97813347 operator new(unsigned long) + 34
11  onig_scanner.node               0x0000000113295d62 OnigScanner::New(v8::FunctionCallbackInfo<v8::Value> const&) + 40 (onig-scanner.cc:25)

Process:         Atom Helper [39457]
Path:            /Applications/Atom.app/Contents/Frameworks/Atom Helper.app/Contents/MacOS/Atom Helper
Identifier:      com.github.atom.helper
Version:         0.75.0 (0.75.0)
Code Type:       X86-64 (Native)
Parent Process:  Atom [96300]
User ID:         501

Date/Time:       2014-03-21 09:00:46.097 -0700
OS Version:      Mac OS X 10.8.5 (12F45)
Report Version:  10

Crashed Thread:  0  CrRendererMain  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000

Application Specific Information:
*** error for object 0x7fbb41c1a4c8: incorrect checksum for freed object - object was probably modified after being freed.


Thread 0 Crashed:: CrRendererMain  Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib          0x00007fff8ccfd212 __pthread_kill + 10
1   libsystem_c.dylib               0x00007fff923feb24 pthread_kill + 90
2   libsystem_c.dylib               0x00007fff92443031 __abort + 159
3   libsystem_c.dylib               0x00007fff92442f92 abort + 192
4   libsystem_c.dylib               0x00007fff9241e8d5 szone_error + 580
5   libsystem_c.dylib               0x00007fff924231da tiny_malloc_from_free_list + 146
6   libsystem_c.dylib               0x00007fff92423b08 szone_malloc_should_clear + 971
7   libchromiumcontent.dylib        0x0000000104eae150 0x104e1f000 + 586064
8   libsystem_c.dylib               0x00007fff92416183 malloc_zone_malloc + 71
9   libsystem_c.dylib               0x00007fff92416bd7 malloc + 41
10  libstdc++.6.dylib               0x00007fff97813347 operator new(unsigned long) + 34
11  libc++.1.dylib                  0x00007fff92cd1b6d std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::__init(char const*, unsigned long) + 61
12  onig_scanner.node               0x0000000111f9f3ba OnigScanner::OnigScanner(v8::Handle<v8::Array>) + 286 (onig-scanner.cc:43)
13  onig_scanner.node               0x0000000111f9ed89 OnigScanner::New(v8::FunctionCallbackInfo<v8::Value> const&) + 79 (v8.h:5864)

[kevinsawicki]

Actually, the crashes in my previous comment were on an Atom that was still using 1.0.3 which was pre your fixes via #6, I've updated atom/atom to use 1.0.4 now.

[kevinsawicki]

Closing out these old crashes, haven't had any comments on this issue in over a year. Please let me know if you think we should keep it open.