gczeal() asserts js debug shell on TM changeset eae8350841be at Assertion failure: !conservativeGC.hasStackToScan(), at ../jscntxt.cpp:469 Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000000 0x00169cf3 in JS_Assert (s=0x22907c "!conservativeGC.hasStackToScan()", file=0x2288df "../jscntxt.cpp", ln=469) at ../jsutil.cpp:80 80 *((int *) NULL) = 0; /* To continue from here in GDB: "return" then "continue". */ (gdb) bt #0 0x00169cf3 in JS_Assert (s=0x22907c "!conservativeGC.hasStackToScan()", file=0x2288df "../jscntxt.cpp", ln=469) at ../jsutil.cpp:80 #1 0x0004240b in JSThreadData::finish (this=0x8139b8) at ../jscntxt.cpp:469 #2 0x0004247f in js_FinishThreads (rt=0x813600) at ../jscntxt.cpp:647 #3 0x0001dd6b in JSRuntime::~JSRuntime (this=0x813600) at ../jsapi.cpp:651 #4 0x0001dede in JS_Finish (rt=0x813600) at ../jsapi.cpp:743 #5 0x0000cf4b in main (argc=1, argv=0xbffff86c, envp=0xbffff874) at ../../shell/js.cpp:5153

autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 51603:eae8350841be tag: tip user: Igor Bukanov date: Thu Aug 12 15:02:51 2010 +0200 summary: bug 477999 - JS_SuspendRequest should suspend requests from all contexts. r=anygregor,gal

Note to input the testcase in comment #0 as a CLI argument to reproduce..

Crashes for me even without a gczeal call. ~/tracemonkey/js/src/debug$ echo 1 | ./js -j Assertion failure: !conservativeGC.hasStackToScan(), at ../jscntxt.cpp:469

See bug 477999 comment 24 et seq. /be

Gary, Jesse - the assert is on Mac? I could not reproduce it locally.

I can reproduce the bug in single-thread shell (I should have realized immediately from the stack :( ). The assert should be JS_THREADSAFE-only.

The bug was fixed by changes in the relanded patch for bug 477999.

Automatically extracted testcase for this bug was committed: https://hg.mozilla.org/mozilla-central/rev/efaf8960a929