Bug 128818

Summary: [GTK][32bit] WTFCrash at fastMalloc
Product: WebKit Reporter: Víctor M. Jáquez L. <vjaquez>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: bugs-noreply, dpino
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Víctor M. Jáquez L. 2014-02-14 08:50:10 PST 
Using current master, with a 32 bit CPU (I've tested with armhf and i686), there's a WTFCrash when fastMalloc(), the previous frame vary from one run to another.

The step to reproduce it is

1. Open MiniBrowser
2. Open this web page: http://people.igalia.com/vjaquez/wk/khan.html
3. Press on ">" to watch the next video and repeat until crash (two clicks top)

On x86_64 doesn't happen.
Comment 1 Víctor M. Jáquez L. 2014-02-14 08:51:56 PST 
Back trace:

#0  0xb7660f32 in WTFCrash ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#1  0xb7668040 in WTF::fastMalloc(unsigned int) ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#2  0xb72a6d42 in WTF::Vector<JSC::CallLinkInfo, 0u, WTF::CrashOnOverflow>::shrinkCapacity(unsigned int) ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#3  0xb729a1c8 in JSC::CodeBlock::shrinkToFit(JSC::CodeBlock::ShrinkMode) ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#4  0xb744ed28 in JSC::JIT::privateCompile(JSC::JITCompilationEffort) ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#5  0xb7386643 in JSC::JIT::compile(JSC::VM*, JSC::CodeBlock*, JSC::JITCompilationEffort) ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#6  0xb749838c in JSC::LLInt::entryOSR(JSC::ExecState*, JSC::Instruction*, JSC::CodeBlock*, char const*, JSC::LLInt::EntryKind) [clone .isra.243] ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#7  0xb74a3377 in llint_function_for_call_prologue ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#8  0xb76aae8e in ?? ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#9  0xb74494f9 in JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) () from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#10 0xb742ce07 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#11 0xb755086e in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
   from /home/sicom/checkout/WebKit/.libs/libjavascriptcoregtk-3.0.so.0
#12 0xb5b0300b in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) ()
   from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#13 0xb5b032e5 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#14 0xb5ccd912 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#15 0xb5ccdff5 in WebCore::ScriptElement::execute(WebCore::CachedScript*) ()
   from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#16 0xb5cd24c4 in WebCore::ScriptRunner::timerFired(WebCore::Timer<WebCore::ScriptRunner>*) () from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#17 0xb5cd2f35 in WebCore::Timer<WebCore::ScriptRunner>::fired() ()
   from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#18 0xb6ae572e in WebCore::ThreadTimers::sharedTimerFiredInternal() ()
   from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#19 0xb6ae57ac in WebCore::ThreadTimers::sharedTimerFired() ()
   from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#20 0xb6afa3cb in WebCore::timeout_cb(void*) ()
   from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#21 0xb4b27d43 in g_timeout_dispatch (source=0x8d6b970, 
    callback=0xb6afa3b0 <WebCore::timeout_cb(void*)>, user_data=0x0)
    at gmain.c:4450
#22 0xb4b2608c in g_main_dispatch (context=0x8b47070) at gmain.c:3066
#23 0xb4b26cbe in g_main_context_dispatch (context=0x8b47070) at gmain.c:3641
#24 0xb4b26eab in g_main_context_iterate (context=0x8b47070, block=1, 
    dispatch=1, self=0x8b6ac20) at gmain.c:3712
#25 0xb4b27325 in g_main_loop_run (loop=0x8b649d0) at gmain.c:3906
#26 0xb6af9dd0 in WebCore::RunLoop::run() ()
   from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#27 0xb59b2355 in WebProcessMainGtk ()
   from /home/sicom/checkout/WebKit/.libs/libwebkit2gtk-3.0.so.25
#28 0x0804871b in ?? ()
#29 0xb47beb73 in __libc_start_main () from /lib/libc.so.6
#30 0x08048741 in ?? ()
Comment 2 Diego Pino 2014-03-07 14:50:52 PST 
It seems there's an issue with fastMalloc in IA64. Maybe is related.

https://bugs.webkit.org/show_bug.cgi?id=129542