Bug 87082

Summary: REGRESSION(r117861): It made almost all tests crash on Qt
Product: WebKit Reporter: Csaba Osztrogonác <ossy>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Blocker CC: fpizlo, hausmann, loki, oliver, ossy, zherczeg
Priority: P1 Keywords: Qt, QtTriaged
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 85269    
Attachments:
Description Flags
the patch none

Csaba Osztrogonác
Reported 2012-05-21 23:01:03 PDT
Unfortunately r117861 made almost all jscore and layout tests crash on 32 and 64 bit Qt: (only is release mode, in debug mode everything works) Could you check what happened? http://build.webkit.sed.hu/builders/x86-64%20Linux%20Qt%20Release/builds/37662 - jscore-test: 167 regressions found. - layout tests: Exiting early after 20 crashes and 0 timeouts. 3984 tests run. 20 failures a crash log: ------------- *** glibc detected *** /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree: double free or corruption (out): 0x00007f39eb1ceb20 *** ======= Backtrace: ========= /lib/libc.so.6(+0x71bd6)[0x7f3a3c453bd6] /lib/libc.so.6(cfree+0x6c)[0x7f3a3c45894c] /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC3DFG10DominatorsD1Ev+0x15)[0x7f3a44108f55] /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC3DFG5GraphD1Ev+0x1d)[0x7f3a4410aa0d] /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC3DFG7compileENS0_11CompileModeEPNS_9ExecStateEPNS_9CodeBlockERNS_7JITCodeEPNS_21MacroAssemblerCodePtrE+0x42e)[0x7f3a4410b89e] /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC31jitCompileFunctionIfAppropriateEPNS_9ExecStateERN3WTF6OwnPtrINS_17FunctionCodeBlockEEERNS_7JITCodeERNS_21MacroAssemblerCodePtrERPNS_17SharedSymbolTableENS7_7JITTypeENS_20JITCompilationEffortE+0x1f7)[0x7f3a44277c07] /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC18FunctionExecutable22compileForCallInternalEPNS_9ExecStateEPNS_14ScopeChainNodeENS_7JITCode7JITTypeE+0x157)[0x7f3a44275aa7] /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(cti_optimize_from_ret+0x98)[0x7f3a441b5b88] [0x7f39f7d64122] ======= Memory map: ======== 00400000-00436000 r-xp 00000000 00:11 8816457 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree 00436000-00438000 rwxp 00035000 00:11 8816457 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree 00438000-0043e000 rwxp 00000000 00:00 0 022d0000-02465000 rwxp 00000000 00:00 0 [heap] 7f39e4000000-7f39e408b000 rwxp 00000000 00:00 0 7f39e408b000-7f39e8000000 ---p 00000000 00:00 0 7f39eb010000-7f39eb031000 rwxp 00000000 00:00 0 7f39eb031000-7f39eb131000 rwxp 00000000 00:00 0 7f39eb131000-7f39eb18f000 rwxp 00000000 00:00 0 7f39eb18f000-7f39eb28f000 rwxp 00000000 00:00 0 7f39eb28f000-7f39eb290000 ---p 00000000 00:00 0 7f39eb290000-7f39eba90000 rwxp 00000000 00:00 0 7f39eba90000-7f39ebaaf000 rwxp 00000000 00:00 0 7f39ebaaf000-7f39ebab0000 ---p 00000000 00:00 0 7f39ebab0000-7f39ec2b0000 rwxp 00000000 00:00 0 7f39ec2b0000-7f39ec2bc000 r-xp 00000000 09:00 392501 /lib/libnss_files-2.11.3.so 7f39ec2bc000-7f39ec4bb000 ---p 0000c000 09:00 392501 /lib/libnss_files-2.11.3.so 7f39ec4bb000-7f39ec4bc000 r-xp 0000b000 09:00 392501 /lib/libnss_files-2.11.3.so 7f39ec4bc000-7f39ec4bd000 rwxp 0000c000 09:00 392501 /lib/libnss_files-2.11.3.so 7f39ec4d5000-7f39ec4e7000 r-xp 00000000 09:01 12415767 /home/webkitbuildbot/slaves/testfonts/n019023l.pfb 7f39ec4e7000-7f39ec4f9000 r-xp 00000000 09:01 12415766 /home/webkitbuildbot/slaves/testfonts/n019004l.pfb 7f39ec4f9000-7f39ec52e000 r-xs 00000000 09:00 1046630 /var/cache/nscd/passwd 7f39ec52e000-7f39ec54a000 r-xp 00000000 09:01 12415752 /home/webkitbuildbot/slaves/testfonts/b018012l.pfb 7f39ec54a000-7f39ec54b000 ---p 00000000 00:00 0 7f39ec54b000-7f39ecd4b000 rwxp 00000000 00:00 0 7f39ecd4b000-7f39ecd72000 r-xp 00000000 09:00 1450320 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqtwcodecs.so 7f39ecd72000-7f39ecf71000 ---p 00027000 09:00 1450320 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqtwcodecs.so 7f39ecf71000-7f39ecf72000 rwxp 00026000 09:00 1450320 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqtwcodecs.so 7f39ecf72000-7f39ecf85000 r-xp 00000000 09:00 1450319 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqkrcodecs.so 7f39ecf85000-7f39ed184000 ---p 00013000 09:00 1450319 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqkrcodecs.so 7f39ed184000-7f39ed185000 rwxp 00012000 09:00 1450319 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqkrcodecs.so 7f39ed185000-7f39ed1b0000 r-xp 00000000 09:00 1450318 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqjpcodecs.so 7f39ed1b0000-7f39ed3b0000 ---p 0002b000 09:00 1450318 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqjpcodecs.so 7f39ed3b0000-7f39ed3b2000 rwxp 0002b000 09:00 1450318 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqjpcodecs.so 7f39ed3b2000-7f39ed3d5000 r-xp 00000000 09:00 1450317 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqcncodecs.so 7f39ed3d5000-7f39ed5d5000 ---p 00023000 09:00 1450317 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqcncodecs.so 7f39ed5d5000-7f39ed5d6000 rwxp 00023000 09:00 1450317 /usr/local/Trolltech/Qt-4.8.0/plugins/codecs/libqcncodecs.so 7f39ed5d6000-7f39ed5f5000 rwxp 00000000 00:00 0 7f39ed5f5000-7f39ed5f6000 ---p 00000000 00:00 0 7f39ed5f6000-7f39eddf6000 rwxp 00000000 00:00 0 7f39eddf6000-7f39ede07000 r-xp 00000000 09:01 12415765 /home/webkitbuildbot/slaves/testfonts/n019003l.pfb 7f39ede07000-7f39ede08000 ---p 00000000 00:00 0 7f39ede08000-7f39ee608000 rwxp 00000000 00:00 0 7f39ee608000-7f39ee657000 r-xp 00000000 09:00 787896 /usr/lib/libssl.so.0.9.8 7f39ee657000-7f39ee856000 ---p 0004f000 09:00 787896 /usr/lib/libssl.so.0.9.8 7f39ee856000-7f39ee85d000 rwxp 0004e000 09:00 787896 /usr/lib/libssl.so.0.9.8 7f39ee85d000-7f39ee9d2000 r-xp 00000000 09:00 787894 /usr/lib/libcrypto.so.0.9.8 7f39ee9d2000-7f39eebd2000 ---p 00175000 09:00 787894 /usr/lib/libcrypto.so.0.9.8 7f39eebd2000-7f39eebfa000 rwxp 00175000 09:00 787894 /usr/lib/libcrypto.so.0.9.8 7f39eebfa000-7f39eebfe000 rwxp 00000000 00:00 0 7f39eebfe000-7f39eeffe000 rwxp 00000000 00:00 0 7f39eeffe000-7f39eefff000 ---p 00000000 00:00 0 7f39eefff000-7f39ef7ff000 rwxp 00000000 00:00 0 7f39ef7ff000-7f39ef800000 ---p 00000000 00:00 0 7f39ef800000-7f39f0000000 rwxp 00000000 00:00 0 7f39f0000000-7f39f0324000 rwxp 00000000 00:00 0 7f39f0324000-7f39f4000000 ---p 00000000 00:00 0 7f39f4001000-7f39f4101000 rwxp 00000000 00:00 0 7f39f4101000-7f39f421a000 rwxp 00000000 00:00 0 7f39f421a000-7f39f421b000 ---p 00000000 00:00 0 7f39f421b000-7f39f4a1b000 rwxp 00000000 00:00 0 7f39f4a1b000-7f39f4a1c000 ---p 00000000 00:00 0 7f39f4a1c000-7f39f521c000 rwxp 00000000 00:00 0 7f39f521c000-7f39f524c000 r-xp 00000000 09:00 1576409 /usr/local/Trolltech/Qt-4.8.0/plugins/bearer/libqnmbearer.so 7f39f524c000-7f39f544b000 ---p 00030000 09:00 1576409 /usr/local/Trolltech/Qt-4.8.0/plugins/bearer/libqnmbearer.so18:31:08.602 27402 worker/0 http/tests/css/shared-stylesheet-mutation-preconstruct.html crashed, no stack trace 18:31:08.602 27402 worker/0 killing driver 18:31:08.648 27402 worker/0 http/tests/css/shared-stylesheet-mutation-preconstruct.html failed: 18:31:08.648 27402 worker/0 DumpRenderTree (pid 27456) crashed 18:31:08.648 27402 http/tests/css/shared-stylesheet-mutation-preconstruct.html -> unexpected crash
Attachments
the patch (3.53 KB, patch)
2012-05-22 00:01 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2012-05-22 00:01:08 PDT
Sorry about that. It turns out that Qt was catching a real bug: the FastBitVector was delete[]'ing something that it fastCalloc'd.
Filip Pizlo
Comment 2 2012-05-22 00:01:30 PDT
Created attachment 143203 [details] the patch
Csaba Osztrogonác
Comment 3 2012-05-22 00:07:58 PDT
Comment on attachment 143203 [details] the patch rs=me, but cq-, because I'll land it manually.
Filip Pizlo
Comment 4 2012-05-22 00:09:56 PDT
(In reply to comment #3) > (From update of attachment 143203 [details]) > rs=me, but cq-, because I'll land it manually. Thanks!
Csaba Osztrogonác
Comment 5 2012-05-22 00:10:04 PDT
Comment on attachment 143203 [details] the patch Clearing flags on attachment: 143203 Committed r117919: <http://trac.webkit.org/changeset/117919>
Csaba Osztrogonác
Comment 6 2012-05-22 00:10:20 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.