Bug 90957

Summary:

[Qt] There are parallel GC related crashes regularly

Product:

WebKit

Reporter:

Csaba Osztrogonác <ossy>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

allan.jensen, fpizlo, ggaren, kadam, ossy, pvarga, rafael.lobo, yong.li.webkit, zan, zarvai, zherczeg

Priority:

Keywords:

Gtk, InRadar, LayoutTestFailure, Qt, QtTriaged

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

116854, 116855

Bug Blocks:

79668

Attachments:

Description	Flags
Patch	none

Description Csaba Osztrogonác 2012-07-11 02:11:10 PDT

( Maybe it is related to https://bugs.webkit.org/show_bug.cgi?id=79029 somehow )

Unfortunately there are GC related crashes regularly on the Qt bots:
- Dromaeo/jslib-event-jquery.html regularly crashes on Qt5 WK1 and WK2 performance bots

Qt 5 WK2 performance bot:
==========================
1.) r122304
------------
Running Dromaeo/jslib-event-jquery.html (47 of 94)
error: Dromaeo/jslib-event-jquery.html
1   0x7f252d14f678 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libWTRInjectedBundle.so(+0x35678) [0x7f252d14f678]
2   0x7f25798b9420 /lib/x86_64-linux-gnu/libc.so.6(+0x36420) [0x7f25798b9420]
3   0x7f257d006cd7 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC14MarkStackArray17donateSomeCellsToERS0_+0x97) [0x7f257d006cd7]
4   0x7f257d0070db /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor19donateKnownParallelEv+0x7b) [0x7f257d0070db]
5   0x7f257d007b33 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor5drainEv+0xb3) [0x7f257d007b33]
6   0x7f257d007da6 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x186) [0x7f257d007da6]
7   0x7f257d007e2b /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x1b) [0x7f257d007e2b]
8   0x7f257d26a8d5 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x22748d5) [0x7f257d26a8d5]
9   0x7f25769f7efc /lib/x86_64-linux-gnu/libpthread.so.0(+0x7efc) [0x7f25769f7efc]
10  0x7f257996659d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7f257996659d]

FAILED


2.) r122298
------------
Running Dromaeo/jslib-event-jquery.html (47 of 94)
error: Dromaeo/jslib-event-jquery.html
1   0x7f349c3d3678 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libWTRInjectedBundle.so(+0x35678) [0x7f349c3d3678]
2   0x7f34e8b3d420 /lib/x86_64-linux-gnu/libc.so.6(+0x36420) [0x7f34e8b3d420]
3   0x7f34ec28ace7 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC14MarkStackArray17donateSomeCellsToERS0_+0x97) [0x7f34ec28ace7]
4   0x7f34ec28b0eb /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor19donateKnownParallelEv+0x7b) [0x7f34ec28b0eb]
5   0x7f34ec28bb43 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor5drainEv+0xb3) [0x7f34ec28bb43]
6   0x7f34ec28bdb6 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x186) [0x7f34ec28bdb6]
7   0x7f34ec28be3b /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x1b) [0x7f34ec28be3b]
8   0x7f34ec4ee8e5 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x22748e5) [0x7f34ec4ee8e5]
9   0x7f34e5c7befc /lib/x86_64-linux-gnu/libpthread.so.0(+0x7efc) [0x7f34e5c7befc]
10  0x7f34e8bea59d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7f34e8bea59d]

FAILED

3.) r122210 
------------
Running Dromaeo/jslib-event-jquery.html (47 of 94)
error: Dromaeo/jslib-event-jquery.html
1   0x7f2999cdb678 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libWTRInjectedBundle.so(+0x35678) [0x7f2999cdb678]
2   0x7f29e6445420 /lib/x86_64-linux-gnu/libc.so.6(+0x36420) [0x7f29e6445420]
3   0x7f29e9b8ecc7 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC14MarkStackArray17donateSomeCellsToERS0_+0x97) [0x7f29e9b8ecc7]
4   0x7f29e9b8f0cb /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor19donateKnownParallelEv+0x7b) [0x7f29e9b8f0cb]
5   0x7f29e9b8fb23 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor5drainEv+0xb3) [0x7f29e9b8fb23]
6   0x7f29e9b8fd96 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x186) [0x7f29e9b8fd96]
7   0x7f29e9b8fe1b /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x1b) [0x7f29e9b8fe1b]
8   0x7f29e9df28c5 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x22708c5) [0x7f29e9df28c5]
9   0x7f29e3583efc /lib/x86_64-linux-gnu/libpthread.so.0(+0x7efc) [0x7f29e3583efc]
10  0x7f29e64f259d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7f29e64f259d]

FAILED

4.) r122139
------------
Running Dromaeo/jslib-event-jquery.html (47 of 94)
error: Dromaeo/jslib-event-jquery.html
1   0x7f934c5499e8 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libWTRInjectedBundle.so(+0x359e8) [0x7f934c5499e8]
2   0x7f9398cb3420 /lib/x86_64-linux-gnu/libc.so.6(+0x36420) [0x7f9398cb3420]
3   0x7f939c3faad8 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor5drainEv+0x78) [0x7f939c3faad8]
4   0x7f939c3fad86 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x186) [0x7f939c3fad86]
5   0x7f939c3fae0b /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x1b) [0x7f939c3fae0b]
6   0x7f939c65e3b5 /home/webkitbuildbot/slaves/release64bitWebKit2-perf/buildslave/qt-linux-64-release-wk2-perf-tests/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0x226e3b5) [0x7f939c65e3b5]
7   0x7f9395df1efc /lib/x86_64-linux-gnu/libpthread.so.0(+0x7efc) [0x7f9395df1efc]
8   0x7f9398d6059d /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7f9398d6059d]

FAILED

...

Comment 1 Csaba Osztrogonác 2012-07-11 02:16:00 PDT

fast/js/random-array-gc-stress.html crashed on Qt 4.8, 64 bit, release, r122291:
---------------------------------------------------------------------------------
crash log for DumpRenderTree (pid 390):
STDOUT: <empty>
STDERR: 1   0x421b68 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree() [0x421b68]
STDERR: 2   0x7f5746781ff0 /lib/libpthread.so.0(+0xeff0) [0x7f5746781ff0]
STDERR: 3   0x7f574d486f62 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11CopiedSpace19tryAllocateSlowCaseEmPPv+0xe2) [0x7f574d486f62]
STDERR: 4   0x7f574d656b79 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC7JSArray14finishCreationERNS_12JSGlobalDataEj+0x79) [0x7f574d656b79]
STDERR: 5   0x7f574d4dc58b /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(+0x1e9d58b) [0x7f574d4dc58b]
STDERR: 6   0x7f5700c96a7b [0x7f5700c96a7b]

fast/js/non-object-proto.html crashed on Qt 4.8, 64 bit, release, r122237:
---------------------------------------------------------------------------------

crash log for DumpRenderTree (pid 2341):
STDOUT: <empty>
STDERR: 1   0x421cb8 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree() [0x421cb8]
STDERR: 2   0x7ff22d477ff0 /lib/libpthread.so.0(+0xeff0) [0x7ff22d477ff0]
STDERR: 3   0x7ff23418b9fc /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC15MarkedAllocator13allocateBlockEv+0x9c) [0x7ff23418b9fc]
STDERR: 4   0x7ff23418bdf5 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC15MarkedAllocator16allocateSlowCaseEv+0xd5) [0x7ff23418bdf5]
STDERR: 5   0x7ff233e2216e /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore14JSHTMLDocument15createPrototypeEPN3JSC9ExecStateEPNS1_14JSGlobalObjectE+0xde) [0x7ff233e2216e]
STDERR: 6   0x7ff233107beb /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore4toJSEPN3JSC9ExecStateEPNS_17JSDOMGlobalObjectEPNS_8DocumentE+0x63b) [0x7ff233107beb]
STDERR: 7   0x7ff233135ebe /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore13createWrapperEPN3JSC9ExecStateEPNS_17JSDOMGlobalObjectEPNS_4NodeE+0x18e) [0x7ff233135ebe]
STDERR: 8   0x7ff2330fa4ce /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore15JSDOMWindowBase14updateDocumentEv+0x34e) [0x7ff2330fa4ce]
STDERR: 9   0x7ff23314ce3f /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore16ScriptController14updateDocumentEv+0xaf) [0x7ff23314ce3f]
STDERR: 10  0x7ff2336e6612 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore5Frame11setDocumentEN3WTF10PassRefPtrINS_8DocumentEEE+0x72) [0x7ff2336e6612]
STDERR: 11  0x7ff23363cc0c /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore14DocumentWriter5beginERKNS_4KURLEbPNS_8DocumentE+0x17c) [0x7ff23363cc0c]
STDERR: 12  0x7ff233635f88 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore14DocumentLoader10commitDataEPKcm+0x58) [0x7ff233635f88]
STDERR: 13  0x7ff23302e2b6 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore19FrameLoaderClientQt13committedLoadEPNS_14DocumentLoaderEPKci+0x156) [0x7ff23302e2b6]
STDERR: 14  0x7ff23363246d /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore14DocumentLoader10commitLoadEPKci+0x5d) [0x7ff23363246d]
STDERR: 15  0x7ff233677f31 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore14ResourceLoader14didReceiveDataEPKcixb+0x41) [0x7ff233677f31]
STDERR: 16  0x7ff233663ad5 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore18MainResourceLoader14didReceiveDataEPKcixb+0x65) [0x7ff233663ad5]
STDERR: 17  0x7ff233677c35 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore14ResourceLoader14didReceiveDataEPNS_14ResourceHandleEPKcii+0xb5) [0x7ff233677c35]
STDERR: 18  0x7ff2339d9588 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore20QNetworkReplyHandler11forwardDataEv+0x78) [0x7ff2339d9588]
STDERR: 19  0x7ff2339d9bd9 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore29QNetworkReplyHandlerCallQueue5flushEv+0x59) [0x7ff2339d9bd9]
STDERR: 20  0x7ff2339da390 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore20QNetworkReplyWrapper19emitMetaDataChangedEv+0xd0) [0x7ff2339da390]
STDERR: 21  0x7ff2339db9d8 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore20QNetworkReplyWrapper15receiveMetaDataEv+0x228) [0x7ff2339db9d8]
STDERR: 22  0x7ff22dab7b76 /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4(_ZN11QMetaObject8activateEP7QObjectPKS_iPPv+0x326) [0x7ff22dab7b76]
STDERR: 23  0x7ff22dab37fe /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4(_ZN7QObject5eventEP6QEvent+0x38e) [0x7ff22dab37fe]
STDERR: 24  0x7ff22e36f19c /usr/local/Trolltech/Qt-4.8.0/lib/libQtGui.so.4(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xac) [0x7ff22e36f19c]
STDERR: 25  0x7ff22e37606d /usr/local/Trolltech/Qt-4.8.0/lib/libQtGui.so.4(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x13d) [0x7ff22e37606d]
STDERR: 26  0x7ff22daa10ec /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0x8c) [0x7ff22daa10ec]
STDERR: 27  0x7ff22daa5953 /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4(_ZN23QCoreApplicationPrivate16sendPostedEventsEP7QObjectiP11QThreadData+0x3d3) [0x7ff22daa5953]
STDERR: 28  0x7ff22dad2623 /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4(+0x1cc623) [0x7ff22dad2623]
STDERR: 29  0x7ff22fced6f2 /lib/libglib-2.0.so.0(g_main_context_dispatch+0x1f2) [0x7ff22fced6f2]
STDERR: 30  0x7ff22fcf1568 /lib/libglib-2.0.so.0(+0x42568) [0x7ff22fcf1568]
STDERR: 31  0x7ff22fcf171c /lib/libglib-2.0.so.0(g_main_context_iteration+0x6c) [0x7ff22fcf171c]

fast/js/nested-object-gc.html crashed on Qt 4.8, 64 bit, release, r122235 :
----------------------------------------------------------------------------

crash log for DumpRenderTree (pid 15154):
STDOUT: <empty>
STDERR: 1   0x421cb8 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree() [0x421cb8]
STDERR: 2   0x7f7e17aa8ff0 /lib/libpthread.so.0(+0xeff0) [0x7f7e17aa8ff0]
STDERR: 3   0x7f7e1e7bc9fc /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC15MarkedAllocator13allocateBlockEv+0x9c) [0x7f7e1e7bc9fc]
STDERR: 4   0x7f7e1e7bcdf5 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC15MarkedAllocator16allocateSlowCaseEv+0xd5) [0x7f7e1e7bcdf5]
STDERR: 5   0x7f7e1e80118a /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(+0x1e9b18a) [0x7f7e1e80118a]
STDERR: 6   0x7f7dd1f7ef70 [0x7f7dd1f7ef70]

fast/css/webkit-keyframes-crash.html crashed on Qt 4.8, 64 bit, release, r122168 :
-------------------------------------------------------------------------------

crash log for DumpRenderTree (pid 19555):
STDOUT: <empty>
STDERR: 1   0x421e68 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree() [0x421e68]
STDERR: 2   0x7f4e2897aff0 /lib/libpthread.so.0(+0xeff0) [0x7f4e2897aff0]
STDERR: 3   0x7f4e2f68a4d7 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor12startCopyingEv+0xb7) [0x7f4e2f68a4d7]
STDERR: 4   0x7f4e2f68a855 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor16allocateNewSpaceEPvm+0x245) [0x7f4e2f68a855]
STDERR: 5   0x7f4e2f68a8d0 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor13copyAndAppendEPPvmPNS_7JSValueEj+0x30) [0x7f4e2f68a8d0]
STDERR: 6   0x7f4e2f86f5fd /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC8JSObject13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0xcd) [0x7f4e2f86f5fd]
STDERR: 7   0x7f4e2f689d71 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor5drainEv+0xb1) [0x7f4e2f689d71]
STDERR: 8   0x7f4e2f68a0b4 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x124) [0x7f4e2f68a0b4]
STDERR: 9   0x7f4e2f68b03b /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x1b) [0x7f4e2f68b03b]
STDERR: 10  0x7f4e2f916cd5 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(+0x20decd5) [0x7f4e2f916cd5]
STDERR: 11  0x7f4e289728ca /lib/libpthread.so.0(+0x68ca) [0x7f4e289728ca]
STDERR: 12  0x7f4e279e092d /lib/libc.so.6(clone+0x6d) [0x7f4e279e092d]

Comment 2 Csaba Osztrogonác 2012-07-11 02:18:54 PDT

sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.3/15.1.3.1_decodeURI/S15.1.3.1_A1.10_T1.html crashed on Qt 4.8, 64 bit, debug, r122302:

crash log for DumpRenderTree (pid 19377):
STDOUT: <empty>
STDERR: ASSERTION FAILED: !(hash & m_hashAndFlags)
STDERR: /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/Source/WTF/wtf/text/StringImpl.h(421) : void WTF::StringImpl::setHash(unsigned int) const
STDERR: 1   0x7f65da4423a4 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl7setHashEj+0x160) [0x7f65da4423a4]
STDERR: 2   0x7f65dbe93d23 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl12hashSlowCaseEv+0x45) [0x7f65dbe93d23]
STDERR: 3   0x7f65da4424e4 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl4hashEv+0x36) [0x7f65da4424e4]
STDERR: 4   0x7f65da442ebd /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF10StringHash4hashEPNS_10StringImplE+0x18) [0x7f65da442ebd]
STDERR: 5   0x7f65dbbe5d68 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF17HashMapTranslatorINS_18HashMapValueTraitsINS_10HashTraitsIPNS_10StringImplEEENS2_IN3JSC7JSValueEEEEENS_10StringHashEE4hashIS4_EEjRKT_+0x1b) [0x7f65dbbe5d68]
STDERR: 6   0x7f65dbbe582e /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF9HashTableIPNS_10StringImplESt4pairIS2_N3JSC7JSValueEENS_18PairFirstExtractorIS6_EENS_10StringHashENS_18HashMapValueTraitsINS_10HashTraitsIS2_EENSB_IS5_EEEESC_E3addINS_17HashMapTranslatorISE_S9_EES2_S5_EENS_18HashTableAddResultINS_17HashTableIteratorIS2_S6_S8_S9_SE_SC_EEEERKT0_RKT1_+0xec) [0x7f65dbbe582e]
STDERR: 7   0x7f65dbbe5055 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF7HashMapIPNS_10StringImplEN3JSC7JSValueENS_10StringHashENS_10HashTraitsIS2_EENS6_IS4_EEE9inlineAddERKS2_RKS4_+0x2f) [0x7f65dbbe5055]
STDERR: 8   0x7f65dbbe4993 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF7HashMapIPNS_10StringImplEN3JSC7JSValueENS_10StringHashENS_10HashTraitsIS2_EENS6_IS4_EEE3addERKS2_RKS4_+0x2f) [0x7f65dbbe4993]
STDERR: 9   0x7f65dbbe4510 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC9MarkStack14internalAppendEPNS_7JSValueE+0x180) [0x7f65dbbe4510]
STDERR: 10  0x7f65dbbe37bf /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor13copyAndAppendEPPvmPNS_7JSValueEj+0xcb) [0x7f65dbbe37bf]
STDERR: 11  0x7f65dbde72c0 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC8JSObject13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0x18a) [0x7f65dbde72c0]
STDERR: 12  0x7f65dbe0f1f3 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC22NativeErrorConstructor13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0x147) [0x7f65dbe0f1f3]
STDERR: 13  0x7f65dbbe2c07 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x36f2c07) [0x7f65dbbe2c07]
STDERR: 14  0x7f65dbbe2db5 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor5drainEv+0xa3) [0x7f65dbbe2db5]
STDERR: 15  0x7f65dbbe3344 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x4de) [0x7f65dbbe3344]
STDERR: 16  0x7f65dbbe1c6c /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x3c) [0x7f65dbbe1c6c]
STDERR: 17  0x7f65dbbe1ceb /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData22markingThreadStartFuncEPv+0x2f) [0x7f65dbbe1ceb]
STDERR: 18  0x7f65dbe84551 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x3994551) [0x7f65dbe84551]
STDERR: 19  0x7f65dbe9bb2b /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x39abb2b) [0x7f65dbe9bb2b]
STDERR: 20  0x7f65d362a8ca /lib/libpthread.so.0(+0x68ca) [0x7f65d362a8ca]
STDERR: 21  0x7f65d269892d /lib/libc.so.6(clone+0x6d) [0x7f65d269892d]


sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.3/15.1.3.2_decodeURIComponent/S15.1.3.2_A1.12_T1.html crashed on Qt 4.8, 64 bit, debug, r122302:


crash log for DumpRenderTree (pid 25414):
STDOUT: <empty>
STDERR: ASSERTION FAILED: !hasHash()
STDERR: /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/Source/WTF/wtf/text/StringImpl.h(415) : void WTF::StringImpl::setHash(unsigned int) const
STDERR: 1   0x7f4d3139d287 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl7setHashEj+0x43) [0x7f4d3139d287]
STDERR: 2   0x7f4d32deed23 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl12hashSlowCaseEv+0x45) [0x7f4d32deed23]
STDERR: 3   0x7f4d3139d4e4 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl4hashEv+0x36) [0x7f4d3139d4e4]
STDERR: 4   0x7f4d3139debd /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF10StringHash4hashEPNS_10StringImplE+0x18) [0x7f4d3139debd]
STDERR: 5   0x7f4d32b40d68 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF17HashMapTranslatorINS_18HashMapValueTraitsINS_10HashTraitsIPNS_10StringImplEEENS2_IN3JSC7JSValueEEEEENS_10StringHashEE4hashIS4_EEjRKT_+0x1b) [0x7f4d32b40d68]
STDERR: 6   0x7f4d32b4082e /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF9HashTableIPNS_10StringImplESt4pairIS2_N3JSC7JSValueEENS_18PairFirstExtractorIS6_EENS_10StringHashENS_18HashMapValueTraitsINS_10HashTraitsIS2_EENSB_IS5_EEEESC_E3addINS_17HashMapTranslatorISE_S9_EES2_S5_EENS_18HashTableAddResultINS_17HashTableIteratorIS2_S6_S8_S9_SE_SC_EEEERKT0_RKT1_+0xec) [0x7f4d32b4082e]
STDERR: 7   0x7f4d32b40055 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF7HashMapIPNS_10StringImplEN3JSC7JSValueENS_10StringHashENS_10HashTraitsIS2_EENS6_IS4_EEE9inlineAddERKS2_RKS4_+0x2f) [0x7f4d32b40055]
STDERR: 8   0x7f4d32b3f993 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF7HashMapIPNS_10StringImplEN3JSC7JSValueENS_10StringHashENS_10HashTraitsIS2_EENS6_IS4_EEE3addERKS2_RKS4_+0x2f) [0x7f4d32b3f993]
STDERR: 9   0x7f4d32b3f510 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC9MarkStack14internalAppendEPNS_7JSValueE+0x180) [0x7f4d32b3f510]
STDERR: 10  0x7f4d32b3e7bf /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor13copyAndAppendEPPvmPNS_7JSValueEj+0xcb) [0x7f4d32b3e7bf]
STDERR: 11  0x7f4d32d422c0 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC8JSObject13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0x18a) [0x7f4d32d422c0]
STDERR: 12  0x7f4d32d6a1f3 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC22NativeErrorConstructor13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0x147) [0x7f4d32d6a1f3]
STDERR: 13  0x7f4d32b3dc07 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x36f2c07) [0x7f4d32b3dc07]
STDERR: 14  0x7f4d32b3ddb5 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor5drainEv+0xa3) [0x7f4d32b3ddb5]
STDERR: 15  0x7f4d32b3e344 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x4de) [0x7f4d32b3e344]
STDERR: 16  0x7f4d32b3cc6c /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x3c) [0x7f4d32b3cc6c]
STDERR: 17  0x7f4d32b3cceb /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData22markingThreadStartFuncEPv+0x2f) [0x7f4d32b3cceb]
STDERR: 18  0x7f4d32ddf551 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x3994551) [0x7f4d32ddf551]
STDERR: 19  0x7f4d32df6b2b /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x39abb2b) [0x7f4d32df6b2b]
STDERR: 20  0x7f4d2a5858ca /lib/libpthread.so.0(+0x68ca) [0x7f4d2a5858ca]
STDERR: 21  0x7f4d295f392d /lib/libc.so.6(clone+0x6d) [0x7f4d295f392d]

Comment 3 Csaba Osztrogonác 2012-07-11 02:19:53 PDT

sputnik/Conformance/15_Native_Objects/15.1_The_Global_Object/15.1.3/15.1.3.1_decodeURI/S15.1.3.1_A1.12_T1.html crashed on Qt 4.8, 64 bit debug, r122220:

crash log for DumpRenderTree (pid 4858):
STDOUT: <empty>
STDERR: ASSERTION FAILED: !hasHash()
STDERR: /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/Source/WTF/wtf/text/StringImpl.h(415) : void WTF::StringImpl::setHash(unsigned int) const
STDERR: 1   0x7f1b2ee92cb7 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl7setHashEj+0x43) [0x7f1b2ee92cb7]
STDERR: 2   0x7f1b308e10d3 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl12hashSlowCaseEv+0x45) [0x7f1b308e10d3]
STDERR: 3   0x7f1b2ee92f14 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl4hashEv+0x36) [0x7f1b2ee92f14]
STDERR: 4   0x7f1b2ee938ed /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF10StringHash4hashEPNS_10StringImplE+0x18) [0x7f1b2ee938ed]
STDERR: 5   0x7f1b30633118 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF17HashMapTranslatorINS_18HashMapValueTraitsINS_10HashTraitsIPNS_10StringImplEEENS2_IN3JSC7JSValueEEEEENS_10StringHashEE4hashIS4_EEjRKT_+0x1b) [0x7f1b30633118]
STDERR: 6   0x7f1b30632bde /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF9HashTableIPNS_10StringImplESt4pairIS2_N3JSC7JSValueEENS_18PairFirstExtractorIS6_EENS_10StringHashENS_18HashMapValueTraitsINS_10HashTraitsIS2_EENSB_IS5_EEEESC_E3addINS_17HashMapTranslatorISE_S9_EES2_S5_EENS_18HashTableAddResultINS_17HashTableIteratorIS2_S6_S8_S9_SE_SC_EEEERKT0_RKT1_+0xec) [0x7f1b30632bde]
STDERR: 7   0x7f1b30632405 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF7HashMapIPNS_10StringImplEN3JSC7JSValueENS_10StringHashENS_10HashTraitsIS2_EENS6_IS4_EEE9inlineAddERKS2_RKS4_+0x2f) [0x7f1b30632405]
STDERR: 8   0x7f1b30631d43 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF7HashMapIPNS_10StringImplEN3JSC7JSValueENS_10StringHashENS_10HashTraitsIS2_EENS6_IS4_EEE3addERKS2_RKS4_+0x2f) [0x7f1b30631d43]
STDERR: 9   0x7f1b306318c0 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC9MarkStack14internalAppendEPNS_7JSValueE+0x180) [0x7f1b306318c0]
STDERR: 10  0x7f1b30630b6f /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor13copyAndAppendEPPvmPNS_7JSValueEj+0xcb) [0x7f1b30630b6f]
STDERR: 11  0x7f1b30834670 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC8JSObject13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0x18a) [0x7f1b30834670]
STDERR: 12  0x7f1b3085c5a3 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC22NativeErrorConstructor13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0x147) [0x7f1b3085c5a3]
STDERR: 13  0x7f1b3062ffb7 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x36ecfb7) [0x7f1b3062ffb7]
STDERR: 14  0x7f1b30630165 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor5drainEv+0xa3) [0x7f1b30630165]
STDERR: 15  0x7f1b306306f4 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x4de) [0x7f1b306306f4]
STDERR: 16  0x7f1b3062f01c /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x3c) [0x7f1b3062f01c]
STDERR: 17  0x7f1b3062f09b /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData22markingThreadStartFuncEPv+0x2f) [0x7f1b3062f09b]
STDERR: 18  0x7f1b308d1901 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x398e901) [0x7f1b308d1901]
STDERR: 19  0x7f1b308e8edb /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x39a5edb) [0x7f1b308e8edb]
STDERR: 20  0x7f1b2807d8ca /lib/libpthread.so.0(+0x68ca) [0x7f1b2807d8ca]
STDERR: 21  0x7f1b270eb92d /lib/libc.so.6(clone+0x6d) [0x7f1b270eb92d]

Comment 4 Csaba Osztrogonác 2012-07-11 02:21:14 PDT

sputnik/Conformance/07_Lexical_Conventions/7.3_Line_Terminators/S7.3_A3.1_T2.html crashed on Qt 4.8, 64 bit, debug, r122060:

crash log for DumpRenderTree (pid 29850):
STDOUT: <empty>
STDERR: ASSERTION FAILED: !hasHash()
STDERR: /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/Source/WTF/wtf/text/StringImpl.h(415) : void WTF::StringImpl::setHash(unsigned int) const
STDERR: 1   0x7fa7bc30cf47 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl7setHashEj+0x43) [0x7fa7bc30cf47]
STDERR: 2   0x7fa7bdd5451b /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl12hashSlowCaseEv+0x45) [0x7fa7bdd5451b]
STDERR: 3   0x7fa7bc30d1a4 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZNK3WTF10StringImpl4hashEv+0x36) [0x7fa7bc30d1a4]
STDERR: 4   0x7fa7bc30db7d /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF10StringHash4hashEPNS_10StringImplE+0x18) [0x7fa7bc30db7d]
STDERR: 5   0x7fa7bdaa7d1c /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF17HashMapTranslatorINS_18HashMapValueTraitsINS_10HashTraitsIPNS_10StringImplEEENS2_IN3JSC7JSValueEEEEENS_10StringHashEE4hashIS4_EEjRKT_+0x1b) [0x7fa7bdaa7d1c]
STDERR: 6   0x7fa7bdaa77e2 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF9HashTableIPNS_10StringImplESt4pairIS2_N3JSC7JSValueEENS_18PairFirstExtractorIS6_EENS_10StringHashENS_18HashMapValueTraitsINS_10HashTraitsIS2_EENSB_IS5_EEEESC_E3addINS_17HashMapTranslatorISE_S9_EES2_S5_EENS_18HashTableAddResultINS_17HashTableIteratorIS2_S6_S8_S9_SE_SC_EEEERKT0_RKT1_+0xec) [0x7fa7bdaa77e2]
STDERR: 7   0x7fa7bdaa7009 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF7HashMapIPNS_10StringImplEN3JSC7JSValueENS_10StringHashENS_10HashTraitsIS2_EENS6_IS4_EEE9inlineAddERKS2_RKS4_+0x2f) [0x7fa7bdaa7009]
STDERR: 8   0x7fa7bdaa6947 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3WTF7HashMapIPNS_10StringImplEN3JSC7JSValueENS_10StringHashENS_10HashTraitsIS2_EENS6_IS4_EEE3addERKS2_RKS4_+0x2f) [0x7fa7bdaa6947]
STDERR: 9   0x7fa7bdaa64c4 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC9MarkStack14internalAppendEPNS_7JSValueE+0x180) [0x7fa7bdaa64c4]
STDERR: 10  0x7fa7bdaa5773 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor13copyAndAppendEPPvmPNS_7JSValueEj+0xcb) [0x7fa7bdaa5773]
STDERR: 11  0x7fa7bdca7ab0 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC8JSObject13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0x18a) [0x7fa7bdca7ab0]
STDERR: 12  0x7fa7bdaa4bbb /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x36dbbbb) [0x7fa7bdaa4bbb]
STDERR: 13  0x7fa7bdaa4d69 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor5drainEv+0xa3) [0x7fa7bdaa4d69]
STDERR: 14  0x7fa7bdaa52f8 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor15drainFromSharedENS0_15SharedDrainModeE+0x4de) [0x7fa7bdaa52f8]
STDERR: 15  0x7fa7bdaa3c20 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData17markingThreadMainEPNS_11SlotVisitorE+0x3c) [0x7fa7bdaa3c20]
STDERR: 16  0x7fa7bdaa3c9f /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(_ZN3JSC25MarkStackThreadSharedData22markingThreadStartFuncEPv+0x2f) [0x7fa7bdaa3c9f]
STDERR: 17  0x7fa7bdd44d49 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x397bd49) [0x7fa7bdd44d49]
STDERR: 18  0x7fa7bdd5c323 /home/webkitbuildbot/slaves/debug64bit/buildslave/qt-linux-64-debug/build/WebKitBuild/Debug/lib/libQtWebKit.so.4(+0x3993323) [0x7fa7bdd5c323]
STDERR: 19  0x7fa7b55038ca /lib/libpthread.so.0(+0x68ca) [0x7fa7b55038ca]
STDERR: 20  0x7fa7b457192d /lib/libc.so.6(clone+0x6d) [0x7fa7b457192d]

Comment 5 Csaba Osztrogonác 2012-07-11 04:23:48 PDT

One more crash on  Qt 4.8, 64 bit, release, r122325 :

crash log for DumpRenderTree (pid 28470):
STDOUT: <empty>
STDERR: 1   0x421b68 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree() [0x421b68]
STDERR: 2   0x7fa7792deff0 /lib/libpthread.so.0(+0xeff0) [0x7fa7792deff0]
STDERR: 3   0x7fa77fff3207 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor12startCopyingEv+0xb7) [0x7fa77fff3207]
STDERR: 4   0x7fa77fff3585 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor16allocateNewSpaceEPvm+0x245) [0x7fa77fff3585]
STDERR: 5   0x7fa77fff3600 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor13copyAndAppendEPPvmPNS_7JSValueEj+0x30) [0x7fa77fff3600]
STDERR: 6   0x7fa7801d832d /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC8JSObject13visitChildrenEPNS_6JSCellERNS_11SlotVisitorE+0xcd) [0x7fa7801d832d]
STDERR: 7   0x7fa77fff2aa1 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC11SlotVisitor5drainEv+0xb1) [0x7fa77fff2aa1]
STDERR: 8   0x7fa77ffeef9b /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC4Heap9markRootsEb+0x2eb) [0x7fa77ffeef9b]
STDERR: 9   0x7fa77ffef38b /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC4Heap7collectENS0_11SweepToggleE+0x6b) [0x7fa77ffef38b]
STDERR: 10  0x7fa77ef473a7 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN7WebCore12GCController17garbageCollectNowEv+0x37) [0x7fa77ef473a7]
STDERR: 11  0x425713 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/bin/DumpRenderTree() [0x425713]
STDERR: 12  0x7fa77eff9ef6 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(_ZN3JSC8Bindings19QtRuntimeMetaMethod4callEPNS_9ExecStateE+0xe76) [0x7fa77eff9ef6]
STDERR: 13  0x7fa7800e7d18 /ramdisk/qt-linux-64-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(+0x1f4bd18) [0x7fa7800e7d18]
STDERR: 14  0x7fa7337ac1cc [0x7fa7337ac1cc]

Comment 6 Csaba Osztrogonác 2012-07-11 06:28:41 PDT

I managed to reproduce this bug inside gdb (Qt 4.8, 64bit, release mode with debug symbols)

I don't know anything about GC, so I can't debug it. 
But I hope this backtrace can help you:

$ gdb WebKitBuild/Release/bin/DumpRenderTree
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree...done.
(gdb) run --no-timeout PerformanceTests/Dromaeo/jslib-event-jquery.html
Starting program: /home/oszi/WebKit/WebKitBuild/Release/bin/DumpRenderTree --no-timeout PerformanceTests/Dromaeo/jslib-event-jquery.html
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffeb154700 (LWP 15118)]
[New Thread 0x7fffa9889700 (LWP 15119)]
[Thread 0x7fffa9889700 (LWP 15119) exited]
[New Thread 0x7fffa9889700 (LWP 15120)]
[New Thread 0x7fffa947e700 (LWP 15121)]
[New Thread 0x7fffa927d700 (LWP 15122)]
[New Thread 0x7fffa907c700 (LWP 15123)]
[New Thread 0x7fffa8e7b700 (LWP 15124)]
[New Thread 0x7fffa8c7a700 (LWP 15125)]
[New Thread 0x7fffa8a79700 (LWP 15126)]
[New Thread 0x7fffa839f700 (LWP 15127)]
main frame - has 1 onunload handler(s)
frame "<!--framePath //<!--frame0-->-->" - has 1 onunload handler(s)

Program received signal SIGSEGV, Segmentation fault.
JSC::MarkStackSegmentAllocator::shrinkReserve (this=0x7fffa293b000) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:89
89              segments = segments->m_previous;
(gdb) bt
#0  JSC::MarkStackSegmentAllocator::shrinkReserve (this=0x7fffa293b000) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:89
#1  0x00007ffff72a139d in JSC::MarkStackThreadSharedData::reset (this=0x7fffeaeb9b98) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:297
#2  0x00007ffff729ddd6 in JSC::Heap::markRoots (this=<value optimized out>, fullGC=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.cpp:595
#3  0x00007ffff729df8b in JSC::Heap::collect (this=0x7fffeaeb9050, sweepToggle=JSC::Heap::DoNotSweep) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.cpp:717
#4  0x00007ffff7292d80 in JSC::CopiedSpace::allocateBlock (this=0x7fffeaeb9a38, bytes=12240, outPtr=0x7fffffffd100) at /home/oszi/WebKit/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h:104
#5  JSC::CopiedSpace::tryAllocateSlowCase (this=0x7fffeaeb9a38, bytes=12240, outPtr=0x7fffffffd100) at /home/oszi/WebKit/Source/JavaScriptCore/heap/CopiedSpace.cpp:72
#6  0x00007ffff7293310 in JSC::CopiedSpace::tryAllocate (this=0x1000, ptr=0x7fffffffd150, oldSize=8160, newSize=140737134697192) at /home/oszi/WebKit/Source/JavaScriptCore/heap/CopiedSpaceInlineMethods.h:124
#7  JSC::CopiedSpace::tryReallocate (this=0x1000, ptr=0x7fffffffd150, oldSize=8160, newSize=140737134697192) at /home/oszi/WebKit/Source/JavaScriptCore/heap/CopiedSpace.cpp:123
#8  0x00007ffff746244d in JSC::Heap::tryReallocateStorage (this=0x7fffa0afea80, globalData=<value optimized out>, newLength=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.h:378
#9  JSC::JSArray::increaseVectorLength (this=0x7fffa0afea80, globalData=<value optimized out>, newLength=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSArray.cpp:1046
#10 0x00007ffff7466203 in JSC::JSArray::putDirectIndexBeyondVectorLength (this=0x7fffa0afea80, exec=0x7fffa845a450, i=1017, value=..., shouldThrow=true) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSArray.cpp:868
#11 0x00007ffff7439e66 in JSC::JSArray::putDirectIndex (exec=0x7fffa845a450) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSArray.h:183
#12 arrayProtoFuncSlice (exec=0x7fffa845a450) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/ArrayPrototype.cpp:614
#13 0x00007fffaae4b265 in ?? ()
#14 0x00007fffa2aabc80 in ?? ()
#15 0x00007fffaaf9738e in ?? ()
#16 0x0000000000000000 in ?? ()
(gdb)

Comment 7 Csaba Osztrogonác 2012-07-11 06:30:39 PDT

One more, but different backtrace for Dromaeo/jslib-event-jquery.html test:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffa9288700 (LWP 15511)]
JSC::MarkStackArray::donateSomeCellsTo (this=0x4d4c90, other=...) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:175
175             previous = current->m_previous;
(gdb) bt
#0  JSC::MarkStackArray::donateSomeCellsTo (this=0x4d4c90, other=...) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:175
#1  0x00007ffff72a158b in JSC::SlotVisitor::donateKnownParallel (this=0x4d4c90) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:390
#2  0x00007ffff72a16b6 in JSC::SlotVisitor::drain (this=0x4d4c90) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:406
#3  0x00007ffff72a19e4 in JSC::SlotVisitor::drainFromShared (this=0x4d4c90, sharedDrainMode=JSC::SlotVisitor::SlaveDrain) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:498
#4  0x00007ffff72a296b in JSC::MarkStackThreadSharedData::markingThreadMain (this=<value optimized out>, slotVisitor=0x4d4c90) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:245
#5  0x00007ffff752e625 in wtfThreadEntryPoint (param=<value optimized out>) at /home/oszi/WebKit/Source/WTF/wtf/ThreadingPthreads.cpp:162
#6  0x00007ffff05838ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#7  0x00007fffef5f192d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#8  0x0000000000000000 in ?? ()
(gdb)

Comment 8 Csaba Osztrogonác 2012-07-11 06:33:41 PDT

One more, but different backtrace for Dromaeo/jslib-event-jquery.html test:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff72a1671 in isJSString (this=0x7fffeaec0cd8) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSString.h:501
501         inline bool isJSString(JSValue v) { return v.isCell() && v.asCell()->classInfo() == &JSString::s_info; }
(gdb) bt
#0  0x00007ffff72a1671 in isJSString (this=0x7fffeaec0cd8) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSString.h:501
#1  visitChildren (this=0x7fffeaec0cd8) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:351
#2  JSC::SlotVisitor::drain (this=0x7fffeaec0cd8) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:405
#3  0x00007ffff72a19e4 in JSC::SlotVisitor::drainFromShared (this=0x7fffeaec0cd8, sharedDrainMode=JSC::SlotVisitor::MasterDrain) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkStack.cpp:498
#4  0x00007ffff729dd38 in JSC::Heap::markRoots (this=0x7fffeaec0050, fullGC=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.cpp:555
#5  0x00007ffff729df8b in JSC::Heap::collect (this=0x7fffeaec0050, sweepToggle=JSC::Heap::DoNotSweep) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.cpp:717
#6  0x00007ffff72a410c in JSC::MarkedAllocator::allocateSlowCase (this=0x7fffeaec0158) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.cpp:75
#7  0x00007ffff72e84ba in JSC::MarkedAllocator::allocate (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedAllocator.h:77
#8  JSC::MarkedSpace::allocateWithDestructor (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/heap/MarkedSpace.h:191
#9  JSC::Heap::allocateWithDestructor (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/heap/Heap.h:362
#10 allocateCell<JSC::JSFinalObject> (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSCell.h:340
#11 JSC::JSFinalObject::create (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:439
#12 constructEmptyObject (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSObject.h:515
#13 constructEmptyObject (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSGlobalObject.h:431
#14 constructEmptyObject (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/JSGlobalObject.h:436
#15 operationNewObject (exec=<value optimized out>) at /home/oszi/WebKit/Source/JavaScriptCore/dfg/DFGOperations.cpp:305
#16 0x00007fffaaf8880d in ?? ()
#17 0x0000000000000000 in ?? ()

Comment 9 Csaba Osztrogonác 2012-07-11 06:55:12 PDT

(In reply to comment #6)
> I managed to reproduce this bug inside gdb (Qt 4.8, 64bit, release mode with debug symbols)

You can easily build this configuration with the following command:
Tools/Scripts/build-webkit QMAKE_CFLAGS+=-g QMAKE_CXXFLAGS+=-g

Comment 10 Zoltan Herczeg 2012-07-24 03:39:25 PDT

Looks like various threads overwrites each other "segments".

void MarkStackArray::expand()
{
    ...

    unsigned count = 0;
    for (MarkStackSegment* current = m_topSegment->m_previous; current; current = current->m_previous)
         count++;
    if (count != m_numberOfPreviousSegments) {
        printf("nums: %d %d\n", count, (int)m_numberOfPreviousSegments);

        sleep(1);
        count = 0;
        for (MarkStackSegment* current = m_topSegment->m_previous; current; current = current->m_previous)
             count++;
        printf("nums: %d %d\n", count, (int)m_numberOfPreviousSegments);
    }
}

It prints:

nums: 14 40
nums: 102 40

-> During the sleep(1), something overwrote the segment chain. And the length of the chain is not 40, which is expected.

I suspect this is not allowed.

Comment 11 Zoltan Herczeg 2012-07-24 03:41:59 PDT

Filip, Geoffrey any idea how this happen?

Comment 12 Zoltan Herczeg 2012-07-24 05:12:28 PDT

According to gdb donateSomeCellsTo overwrites it:
current->m_previous = other.m_topSegment->m_previous;

Comment 13 Zoltan Herczeg 2012-07-24 05:13:56 PDT

Oh no, wrong line. other.m_topSegment->m_previous = current this one overwrites it

Comment 14 Zoltan Herczeg 2012-07-24 06:57:58 PDT

Please help me to solve this issue, as I don't know how these segments should be handled. It seems two threads share the same segments. Is this possible in theory? How the GC handle these segements? Are they assigned to a specific thread? What should be the next step to debug this?

Comment 15 Filip Pizlo 2012-07-24 09:34:33 PDT

(In reply to comment #10)
> Looks like various threads overwrites each other "segments".
> 
> void MarkStackArray::expand()
> {
>     ...
> 
>     unsigned count = 0;
>     for (MarkStackSegment* current = m_topSegment->m_previous; current; current = current->m_previous)
>          count++;
>     if (count != m_numberOfPreviousSegments) {
>         printf("nums: %d %d\n", count, (int)m_numberOfPreviousSegments);
> 
>         sleep(1);
>         count = 0;
>         for (MarkStackSegment* current = m_topSegment->m_previous; current; current = current->m_previous)
>              count++;
>         printf("nums: %d %d\n", count, (int)m_numberOfPreviousSegments);
>     }
> }
> 
> It prints:
> 
> nums: 14 40
> nums: 102 40
> 
> -> During the sleep(1), something overwrote the segment chain. And the length of the chain is not 40, which is expected.
> 
> I suspect this is not allowed.

First of all, can you confirm that the bug goes away if you disable parallel tracing?

Second, the only segment that multiple threads are allowed to touch is the m_sharedMarkStack, and as far as I can tell, we always hold the m_markingLock when playing with that stack.

Comment 16 Csaba Osztrogonác 2012-07-25 00:52:37 PDT

I can't reproduce crashing of PerformanceTests/Dromaeo/jslib-event-jquery.html with paralel GC disabled, so it must be a paralel GC bug. Shouldn't we disable paralel GC on Qt until proper fix?

Comment 17 Filip Pizlo 2012-07-25 00:55:56 PDT

(In reply to comment #16)
> I can't reproduce crashing of PerformanceTests/Dromaeo/jslib-event-jquery.html with paralel GC disabled, so it must be a paralel GC bug. Shouldn't we disable paralel GC on Qt until proper fix?

I think that's the right first step.

I will investigate whether or not I can repro this on Mac.

Comment 18 Csaba Osztrogonác 2012-07-25 01:45:07 PDT

Created attachment 154290 [details]
Patch

disable parallel GC on Qt until proper fix

Comment 19 Csaba Osztrogonác 2012-07-25 02:16:21 PDT

Comment on attachment 154290 [details]
Patch

Landed in https://trac.webkit.org/changeset/123590

Comment 20 Zoltan Herczeg 2012-07-25 04:32:19 PDT

Filip, you might figure out something from this:

This is the backtrace where the sleep(1) waits:

#0  JSC::MarkStackArray::expand (this=0x4b89a0)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:136
#1  0x00007ffff72a213c in JSC::MarkStackArray::append (this=0x4b89a0, ptr=<value optimized out>,
    bytes=<value optimized out>, values=0x7fff8f7bd068, length=<value optimized out>)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.h:401
#2  JSC::MarkStack::internalAppend (this=0x4b89a0, ptr=<value optimized out>, bytes=<value optimized out>,
    values=0x7fff8f7bd068, length=<value optimized out>)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/runtime/Structure.h:540
#3  JSC::MarkStack::internalAppend (this=0x4b89a0, ptr=<value optimized out>, bytes=<value optimized out>,
    values=0x7fff8f7bd068, length=<value optimized out>)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.h:467
#4  JSC::MarkStack::append (this=0x4b89a0, ptr=<value optimized out>, bytes=<value optimized out>,
    values=0x7fff8f7bd068, length=<value optimized out>)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.h:437
#5  JSC::SlotVisitor::copyAndAppend (this=0x4b89a0, ptr=<value optimized out>, bytes=<value optimized out>,
    values=0x7fff8f7bd068, length=<value optimized out>)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:653
#6  0x00007ffff74653ee in JSC::JSArray::visitChildren (cell=0x7fff9f70c480, visitor=...)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/runtime/JSArray.cpp:1382
#7  0x00007ffff72a12f8 in visitChildren (this=0x4b89a0)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:378
#8  JSC::SlotVisitor::drain (this=0x4b89a0)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:421
#9  0x00007ffff72a15f4 in JSC::SlotVisitor::drainFromShared (this=0x4b89a0,
    sharedDrainMode=JSC::SlotVisitor::SlaveDrain)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:514
#10 0x00007ffff72a257b in JSC::MarkStackThreadSharedData::markingThreadMain (this=<value optimized out>,
    slotVisitor=0x4b89a0) at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:261
#11 0x00007ffff7531415 in wtfThreadEntryPoint (param=<value optimized out>)
    at /home/hzoli/WebKit-git/WebKit-git/Source/WTF/wtf/ThreadingPthreads.cpp:162

During the 1 second sleep, this function owerwrites the previous chain:

#0  JSC::MarkStackArray::donateSomeCellsTo (this=0x4b0130, other=...)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:194
#1  0x00007ffff72a119b in JSC::SlotVisitor::donateKnownParallel (this=0x4b0130)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:406
#2  0x00007ffff72a12c6 in JSC::SlotVisitor::drain (this=0x4b0130)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:422
#3  0x00007ffff72a15f4 in JSC::SlotVisitor::drainFromShared (this=0x4b0130,
    sharedDrainMode=JSC::SlotVisitor::SlaveDrain)
    at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:514
#4  0x00007ffff72a257b in JSC::MarkStackThreadSharedData::markingThreadMain (this=<value optimized out>,
    slotVisitor=0x4b0130) at /home/hzoli/WebKit-git/WebKit-git/Source/JavaScriptCore/heap/MarkStack.cpp:261
#5  0x00007ffff7531415 in wtfThreadEntryPoint (param=<value optimized out>)
    at /home/hzoli/WebKit-git/WebKit-git/Source/WTF/wtf/ThreadingPthreads.cpp:162

Comment 21 Zoltan Herczeg 2012-07-30 03:09:50 PDT

Filip, any thoughts?

Comment 22 Zan Dobersek 2012-08-04 04:52:24 PDT

These crashes are also occurring on the 64-bit GTK build, but only the release configuration. Specifically, fast/js/random-array-gc-stress.html was spotted crashing occasionally[1].

Furthermore, I can reproduce these crashes consistently when running the test262 suite[2]. I'm now doing a bisect with each step being marked good or bad depending on the crashes occurring when running test262. At the moment the offending commit list is narrowed down between r121837 and r121895.

[1] - http://test-results.appspot.com/dashboards/flakiness_dashboard.html#group=%40ToT%20-%20webkit.org&tests=fast%2Fjs%2Frandom-array-gc-stress.html
[2] - http://test262.ecmascript.org/
[3] - http://trac.webkit.org/log/trunk?rev=121895&stop_rev=121837

Comment 23 Zan Dobersek 2012-08-04 06:29:55 PDT

(In reply to comment #22)
> These crashes are also occurring on the 64-bit GTK build, but only the release configuration. Specifically, fast/js/random-array-gc-stress.html was spotted crashing occasionally[1].
> 
> Furthermore, I can reproduce these crashes consistently when running the test262 suite[2]. I'm now doing a bisect with each step being marked good or bad depending on the crashes occurring when running test262. At the moment the offending commit list is narrowed down between r121837 and r121895.
> 
> [1] - http://test-results.appspot.com/dashboards/flakiness_dashboard.html#group=%40ToT%20-%20webkit.org&tests=fast%2Fjs%2Frandom-array-gc-stress.html
> [2] - http://test262.ecmascript.org/
> [3] - http://trac.webkit.org/log/trunk?rev=121895&stop_rev=121837

The bisecting amounted to nothing valuable, the crashes started occurring after the parallel GC was enabled for the GTK port in http://trac.webkit.org/changeset/121869.

Comment 24 Zoltan Herczeg 2012-08-04 09:07:58 PDT

I thought this is something general. Actually I know what is happen, but I don't know what is the expected behaviour so I cannot fix it. I can prove with gdb that two threads share the same segment list, and overwrite the "previous" members in the same time.

Comment 25 Zoltan Herczeg 2012-08-04 09:12:53 PDT

Btw, in release mode a lot of things happen differently because of the #if !ASSERT_DISABLED guards. Perhaps something is wrong with them?

I.e. what is the purpose of this member:

#if !ASSERT_DISABLED
        size_t m_top;
#endif

Comment 26 Geoffrey Garen 2012-08-05 17:27:26 PDT

MarkStackArray::donateSomeCellsTo always donates to the shared mark stack, so this can only happen if a marking thread and the shared mark stack end up pointing to the same MarkStackSegment. One way this could happen would be if there were a threading bug in the MarkStackSegmentAllocator.

Comment 27 Geoffrey Garen 2012-08-05 17:28:03 PDT

<rdar://problem/12035472>

Comment 28 Zan Dobersek 2012-11-08 23:44:53 PST

The occurrence of these crashes increased visibly on the GTK 64-bit Release builder in the last 12 hours or so, most probably inside this commit range:
http://trac.webkit.org/log/?verbose=on&rev=133972&stop_rev=133955
(Revisions 133956 and 133971 seem most related.)

http://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release?numbuilds=100

However, I haven't seen any crashing on other bots. I'll probably slowly start to add flaky crashing expectations for the tests.

Comment 29 Zan Dobersek 2013-01-20 03:30:07 PST

(In reply to comment #22)
> Furthermore, I can reproduce these crashes consistently when running the test262 suite[2]. I'm now doing a bisect with each step being marked good or bad depending on the crashes occurring when running test262. At the moment the offending commit list is narrowed down between r121837 and r121895.

FWIW, I can now run test262 suite with ToT without crashes.
The fast/js/random-array-gc-stress.html test is also not crashing on either of the builders.

Comment 30 Allan Sandfeld Jensen 2013-05-24 10:11:44 PDT

I am unable to trigger this in WebKit trunk compiled against Qt 5.1. I find it possible that whatever underlying bug triggered this problem in the first place might have been solved.

Comment 31 Rafael Brandao 2013-05-24 11:10:38 PDT

(In reply to comment #30)
> I am unable to trigger this in WebKit trunk compiled against Qt 5.1. I find it possible that whatever underlying bug triggered this problem in the first place might have been solved.

I would say this bug have been fixed by bug #99641.

Comment 32 Zan Dobersek 2013-05-24 11:17:20 PDT

(In reply to comment #29)
> (In reply to comment #22)
> > Furthermore, I can reproduce these crashes consistently when running the test262 suite[2]. I'm now doing a bisect with each step being marked good or bad depending on the crashes occurring when running test262. At the moment the offending commit list is narrowed down between r121837 and r121895.
> 
> FWIW, I can now run test262 suite with ToT without crashes.
> The fast/js/random-array-gc-stress.html test is also not crashing on either of the builders.

Still stands, so I think this bug is OK to close.

Comment 33 Allan Sandfeld Jensen 2013-05-24 11:26:44 PDT

(In reply to comment #32)
> (In reply to comment #29)
> > (In reply to comment #22)
> > > Furthermore, I can reproduce these crashes consistently when running the test262 suite[2]. I'm now doing a bisect with each step being marked good or bad depending on the crashes occurring when running test262. At the moment the offending commit list is narrowed down between r121837 and r121895.
> > 
> > FWIW, I can now run test262 suite with ToT without crashes.
> > The fast/js/random-array-gc-stress.html test is also not crashing on either of the builders.
> 
> Still stands, so I think this bug is OK to close.

That makes sense. The PARALLEL_GC should be reenabled for Qt before closing the bug.

Comment 34 Csaba Osztrogonác 2013-05-27 02:04:15 PDT

(In reply to comment #33)
> (In reply to comment #32)
> > (In reply to comment #29)
> > > (In reply to comment #22)
> > > > Furthermore, I can reproduce these crashes consistently when running the test262 suite[2]. I'm now doing a bisect with each step being marked good or bad depending on the crashes occurring when running test262. At the moment the offending commit list is narrowed down between r121837 and r121895.
> > > 
> > > FWIW, I can now run test262 suite with ToT without crashes.
> > > The fast/js/random-array-gc-stress.html test is also not crashing on either of the builders.
> > 
> > Still stands, so I think this bug is OK to close.
> 
> That makes sense. The PARALLEL_GC should be reenabled for Qt before closing the bug.

Zoltán or Ádám, could you reenable parallel GC on Qt 
and then check if it is bug still valid or not?

Comment 35 Ádám Kallai 2013-05-28 01:44:10 PDT

I have landed the patch in r150751. Now there are two test fail with crash after this patch. I reported them in bug 116854 and bug 116855.

Comment 36 Ádám Kallai 2013-05-28 06:03:26 PDT

The problem has been fixed. Close the bug.