WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED INVALID
151838
Web Inspector: CRASH in LayoutTests/inspector/debugger/terminate-dedicated-worker-while-paused.html
https://bugs.webkit.org/show_bug.cgi?id=151838
Summary
Web Inspector: CRASH in LayoutTests/inspector/debugger/terminate-dedicated-wo...
Joseph Pecoraro
Reported
2015-12-03 17:33:18 PST
Created
attachment 266581
[details]
[CRASH] Multiple Crash Report * SUMMARY CRASH in LayoutTests/inspector/debugger/terminate-dedicated-worker-while-paused.html. * STEPS TO REPRODUCE 1. Unskip LayoutTests/inspector/debugger/terminate-dedicated-worker-while-paused.html 2. shell> run-webkit-tests --debug inspector/debugger --iterations=10 -1 => this test crashes * CRASH LOG Multiple attached
> Crashed Thread: 34 WebCore: Worker > Exception Type: EXC_BAD_ACCESS (SIGSEGV) > Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
> Thread 0:: Dispatch queue: com.apple.main-thread
> 0 llint_entry + 3366 > 1 llint_entry + 26604 > 2 llint_entry + 27485 > 3 llint_entry + 26604 > 4 llint_entry + 26604 > 5 vmEntryToJavaScript + 334 > 6 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 213 (JITCode.cpp:80) > 7 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1186 (Interpreter.cpp:1032) > 8 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 (CallData.cpp:39) > 9 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 83 (CallData.cpp:44) > 10 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 107 (JSMainThreadExecState.h:56) > 11 WebCore::functionCallHandlerFromAnyThread(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 109 (JSMainThreadExecState.cpp:54) > 12 Deprecated::ScriptFunctionCall::call(bool&) + 488 (ScriptFunctionCall.cpp:138) > 13 Inspector::InjectedScriptBase::callFunctionWithEvalEnabled(Deprecated::ScriptFunctionCall&, bool&) const + 193 (InjectedScriptBase.cpp:81) > 14 Inspector::InjectedScriptBase::makeCall(Deprecated::ScriptFunctionCall&, WTF::RefPtr<Inspector::InspectorValue>*) + 137 (InjectedScriptBase.cpp:100) > 15 Inspector::InjectedScriptBase::makeEvalCall(WTF::String&, Deprecated::ScriptFunctionCall&, WTF::RefPtr<Inspector::Protocol::Runtime::RemoteObject>*, Inspector::Protocol::OptOutput<bool>*, Inspector::Protocol::OptOutput<int>*) + 78 (InjectedScriptBase.cpp:112) > 16 Inspector::InjectedScript::evaluate(WTF::String&, WTF::String const&, WTF::String const&, bool, bool, bool, bool, WTF::RefPtr<Inspector::Protocol::Runtime::RemoteObject>*, Inspector::Protocol::OptOutput<bool>*, Inspector::Protocol::OptOutput<int>*) + 417 (InjectedScript.cpp:68) > 17 Inspector::InspectorRuntimeAgent::evaluate(WTF::String&, WTF::String const&, WTF::String const*, bool const*, bool const*, int const*, bool const*, bool const*, bool const*, WTF::RefPtr<Inspector::Protocol::Runtime::RemoteObject>&, Inspector::Protocol::OptOutput<bool>*, Inspector::Protocol::OptOutput<int>*) + 626 (InspectorRuntimeAgent.cpp:128) > 18 non-virtual thunk to Inspector::InspectorRuntimeAgent::evaluate(WTF::String&, WTF::String const&, WTF::String const*, bool const*, bool const*, int const*, bool const*, bool const*, bool const*, WTF::RefPtr<Inspector::Protocol::Runtime::RemoteObject>&, Inspector::Protocol::OptOutput<bool>*, Inspector::Protocol::OptOutput<int>*) + 252 (InspectorRuntimeAgent.cpp:116) > 19 Inspector::RuntimeBackendDispatcher::evaluate(long, WTF::RefPtr<Inspector::InspectorObject>&&) + 2601 (InspectorBackendDispatchers.cpp:4969) > 20 Inspector::RuntimeBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<Inspector::InspectorObject>&&) + 827 (InspectorBackendDispatchers.cpp:4898) > 21 Inspector::BackendDispatcher::dispatch(WTF::String const&) + 1997 (InspectorBackendDispatcher.cpp:181) > 22 WebCore::InspectorController::dispatchMessageFromFrontend(WTF::String const&) + 47 (InspectorController.cpp:381) > 23 WebCore::InspectorBackendDispatchTask::timerFired() + 158 (InspectorFrontendClientLocal.cpp:103) > ... > > Thread 34 Crashed:: WebCore: Worker > 0 WTF::Atomic<unsigned char>::compareExchangeWeak(unsigned char, unsigned char, std::__1::memory_order) + 367 (atomic:879) > 1 WTF::LockBase::lock() + 37 (Lock.h:51) > 2 void WTF::addIterator<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> >(WTF::HashTable<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> > const*, WTF::HashTableConstIterator<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> >*) + 162 (HashTable.h:1386) > 3 WTF::HashTableConstIterator<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> >::HashTableConstIterator(WTF::HashTable<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> > const*, JSC::CodeBlock* const*, JSC::CodeBlock* const*) + 59 (HashTable.h:128) > 4 WTF::HashTableConstIterator<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> >::HashTableConstIterator(WTF::HashTable<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> > const*, JSC::CodeBlock* const*, JSC::CodeBlock* const*) + 45 (HashTable.h:129) > 5 WTF::HashTable<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> >::makeConstIterator(JSC::CodeBlock**) const + 64 (HashTable.h:463) > 6 WTF::HashTable<JSC::CodeBlock*, JSC::CodeBlock*, WTF::IdentityExtractor, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> >::begin() const + 89 (HashTable.h:376) > 7 WTF::HashSet<JSC::CodeBlock*, WTF::PtrHash<JSC::CodeBlock*>, WTF::HashTraits<JSC::CodeBlock*> >::begin() const + 39 (HashSet.h:173) > 8 void JSC::CodeBlockSet::iterate<JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor>(JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor&) + 67 (CodeBlockSet.h:83) > 9 void JSC::Heap::forEachCodeBlock<JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor>(JSC::Debugger::ClearCodeBlockDebuggerRequestsFunctor&) + 63 (HeapInlines.h:155) > 10 JSC::Debugger::clearBreakpoints() + 100 (Debugger.cpp:480) > 11 Inspector::ScriptDebugServer::clearBreakpoints() + 31 (ScriptDebugServer.cpp:126) > 12 Inspector::InspectorDebuggerAgent::clearDebuggerBreakpointState() + 32 (InspectorDebuggerAgent.cpp:786) > 13 Inspector::InspectorDebuggerAgent::clearInspectorBreakpointState() + 189 (InspectorDebuggerAgent.cpp:781) > 14 Inspector::InspectorDebuggerAgent::disable(bool) + 86 (InspectorDebuggerAgent.cpp:107) > 15 WebCore::WebDebuggerAgent::disable(bool) + 47 (WebDebuggerAgent.cpp:49) > 16 Inspector::InspectorDebuggerAgent::willDestroyFrontendAndBackend(Inspector::DisconnectReason) + 54 (InspectorDebuggerAgent.cpp:83) > 17 Inspector::AgentRegistry::willDestroyFrontendAndBackend(Inspector::DisconnectReason) + 117 (InspectorAgentRegistry.cpp:68) > 18 WebCore::WorkerInspectorController::disconnectFrontend(Inspector::DisconnectReason) + 248 (WorkerInspectorController.cpp:163) > 19 WebCore::WorkerInspectorController::workerGlobalScopeDestroyed() + 114 (WorkerInspectorController.cpp:145) > 20 WebCore::WorkerGlobalScope::~WorkerGlobalScope() + 214 (WorkerGlobalScope.cpp:87) > 21 WebCore::DedicatedWorkerGlobalScope::~DedicatedWorkerGlobalScope() + 21 (DedicatedWorkerGlobalScope.cpp:56) > 22 WebCore::DedicatedWorkerGlobalScope::~DedicatedWorkerGlobalScope() + 21 (DedicatedWorkerGlobalScope.cpp:56) > 23 WebCore::DedicatedWorkerGlobalScope::~DedicatedWorkerGlobalScope() + 25 (DedicatedWorkerGlobalScope.cpp:55) > 24 WTF::RefCounted<WebCore::WorkerGlobalScope>::deref() + 83 (RefCounted.h:146) > 25 void WTF::derefIfNotNull<WebCore::WorkerGlobalScope>(WebCore::WorkerGlobalScope*) + 58 (PassRefPtr.h:43) > 26 WTF::RefPtr<WebCore::WorkerGlobalScope>::operator=(std::nullptr_t) + 55 (RefPtr.h:142) > 27 WebCore::WorkerThread::workerThread() + 1312 (WorkerThread.cpp:168) > 28 WebCore::WorkerThread::workerThreadStart(void*) + 21 (WorkerThread.cpp:129) > ...
Attachments
[CRASH] Multiple Crash Report
(63.12 KB, application/zip)
2015-12-03 17:33 PST
,
Joseph Pecoraro
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2015-12-03 17:33:37 PST
<
rdar://problem/23753808
>
Joseph Pecoraro
Comment 2
2015-12-03 17:35:44 PST
I wonder if this is a multi-threading issue. The crash is always on the Worker thread iterating the Heap and sometimes (see crash reports) the main thread is evaluating JavaScript. In once case even in JSC::Heap::deleteAllCodeBlocks. I don't see any guarded access to the heap here.
Timothy Hatcher
Comment 3
2015-12-12 19:18:41 PST
I am pretty sure worker code was removed recently.
Joseph Pecoraro
Comment 4
2015-12-14 10:50:35 PST
It was. I'll close this out.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug