166430 – [GTK] Crash in WTF::VectorBufferBase<WTF::(anonymous namespace)::Bucket*>::allocateBuffer

NEW 166430

[GTK] Crash in WTF::VectorBufferBase<WTF::(anonymous namespace)::Bucket*>::allocateBuffer

https://bugs.webkit.org/show_bug.cgi?id=166430

Summary [GTK] Crash in WTF::VectorBufferBase<WTF::(anonymous namespace)::Bucket*>::al...

Michael Catanzaro

Reported 2016-12-22 13:08:02 PST

User complaint: """If memory serves me correctly, I had Epiphany up and running with a bunch of loaded web pages and i was going back and forth between a "OpenStreetMap" tab and a "Google Maps" tab and i believe it was the latter that went down...""" The other threads might be important, see the full backtrace in the downstream bug. Here's thread one: Thread 1 (Thread 0x7fc5b49fe700 (LWP 3559)): #0 0x00007fc65e282a3c in WTFCrash () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Assertions.cpp:323 No locals. #1 0x00007fc65e291b13 in WTF::VectorBufferBase<WTF::(anonymous namespace)::Bucket*>::allocateBuffer (newCapacity=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:266 sizeToAllocate = <optimized out> #2 WTF::VectorBuffer<WTF::(anonymous namespace)::Bucket*, 0ul>::VectorBuffer (size=<optimized out>, capacity=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:372 No locals. #3 WTF::Vector<WTF::(anonymous namespace)::Bucket*, 0ul, WTF::CrashOnOverflow, 16ul>::Vector (other=..., this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:811 No locals. #4 WTF::(anonymous namespace)::ensureHashtableSize (numThreads=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.cpp:366 threadDatas = {<WTF::VectorBuffer<WTF::(anonymous namespace)::ThreadData*, 0ul>> = {<WTF::VectorBufferBase<WTF::(anonymous namespace)::ThreadData*>> = {m_buffer = 0x1, m_capacity = 495643853, m_size = 0}, <No data fields>}, <No data fields>} newSize = <optimized out> bucketsToUnlock = {<WTF::VectorBuffer<WTF::(anonymous namespace)::Bucket*, 0ul>> = {<WTF::VectorBufferBase<WTF::(anonymous namespace)::Bucket*>> = {m_buffer = 0x7fc5a6c53260, m_capacity = 3048263681, m_size = 32709}, <No data fields>}, <No data fields>} reusableBuckets = <optimized out> #5 WTF::(anonymous namespace)::ThreadData::ThreadData (this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.cpp:436 currentNumThreads = <optimized out> #6 WTF::(anonymous namespace)::myThreadData () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.cpp:461 threadData = 0x5652566b1730 initializeOnce = {_M_once = 2} threadData = 0x5652566b1730 initializeOnce = {_M_once = 2} #7 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (address=address@entry=0x7fc5b5b0d0b1, validation=..., beforeSleep=..., timeout=..., timeout@entry=...) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.cpp:572 didGetDequeued = <optimized out> didDequeue = <optimized out> result = <optimized out> #8 0x00007fc65fbd1f75 in WTF::ParkingLot::parkConditionally<bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)::{lambda()#1}, bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)::{lambda()#2}>(void const*, bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)::{lambda()#1} const&, bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)::{lambda()#2} const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (timeout=..., beforeSleep=..., validation=..., address=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.h:77 No locals. #9 WTF::ConditionBase::waitUntil<WTF::Lock> (timeout=..., lock=..., this=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Condition.h:74 result = <optimized out> #10 WTF::ConditionBase::waitForImpl<WTF::Lock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > > (relativeTimeout=<synthetic pointer>..., lock=..., this=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Condition.h:235 No locals. #11 WTF::ConditionBase::waitForSecondsImpl<WTF::Lock> (relativeTimeoutSeconds=<optimized out>, lock=..., this=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Condition.h:229 relativeTimeoutNanoseconds = <optimized out> #12 WTF::ConditionBase::waitUntilWallClockSeconds<WTF::Lock> (absoluteTimeoutSeconds=<optimized out>, lock=..., this=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Condition.h:136 No locals. #13 WTF::MessageQueue<WebCore::WorkerRunLoop::Task>::waitForMessageFilteredWithTimeout<WebCore::ModePredicate const&> (absoluteTime=1482278774.4956419, predicate=..., result=<synthetic pointer>: <optimized out>, this=0x7fc5b5b0d0b0) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/MessageQueue.h:154 timedOut = false found = {<WTF::DequeIteratorBase<std::unique_ptr<WebCore::WorkerRunLoop::Task, std::default_delete<WebCore::WorkerRunLoop::Task> >, 0ul>> = {m_deque = 0x7fc5b5b0d0b8, m_index = <optimized out>}, <No data fields>} #14 WebCore::WorkerRunLoop::runInMode (this=this@entry=0x7fc5b5b0d0b0, context=context@entry=0x7fc5a6cd8200, predicate=..., waitMode=waitMode@entry=WebCore::WorkerRunLoop::WaitForMessage) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/workers/WorkerRunLoop.cpp:171 mainContext = <optimized out> deadline = 1.7976931348623157e+308 absoluteTime = 1482278774.4956419 result = <optimized out> task = <optimized out> #15 0x00007fc65fbd24f8 in WebCore::WorkerRunLoop::run (this=0x7fc5b5b0d0b0, context=0x7fc5a6cd8200) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/workers/WorkerRunLoop.cpp:131 modePredicate = {m_mode = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_defaultMode = true} result = <optimized out> #16 0x00007fc65fbd46f7 in WebCore::WorkerThread::workerThread (this=0x7fc5b5b0d0a0) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/workers/WorkerThread.cpp:180 mainContext = {m_ptr = 0x7fc5ac002200} threadID = <optimized out> #17 0x00007fc65e2943d5 in std::function<void ()>::operator()() const (this=0x7fc5b49fdb40) at /usr/include/c++/6.2.1/functional:2136 No locals. #18 WTF::threadEntryPoint (contextData=0x7fc5a60aedc0) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Threading.cpp:60 entryPoint = {<std::_Maybe_unary_or_binary_function<void>> = {<No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7fc65fbd4aa0 <WebCore::WorkerThread::workerThreadStart(void*)>, _M_const_object = 0x7fc65fbd4aa0 <WebCore::WorkerThread::workerThreadStart(void*)>, _M_function_pointer = 0x7fc65fbd4aa0 <WebCore::WorkerThread::workerThreadStart(void*)>, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7fc65fbd4aa0 <WebCore::WorkerThread::workerThreadStart(void*)>, this adjustment 140487133548704}, _M_pod_data = "\240J\275_\306\177\000\000\240\320\260\265\305\177\000"}, _M_manager = 0x7fc65e294410 <std::_Function_base::_Base_manager<WTF::createThread(WTF::ThreadFunction, void*, char const*)::<lambda()> >::_M_manager(std::_Any_data &, const std::_Any_data &, std::_Manager_operation)>}, _M_invoker = 0x7fc65e294310 <std::_Function_handler<void(), WTF::createThread(WTF::ThreadFunction, void*, char const*)::<lambda()> >::_M_invoke(const std::_Any_data &)>} #19 0x00007fc65e2b830a in WTF::wtfThreadEntryPoint (param=0x7fc5ba8c6450) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ThreadingPthreads.cpp:164 invocation = std::unique_ptr<WTF::ThreadFunctionInvocation> containing 0x7fc5ba8c6450 #20 0x00007fc65b2b86ca in start_thread (arg=0x7fc5b49fe700) at pthread_create.c:333 __res = <optimized out> pd = 0x7fc5b49fe700 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140487115663104, -1875262018389975631, 0, 140720433312911, 140487115663808, 140487115663104, 1905816620942843313, 1906444818524888497}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> pagesize_m1 = <optimized out> sp = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #21 0x00007fc652b95f6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105 No locals.

Attachments
Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware PC

OS Linux

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2016-12-22 13:08 PST

Modified

2016-12-22 13:08 PST History

CC List

2 users Show

URL

Keywords

Depends on

Blocks