WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
169061
[GTK] Crash in JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int)
https://bugs.webkit.org/show_bug.cgi?id=169061
Summary
[GTK] Crash in JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned...
Adrian Perez
Reported
2017-03-01 15:00:17 PST
The crash happens on x86_64, running WebKitGTK+ 2.14.5, and happens quite often when accessing a Travis-CI build log page like the one at
https://travis-ci.org/aperezdc/revolt/builds/195007198
With the current Git “master” (commit a9501ea6cc9) the issue does not seem to be reproducible in MiniBrowser. The Travis-CI build log pages do take quite a bit of time to load, but that can be as well because I made a debug build hoping to get a better backtrace :-\ Still haven't checked with 2.15.91 The full backtrace follows. --- mar 01 12:43:42 momiji systemd-coredump[23537]: Process 23470 (WebKitWebProces) of user 1000 dumped core. Stack trace of thread 23510: #0 0x00007f9de23ce25a JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) (libjavascriptcoregtk-4.0.so.18) #1 0x00007f9de23cbff3 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CallMode, unsigned int, JSC::DFG::Node*, int, int, JSC::CallLinkStatus) (libjavascriptcoregtk-4.0.so.18) #2 0x00007f9de23cc2c7 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CallMode, unsigned int, int, int, int) (libjavascriptcoregtk-4.0.so.18) #3 0x00007f9de23cc3a8 JSC::DFG::ByteCodeParser::handleCall(JSC::Instruction*, JSC::DFG::NodeType, JSC::CallMode) (libjavascriptcoregtk-4.0.so.18) #4 0x00007f9de23c50b6 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) (libjavascriptcoregtk-4.0.so.18) #5 0x00007f9de23c7f71 JSC::DFG::ByteCodeParser::parseCodeBlock() (libjavascriptcoregtk-4.0.so.18) #6 0x00007f9de23ca032 JSC::DFG::ByteCodeParser::handleInlining(JSC::DFG::Node*, int, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, int, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind, unsigned long) (libjavascriptcoregtk-4.0.so.18) #7 0x00007f9de23cbe85 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind, unsigned int, JSC::DFG::Node*, int, int, JSC::CallLinkStatus, unsigned long) (libjavascriptcoregtk-4.0.so.18) #8 0x00007f9de23cd4c7 JSC::DFG::ByteCodeParser::handlePutById(JSC::DFG::Node*, unsigned int, JSC::DFG::Node*, JSC::PutByIdStatus const&, bool) (libjavascriptcoregtk-4.0.so.18) #9 0x00007f9de23c5bb6 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) (libjavascriptcoregtk-4.0.so.18) #10 0x00007f9de23c7f71 JSC::DFG::ByteCodeParser::parseCodeBlock() (libjavascriptcoregtk-4.0.so.18) #11 0x00007f9de23c8509 JSC::DFG::ByteCodeParser::parse() (libjavascriptcoregtk-4.0.so.18) #12 0x00007f9de23c87ba JSC::DFG::parse(JSC::DFG::Graph&) (libjavascriptcoregtk-4.0.so.18) #13 0x00007f9de24f2959 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) (libjavascriptcoregtk-4.0.so.18) #14 0x00007f9de24f32a7 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) (libjavascriptcoregtk-4.0.so.18) #15 0x00007f9de25a0187 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) (libjavascriptcoregtk-4.0.so.18) #16 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18) #17 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18) #18 0x00007f9de1599454 start_thread (libpthread.so.0) #19 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23516: #0 0x00007f9de159f10f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0) #1 0x00007f9ddbfc74cc __gthread_cond_wait (libstdc++.so.6) #2 0x00007f9de2b13ebd WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (libjavascriptcoregtk-4.0.so.18) #3 0x00007f9de2b129a5 WTF::ParallelHelperPool::waitForClientWithTask(WTF::Locker<WTF::LockBase> const&) (libjavascriptcoregtk-4.0.so.18) #4 0x00007f9de2b12a69 WTF::ParallelHelperPool::helperThreadBody() (libjavascriptcoregtk-4.0.so.18) #5 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18) #6 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18) #7 0x00007f9de1599454 start_thread (libpthread.so.0) #8 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23517: #0 0x00007f9de159f10f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0) #1 0x00007f9ddbfc74cc __gthread_cond_wait (libstdc++.so.6) #2 0x00007f9de2b13ebd WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (libjavascriptcoregtk-4.0.so.18) #3 0x00007f9de2b129a5 WTF::ParallelHelperPool::waitForClientWithTask(WTF::Locker<WTF::LockBase> const&) (libjavascriptcoregtk-4.0.so.18) #4 0x00007f9de2b12a69 WTF::ParallelHelperPool::helperThreadBody() (libjavascriptcoregtk-4.0.so.18) #5 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18) #6 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18) #7 0x00007f9de1599454 start_thread (libpthread.so.0) #8 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23519: #0 0x00007f9de50ed48d poll (libc.so.6) #1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0) #2 0x00007f9de2f8ab32 g_main_loop_run (libglib-2.0.so.0) #3 0x00007f9de2b4cd60 WTF::RunLoop::run() (libjavascriptcoregtk-4.0.so.18) #4 0x00007f9de2b4b99e n/a (libjavascriptcoregtk-4.0.so.18) #5 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18) #6 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18) #7 0x00007f9de1599454 start_thread (libpthread.so.0) #8 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23489: #0 0x00007f9de50ed48d poll (libc.so.6) #1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0) #2 0x00007f9de2f8a8bc g_main_context_iteration (libglib-2.0.so.0) #3 0x00007f9dc81084bd n/a (libdconfsettings.so) #4 0x00007f9de2fb2175 n/a (libglib-2.0.so.0) #5 0x00007f9de1599454 start_thread (libpthread.so.0) #6 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23474: #0 0x00007f9de50ed48d poll (libc.so.6) #1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0) #2 0x00007f9de2f8a8bc g_main_context_iteration (libglib-2.0.so.0) #3 0x00007f9de2f8a901 n/a (libglib-2.0.so.0) #4 0x00007f9de2fb2175 n/a (libglib-2.0.so.0) #5 0x00007f9de1599454 start_thread (libpthread.so.0) #6 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23473: #0 0x00007f9de50c5ffd __nanosleep (libc.so.6) #1 0x00007f9de2b521f4 bmalloc::Heap::scavenge(std::unique_lock<bmalloc::StaticMutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> >) (libjavascriptcoregtk-4.0.so.18) #2 0x00007f9de2b5234f bmalloc::Heap::concurrentScavenge() (libjavascriptcoregtk-4.0.so.18) #3 0x00007f9de2b5362e bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadRunLoop() (libjavascriptcoregtk-4.0.so.18) #4 0x00007f9de2b53809 bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadEntryPoint(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*) (libjavascriptcoregtk-4.0.so.18) #5 0x00007f9ddbfcd58f execute_native_thread_routine (libstdc++.so.6) #6 0x00007f9de1599454 start_thread (libpthread.so.0) #7 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23476: #0 0x00007f9de50ed48d poll (libc.so.6) #1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0) #2 0x00007f9de2f8ab32 g_main_loop_run (libglib-2.0.so.0) #3 0x00007f9de2b4cd60 WTF::RunLoop::run() (libjavascriptcoregtk-4.0.so.18) #4 0x00007f9de2b4b99e n/a (libjavascriptcoregtk-4.0.so.18) #5 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18) #6 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18) #7 0x00007f9de1599454 start_thread (libpthread.so.0) #8 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23521: #0 0x00007f9de159f10f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0) #1 0x00007f9ddbfc74cc __gthread_cond_wait (libstdc++.so.6) #2 0x00007f9de2b13ebd WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (libjavascriptcoregtk-4.0.so.18) #3 0x00007f9de259ff63 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) (libjavascriptcoregtk-4.0.so.18) #4 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18) #5 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18) #6 0x00007f9de1599454 start_thread (libpthread.so.0) #7 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23475: #0 0x00007f9de50ed48d poll (libc.so.6) #1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0) #2 0x00007f9de2f8ab32 g_main_loop_run (libglib-2.0.so.0) #3 0x00007f9de3570446 n/a (libgio-2.0.so.0) #4 0x00007f9de2fb2175 n/a (libglib-2.0.so.0) #5 0x00007f9de1599454 start_thread (libpthread.so.0) #6 0x00007f9de50f67df __clone (libc.so.6) Stack trace of thread 23470: #0 0x00007f9d844945d6 n/a (n/a)
Attachments
Add attachment
proposed patch, testcase, etc.
Adrian Perez
Comment 1
2017-03-02 00:49:57 PST
The crash seems gone in 2.15.91, both using Epiphany and MiniBrowser. I tested very lightly for now, so I'll keep using this version along the day to see whether that holds.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug