185547 – Safari Crash WTF::WordLock::lockSlow with WASM Application

Bug 185547 - Safari Crash WTF::WordLock::lockSlow with WASM Application

Summary: Safari Crash WTF::WordLock::lockSlow with WASM Application

Status:	RESOLVED DUPLICATE of bug 185117

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebAssembly (show other bugs)
Version:	Safari 11
Hardware:	Mac macOS 10.12.4

Importance:	P2 Critical
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-05-11 06:01 PDT by CoreyDotCom
Modified:	2022-04-06 03:33 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Full crash log. (15.51 KB, text/plain) 2018-05-11 06:01 PDT, CoreyDotCom	no flags	Details
Crashlog (91.62 KB, text/plain) 2018-05-17 14:45 PDT, Corrinna	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description CoreyDotCom 2018-05-11 06:01:40 PDT

Created attachment 340189 [details]
Full crash log.

Unfortunately I don't have an URL to share, as this is an internal unreleased project but...

We have a simple WebGL application that leverages native C++ ported to web with WASM.

Works fine in every WASM capable browser with the exception of Safari 11.1 (12605.1.33.1.4) on 10.12.6. After a couple minutes of the application sitting idle, Safari will crash with the following call stack.

I am not sure if this is a clue but we can't seem to get Safari 11.1(13605.1.33.1.2) to crash on 10.13.4.

As this is a crash in the production shipping Safari I wanted to make sure to file.

Please let us know if this is confirmed fixed already (if feasible).

Full callstack is attached.

----<snip>-----

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)

Exception Codes:       EXC_I386_GPFLT

Exception Note:        EXC_CORPSE_NOTIFY

 

Termination Signal:    Segmentation fault: 11

Termination Reason:    Namespace SIGNAL, Code 0xb

Terminating Process:   exc handler [0]

 

Application Specific Information:

Bundle controller class:

BrowserBundleController

 

 

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread

0   com.apple.JavaScriptCore      0x000000010baa734a WTF::WordLock::lockSlow() + 42

1   com.apple.JavaScriptCore      0x000000010ba9194a WTF::ParkingLot::unparkOneImpl(void const*, WTF::ScopedLambda<long (WTF::ParkingLot::UnparkResult)> const&) + 362

2   com.apple.JavaScriptCore      0x000000010ba896d0 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::unlockSlow(WTF::Atomic<unsigned char>&, WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::Fairness) + 96

3   com.apple.JavaScriptCore      0x000000010ba1316b JSC::Wasm::Worklist::enqueue(WTF::Ref<JSC::Wasm::Plan, WTF::DumbPtrTraits<JSC::Wasm::Plan> >) + 219

4   com.apple.JavaScriptCore      0x000000010ba011c6 JSC::Wasm::OMGPlan::runForIndex(JSC::Wasm::Instance*, unsigned int) + 390

5   ???                           0x00004e8f77a6d58b 0 + 86378094712203

6   ???                           0x00004e8f77f6c335 0 + 86378099950389

7   ???                           0x00004e8f77dd945b 0 + 86378098299995

8   ???                           0x00004e8f77bb8acc 0 + 86378096069324

9   ???                           0x00004e8f77ddf894 0 + 86378098325652

10  ???                           0x00004e8f77ba2504 0 + 86378095977732

11  ???                           0x00004e8f77d0f05c 0 + 86378097471580

12  com.apple.JavaScriptCore      0x000000010b066b2a vmEntryToJavaScript + 304

13  com.apple.JavaScriptCore      0x000000010ba35e71 JSC::callWebAssemblyFunction(JSC::ExecState*) + 2689

14  com.apple.JavaScriptCore      0x000000010b6bcea7 JSC::handleHostCall(JSC::ExecState*, JSC::JSValue, JSC::CallLinkInfo*) + 519

15  com.apple.JavaScriptCore      0x000000010afb2f2f operationLinkCall + 351

16  ???                           0x00004e8f77a02207 0 + 86378094273031

17  ???                           0x00004e8f77f60b52 0 + 86378099903314

18  ???                           0x00004e8f77dbc848 0 + 86378098182216

19  ???                           0x00004e8f77ad512a 0 + 86378095137066

20  ???                           0x00004e8f77da38fc 0 + 86378098079996

21  com.apple.JavaScriptCore      0x000000010b066b2a vmEntryToJavaScript + 304

22  com.apple.JavaScriptCore      0x000000010b6a1ff3 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 163

23  com.apple.JavaScriptCore      0x000000010aee872e JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 542

24  com.apple.JavaScriptCore      0x000000010b7f9095 JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 197

25  com.apple.WebCore             0x0000000108cf2961 WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject&, JSC::JSObject*, JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&) + 481

26  com.apple.WebCore             0x00000001084151ee WebCore::JSRequestAnimationFrameCallback::handleEvent(double) + 366

27  com.apple.WebCore             0x0000000108414eb4 WebCore::ScriptedAnimationController::serviceScriptedAnimations(double) + 564

28  com.apple.WebCore             0x0000000108409eaa WebCore::DisplayRefreshMonitor::displayDidRefresh() + 282

29  com.apple.JavaScriptCore      0x000000010ba94794 WTF::RunLoop::performWork() + 212

30  com.apple.JavaScriptCore      0x000000010ba94a12 WTF::RunLoop::performWork(void*) + 34

31  com.apple.CoreFoundation      0x00007fffc0e61321 _CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION_ + 17

32  com.apple.CoreFoundation      0x00007fffc0e4221d __CFRunLoopDoSources0 + 557

33  com.apple.CoreFoundation      0x00007fffc0e41716 __CFRunLoopRun + 934

34  com.apple.CoreFoundation      0x00007fffc0e41114 CFRunLoopRunSpecific + 420

35  com.apple.HIToolbox           0x00007fffc03a1ebc RunCurrentEventLoopInMode + 240

36  com.apple.HIToolbox           0x00007fffc03a1cf1 ReceiveNextEventCommon + 432

37  com.apple.HIToolbox           0x00007fffc03a1b26 _BlockUntilNextEventMatchingListInModeWithFilter + 71

38  com.apple.AppKit              0x00007fffbe93aa54 _DPSNextEvent + 1120

39  com.apple.AppKit              0x00007fffbf0b67ee -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796

40  com.apple.AppKit              0x00007fffbe92f3db -[NSApplication run] + 926

41  com.apple.AppKit              0x00007fffbe8f9e0e NSApplicationMain + 1237

42  libxpc.dylib                  0x00007fffd68288c7 _xpc_objc_main + 775

43  libxpc.dylib                  0x00007fffd68272e4 xpc_main + 494

44  com.apple.WebKit.WebContent   0x0000000107573695 0x107572000 + 5781

45  libdyld.dylib                 0x00007fffd65cf235 start + 1

Comment 1 Alexey Proskuryakov 2018-05-17 11:00:04 PDT

Thank you for the report! Could you please attach a complete crash log the way it's saved to ~/Library/Logs/DiagnosticReports?

Also, is this still happening with a WebKit nightly and/or Safari Tech Preview?

Comment 2 Yusuke Suzuki 2018-05-17 11:18:51 PDT

I guess this is related to bug 185117. If so, this is fixed in the latest STP.
Could you try it in the latest STP?

Comment 3 Corrinna 2018-05-17 14:45:51 PDT

Created attachment 340648 [details]
Crashlog

Comment 4 Alexey Proskuryakov 2018-05-17 16:14:19 PDT

Thank you!

rdar://problem/37019648

Comment 5 Yusuke Suzuki 2022-04-06 03:33:01 PDT


*** This bug has been marked as a duplicate of bug 185117 ***