Bug 247727 - [UNIX] Web process crash in websites using service workers while doing garbage collection
Summary: [UNIX] Web process crash in websites using service workers while doing garbag...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
URL:
Keywords: Gtk, InRadar
Depends on:
Blocks:
 
Reported: 2022-11-10 04:27 PST by Carlos Garcia Campos
Modified: 2022-11-10 16:28 PST (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Garcia Campos 2022-11-10 04:27:43 PST 
#0  0x00007f3cd2dd150e in WTFCrash () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#1  0x00007f3cd2372f6d in JSC::BlockDirectory::updatePercentageOfPagedOutPages(WTF::SimpleStats&) () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#2  0x00007f3cd23bc71b in JSC::MarkedSpace::isPagedOut() () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#3  0x00007f3cd2375af8 in JSC::FullGCActivityCallback::doCollection(JSC::VM&) () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#4  0x00007f3cd295046b in JSC::JSRunLoopTimer::timerDidFire() () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#5  0x00007f3cd295561c in JSC::JSRunLoopTimer::Manager::timerDidFire() () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#6  0x00007f3cd2e774f5 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#7  0x00007f3cd2e77a4f in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#8  0x00007f3ccf296fb4 in g_main_dispatch (context=0x7f3cc00032e0) at ../glib/gmain.c:3427
#9  g_main_context_dispatch (context=context@entry=0x7f3cc00032e0) at ../glib/gmain.c:4145
#10 0x00007f3ccf297328 in g_main_context_iterate (context=context@entry=0x7f3cc00032e0, block=block@entry=0, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4221
#11 0x00007f3ccf2973cf in g_main_context_iteration (context=0x7f3cc00032e0, may_block=0) at ../glib/gmain.c:4286
#12 0x00007f3cd6b4eead in WebCore::WorkerDedicatedRunLoop::runInMode(WebCore::WorkerOrWorkletGlobalScope*, WebCore::ModePredicate const&) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.1.so.0
#13 0x00007f3cd6b4f60e in WebCore::WorkerDedicatedRunLoop::run(WebCore::WorkerOrWorkletGlobalScope*) () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.1.so.0
#14 0x00007f3cd6b4fdc5 in WebCore::WorkerOrWorkletThread::workerOrWorkletThread() () from /home/cgarcia/gnome/lib/libwebkit2gtk-4.1.so.0
#15 0x00007f3cd2e05cf6 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#16 0x00007f3cd2e7a609 in WTF::wtfThreadEntryPoint(void*) () from /home/cgarcia/gnome/lib/libjavascriptcoregtk-4.1.so.0
#17 0x00007f3cd348784a in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#18 0x00007f3cd350b2cc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

There are two release asserts in JSC::BlockDirectory::updatePercentageOfPagedOutPages, but I don't know which one is failing.
Comment 1 Carlos Garcia Campos 2022-11-10 10:14:45 PST 
So, it's mincore returning -1 and errno=EINVAL which means addr is not a multiple of the page size. I don't know if that's somehow expected or something we should just handle.
Comment 2 Radar WebKit Bug Importer 2022-11-10 13:27:48 PST 
<rdar://problem/102209090>
Comment 3 Yusuke Suzuki 2022-11-10 13:30:33 PST 
Pull request: https://github.com/WebKit/WebKit/pull/6360
Comment 4 EWS 2022-11-10 16:28:50 PST 
Committed 256554@main (292a16569829): <https://commits.webkit.org/256554@main>

Reviewed commits have been landed. Closing PR #6360 and removing active labels.