[Webkit-unassigned] [Bug 150273] New: [QTWEBKIT] Blocked browser after random actions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Oct 17 01:16:14 PDT 2015
https://bugs.webkit.org/show_bug.cgi?id=150273
Bug ID: 150273
Summary: [QTWEBKIT] Blocked browser after random actions
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Critical
Priority: P2
Component: Animations
Assignee: webkit-unassigned at lists.webkit.org
Reporter: thewill2live at gmail.com
CC: dino at apple.com
Hello, qt5webkit is stuck after few map action with OpenLayers3 actions .
CONTEXTE:
I tested it on QT5.3.2, QT5.4.1 either on Ubuntu 14.04, Ubuntu 15.04 and a yocto build from my own.
DESCRIPTION:
After some ol3 actions, the browser is stuck with the following states:
- all the thread are asleep in cond_wait-like condition except on which is running permanently .
- at kernel level, this thread mmap and munmap memory indefinitely to acquire memory.
- with debugger, I can see always stop the execution in Qt calling JSC::arrayProtoFuncPush . Then, you can see below the callstack going to mmap. I Ubuntu 14.04, I have more information regarding callstack at Qt level: it goes through :
- QEventLoop::processEvents()
- QAbstractAnimation::start()
- QAbstractAnimation::setCurrentTime()
My idea is that Webkit receives the same event to create a object indefinitely.
I look forward any idea to solve this. My next step would be to compile QtCore & QtGui in debug to figure out why it calls permanently this stack.
Thanks.
#0 mmap64 () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007f189c4a9bd3 in WTF::OSAllocator::reserveUncommitted (bytes=bytes at entry=1634304, usage=usage at entry=WTF::OSAllocator::UnknownUsage, writable=writable at entry=true, executable=executable at entry=false, includesGuardPages=includesGuardPages at entry=false) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/WTF/wtf/OSAllocatorPosix.cpp:67
#2 0x00007f189c487d6b in WTF::PageAllocationAligned::allocate (size=size at entry=1605632, alignment=alignment at entry=32768, usage=usage at entry=WTF::OSAllocator::UnknownUsage, writable=writable at entry=true) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/WTF/wtf/PageAllocationAligned.cpp:55
#3 0x00007f1895d34911 in createCustomSize (blockAlignment=32768, blockSize=1605632) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/Region.h:186
#4 createCustomSize (superRegion=<optimized out>, blockAlignment=32768, blockSize=<optimized out>) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/Region.h:243
#5 allocateCustomSize (blockAlignment=32768, this=<optimized out>, blockSize=1572920) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/BlockAllocator.h:165
#6 JSC::CopiedSpace::tryAllocateOversize (this=this at entry=0x1847b68, bytes=1572856, outPtr=outPtr at entry=0x7ffef2e75c30) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/CopiedSpace.cpp:85
#7 0x00007f1895d36f6a in JSC::CopiedSpace::tryReallocateOversize (this=this at entry=0x1847b68, ptr=ptr at entry=0x7ffef2e75da8, oldSize=oldSize at entry=786424, newSize=newSize at entry=1572856) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/CopiedSpace.cpp:132
#8 0x00007f1895d3806c in JSC::CopiedSpace::tryReallocate (this=this at entry=0x1847b68, ptr=ptr at entry=0x7ffef2e75da8, oldSize=786424, newSize=newSize at entry=1572856) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/CopiedSpace.cpp:109
#9 0x00007f189607cf1e in tryReallocateStorage (newSize=<optimized out>, oldSize=<optimized out>, ptr=0x7ffef2e75da8, this=0x183f0b8) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/Heap.h:396
#10 JSC::Butterfly::growArrayRight (this=<optimized out>, vm=..., oldStructure=0x7f183c37e788, propertyCapacity=<optimized out>, hadIndexingHeader=hadIndexingHeader at entry=true, oldIndexingPayloadSizeInBytes=oldIndexingPayloadSizeInBytes at entry=786416, newIndexingPayloadSizeInBytes=1572848) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/ButterflyInlines.h:115
#11 0x00007f189607450c in JSC::JSObject::ensureLengthSlow (this=this at entry=0x7f1802d14820, vm=..., length=length at entry=98303) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.cpp:2372
#12 0x00007f189602e3cd in JSC::JSObject::ensureLength (this=this at entry=0x7f1802d14820, vm=..., length=length at entry=98303) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.h:801
#13 0x00007f189607f3fe in JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes<(unsigned char)22> (this=this at entry=0x7f1802d14820, exec=exec at entry=0x7f183c387778, i=i at entry=98302, value=...) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.cpp:1886
#14 0x00007f189607a390 in JSC::JSObject::putByIndexBeyondVectorLength (this=this at entry=0x7f1802d14820, exec=exec at entry=0x7f183c387778, i=i at entry=98302, value=..., shouldThrow=shouldThrow at entry=true) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.cpp:2028
#15 0x00007f189607a5a7 in JSC::JSObject::putByIndex (cell=0x7f1802d14820, exec=0x7f183c387778, propertyName=98302, value=..., shouldThrow=<optimized out>) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.cpp:537
#16 0x00007f1895fac9cc in JSC::arrayProtoFuncPush (exec=0x7f183c387778) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/ArrayPrototype.cpp:501
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151017/048d518b/attachment-0001.html>
More information about the webkit-unassigned
mailing list