[Webkit-unassigned] [Bug 166430] New: [GTK] Crash in WTF::VectorBufferBase<WTF::(anonymous namespace)::Bucket*>::allocateBuffer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 22 13:08:02 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=166430

            Bug ID: 166430
           Summary: [GTK] Crash in WTF::VectorBufferBase<WTF::(anonymous
                    namespace)::Bucket*>::allocateBuffer
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

User complaint: """If memory serves me correctly, I had Epiphany up and running with a bunch of loaded web pages and i was going back and forth between a "OpenStreetMap" tab and a "Google Maps" tab and i believe it was the latter that went down..."""

The other threads might be important, see the full backtrace in the downstream bug. Here's thread one:

Thread 1 (Thread 0x7fc5b49fe700 (LWP 3559)):
#0  0x00007fc65e282a3c in WTFCrash () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Assertions.cpp:323
No locals.
#1  0x00007fc65e291b13 in WTF::VectorBufferBase<WTF::(anonymous namespace)::Bucket*>::allocateBuffer (newCapacity=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:266
        sizeToAllocate = <optimized out>
#2  WTF::VectorBuffer<WTF::(anonymous namespace)::Bucket*, 0ul>::VectorBuffer (size=<optimized out>, capacity=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:372
No locals.
#3  WTF::Vector<WTF::(anonymous namespace)::Bucket*, 0ul, WTF::CrashOnOverflow, 16ul>::Vector (other=..., this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:811
No locals.
#4  WTF::(anonymous namespace)::ensureHashtableSize (numThreads=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.cpp:366
        threadDatas = {<WTF::VectorBuffer<WTF::(anonymous namespace)::ThreadData*, 0ul>> = {<WTF::VectorBufferBase<WTF::(anonymous namespace)::ThreadData*>> = {m_buffer = 0x1, m_capacity = 495643853, m_size = 0}, <No data fields>}, <No data fields>}
        newSize = <optimized out>
        bucketsToUnlock = {<WTF::VectorBuffer<WTF::(anonymous namespace)::Bucket*, 0ul>> = {<WTF::VectorBufferBase<WTF::(anonymous namespace)::Bucket*>> = {m_buffer = 0x7fc5a6c53260, m_capacity = 3048263681, m_size = 32709}, <No data fields>}, <No data fields>}
        reusableBuckets = <optimized out>
#5  WTF::(anonymous namespace)::ThreadData::ThreadData (this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.cpp:436
        currentNumThreads = <optimized out>
#6  WTF::(anonymous namespace)::myThreadData () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.cpp:461
        threadData = 0x5652566b1730
        initializeOnce = {_M_once = 2}
        threadData = 0x5652566b1730
        initializeOnce = {_M_once = 2}
#7  WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (address=address at entry=0x7fc5b5b0d0b1, validation=..., beforeSleep=..., timeout=..., timeout at entry=...) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ParkingLot.cpp:572
        didGetDequeued = <optimized out>
        didDequeue = <optimized out>
        result = <optimized out>
#8  0x00007fc65fbd1f75 in WTF::ParkingLot::parkConditionally<bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)::{lambda()#1}, bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)::{lambda()#2}>(void const*, bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)::{lambda()#1} const&, bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >)::{lambda()#2} const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (timeout=..., beforeSleep=..., va
No locals.
#9  WTF::ConditionBase::waitUntil<WTF::Lock> (timeout=..., lock=..., this=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Condition.h:74
        result = <optimized out>
#10 WTF::ConditionBase::waitForImpl<WTF::Lock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > > (relativeTimeout=<synthetic pointer>..., lock=..., this=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Condition.h:235
No locals.
#11 WTF::ConditionBase::waitForSecondsImpl<WTF::Lock> (relativeTimeoutSeconds=<optimized out>, lock=..., this=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Condition.h:229
        relativeTimeoutNanoseconds = <optimized out>
#12 WTF::ConditionBase::waitUntilWallClockSeconds<WTF::Lock> (absoluteTimeoutSeconds=<optimized out>, lock=..., this=0x7fc5b5b0d0b1) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Condition.h:136
No locals.
#13 WTF::MessageQueue<WebCore::WorkerRunLoop::Task>::waitForMessageFilteredWithTimeout<WebCore::ModePredicate const&> (absoluteTime=1482278774.4956419, predicate=..., result=<synthetic pointer>: <optimized out>, this=0x7fc5b5b0d0b0) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/MessageQueue.h:154
        timedOut = false
        found = {<WTF::DequeIteratorBase<std::unique_ptr<WebCore::WorkerRunLoop::Task, std::default_delete<WebCore::WorkerRunLoop::Task> >, 0ul>> = {m_deque = 0x7fc5b5b0d0b8, m_index = <optimized out>}, <No data fields>}
#14 WebCore::WorkerRunLoop::runInMode (this=this at entry=0x7fc5b5b0d0b0, context=context at entry=0x7fc5a6cd8200, predicate=..., waitMode=waitMode at entry=WebCore::WorkerRunLoop::WaitForMessage) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/workers/WorkerRunLoop.cpp:171
        mainContext = <optimized out>
        deadline = 1.7976931348623157e+308
        absoluteTime = 1482278774.4956419
        result = <optimized out>
        task = <optimized out>
#15 0x00007fc65fbd24f8 in WebCore::WorkerRunLoop::run (this=0x7fc5b5b0d0b0, context=0x7fc5a6cd8200) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/workers/WorkerRunLoop.cpp:131
        modePredicate = {m_mode = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_defaultMode = true}
        result = <optimized out>
#16 0x00007fc65fbd46f7 in WebCore::WorkerThread::workerThread (this=0x7fc5b5b0d0a0) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/workers/WorkerThread.cpp:180
        mainContext = {m_ptr = 0x7fc5ac002200}
        threadID = <optimized out>
#17 0x00007fc65e2943d5 in std::function<void ()>::operator()() const (this=0x7fc5b49fdb40) at /usr/include/c++/6.2.1/functional:2136
No locals.
#18 WTF::threadEntryPoint (contextData=0x7fc5a60aedc0) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Threading.cpp:60
        entryPoint = {<std::_Maybe_unary_or_binary_function<void>> = {<No data fields>}, <std::_Function_base> = {static _M_max_size = 16, static _M_max_align = 8, _M_functor = {_M_unused = {_M_object = 0x7fc65fbd4aa0 <WebCore::WorkerThread::workerThreadStart(void*)>, _M_const_object = 0x7fc65fbd4aa0 <WebCore::WorkerThread::workerThreadStart(void*)>, _M_function_pointer = 0x7fc65fbd4aa0 <WebCore::WorkerThread::workerThreadStart(void*)>, _M_member_pointer = (void (std::_Undefined_class::*)(std::_Undefined_class * const)) 0x7fc65fbd4aa0 <WebCore::WorkerThread::workerThreadStart(void*)>, this adjustment 140487133548704}, _M_pod_data = "\240J\275_\306\177\000\000\240\320\260\265\305\177\000"}, _M_manager = 0x7fc65e294410 <std::_Function_base::_Base_manager<WTF::createThread(WTF::ThreadFunction, void*, char const*)::<lambda()> >::_M_manager(std::_Any_data &, const std::_Any_data &, std::_Manager_operation)>}, _M_invoker = 0x7fc65e294310 <std::_Function_handler<void(), WTF::createThread(WT
#19 0x00007fc65e2b830a in WTF::wtfThreadEntryPoint (param=0x7fc5ba8c6450) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/ThreadingPthreads.cpp:164
        invocation = std::unique_ptr<WTF::ThreadFunctionInvocation> containing 0x7fc5ba8c6450
#20 0x00007fc65b2b86ca in start_thread (arg=0x7fc5b49fe700) at pthread_create.c:333
        __res = <optimized out>
        pd = 0x7fc5b49fe700
        now = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140487115663104, -1875262018389975631, 0, 140720433312911, 140487115663808, 140487115663104, 1905816620942843313, 1906444818524888497}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <optimized out>
        pagesize_m1 = <optimized out>
        sp = <optimized out>
        freesize = <optimized out>
        __PRETTY_FUNCTION__ = "start_thread"
#21 0x00007fc652b95f6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:105
No locals.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161222/ce13e0dd/attachment-0001.html>

More information about the webkit-unassigned mailing list