[Webkit-unassigned] [Bug 185547] New: Safari Crash WTF::WordLock::lockSlow with WASM Application

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 11 06:01:40 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=185547

            Bug ID: 185547
           Summary: Safari Crash WTF::WordLock::lockSlow with WASM
                    Application
           Product: WebKit
           Version: Safari 11
          Hardware: Macintosh
                OS: macOS 10.12.4
            Status: NEW
          Severity: Critical
          Priority: P2
         Component: WebAssembly
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: clucier at adobe.com

Created attachment 340189

  --> https://bugs.webkit.org/attachment.cgi?id=340189&action=review

Full crash log.

Unfortunately I don't have an URL to share, as this is an internal unreleased project but...

We have a simple WebGL application that leverages native C++ ported to web with WASM.

Works fine in every WASM capable browser with the exception of Safari 11.1 (12605.1.33.1.4) on 10.12.6. After a couple minutes of the application sitting idle, Safari will crash with the following call stack.

I am not sure if this is a clue but we can't seem to get Safari 11.1(13605.1.33.1.2) to crash on 10.13.4.

As this is a crash in the production shipping Safari I wanted to make sure to file.

Please let us know if this is confirmed fixed already (if feasible).

Full callstack is attached.

----<snip>-----

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)

Exception Codes:       EXC_I386_GPFLT

Exception Note:        EXC_CORPSE_NOTIFY



Termination Signal:    Segmentation fault: 11

Termination Reason:    Namespace SIGNAL, Code 0xb

Terminating Process:   exc handler [0]



Application Specific Information:

Bundle controller class:

BrowserBundleController





Thread 0 Crashed:: Dispatch queue: com.apple.main-thread

0   com.apple.JavaScriptCore      0x000000010baa734a WTF::WordLock::lockSlow() + 42

1   com.apple.JavaScriptCore      0x000000010ba9194a WTF::ParkingLot::unparkOneImpl(void const*, WTF::ScopedLambda<long (WTF::ParkingLot::UnparkResult)> const&) + 362

2   com.apple.JavaScriptCore      0x000000010ba896d0 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::unlockSlow(WTF::Atomic<unsigned char>&, WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::Fairness) + 96

3   com.apple.JavaScriptCore      0x000000010ba1316b JSC::Wasm::Worklist::enqueue(WTF::Ref<JSC::Wasm::Plan, WTF::DumbPtrTraits<JSC::Wasm::Plan> >) + 219

4   com.apple.JavaScriptCore      0x000000010ba011c6 JSC::Wasm::OMGPlan::runForIndex(JSC::Wasm::Instance*, unsigned int) + 390

5   ???                           0x00004e8f77a6d58b 0 + 86378094712203

6   ???                           0x00004e8f77f6c335 0 + 86378099950389

7   ???                           0x00004e8f77dd945b 0 + 86378098299995

8   ???                           0x00004e8f77bb8acc 0 + 86378096069324

9   ???                           0x00004e8f77ddf894 0 + 86378098325652

10  ???                           0x00004e8f77ba2504 0 + 86378095977732

11  ???                           0x00004e8f77d0f05c 0 + 86378097471580

12  com.apple.JavaScriptCore      0x000000010b066b2a vmEntryToJavaScript + 304

13  com.apple.JavaScriptCore      0x000000010ba35e71 JSC::callWebAssemblyFunction(JSC::ExecState*) + 2689

14  com.apple.JavaScriptCore      0x000000010b6bcea7 JSC::handleHostCall(JSC::ExecState*, JSC::JSValue, JSC::CallLinkInfo*) + 519

15  com.apple.JavaScriptCore      0x000000010afb2f2f operationLinkCall + 351

16  ???                           0x00004e8f77a02207 0 + 86378094273031

17  ???                           0x00004e8f77f60b52 0 + 86378099903314

18  ???                           0x00004e8f77dbc848 0 + 86378098182216

19  ???                           0x00004e8f77ad512a 0 + 86378095137066

20  ???                           0x00004e8f77da38fc 0 + 86378098079996

21  com.apple.JavaScriptCore      0x000000010b066b2a vmEntryToJavaScript + 304

22  com.apple.JavaScriptCore      0x000000010b6a1ff3 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 163

23  com.apple.JavaScriptCore      0x000000010aee872e JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 542

24  com.apple.JavaScriptCore      0x000000010b7f9095 JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 197

25  com.apple.WebCore             0x0000000108cf2961 WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject&, JSC::JSObject*, JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&) + 481

26  com.apple.WebCore             0x00000001084151ee WebCore::JSRequestAnimationFrameCallback::handleEvent(double) + 366

27  com.apple.WebCore             0x0000000108414eb4 WebCore::ScriptedAnimationController::serviceScriptedAnimations(double) + 564

28  com.apple.WebCore             0x0000000108409eaa WebCore::DisplayRefreshMonitor::displayDidRefresh() + 282

29  com.apple.JavaScriptCore      0x000000010ba94794 WTF::RunLoop::performWork() + 212

30  com.apple.JavaScriptCore      0x000000010ba94a12 WTF::RunLoop::performWork(void*) + 34

31  com.apple.CoreFoundation      0x00007fffc0e61321 _CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION_ + 17

32  com.apple.CoreFoundation      0x00007fffc0e4221d __CFRunLoopDoSources0 + 557

33  com.apple.CoreFoundation      0x00007fffc0e41716 __CFRunLoopRun + 934

34  com.apple.CoreFoundation      0x00007fffc0e41114 CFRunLoopRunSpecific + 420

35  com.apple.HIToolbox           0x00007fffc03a1ebc RunCurrentEventLoopInMode + 240

36  com.apple.HIToolbox           0x00007fffc03a1cf1 ReceiveNextEventCommon + 432

37  com.apple.HIToolbox           0x00007fffc03a1b26 _BlockUntilNextEventMatchingListInModeWithFilter + 71

38  com.apple.AppKit              0x00007fffbe93aa54 _DPSNextEvent + 1120

39  com.apple.AppKit              0x00007fffbf0b67ee -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796

40  com.apple.AppKit              0x00007fffbe92f3db -[NSApplication run] + 926

41  com.apple.AppKit              0x00007fffbe8f9e0e NSApplicationMain + 1237

42  libxpc.dylib                  0x00007fffd68288c7 _xpc_objc_main + 775

43  libxpc.dylib                  0x00007fffd68272e4 xpc_main + 494

44  com.apple.WebKit.WebContent   0x0000000107573695 0x107572000 + 5781

45  libdyld.dylib                 0x00007fffd65cf235 start + 1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180511/52efd8ef/attachment-0001.html>

More information about the webkit-unassigned mailing list