[Webkit-unassigned] [Bug 234211] New: REGRESSION: STP 136: forums.swift.org crashes in JavaScript
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Dec 12 11:53:24 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=234211
Bug ID: 234211
Summary: REGRESSION: STP 136: forums.swift.org crashes in
JavaScript
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jon at jonshier.com
Created attachment 446938
--> https://bugs.webkit.org/attachment.cgi?id=446938&action=review
STP136Crashes
Since STP 136 I've been seeing one off crashes on forums.swift.org. The tab will crash, reload, and then work fine. It either occurs on one of the heap helper threads or directly in JSC execution itself. I've attached all of the crashes since 136 released. Here are the typical stacks:
0 JavaScriptCore 0x3d0b6fbf8 JSC::JSFinalObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 1128
1 JavaScriptCore 0x3d145b76b JSC::SlotVisitor::drain(WTF::MonotonicTime)::$_3::operator()(JSC::MarkStackArray&) const + 251
2 JavaScriptCore 0x3d1458c72 JSC::SlotVisitor::drain(WTF::MonotonicTime) + 178
3 JavaScriptCore 0x3d145978d JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 1597
4 JavaScriptCore 0x3d1430f44 WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_18>::run() + 148
5 JavaScriptCore 0x3d1c8d06c WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::RawPtrTraits<WTF::SharedTask<void ()> >, WTF::DefaultRefDerefTraits<WTF::SharedTask<void ()> > > const&) + 44
6 JavaScriptCore 0x3d1c8dc66 WTF::ParallelHelperPool::Thread::work() + 22
7 JavaScriptCore 0x3d1c6246a WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() + 490
8 JavaScriptCore 0x3d1caa88d WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 157
9 JavaScriptCore 0x3d0aa0e89 WTF::wtfThreadEntryPoint(void*) + 9
10 libsystem_pthread.dylib 0x7ff80082d514 _pthread_start + 125
11 libsystem_pthread.dylib 0x7ff80082902f thread_start + 15
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 JavaScriptCore 0x500b69034 operationGetByVal + 1028
1 ??? 0x53193abbb330 ???
2 ??? 0x53193a94afc0 ???
3 ??? 0x53193a94ec66 ???
4 ??? 0x53193a8b02db ???
5 ??? 0x53193ac86f94 ???
6 ??? 0x53193aef4118 ???
7 JavaScriptCore 0x500e64beb llint_entry + 117268
8 JavaScriptCore 0x500e64beb llint_entry + 117268
9 JavaScriptCore 0x500e64beb llint_entry + 117268
10 ??? 0x53193ad30cc9 ???
11 ??? 0x53193a8c21e6 ???
12 JavaScriptCore 0x500e64beb llint_entry + 117268
13 JavaScriptCore 0x500e64beb llint_entry + 117268
14 JavaScriptCore 0x500e64beb llint_entry + 117268
15 JavaScriptCore 0x500e64beb llint_entry + 117268
16 ??? 0x53193af93131 ???
17 ??? 0x53193afdb285 ???
18 ??? 0x53193a9b895e ???
19 ??? 0x53193a9e8bf8 ???
20 ??? 0x53193aa97ebc ???
21 ??? 0x53193af98b10 ???
22 ??? 0x53193afbf3dc ???
23 ??? 0x53193a824757 ???
24 JavaScriptCore 0x500e64c70 llint_entry + 117401
25 ??? 0x53193af8c9eb ???
26 ??? 0x53193afbe50a ???
27 JavaScriptCore 0x500e64c70 llint_entry + 117401
28 JavaScriptCore 0x500e64c70 llint_entry + 117401
29 JavaScriptCore 0x500e47fd6 vmEntryToJavaScript + 216
30 JavaScriptCore 0x501520945 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 485
31 JavaScriptCore 0x50177fefe JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 174
32 WebCore 0x50b1f36e0 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 2432
33 WebCore 0x50b54050c WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 428
34 WebCore 0x50b53fd56 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 630
35 WebCore 0x50b53fab4 WebCore::EventTarget::dispatchEvent(WebCore::Event&) + 228
36 WebCore 0x50c2e879c WebCore::XMLHttpRequest::dispatchEvent(WebCore::Event&) + 300
37 WebCore 0x50c2e3d77 WebCore::XMLHttpRequestProgressEventThrottle::dispatchProgressEvent(WTF::AtomString const&) + 423
38 WebCore 0x50a174e2b WebCore::XMLHttpRequest::callReadyStateChangeListener() + 411
39 WebCore 0x50c2e3b51 WebCore::XMLHttpRequest::changeState(WebCore::XMLHttpRequest::State) + 225
40 WebCore 0x50c2e78e7 WebCore::XMLHttpRequest::didFinishLoading(WTF::ObjectIdentifier<WebCore::ResourceLoader>) + 519
41 WebCore 0x50b9f27ed WebCore::DocumentThreadableLoader::didFinishLoading(WTF::ObjectIdentifier<WebCore::ResourceLoader>) + 541
42 WebCore 0x50ba7f55f WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&) + 95
43 WebCore 0x50ba7dd89 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*, WebCore::NetworkLoadMetrics const&) + 409
44 WebCore 0x50ba4f3cd WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) + 989
45 WebKit 0x502ad6d3c WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) + 204
46 WebKit 0x502c5e39d WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) + 333
47 WebKit 0x5024ea418 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 634
48 WebKit 0x5024ecad1 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_11, void>::call() + 187
49 JavaScriptCore 0x501c93c3f WTF::RunLoop::performWork() + 447
50 JavaScriptCore 0x501c9472a WTF::RunLoop::performWork(void*) + 26
51 CoreFoundation 0x7ff8008f484d __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
52 CoreFoundation 0x7ff8008f47b5 __CFRunLoopDoSource0 + 180
53 CoreFoundation 0x7ff8008f4534 __CFRunLoopDoSources0 + 242
54 CoreFoundation 0x7ff8008f2f6b __CFRunLoopRun + 893
55 CoreFoundation 0x7ff8008f252d CFRunLoopRunSpecific + 563
56 Foundation 0x7ff80175a75e -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 216
57 Foundation 0x7ff8017e52c3 -[NSRunLoop(NSRunLoop) run] + 76
58 libxpc.dylib 0x7ff80057b233 _xpc_objc_main + 825
59 libxpc.dylib 0x7ff80057ac22 xpc_main + 99
60 WebKit 0x50267d9de WebKit::XPCServiceMain(int, char const**) + 85
61 dyld 0x11481c4fe start + 462
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211212/9e78441e/attachment-0001.htm>
More information about the webkit-unassigned
mailing list