[Webkit-unassigned] [Bug 238681] New: [iOS 15.4] Hang in bmalloc_medium_bitfit_create_page_header

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 1 13:17:39 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=238681

            Bug ID: 238681
           Summary: [iOS 15.4] Hang in
                    bmalloc_medium_bitfit_create_page_header
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: bmalloc
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ajuma at chromium.org
                CC: ggaren at apple.com, ysuzuki at apple.com

Chrome for iOS is getting reports of a hang that's new to iOS 15.4, in bmalloc_medium_bitfit_create_page_header. There's no clear correlation to any particular website. Here's a sample stack:

0x00000001badf0688      (libsystem_kernel.dylib + 0x00001688)           __ulock_wait
0x00000001db779120      (libsystem_platform.dylib + 0x00008120)         _os_unfair_lock_lock_slow
0x000000018bf8b374      (JavaScriptCore + 0x00000000010f8374)           bmalloc_medium_bitfit_create_page_header
0x000000018bf9a968      (JavaScriptCore + 0x0000000001107968)           pas_bitfit_allocator_commit_view
0x000000018bf8c348      (JavaScriptCore + 0x00000000010f9348)           bmalloc_medium_bitfit_page_config_specialized_allocator_try_allocate
0x000000018bf90938      (JavaScriptCore + 0x00000000010fd938)           bmalloc_heap_config_specialized_local_allocator_try_allocate_slow
0x000000018bf7a9f0      (JavaScriptCore + 0x00000000010e79f0)           bmalloc_allocate_impl_casual_case
0x000000018bc55d50      (JavaScriptCore + 0x00dc2d50)           JSC::StructureIDTable::StructureIDTable()
0x000000018b6e38dc      (JavaScriptCore + 0x008508dc)           JSC::Heap::Heap(JSC::VM&, JSC::HeapType)
0x000000018bc80f6c      (JavaScriptCore + 0x00dedf6c)           JSC::VM::VM(JSC::VM::VMType, JSC::HeapType, WTF::RunLoop*, bool*)
0x000000018bc8654c      (JavaScriptCore + 0x00df354c)           JSC::VM::createContextGroup(JSC::HeapType)
0x000000018b1b62f8      (JavaScriptCore + 0x003232f8)           JSContextGroupCreate
0x000000018ae95298      (JavaScriptCore + 0x00002298)           -[JSVirtualMachine init]
0x000000018ae952ec      (JavaScriptCore + 0x000022ec)           -[JSContext init]
0x000000018e72d0ac      (WebKit + 0x0020c0ac)           API::SharedJSContext::ensureContext()
0x000000018e72d000      (WebKit + 0x0020c000)           API::SerializedScriptValue::deserialize(WebCore::SerializedScriptValue&, OpaqueJSValue const**)
0x000000018e79e32c      (WebKit + 0x0027d32c)           WTF::Detail::CallableWrapper<-[WKWebView _evaluateJavaScript:asAsyncFunction:withSourceURL:withArguments:forceUserGesture:inFrame:inWorld:completionHandler:]::$_22, void, std::experimental::fundamentals_v3::expected<WTF::RefPtr<API::SerializedScriptValue, WTF::RawPtrTraits<API::SerializedScriptValue>, WTF::DefaultRefDerefTraits<API::SerializedScriptValue> >, WebCore::ExceptionDetails>&&>::call(std::experimental::fundamentals_v3::expected<WTF::RefPtr<API::SerializedScriptValue, WTF::RawPtrTraits<API::SerializedScriptValue>, WTF::DefaultRefDerefTraits<API::SerializedScriptValue> >, WebCore::ExceptionDetails>&&)
0x000000018ea19c0c      (WebKit + 0x004f8c0c)           WTF::Detail::CallableWrapper<WebKit::WebPageProxy::runJavaScriptInFrameInScriptWorld(WebCore::RunJavaScriptParameters&&, std::__1::optional<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, API::ContentWorld&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<API::SerializedScriptValue, WTF::RawPtrTraits<API::SerializedScriptValue>, WTF::DefaultRefDerefTraits<API::SerializedScriptValue> >, WebCore::ExceptionDetails>&&)>&&)::$_26, void, WTF::Span<unsigned char const, 18446744073709551615ul>&&, std::__1::optional<WebCore::ExceptionDetails>&&>::call(WTF::Span<unsigned char const, 18446744073709551615ul>&&, std::__1::optional<WebCore::ExceptionDetails>&&)
0x000000018ec76288      (WebKit + 0x00755288)           Messages::WebPage::RunJavaScriptInFrameInScriptWorld::callReply(IPC::Decoder&, WTF::CompletionHandler<void (WTF::Span<unsigned char const, 18446744073709551615ul>&&, std::__1::optional<WebCore::ExceptionDetails>&&)>&&)
0x000000018ea198e0      (WebKit + 0x004f88e0)           WTF::Detail::CallableWrapper<unsigned long long IPC::MessageSender::sendWithAsyncReply<Messages::WebPage::RunJavaScriptInFrameInScriptWorld, WebKit::WebPageProxy::runJavaScriptInFrameInScriptWorld(WebCore::RunJavaScriptParameters&&, std::__1::optional<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, API::ContentWorld&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<API::SerializedScriptValue, WTF::RawPtrTraits<API::SerializedScriptValue>, WTF::DefaultRefDerefTraits<API::SerializedScriptValue> >, WebCore::ExceptionDetails>&&)>&&)::$_26>(Messages::WebPage::RunJavaScriptInFrameInScriptWorld&&, WebKit::WebPageProxy::runJavaScriptInFrameInScriptWorld(WebCore::RunJavaScriptParameters&&, std::__1::optional<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, API::ContentWorld&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<API::SerializedScriptValue, WTF::RawPtrTraits<API::SerializedScriptValue>, WTF::DefaultRefDerefTraits<API::SerializedScriptValue> >, WebCore::ExceptionDetails>&&)>&&)::$_26&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(IPC::Decoder*)
0x000000018e9485f0      (WebKit + 0x004275f0)           WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Decoder*>::call(IPC::Decoder*)
0x000000018e80518c      (WebKit + 0x002e418c)           IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
0x000000018e804914      (WebKit + 0x002e3914)           IPC::Connection::dispatchIncomingMessages()
0x000000018bf1fe4c      (JavaScriptCore + 0x000000000108ce4c)           WTF::RunLoop::performWork()
0x000000018bf209c8      (JavaScriptCore + 0x000000000108d9c8)           WTF::RunLoop::performWork(void*)
0x000000018073fee8      (CoreFoundation + 0x000b2ee8)           __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x0000000180750018      (CoreFoundation + 0x000c3018)           __CFRunLoopDoSource0
0x000000018069226c      (CoreFoundation + 0x0000526c)           __CFRunLoopDoSources0
0x00000001806978e4      (CoreFoundation + 0x0000a8e4)           __CFRunLoopRun
0x00000001806aac2c      (CoreFoundation + 0x0001dc2c)           CFRunLoopRunSpecific
0x00000001a10d5984      (GraphicsServices + 0x00001984)         GSEventRunModal
0x0000000182ea5c4c      (UIKitCore + 0x004e5c4c)                -[UIApplication _run]
0x0000000182c3f3cc      (UIKitCore + 0x0027f3cc)                UIApplicationMain
0x000000010098826c      (Chrome -chrome_exe_main.mm:65)         main

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220401/05c753a3/attachment-0001.htm>

More information about the webkit-unassigned mailing list