[Webkit-unassigned] [Bug 248267] JSC init crashes WebKit with overcommit limit enabled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 24 07:32:34 PST 2022


https://bugs.webkit.org/show_bug.cgi?id=248267

--- Comment #6 from Paul van Tilburg <paul at luon.net> ---
Indeed, great!

Here it is:

Thread 1 (Thread 0x7ff906b3cac0 (LWP 90112)):
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ff90ad67859 in __GI_abort () at abort.c:79
#2  0x00007ff90b588e1d in WTFCrashWithInfo(int, char const*, char const*, int) () at WTF/Headers/wtf/Assertions.h:778
#3  JSC::StructureMemoryManager::StructureMemoryManager() () at ../Source/JavaScriptCore/heap/StructureAlignedMemoryAllocator.cpp:90
#4  WTF::LazyNeverDestroyed<JSC::StructureMemoryManager, WTF::AnyThreadsAccessTraits>::constructWithoutAccessCheck<>() () at WTF/Headers/wtf/NeverDestroyed.h:130
#5  WTF::LazyNeverDestroyed<JSC::StructureMemoryManager, WTF::AnyThreadsAccessTraits>::construct<>() () at WTF/Headers/wtf/NeverDestroyed.h:120
#6  JSC::StructureAlignedMemoryAllocator::initializeStructureAddressSpace() () at ../Source/JavaScriptCore/heap/StructureAlignedMemoryAllocator.cpp:155
#7  0x00007ff90c28c847 in operator() () at ../Source/JavaScriptCore/runtime/InitializeThreading.cpp:91
#8  __invoke_impl<void, JSC::initialize()::<lambda()> > () at /usr/include/c++/9/bits/invoke.h:60
#9  __invoke<JSC::initialize()::<lambda()> > () at /usr/include/c++/9/bits/invoke.h:95
#10 operator() () at /usr/include/c++/9/mutex:671
#11 operator() () at /usr/include/c++/9/mutex:676
#12 _FUN() () at /usr/include/c++/9/mutex:676
#13 0x00007ff90af484df in __pthread_once_slow (once_control=0x7ff90ccb9ee8 <JSC::initialize()::onceFlag>, init_routine=0x7ff90b19bc20 <__once_proxy>) at pthread_once.c:116
#14 0x00007ff90c2926e1 in __gthread_once () at /usr/include/x86_64-linux-gnu/c++/9/bits/gthr-default.h:700
#15 call_once<JSC::initialize()::<lambda()> > () at /usr/include/c++/9/mutex:683
#16 JSC::initialize() () at ../Source/JavaScriptCore/runtime/InitializeThreading.cpp:69
#17 0x00007ff90e20be81 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
#18 0x00007ff90e36d845 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
#19 0x00007ff90af484df in __pthread_once_slow (once_control=0x7ff9116b2d90, init_routine=0x7ff90b19bc20 <__once_proxy>) at pthread_once.c:116
#20 0x00007ff90e36dc11 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
#21 0x00007ff90e3a593c in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
#22 0x00007ff90b40a1d1 in g_type_class_ref () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#23 0x00007ff90b3ed5e1 in g_object_new_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#24 0x00007ff90b3ed6cd in g_object_new () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#25 0x00007ff90e38b3e0 in webkit_web_context_new_ephemeral () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
#26 0x00005646fd77e4c6 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at LCMain.cpp:1342

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221124/63383a5f/attachment.htm>


More information about the webkit-unassigned mailing list