[Webkit-unassigned] [Bug 245968] New: Crash in pas_segregated_page_switch_lock_and_rebias_while_ineligible_impl
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 3 09:20:23 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=245968
Bug ID: 245968
Summary: Crash in
pas_segregated_page_switch_lock_and_rebias_while_ineli
gible_impl
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: bmalloc
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at gnome.org
CC: bugs-noreply at webkitgtk.org, ggaren at apple.com,
ysuzuki at apple.com
In WebKitGTK 2.38.0 we have an occasional crash in libpas:
#0 0x00007f219811d515 in pas_compare_and_swap_uint8_strong
(new_value=1 '\001', old_value=0 '\000', ptr=0x10 <error: Cannot access memory at address 0x10>)
at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_utils.h:602
result = <optimized out>
owner = 0x7f217d4267e8
page_lock = 0x7f217c00e910
exclusive = <optimized out>
got_right_lock = <optimized out>
#1 pas_compare_and_swap_bool_strong (new_value=true, old_value=false, ptr=0x10)
at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_utils.h:780
result = <optimized out>
owner = 0x7f217d4267e8
page_lock = 0x7f217c00e910
exclusive = <optimized out>
got_right_lock = <optimized out>
#2 pas_lock_try_lock (lock=0x10)
at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_lock.h:94
result = <optimized out>
owner = 0x7f217d4267e8
page_lock = 0x7f217c00e910
exclusive = <optimized out>
got_right_lock = <optimized out>
#3 pas_segregated_page_switch_lock_and_rebias_while_ineligible_impl
(page=0x7f218a114000, held_lock=0x7f07edffa768, cache_node=0x0)
at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_segregated_page.c:146
owner = 0x7f217d4267e8
page_lock = 0x7f217c00e910
exclusive = <optimized out>
got_right_lock = <optimized out>
#4 0x00007f21980e1ed7 in pas_segregated_page_switch_lock_and_rebias_while_ineligible
(page_config=..., cache_node=0x0, held_lock=0x7f07edffa768, page=0x7f218a114000)
at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_segregated_page_inlines.h:313
new_view = <optimized out>
held_lock = 0x7f217c00e910
directory = <optimized out>
partial = <optimized out>
old_view = <optimized out>
shared = <optimized out>
cache = <optimized out>
new_page = 0x7f218a114000
did_get_view = <optimized out>
old_page = 0x7f218a114000
size_directory = <optimized out>
cache_node = <optimized out>
refill_result = <optimized out>
#5 pas_local_allocator_refill_with_known_config (page_config=..., counts=0x7fff66cb7361, allocator=<optimized out>)
at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_local_allocator_inlines.h:1163
new_view = <optimized out>
held_lock = 0x7f217c00e910
directory = <optimized out>
partial = <optimized out>
old_view = <optimized out>
shared = <optimized out>
cache = <optimized out>
new_page = 0x7f218a114000
did_get_view = <optimized out>
old_page = 0x7f218a114000
size_directory = <optimized out>
cache_node = <optimized out>
refill_result = <optimized out>
#6 pas_local_allocator_try_allocate_small_segregated_slow_impl (counts=0x7fff66cb7361, config=..., allocator=0x7f217c00df98) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_local_allocator_inlines.h:1566
refill_result = <optimized out>
#7 pas_local_allocator_try_allocate_small_segregated_slow (result_filter=0x7f21980dbb40 <pas_allocation_result_identity(pas_allocation_result)>, counts=0x7fff66cb7361, config=..., allocator=0x7f217c00df98) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_local_allocator_inlines.h:1587
#8 bmalloc_heap_config_specialized_local_allocator_try_allocate_small_segregated_slow(pas_local_allocator*, pas_allocator_counts*, pas_allocation_result_filter) (allocator=allocator at entry=0x7f217d4836f8, count=count at entry=0x7f21984d04c0 <bmalloc_allocator_counts>, result_filter=result_filter at entry=0x7f21980dbb40 <pas_allocation_result_identity(pas_allocation_result)>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap_config.c:43
#9 0x00007f21980e7ca3 in pas_local_allocator_try_allocate (result_filter=0x7f21980dbb40 <pas_allocation_result_identity(pas_allocation_result)>, counts=0x7f21984d04c0 <bmalloc_allocator_counts>, config=..., alignment=1, size=120, allocator=0x7f217d4836f8) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_local_allocator_inlines.h:1831
result = {begin = <optimized out>, did_succeed = <optimized out>, zero_mode = <optimized out>}
baseline_allocator_result = {did_succeed = <optimized out>, allocator = 0x7f217d4836f8, lock = 0x7f217d4836f0}
heap = <optimized out>
directory = <optimized out>
result = {begin = <optimized out>, did_succeed = <optimized out>, zero_mode = <optimized out>}
cached_index = <optimized out>
#10 pas_try_allocate_common_impl_slow (size_lookup_mode=<optimized out>, allocator_counts=<optimized out>, runtime_config=<optimized out>, config=..., alignment=1, size=<optimized out>, heap_ref_kind=<optimized out>, heap_ref=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_try_allocate_common.h:187
baseline_allocator_result = {did_succeed = <optimized out>, allocator = 0x7f217d4836f8, lock = 0x7f217d4836f0}
heap = <optimized out>
directory = <optimized out>
result = {begin = <optimized out>, did_succeed = <optimized out>, zero_mode = <optimized out>}
cached_index = <optimized out>
#11 bmalloc_heap_config_specialized_try_allocate_common_impl_slow(__pas_heap_ref*, pas_heap_ref_kind, size_t, size_t, pas_heap_runtime_config*, pas_allocator_counts*, pas_size_lookup_mode) (heap_ref=<optimized out>, heap_ref_kind=<optimized out>, size=120, alignment=<optimized out>, runtime_config=<optimized out>, allocator_counts=<optimized out>, size_lookup_mode=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap_config.c:43
#12 0x00007f21980cc688 in bmalloc_allocate_impl_impl_slow(__pas_heap_ref*, size_t, size_t) (heap_ref=heap_ref at entry=0x7f07edffa870, size=size at entry=120, alignment=alignment at entry=1) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h:70
#13 0x00007f21980cf713 in pas_try_allocate_intrinsic_impl_casual_case (designation_mode=pas_intrinsic_heap_is_designated, try_allocate_common_slow=<optimized out>, try_allocate_common_fast=<optimized out>, config=..., intrinsic_support=0x7f21984d04e0 <bmalloc_common_primitive_heap_support>, alignment=1, size=120, heap=0x7f21984b4080 <bmalloc_common_primitive_heap>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_try_allocate_intrinsic.h:174
aligned_size = 120
index = 8
fake_heap_ref = {type = 0x7f2198481380 <bmalloc_common_primitive_type>, heap = 0x7f21984b4080 <bmalloc_common_primitive_heap>, allocator_index = 0}
cache = <optimized out>
#14 bmalloc_allocate_impl_casual_case(size_t, size_t) (size=120, alignment=1) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h:70
#15 0x00007f21980cfa8d in bmalloc_allocate_casual(size_t) (size=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap.c:64
#16 0x00007f21980c6480 in WTF::ThreadSafeRefCountedBase::operator new(unsigned long) (size=120) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/ThreadSafeRefCounted.h:43
thread = {m_ptr = <optimized out>}
#17 WTF::Thread::initializeCurrentTLS() () at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:387
thread = {m_ptr = <optimized out>}
#18 0x00007f219805f3b5 in WTF::Thread::current() () at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/Threading.h:433
result = <optimized out>
threadData = 0x7f218a00c110
initializeOnce = {_M_once = 2}
enqueueResult = <optimized out>
didDequeue = <optimized out>
result = {wasUnparked = <optimized out>, token = <optimized out>}
#19 WTF::(anonymous namespace)::ThreadData::ThreadData (this=0x7f218a0cfd80) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/ParkingLot.cpp:424
result = <optimized out>
threadData = 0x7f218a00c110
initializeOnce = {_M_once = 2}
enqueueResult = <optimized out>
didDequeue = <optimized out>
result = {wasUnparked = <optimized out>, token = <optimized out>}
#20 WTF::(anonymous namespace)::myThreadData () at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/ParkingLot.cpp:459
result = <optimized out>
threadData = 0x7f218a00c110
initializeOnce = {_M_once = 2}
enqueueResult = <optimized out>
didDequeue = <optimized out>
result = {wasUnparked = <optimized out>, token = <optimized out>}
#21 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) (address=address at entry=0x7f21984ca734 <WTF::Thread::s_allThreadsLock>, validation=..., beforeSleep=..., timeout=...) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/ParkingLot.cpp:570
enqueueResult = <optimized out>
didDequeue = <optimized out>
result = {wasUnparked = <optimized out>, token = <optimized out>}
#22 0x00007f2198051b35 in WTF::ParkingLot::parkConditionally<WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::{lambda()#1}, WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::{lambda()#2}>(void const*, WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::{lambda()#1} const&, WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::{lambda()#2} const&, WTF::TimeWithDynamicClockType const&) (timeout=..., beforeSleep=..., validation=..., address=0x7f21984ca734 <WTF::Thread::s_allThreadsLock>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/ParkingLot.h:82
currentValue = <optimized out>
parkResult = {wasUnparked = <optimized out>, token = <optimized out>}
spinCount = 0
#23 WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char) (expected=<optimized out>, address=0x7f21984ca734 <WTF::Thread::s_allThreadsLock>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/ParkingLot.h:94
currentValue = <optimized out>
parkResult = {wasUnparked = <optimized out>, token = <optimized out>}
spinCount = 0
#24 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::lockSlow(WTF::Atomic<unsigned char>&) (lock=...) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/LockAlgorithmInlines.h:84
currentValue = <optimized out>
parkResult = {wasUnparked = <optimized out>, token = <optimized out>}
spinCount = 0
#25 0x00007f2198051979 in WTF::Lock::lockSlow() (this=this at entry=0x7f21984ca734 <WTF::Thread::s_allThreadsLock>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/Lock.cpp:51
#26 0x00007f2198065acf in WTF::Lock::lock() (this=0x7f21984ca734 <WTF::Thread::s_allThreadsLock>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/Lock.h:66
#27 WTF::Locker<WTF::Lock>::Locker(WTF::Lock&) (lock=..., this=<synthetic pointer>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/Lock.h:158
#28 WTF::Thread::didExit() (this=0x7f07bf0f1580) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/Threading.cpp:298
#29 0x00007f21980c6405 in WTF::Thread::destructTLS(void*) (data=0x7f07bf0f1580) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:545
thread = 0x7f07bf0f1580
#30 WTF::Thread::destructTLS(void*) (data=0x7f07bf0f1580) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:539
thread = 0x7f07bf0f1580
#31 0x00007f219859e1c0 in __GI___nptl_deallocate_tsd () at nptl_deallocate_tsd.c:73
data = <optimized out>
inner = <optimized out>
level2 = 0x7f07edffb950
idx = <optimized out>
cnt = 0
self = <optimized out>
#32 __GI___nptl_deallocate_tsd () at nptl_deallocate_tsd.c:22
self = <optimized out>
#33 0x00007f21985a1049 in start_thread (arg=<optimized out>) at pthread_create.c:453
pd = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139672034457152, 4554196666265126491, 139672034457152, -128, 0, 140734918001152, 4554196666451773019, 4575422984186906203}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#34 0x00007f2198629d84 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
Some observations:
* In frame 2, pas_lock_try_lock is called with a bogus lock pointer, 0x10
* In frame 3, pas_segregated_page_switch_lock_and_rebias_while_ineligible_impl is called with cache_node=0x0
* It should be impossible to reach the call to pas_lock_try_lock() at pas_segregated_page.c:146 with cache_node=0x0
There is a check: if (!pas_segregated_view_is_some_exclusive(owner) || !cache_node) on line 137 which will by hit if cache_node=0x0, that code always continues or returns, so the rest of the loop should be unreachable:
if (!pas_segregated_view_is_some_exclusive(owner) || !cache_node) {
pas_lock_switch(held_lock, page_lock);
if (page->lock_ptr != page_lock)
continue;
return;
}
And yet, somehow we proceeded past that anyway:
did_lock_quickly =
(*held_lock == &cache_node->page_lock && pas_lock_try_lock(page_lock)) ||
(*held_lock == page_lock && pas_lock_try_lock(&cache_node->page_lock));
The crash occurs on the last line here, calling pas_lock_try_lock(&cache_node->page_lock) with cache_node=nullptr. Should be impossible.
Looking at other threads, I see only two that are potentially suspicious:
Thread 67 (Thread 0x7f218bfff640 (LWP 135)):
#0 0x00007f2198623acb in madvise () at ../sysdeps/unix/syscall-template.S:117
#1 0x00007f21981115ca in decommit_impl (ptr=0x7f213a037000, size=4096, mmap_capability=<optimized out>, do_mprotect=true) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_page_malloc.c:266
#2 0x00007f21981119f9 in pas_page_malloc_decommit (ptr=<optimized out>, size=<optimized out>, mmap_capability=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_page_malloc.c:279
#3 0x00007f21980f8bfb in decommit_all (log=log at entry=0x7f218bffe6e0, for_real=for_real at entry=true) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_deferred_decommit_log.c:239
#4 0x00007f21980f924e in pas_deferred_decommit_log_decommit_all (log=log at entry=0x7f218bffe6e0) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_deferred_decommit_log.c:280
#5 0x00007f2198113746 in pas_physical_page_sharing_pool_scavenge (max_epoch=8692565532023) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_page_sharing_pool.c:804
#6 0x00007f2198116df9 in scavenger_thread_main (arg=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_scavenger.c:269
#7 0x00007f21985a11da in start_thread (arg=<optimized out>) at pthread_create.c:442
Probably OK? And also:
Thread 2 (Thread 0x7f07d0800640 (LWP 151)):
#0 0x00007f219860f5ab in sched_yield () at ../sysdeps/unix/syscall-template.S:120
#1 0x00007f21981102e2 in pas_lock_lock_slow (lock=lock at entry=0x7f217d4836f0) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_lock.c:66
#2 0x00007f219812320a in pas_lock_lock (lock=0x7f217d4836f0) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_lock.h:87
#3 pas_segregated_size_directory_select_allocator_slow (directory=0x7f217c00e100) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_segregated_size_directory.c:492
#4 0x00007f21980e7af4 in pas_segregated_size_directory_select_allocator (cached_index=<optimized out>, config=0x7f21984a1a40 <bmalloc_heap_config>, size_lookup_mode=<optimized out>, size=272, directory=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_segregated_size_directory_inlines.h:72
#5 pas_try_allocate_common_impl_slow (size_lookup_mode=<optimized out>, allocator_counts=<optimized out>, runtime_config=<optimized out>, config=..., alignment=1, size=<optimized out>, heap_ref_kind=<optimized out>, heap_ref=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_try_allocate_common.h:184
#6 bmalloc_heap_config_specialized_try_allocate_common_impl_slow(__pas_heap_ref*, pas_heap_ref_kind, size_t, size_t, pas_heap_runtime_config*, pas_allocator_counts*, pas_size_lookup_mode) (heap_ref=<optimized out>, heap_ref_kind=<optimized out>, size=272, alignment=<optimized out>, runtime_config=<optimized out>, allocator_counts=<optimized out>, size_lookup_mode=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap_config.c:43
#7 0x00007f21980cc688 in bmalloc_allocate_impl_impl_slow(__pas_heap_ref*, size_t, size_t) (heap_ref=heap_ref at entry=0x7f07d07ff9d0, size=size at entry=272, alignment=alignment at entry=1) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h:70
#8 0x00007f21980cf713 in pas_try_allocate_intrinsic_impl_casual_case (designation_mode=pas_intrinsic_heap_is_designated, try_allocate_common_slow=<optimized out>, try_allocate_common_fast=<optimized out>, config=..., intrinsic_support=0x7f21984d04e0 <bmalloc_common_primitive_heap_support>, alignment=1, size=272, heap=0x7f21984b4080 <bmalloc_common_primitive_heap>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/pas_try_allocate_intrinsic.h:174
#9 bmalloc_allocate_impl_casual_case(size_t, size_t) (size=272, alignment=1) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h:70
#10 0x00007f21980cfa8d in bmalloc_allocate_casual(size_t) (size=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/bmalloc/libpas/src/libpas/bmalloc_heap.c:64
#11 0x00007f219803e1b5 in WTF::fastZeroedMalloc(unsigned long) (n=n at entry=272) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/FastMalloc.cpp:118
#12 0x00007f219806694a in WTF::FastMalloc::zeroedMalloc(unsigned long) (size=272) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/FastMalloc.h:230
#13 WTF::HashTable<WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >::allocateTable(unsigned int) (size=32) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/HashTable.h:1165
#14 WTF::HashTable<WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >::rehash(unsigned int, WTF::Thread**) (this=this at entry=0x7f21984ca740 <WTF::Thread::allThreads()::allThreads>, newTableSize=32, entry=entry at entry=0x0) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/HashTable.h:1277
#15 0x00007f2198065ac2 in WTF::HashTable<WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >::shrink() (this=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/HashTable.h:562
#16 WTF::HashTable<WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >::remove(WTF::Thread**) (pos=<optimized out>, this=0x7f21984ca740 <WTF::Thread::allThreads()::allThreads>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/HashTable.h:1086
#17 WTF::HashTable<WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >::removeAndInvalidateWithoutEntryConsistencyCheck(WTF::Thread**) (pos=<optimized out>, this=0x7f21984ca740 <WTF::Thread::allThreads()::allThreads>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/HashTable.h:1060
#18 WTF::HashTable<WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >::removeWithoutEntryConsistencyCheck(WTF::HashTableConstIterator<WTF::HashTable<WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >, WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >) (it=..., this=<optimized out>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/HashTable.h:1115
#19 WTF::HashSet<WTF::Thread*, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTableTraits>::remove(WTF::HashTableConstIteratorAdapter<WTF::HashTable<WTF::Thread*, WTF::Thread*, WTF::IdentityExtractor, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTraits<WTF::Thread*> >, WTF::Thread*>) (it=..., this=0x7f21984ca740 <WTF::Thread::allThreads()::allThreads>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/HashSet.h:321
#20 WTF::HashSet<WTF::Thread*, WTF::DefaultHash<WTF::Thread*>, WTF::HashTraits<WTF::Thread*>, WTF::HashTableTraits>::remove(WTF::Thread* const&) (value=@0x7f07d07ffb10: 0x7f07bf0f0d80, this=0x7f21984ca740 <WTF::Thread::allThreads()::allThreads>) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/HashSet.h:328
#21 WTF::Thread::didExit() (this=0x7f07bf0f0d80) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/Threading.cpp:299
#22 0x00007f21980c6405 in WTF::Thread::destructTLS(void*) (data=0x7f07bf0f0d80) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:545
#23 WTF::Thread::destructTLS(void*) (data=0x7f07bf0f0d80) at /usr/lib/debug/source/sdk/webkit2gtk-4.1.bst/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:539
#24 0x00007f219859e1c0 in __GI___nptl_deallocate_tsd () at nptl_deallocate_tsd.c:73
#25 __GI___nptl_deallocate_tsd () at nptl_deallocate_tsd.c:22
#26 0x00007f21985a1049 in start_thread (arg=<optimized out>) at pthread_create.c:453
#27 0x00007f2198629d84 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221003/1049cbe7/attachment-0001.htm>
More information about the webkit-unassigned
mailing list