<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - [QTWEBKIT] Blocked browser after random actions"

   href="https://bugs.webkit.org/show_bug.cgi?id=150273">150273</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[QTWEBKIT] Blocked browser after random actions

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Nightly Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Critical

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>Animations

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>thewill2live&#64;gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>dino&#64;apple.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Hello, qt5webkit is stuck after few map action with OpenLayers3 actions .

CONTEXTE: 

I tested it on QT5.3.2, QT5.4.1 either on Ubuntu 14.04, Ubuntu 15.04 and a yocto build from my own. 

DESCRIPTION:

After some ol3 actions, the browser is stuck with the following states:

- all the thread are asleep in cond_wait-like condition except on which is running permanently . 

- at kernel level, this thread mmap and munmap memory indefinitely to acquire memory. 

- with debugger, I can see always stop the execution in Qt calling JSC::arrayProtoFuncPush . Then, you can see below the callstack going to mmap.  I Ubuntu 14.04, I have more information regarding callstack at Qt level: it goes through :

    - QEventLoop::processEvents()

    - QAbstractAnimation::start()

    - QAbstractAnimation::setCurrentTime()

My idea is that Webkit receives the same event to create a object indefinitely. 

I look forward any idea to solve this. My next step would be to compile QtCore &amp; QtGui in debug to figure out why it calls permanently this stack. 

Thanks.

#0  mmap64 () at ../sysdeps/unix/syscall-template.S:81

#1  0x00007f189c4a9bd3 in WTF::OSAllocator::reserveUncommitted (bytes=bytes&#64;entry=1634304, usage=usage&#64;entry=WTF::OSAllocator::UnknownUsage, writable=writable&#64;entry=true, executable=executable&#64;entry=false, includesGuardPages=includesGuardPages&#64;entry=false) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/WTF/wtf/OSAllocatorPosix.cpp:67

#2  0x00007f189c487d6b in WTF::PageAllocationAligned::allocate (size=size&#64;entry=1605632, alignment=alignment&#64;entry=32768, usage=usage&#64;entry=WTF::OSAllocator::UnknownUsage, writable=writable&#64;entry=true) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/WTF/wtf/PageAllocationAligned.cpp:55

#3  0x00007f1895d34911 in createCustomSize (blockAlignment=32768, blockSize=1605632) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/Region.h:186

#4  createCustomSize (superRegion=&lt;optimized out&gt;, blockAlignment=32768, blockSize=&lt;optimized out&gt;) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/Region.h:243

#5  allocateCustomSize (blockAlignment=32768, this=&lt;optimized out&gt;, blockSize=1572920) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/BlockAllocator.h:165

#6  JSC::CopiedSpace::tryAllocateOversize (this=this&#64;entry=0x1847b68, bytes=1572856, outPtr=outPtr&#64;entry=0x7ffef2e75c30) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/CopiedSpace.cpp:85

#7  0x00007f1895d36f6a in JSC::CopiedSpace::tryReallocateOversize (this=this&#64;entry=0x1847b68, ptr=ptr&#64;entry=0x7ffef2e75da8, oldSize=oldSize&#64;entry=786424, newSize=newSize&#64;entry=1572856) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/CopiedSpace.cpp:132

#8  0x00007f1895d3806c in JSC::CopiedSpace::tryReallocate (this=this&#64;entry=0x1847b68, ptr=ptr&#64;entry=0x7ffef2e75da8, oldSize=786424, newSize=newSize&#64;entry=1572856) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/CopiedSpace.cpp:109

#9  0x00007f189607cf1e in tryReallocateStorage (newSize=&lt;optimized out&gt;, oldSize=&lt;optimized out&gt;, ptr=0x7ffef2e75da8, this=0x183f0b8) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/heap/Heap.h:396

#10 JSC::Butterfly::growArrayRight (this=&lt;optimized out&gt;, vm=..., oldStructure=0x7f183c37e788, propertyCapacity=&lt;optimized out&gt;, hadIndexingHeader=hadIndexingHeader&#64;entry=true, oldIndexingPayloadSizeInBytes=oldIndexingPayloadSizeInBytes&#64;entry=786416, newIndexingPayloadSizeInBytes=1572848) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/ButterflyInlines.h:115

#11 0x00007f189607450c in JSC::JSObject::ensureLengthSlow (this=this&#64;entry=0x7f1802d14820, vm=..., length=length&#64;entry=98303) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.cpp:2372

#12 0x00007f189602e3cd in JSC::JSObject::ensureLength (this=this&#64;entry=0x7f1802d14820, vm=..., length=length&#64;entry=98303) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.h:801

#13 0x00007f189607f3fe in JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes&lt;(unsigned char)22&gt; (this=this&#64;entry=0x7f1802d14820, exec=exec&#64;entry=0x7f183c387778, i=i&#64;entry=98302, value=...) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.cpp:1886

#14 0x00007f189607a390 in JSC::JSObject::putByIndexBeyondVectorLength (this=this&#64;entry=0x7f1802d14820, exec=exec&#64;entry=0x7f183c387778, i=i&#64;entry=98302, value=..., shouldThrow=shouldThrow&#64;entry=true) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.cpp:2028

#15 0x00007f189607a5a7 in JSC::JSObject::putByIndex (cell=0x7f1802d14820, exec=0x7f183c387778, propertyName=98302, value=..., shouldThrow=&lt;optimized out&gt;) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/JSObject.cpp:537

#16 0x00007f1895fac9cc in JSC::arrayProtoFuncPush (exec=0x7f183c387778) at /home/will/disk/wk/rtd/qtwebkit-opensource-src-5.4.1/Source/JavaScriptCore/runtime/ArrayPrototype.cpp:501</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>