<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - [GTK] Crash in JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int)"
href="https://bugs.webkit.org/show_bug.cgi?id=169061">169061</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[GTK] Crash in JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int)
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>Other
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebKit Gtk
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>aperez@igalia.com
</td>
</tr>
<tr>
<th>CC</th>
<td>bugs-noreply@webkitgtk.org
</td>
</tr></table>
<p>
<div>
<pre>The crash happens on x86_64, running WebKitGTK+ 2.14.5, and happens
quite often when accessing a Travis-CI build log page like the one
at <a href="https://travis-ci.org/aperezdc/revolt/builds/195007198">https://travis-ci.org/aperezdc/revolt/builds/195007198</a>
With the current Git “master” (commit a9501ea6cc9) the issue does not
seem to be reproducible in MiniBrowser. The Travis-CI build log pages
do take quite a bit of time to load, but that can be as well because
I made a debug build hoping to get a better backtrace :-\
Still haven't checked with 2.15.91
The full backtrace follows.
---
mar 01 12:43:42 momiji systemd-coredump[23537]: Process 23470 (WebKitWebProces) of user 1000 dumped core.
Stack trace of thread 23510:
#0 0x00007f9de23ce25a JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit(unsigned int) (libjavascriptcoregtk-4.0.so.18)
#1 0x00007f9de23cbff3 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CallMode, unsigned int, JSC::DFG::Node*, int, int, JSC::CallLinkStatus) (libjavascriptcoregtk-4.0.so.18)
#2 0x00007f9de23cc2c7 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::CallMode, unsigned int, int, int, int) (libjavascriptcoregtk-4.0.so.18)
#3 0x00007f9de23cc3a8 JSC::DFG::ByteCodeParser::handleCall(JSC::Instruction*, JSC::DFG::NodeType, JSC::CallMode) (libjavascriptcoregtk-4.0.so.18)
#4 0x00007f9de23c50b6 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) (libjavascriptcoregtk-4.0.so.18)
#5 0x00007f9de23c7f71 JSC::DFG::ByteCodeParser::parseCodeBlock() (libjavascriptcoregtk-4.0.so.18)
#6 0x00007f9de23ca032 JSC::DFG::ByteCodeParser::handleInlining(JSC::DFG::Node*, int, JSC::CallLinkStatus const&, int, JSC::VirtualRegister, JSC::VirtualRegister, unsigned int, int, unsigned int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind, unsigned long) (libjavascriptcoregtk-4.0.so.18)
#7 0x00007f9de23cbe85 JSC::DFG::ByteCodeParser::handleCall(int, JSC::DFG::NodeType, JSC::InlineCallFrame::Kind, unsigned int, JSC::DFG::Node*, int, int, JSC::CallLinkStatus, unsigned long) (libjavascriptcoregtk-4.0.so.18)
#8 0x00007f9de23cd4c7 JSC::DFG::ByteCodeParser::handlePutById(JSC::DFG::Node*, unsigned int, JSC::DFG::Node*, JSC::PutByIdStatus const&, bool) (libjavascriptcoregtk-4.0.so.18)
#9 0x00007f9de23c5bb6 JSC::DFG::ByteCodeParser::parseBlock(unsigned int) (libjavascriptcoregtk-4.0.so.18)
#10 0x00007f9de23c7f71 JSC::DFG::ByteCodeParser::parseCodeBlock() (libjavascriptcoregtk-4.0.so.18)
#11 0x00007f9de23c8509 JSC::DFG::ByteCodeParser::parse() (libjavascriptcoregtk-4.0.so.18)
#12 0x00007f9de23c87ba JSC::DFG::parse(JSC::DFG::Graph&) (libjavascriptcoregtk-4.0.so.18)
#13 0x00007f9de24f2959 JSC::DFG::Plan::compileInThreadImpl(JSC::DFG::LongLivedState&) (libjavascriptcoregtk-4.0.so.18)
#14 0x00007f9de24f32a7 JSC::DFG::Plan::compileInThread(JSC::DFG::LongLivedState&, JSC::DFG::ThreadData*) (libjavascriptcoregtk-4.0.so.18)
#15 0x00007f9de25a0187 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) (libjavascriptcoregtk-4.0.so.18)
#16 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18)
#17 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18)
#18 0x00007f9de1599454 start_thread (libpthread.so.0)
#19 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23516:
#0 0x00007f9de159f10f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)
#1 0x00007f9ddbfc74cc __gthread_cond_wait (libstdc++.so.6)
#2 0x00007f9de2b13ebd WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (libjavascriptcoregtk-4.0.so.18)
#3 0x00007f9de2b129a5 WTF::ParallelHelperPool::waitForClientWithTask(WTF::Locker<WTF::LockBase> const&) (libjavascriptcoregtk-4.0.so.18)
#4 0x00007f9de2b12a69 WTF::ParallelHelperPool::helperThreadBody() (libjavascriptcoregtk-4.0.so.18)
#5 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18)
#6 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18)
#7 0x00007f9de1599454 start_thread (libpthread.so.0)
#8 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23517:
#0 0x00007f9de159f10f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)
#1 0x00007f9ddbfc74cc __gthread_cond_wait (libstdc++.so.6)
#2 0x00007f9de2b13ebd WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (libjavascriptcoregtk-4.0.so.18)
#3 0x00007f9de2b129a5 WTF::ParallelHelperPool::waitForClientWithTask(WTF::Locker<WTF::LockBase> const&) (libjavascriptcoregtk-4.0.so.18)
#4 0x00007f9de2b12a69 WTF::ParallelHelperPool::helperThreadBody() (libjavascriptcoregtk-4.0.so.18)
#5 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18)
#6 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18)
#7 0x00007f9de1599454 start_thread (libpthread.so.0)
#8 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23519:
#0 0x00007f9de50ed48d poll (libc.so.6)
#1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0)
#2 0x00007f9de2f8ab32 g_main_loop_run (libglib-2.0.so.0)
#3 0x00007f9de2b4cd60 WTF::RunLoop::run() (libjavascriptcoregtk-4.0.so.18)
#4 0x00007f9de2b4b99e n/a (libjavascriptcoregtk-4.0.so.18)
#5 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18)
#6 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18)
#7 0x00007f9de1599454 start_thread (libpthread.so.0)
#8 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23489:
#0 0x00007f9de50ed48d poll (libc.so.6)
#1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0)
#2 0x00007f9de2f8a8bc g_main_context_iteration (libglib-2.0.so.0)
#3 0x00007f9dc81084bd n/a (libdconfsettings.so)
#4 0x00007f9de2fb2175 n/a (libglib-2.0.so.0)
#5 0x00007f9de1599454 start_thread (libpthread.so.0)
#6 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23474:
#0 0x00007f9de50ed48d poll (libc.so.6)
#1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0)
#2 0x00007f9de2f8a8bc g_main_context_iteration (libglib-2.0.so.0)
#3 0x00007f9de2f8a901 n/a (libglib-2.0.so.0)
#4 0x00007f9de2fb2175 n/a (libglib-2.0.so.0)
#5 0x00007f9de1599454 start_thread (libpthread.so.0)
#6 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23473:
#0 0x00007f9de50c5ffd __nanosleep (libc.so.6)
#1 0x00007f9de2b521f4 bmalloc::Heap::scavenge(std::unique_lock<bmalloc::StaticMutex>&, std::chrono::duration<long, std::ratio<1l, 1000l> >) (libjavascriptcoregtk-4.0.so.18)
#2 0x00007f9de2b5234f bmalloc::Heap::concurrentScavenge() (libjavascriptcoregtk-4.0.so.18)
#3 0x00007f9de2b5362e bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadRunLoop() (libjavascriptcoregtk-4.0.so.18)
#4 0x00007f9de2b53809 bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadEntryPoint(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*) (libjavascriptcoregtk-4.0.so.18)
#5 0x00007f9ddbfcd58f execute_native_thread_routine (libstdc++.so.6)
#6 0x00007f9de1599454 start_thread (libpthread.so.0)
#7 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23476:
#0 0x00007f9de50ed48d poll (libc.so.6)
#1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0)
#2 0x00007f9de2f8ab32 g_main_loop_run (libglib-2.0.so.0)
#3 0x00007f9de2b4cd60 WTF::RunLoop::run() (libjavascriptcoregtk-4.0.so.18)
#4 0x00007f9de2b4b99e n/a (libjavascriptcoregtk-4.0.so.18)
#5 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18)
#6 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18)
#7 0x00007f9de1599454 start_thread (libpthread.so.0)
#8 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23521:
#0 0x00007f9de159f10f pthread_cond_wait@@GLIBC_2.3.2 (libpthread.so.0)
#1 0x00007f9ddbfc74cc __gthread_cond_wait (libstdc++.so.6)
#2 0x00007f9de2b13ebd WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, std::chrono::time_point<std::chrono::_V2::steady_clock, std::chrono::duration<long, std::ratio<1l, 1000000000l> > >) (libjavascriptcoregtk-4.0.so.18)
#3 0x00007f9de259ff63 JSC::DFG::Worklist::runThread(JSC::DFG::ThreadData*) (libjavascriptcoregtk-4.0.so.18)
#4 0x00007f9de2b17145 n/a (libjavascriptcoregtk-4.0.so.18)
#5 0x00007f9de2b49eba n/a (libjavascriptcoregtk-4.0.so.18)
#6 0x00007f9de1599454 start_thread (libpthread.so.0)
#7 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23475:
#0 0x00007f9de50ed48d poll (libc.so.6)
#1 0x00007f9de2f8a7a6 n/a (libglib-2.0.so.0)
#2 0x00007f9de2f8ab32 g_main_loop_run (libglib-2.0.so.0)
#3 0x00007f9de3570446 n/a (libgio-2.0.so.0)
#4 0x00007f9de2fb2175 n/a (libglib-2.0.so.0)
#5 0x00007f9de1599454 start_thread (libpthread.so.0)
#6 0x00007f9de50f67df __clone (libc.so.6)
Stack trace of thread 23470:
#0 0x00007f9d844945d6 n/a (n/a)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>