leopard-webkit / Tickets / #108 JavaScriptCore occasionally crashes when trying to allocate memory

#108 JavaScriptCore occasionally crashes when trying to allocate memory

Status: Accepted

Owner: Tobias Netzel

Labels: None

Priority: Medium

Type: Defect

Updated: 2018-01-06

Created: 2017-03-18

Creator: Damien Stewart

Private: No

So got this alloc crash. Unaware if this is fixed now. But will post log in any case.

Process:         Safari [7674]
Path:            /Applications/WebKit.app/Contents/MacOS/WebKit-bin
Identifier:      org.webkit.nightly.WebKit
Version:         r209950 (209950)
Code Type:       PPC (Native)
Parent Process:  launchd [81]

Date/Time:       2017-02-08 23:50:55.069 +1100
OS Version:      Mac OS X 10.5.8 (9L31a)
Report Version:  6
Anonymous UUID:  4C329DC0-59E3-442D-A263-B83AE0E0D445

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000003ffc
Crashed Thread:  0

Thread 0 Crashed:
0   com.apple.JavaScriptCore        0x00d977c0 WTF::fastAlignedMalloc(unsigned long, unsigned long) + 72
1   com.apple.JavaScriptCore        0x00bd8394 JSC::MarkedBlock::create(JSC::Heap&, JSC::MarkedAllocator*, unsigned long, unsigned long, bool) + 44
2   com.apple.JavaScriptCore        0x00bd7b00 JSC::MarkedAllocator::allocateSlowCase(unsigned long) + 1160
3   com.apple.JavaScriptCore        0x0095a520 slow_path_create_lexical_environment + 1044
4   com.apple.JavaScriptCore        0x00bca384 JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) + 12988
5   com.apple.JavaScriptCore        0x00bc6578 vmEntryToJavaScript + 40
6   com.apple.JavaScriptCore        0x00a6c4c4 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 176
7   com.apple.JavaScriptCore        0x00a5e550 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 564
8   com.apple.JavaScriptCore        0x00910e1c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 48
9   com.apple.JavaScriptCore        0x00a7b638 JSC::boundThisNoArgsFunctionCall(JSC::ExecState*) + 348
10  com.apple.JavaScriptCore        0x00bca438 JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) + 13168
11  com.apple.JavaScriptCore        0x00bc6578 vmEntryToJavaScript + 40
12  com.apple.JavaScriptCore        0x00a6c4c4 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 176
13  com.apple.JavaScriptCore        0x00a5e550 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 564
14  com.apple.JavaScriptCore        0x00910e1c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 48
15  com.apple.JavaScriptCore        0x00a7b638 JSC::boundThisNoArgsFunctionCall(JSC::ExecState*) + 348
16  com.apple.JavaScriptCore        0x00bca438 JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) + 13168
17  com.apple.JavaScriptCore        0x00bc6578 vmEntryToJavaScript + 40
18  com.apple.JavaScriptCore        0x00a6c4c4 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 176
19  com.apple.JavaScriptCore        0x00a5e550 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 564
20  com.apple.JavaScriptCore        0x00910e1c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 48
21  com.apple.JavaScriptCore        0x00a7b638 JSC::boundThisNoArgsFunctionCall(JSC::ExecState*) + 348
22  com.apple.JavaScriptCore        0x00bc744c JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) + 900
23  com.apple.JavaScriptCore        0x00bc65c0 vmEntryToNative + 40
24  com.apple.JavaScriptCore        0x00a5e488 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 364
25  com.apple.JavaScriptCore        0x00911130 JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 196
26  com.apple.WebCore               0x0253ab28 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 556
27  com.apple.WebCore               0x0253ad2c WebCore::ScheduledAction::execute(WebCore::Document&) + 220
28  com.apple.WebCore               0x02868a1c WebCore::DOMTimer::fired() + 808
29  com.apple.WebCore               0x0218e3ac __ZN7WebCore12ThreadTimers24sharedTimerFiredInternalEv.part.13 + 184
30  com.apple.WebCore               0x01f28930 __ZN7WebCoreL10timerFiredEP16__CFRunLoopTimerPv + 32
31  com.apple.CoreFoundation        0x91e5a818 CFRunLoopRunSpecific + 2968
32  com.apple.HIToolbox             0x947c9b14 RunCurrentEventLoopInMode + 264
33  com.apple.HIToolbox             0x947c9938 ReceiveNextEventCommon + 412
34  com.apple.HIToolbox             0x947c9778 BlockUntilNextEventMatchingListInMode + 84
35  com.apple.AppKit                0x93aa7244 _DPSNextEvent + 596
36  com.apple.AppKit                0x93aa6bfc -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 112
37  com.apple.Safari                0x00018c68 0x1000 + 97384
38  com.apple.AppKit                0x93aa089c -[NSApplication run] + 744
39  com.apple.AppKit                0x93a71298 NSApplicationMain + 440
40  com.apple.Safari                0x0000b2f8 0x1000 + 41720

...

Thread 0 crashed with PPC Thread State 32:
  srr0: 0x00d977c0  srr1: 0x0200f030   dar: 0x00003ffc dsisr: 0x42000000
    r0: 0x00d977a0    r1: 0xbfffc3a0    r2: 0x00004000    r3: 0x00000000
    r4: 0x00000000    r5: 0x00000028    r6: 0xffffffff    r7: 0x0000070f
    r8: 0x00000000    r9: 0x00003fff   r10: 0x90752eb4   r11: 0xa007e934
   r12: 0x9063237c   r13: 0xbfffc988   r14: 0x32e7a820   r15: 0xfffffffb
   r16: 0x08bfd240   r17: 0x00e170ec   r18: 0x43300000   r19: 0xfffffffb
   r20: 0xfffffff8   r21: 0x0fcf1e20   r22: 0x00000030   r23: 0x13d2bcc0
   r24: 0x13d2bcc0   r25: 0x00000000   r26: 0x0488520c   r27: 0x00004000
   r28: 0x0488634c   r29: 0x00000030   r30: 0x00000000   r31: 0x00bd7680
    cr: 0x84042422   xer: 0x20000006    lr: 0x00d977a0   ctr: 0x9063237c
vrsave: 0x80000fff

Discussion

Tobias Netzel - 2017-03-19

summary: 0 com.apple.JavaScriptCore 0x00d977c0 WTF::fastAlignedMalloc(unsigned long, unsigned long) + 72 --> JavaScriptCore occasionally crashes when trying to allocate memory

status: New --> Accepted

assigned_to: Tobias Netzel

Priority: Critical --> Medium

Type: Review --> Defect
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Tobias Netzel - 2017-03-19

Hmm, a crash while trying to allocate memory - most probably the process (WebKit/Safari) went out of address space,
I know there are some nasty situations where JavaScriptCore does allocate memory as if it was addicted to doing so - I don't think it really needs that memory.

(Please consider updating to 602.4.8_3 - that'll probably be the final release of the 602 series)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Damien Stewart - 2018-01-06

I notice that now 603 is here and 604 is out. Testing 604 now. :-)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

JavaScriptCore occasionally crashes when trying to allocate memory

WebKit for OS X Leopard

Searches

Help

#108 JavaScriptCore occasionally crashes when trying to allocate memory

Discussion