Fifth freezes when accessing some URL

[juanitotc]

When accessing some URL, fifth will freeze either at:

• 90% loaded
• the ilovebieber page

No error messages are given and the only way to exit is "killall -9 fifth"

As an example, try:

https://unix.stackexchange.com/questions/101272/tar-list-files-only

[clbr]

Couldn't reproduce on that URL. However I have seen freezes with pages with the Google recaptcha, likely a bug in the JS engine.

[juanitotc]

Hmm - strange that the freeze happens without fail for me on that URL with CorePure64.

I see it happening on more and more sites.

Is there anything I can do to try and get an error message?

[clbr]

Probably nothing, but if you do "top -p $(pidof fifth)" and press H to show threads, you'll see which thread is using cpu.

[clbr]

Oh, you can also attach gdb to it at that point, and ask what it's running (if the build has symbols).

gdb fifth $(pidof fifth) thread apply all bt

[clbr]

..and as a workaround, you can try to disable JS for the site, or for the tab before going there.

1. Go to some other page
2. Disable JS for the tab by clicking the bottom JS button
3. Go there
4. If it doesn't hang, right-click, edit per-site settings, and disable JS
5. Close fifth so settings are saved

[juanitotc]

From top I get:

8185 tc 20 0 2143.4m 75.2m 0.0 0.5 0:00.49 S fifth
8186 tc 20 0 2143.4m 75.2m 0.0 0.5 0:00.00 S - fifth commander 8187 tc 20 0 2143.4m 75.2m 0.0 0.5 0:00.00 S- WebCore: IconDa
8189 tc 20 0 2143.4m 75.2m 0.0 0.5 0:00.00 S - JSC::Marking 8190 tc 20 0 2143.4m 75.2m 0.0 0.5 0:00.00 S- JSC::Marking
8191 tc 20 0 2143.4m 75.2m 0.0 0.5 0:00.00 S - JSC::Marking 8192 tc 20 0 2143.4m 75.2m 0.0 0.5 0:00.00 S- fifth

[juanitotc]

..and from gdb without symbols:

(gdb) thread apply all bt

Thread 7 (LWP 8192):

0 0x00007f4d79cce93b in ?? () from /lib/libc.so.6

1 0x00007f4d79c6982f in ?? () from /lib/libc.so.6

2 0x00007f4d801e6dd1 in _dl_deallocate_tls () from /lib/ld-linux-x86-64.so.2

3 0x00007f4d7ec19446 in ?? () from /lib/libpthread.so.0

4 0x00007f4d7ec194f4 in ?? () from /lib/libpthread.so.0

5 0x00007f4d7ec1a274 in ?? () from /lib/libpthread.so.0

6 0x00007f4d79cc4aff in clone () from /lib/libc.so.6

Thread 6 (LWP 8191):

0 0x00007f4d7ec1ee5f in pthread_cond_wait () from /lib/libpthread.so.0

1 0x00007f4d7a227d42 in std::condition_variable::wait(std::unique_lock&) () from /usr/lib/libstdc++.so.6

2 0x00000000007bfd52 in ?? ()

3 0x00007f4d74028e00 in ?? ()

4 0x0000000000871f01 in ?? ()

5 0x000000000194beb0 in ?? ()

6 0x000000000194beb0 in ?? ()

7 0x000000000194bde0 in ?? ()

8 0x00007fffac317507 in ?? ()

9 0x00007f4d333f4cd0 in ?? ()

10 0x00000000007bfdcc in ?? ()

11 0x00007f4d75ff55a0 in ?? ()

12 0x00007f4d75ff55a8 in ?? ()

13 0x00007f4d75ff55c8 in ?? ()

14 0x000000000086e2e0 in ?? ()

15 0x00000000007bfe48 in ?? ()

16 0x000000000194beb0 in ?? ()

17 0x000000000086e22b in ?? ()

18 0x000000000086e222 in ?? ()

19 0x00007f4d75ffa620 in ?? ()

20 0x0000000000000000 in ?? ()

Thread 5 (LWP 8190):

0 0x00007f4d7ec1ee5f in pthread_cond_wait () from /lib/libpthread.so.0

1 0x00007f4d7a227d42 in std::condition_variable::wait(std::unique_lock&) () from /usr/lib/libstdc++.so.6

2 0x00000000007bfd52 in ?? ()

3 0x00007f4d74028e00 in ?? ()

4 0x0000000000871f01 in ?? ()

5 0x000000000194bc50 in ?? ()

6 0x000000000194bc50 in ?? ()

7 0x000000000194bb80 in ?? ()

8 0x00007fffac317507 in ?? ()

9 0x00007f4d335f5cd0 in ?? ()

10 0x00000000007bfdcc in ?? ()

11 0x00007f4d75ff5550 in ?? ()

12 0x00007f4d75ff5558 in ?? ()

13 0x00007f4d75ff5578 in ?? ()

14 0x000000000086e2e0 in ?? ()

15 0x00000000007bfe48 in ?? ()

16 0x000000000194bc50 in ?? ()

17 0x000000000086e22b in ?? ()

18 0x000000000086e222 in ?? ()

19 0x00007f4d75ffa600 in ?? ()

20 0x0000000000000000 in ?? ()

Thread 4 (LWP 8189):

0 0x00007f4d7ec1ee5f in pthread_cond_wait () from /lib/libpthread.so.0

1 0x00007f4d7a227d42 in std::condition_variable::wait(std::unique_lock&) () from /usr/lib/libstdc++.so.6

2 0x00000000007bfd52 in ?? ()

3 0x00007f4d74028e00 in ?? ()

4 0x0000000000871f01 in ?? ()

5 0x000000000194b9f0 in ?? ()

6 0x000000000194b9f0 in ?? ()

7 0x000000000194b950 in ?? ()

8 0x00007fffac317507 in ?? ()

9 0x00007f4d76203cd0 in ?? ()

10 0x00000000007bfdcc in ?? ()

11 0x00007f4d75ff5500 in ?? ()

12 0x00007f4d75ff5508 in ?? ()

13 0x00007f4d75ff5528 in ?? ()

14 0x000000000086e2e0 in ?? ()

15 0x00000000007bfe48 in ?? ()

16 0x000000000194b9f0 in ?? ()

17 0x000000000086e22b in ?? ()

18 0x000000000086e222 in ?? ()

19 0x00007f4d75ffa5e0 in ?? ()

20 0x0000000000000000 in ?? ()

Thread 3 (LWP 8187):

0 0x00007f4d7ec1ee5f in pthread_cond_wait () from /lib/libpthread.so.0

1 0x000000000049ebfe in ?? ()

2 0x00007f4d2c0000b8 in ?? ()

3 0x00007f4d757fc108 in ?? ()

4 0x0000000000000000 in ?? ()

Thread 2 (LWP 8186):

0 0x00007f4d79c9f03d in nanosleep () from /lib/libc.so.6

1 0x00007f4d79c9ef9b in sleep () from /lib/libc.so.6

2 0x000000000041bfd0 in ?? ()

3 0x00007f4d803d1700 in ?? ()

4 0x0000000000000000 in ?? ()

Thread 1 (LWP 8185):

0 0x00007f4d79cce93b in ?? () from /lib/libc.so.6

1 0x00007f4d79c6bdd2 in malloc () from /lib/libc.so.6

2 0x00007f4d79c5ba77 in _IO_file_doallocate () from /lib/libc.so.6

3 0x00007f4d79c66fe5 in _IO_doallocbuf () from /lib/libc.so.6

4 0x00007f4d79c66543 in _IO_file_overflow () from /lib/libc.so.6

5 0x00007f4d79c65b64 in _IO_file_xsputn () from /lib/libc.so.6

6 0x00007f4d79c440fb in vfprintf () from /lib/libc.so.6

7 0x00007f4d79c4a17f in printf () from /lib/libc.so.6

8 0x000000000041b363 in ?? ()

9 0x00000000fffffffd in ?? ()

10 0x0000000004000000 in ?? ()

11 0x00007f4d803d2838 in ?? ()

12 0x00007f4d79f651e8 in ?? () from /lib/libc.so.6

13 0x0000000000000020 in ?? ()

14

15 0x00007f4d79c68c08 in ?? () from /lib/libc.so.6

16 0x00007f4d79c6a7d8 in ?? () from /lib/libc.so.6

17 0x00007f4d79c6bdf3 in malloc () from /lib/libc.so.6

18 0x00007f4d7ae483fb in ?? () from /usr/local/lib/libcurl.so.4

19 0x00007f4d7ae48857 in Curl_unencode_gzip_write () from /usr/local/lib/libcurl.so.4

20 0x00007f4d7ae46e4a in Curl_readwrite () from /usr/local/lib/libcurl.so.4

21 0x00007f4d7ae25cde in ?? () from /usr/local/lib/libcurl.so.4

22 0x00007f4d7ae4930e in curl_multi_perform () from /usr/local/lib/libcurl.so.4

23 0x0000000000c0e65f in ?? ()

24 0x0000000000000004 in ?? ()

25 0x0000001fac319130 in ?? ()

26 0x00007fff00000000 in ?? ()

27 0x00007fffac319160 in ?? ()

28 0x0000000100000000 in ?? ()

29 0x0000000000000001 in ?? ()

30 0x0000000000871e07 in ?? ()

31 0x0000000000000004 in ?? ()

32 0x0000000000000000 in ?? ()

[clbr]

Hm, those traces don't look like frozen, no cpu usage loop. Could be something else then, but not due to JS.

[juanitotc]

I'm away for the next ten days or so - I'll look at compiling fifth with debugging symbols when I get back.

[clbr]

Looking at the trace again, we crashed, and the crash happened inside malloc. This then lead to a deadlock due to printf calling malloc. Should be fixed now, though naturally it won't help the original crash.

[juanitotc]

I got the debug build built, but now fifth will not freeze with the URL at the top.

However, it does crash on this page with:

$ fifth libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: profile 'Photoshop ICC profile': 'RGB ': RGB color space not permitted on grayscale PNG ASSERTION FAILED: m_isValid == valid() html/HTMLFormControlElement.cpp(468) : bool WebCore::HTMLFormControlElement::isValidFormControlElement() const 1 0x10d7ec1 2 0x75c0b0 3 0x75bf12 4 0x123a70a 5 0x19f26be Crashing with signal Segmentation fault, 11 LEAK: 4908 RenderObject LEAK: 2 XMLHttpRequest LEAK: 51 JSLazyEventListener LEAK: 10460 WebCoreNode LEAK: 1 SubresourceLoader LEAK: 184 CachedResource LEAK: 23 Frame LEAK: 6 Page

This seems more likely due to asserts than the original problem though?

[juanitotc]

Got it:

(gdb) thread apply all bt

Thread 7 (LWP 6650):

0 0x00007f0e8a679d4d in nanosleep () from /lib/libpthread.so.0

1 0x0000000001b5c38b in std::this_thread::sleep_for<long, std::ratio<1l, 1000l> > (__rtime=...) at /usr/local/include/c++/6.2.0/thread:322

2 0x0000000001b592bf in bmalloc::sleep (lock=..., duration=...) at StaticMutex.h:64

3 0x0000000001b59309 in bmalloc::waitUntilFalse (lock=..., sleepDuration=..., condition=@0x4b84790: true) at StaticMutex.h:74

4 0x0000000001b5ace8 in bmalloc::Heap::scavenge (this=0x4b825e0 <bmalloc::PerProcess::s_memory>, lock=...,

sleepDuration=...) at Heap.cpp:89

5 0x0000000001b5aca7 in bmalloc::Heap::concurrentScavenge (this=0x4b825e0 <bmalloc::PerProcess::s_memory>) at Heap.cpp:84

6 0x0000000001b5da37 in bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::entryPoint (

this=0x4b84a30 <bmalloc::PerProcess<bmalloc::Heap>::s_memory+9296>) at AsyncTask.h:131

7 0x0000000001b5d6a8 in bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::pthreadEntryPoint (

asyncTask=0x4b84a30 <bmalloc::PerProcess<bmalloc::Heap>::s_memory+9296>) at AsyncTask.h:121

8 0x00007f0e8a6720f5 in ?? () from /lib/libpthread.so.0

9 0x00007f0e8571caff in clone () from /lib/libc.so.6

Thread 6 (LWP 6378):

0 0x00007f0e8a676e5f in pthread_cond_wait () from /lib/libpthread.so.0

1 0x00007f0e85c7fd42 in std::condition_variable::wait(std::unique_lock&) () from /usr/lib/libstdc++.so.6

2 0x0000000000ea6838 in std::condition_variable::wait<JSC::GCThread::waitForNextPhase()::<lambda()> >(std::unique_lock &, JSC::GCThread::<lambda()>) (this=0x7f0e80029380, lock=..., p=...) at /usr/local/include/c++/6.2.0/condition_variable:99

3 0x0000000000ea6236 in JSC::GCThread::waitForNextPhase (this=0x5027930) at heap/GCThread.cpp:79

4 0x0000000000ea62d9 in JSC::GCThread::gcThreadMain (this=0x5027930) at heap/GCThread.cpp:97

5 0x0000000000ea63d6 in JSC::GCThread::gcThreadStartFunc (data=0x5027930) at heap/GCThread.cpp:136

6 0x00000000010c1cd8 in WTF::<lambda()>::operator()(void) const (__closure=0x7f0e3eddfca0) at Threading.cpp:81

7 0x00000000010c1e48 in std::_Function_handler<void(), WTF::createThread(WTF::ThreadFunction, void, char const)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/local/include/c++/6.2.0/functional:1740

8 0x0000000000488b8e in std::function<void ()>::operator()() const (this=0x7f0e3eddfca0) at /usr/local/include/c++/6.2.0/functional:2136

9 0x00000000010c1c09 in WTF::threadEntryPoint (contextData=0x7f0e81ff63c0) at Threading.cpp:58

10 0x000000000109688e in WTF::wtfThreadEntryPoint (param=0x7f0e81ffb4a0) at ThreadingPthreads.cpp:174

11 0x00007f0e8a6720f5 in ?? () from /lib/libpthread.so.0

12 0x00007f0e8571caff in clone () from /lib/libc.so.6

Thread 5 (LWP 6377):

0 0x00007f0e8a676e5f in pthread_cond_wait () from /lib/libpthread.so.0

1 0x00007f0e85c7fd42 in std::condition_variable::wait(std::unique_lock&) () from /usr/lib/libstdc++.so.6

2 0x0000000000ea6838 in std::condition_variable::wait<JSC::GCThread::waitForNextPhase()::<lambda()> >(std::unique_lock &, JSC::GCThread::<lambda()>) (this=0x7f0e80029380, lock=..., p=...) at /usr/local/include/c++/6.2.0/condition_variable:99

3 0x0000000000ea6236 in JSC::GCThread::waitForNextPhase (this=0x5027650) at heap/GCThread.cpp:79

4 0x0000000000ea62d9 in JSC::GCThread::gcThreadMain (this=0x5027650) at heap/GCThread.cpp:97

5 0x0000000000ea63d6 in JSC::GCThread::gcThreadStartFunc (data=0x5027650) at heap/GCThread.cpp:136

6 0x00000000010c1cd8 in WTF::<lambda()>::operator()(void) const (__closure=0x7f0e3efe0ca0) at Threading.cpp:81

7 0x00000000010c1e48 in std::_Function_handler<void(), WTF::createThread(WTF::ThreadFunction, void, char const)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/local/include/c++/6.2.0/functional:1740

8 0x0000000000488b8e in std::function<void ()>::operator()() const (this=0x7f0e3efe0ca0) at /usr/local/include/c++/6.2.0/functional:2136

9 0x00000000010c1c09 in WTF::threadEntryPoint (contextData=0x7f0e81ff6370) at Threading.cpp:58

10 0x000000000109688e in WTF::wtfThreadEntryPoint (param=0x7f0e81ffb480) at ThreadingPthreads.cpp:174

11 0x00007f0e8a6720f5 in ?? () from /lib/libpthread.so.0

12 0x00007f0e8571caff in clone () from /lib/libc.so.6

Thread 4 (LWP 6376):

0 0x00007f0e8a676e5f in pthread_cond_wait () from /lib/libpthread.so.0

1 0x00007f0e85c7fd42 in std::condition_variable::wait(std::unique_lock&) () from /usr/lib/libstdc++.so.6

2 0x0000000000ea6838 in std::condition_variable::wait<JSC::GCThread::waitForNextPhase()::<lambda()> >(std::unique_lock &, JSC::GCThread::<lambda()>) (this=0x7f0e80029380, lock=..., p=...) at /usr/local/include/c++/6.2.0/condition_variable:99

3 0x0000000000ea6236 in JSC::GCThread::waitForNextPhase (this=0x5027370) at heap/GCThread.cpp:79

4 0x0000000000ea62d9 in JSC::GCThread::gcThreadMain (this=0x5027370) at heap/GCThread.cpp:97

5 0x0000000000ea63d6 in JSC::GCThread::gcThreadStartFunc (data=0x5027370) at heap/GCThread.cpp:136

6 0x00000000010c1cd8 in WTF::<lambda()>::operator()(void) const (__closure=0x7f0e3f1e1ca0) at Threading.cpp:81

7 0x00000000010c1e48 in std::_Function_handler<void(), WTF::createThread(WTF::ThreadFunction, void, char const)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/local/include/c++/6.2.0/functional:1740

8 0x0000000000488b8e in std::function<void ()>::operator()() const (this=0x7f0e3f1e1ca0) at /usr/local/include/c++/6.2.0/functional:2136

9 0x00000000010c1c09 in WTF::threadEntryPoint (contextData=0x7f0e81ff6320) at Threading.cpp:58

10 0x000000000109688e in WTF::wtfThreadEntryPoint (param=0x7f0e81ffb460) at ThreadingPthreads.cpp:174

11 0x00007f0e8a6720f5 in ?? () from /lib/libpthread.so.0

12 0x00007f0e8571caff in clone () from /lib/libc.so.6

Thread 3 (LWP 6371):

0 0x00007f0e8a676e5f in pthread_cond_wait () from /lib/libpthread.so.0

1 0x00000000010970d4 in WTF::ThreadCondition::wait (this=0x7f0e800108d8, mutex=...) at ThreadingPthreads.cpp:378

2 0x00000000005b3eb3 in WebCore::IconDatabase::syncThreadMainLoop (this=0x7f0e80010800) at loader/icon/IconDatabase.cpp:1431

3 0x00000000005b23e7 in WebCore::IconDatabase::iconDatabaseSyncThread (this=0x7f0e80010800) at loader/icon/IconDatabase.cpp:1035

4 0x00000000005b209a in WebCore::IconDatabase::iconDatabaseSyncThreadStart (vIconDatabase=0x7f0e80010800)

at loader/icon/IconDatabase.cpp:956

5 0x00000000010c1cd8 in WTF::<lambda()>::operator()(void) const (__closure=0x7f0e82270ca0) at Threading.cpp:81

6 0x00000000010c1e48 in std::_Function_handler<void(), WTF::createThread(WTF::ThreadFunction, void, char const)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/local/include/c++/6.2.0/functional:1740

7 0x0000000000488b8e in std::function<void ()>::operator()() const (this=0x7f0e82270ca0) at /usr/local/include/c++/6.2.0/functional:2136

8 0x00000000010c1c09 in WTF::threadEntryPoint (contextData=0x7f0e81ff6000) at Threading.cpp:58

9 0x000000000109688e in WTF::wtfThreadEntryPoint (param=0x7f0e81ffb010) at ThreadingPthreads.cpp:174

10 0x00007f0e8a6720f5 in ?? () from /lib/libpthread.so.0

11 0x00007f0e8571caff in clone () from /lib/libc.so.6

Thread 2 (LWP 6370):

0 0x00007f0e856f703d in nanosleep () from /lib/libc.so.6

1 0x00007f0e856f6f9b in sleep () from /lib/libc.so.6

2 0x0000000000422125 in listenRemote () at remote.cpp:38

3 0x00007f0e8a6720f5 in ?? () from /lib/libpthread.so.0

4 0x00007f0e8571caff in clone () from /lib/libc.so.6

Thread 1 (LWP 6369):

0 0x00007f0e85716b23 in select () from /lib/libc.so.6

1 0x00007f0e8aae3c42 in ?? () from /usr/local/lib/libfltk.so.1.3

2 0x00007f0e8ab0787d in Fl::wait(double) () from /usr/local/lib/libfltk.so.1.3

3 0x000000000041f63d in main (argc=1, argv=0x7ffddecd6c78) at main.cpp:895

[clbr]

I'm afraid this trace looks like normal operation :(

[juanitotc]

That's what I thought, but fifth is definitely frozen - I left it an hour to double-check and the only way to get out of it was "killall -9".

Are any more commits to fifth/webkitfltk pending? If not I'll build stripped versions of fifth for the repos.

[clbr]

No changes pending right now.