Bug 167377

Summary: [GTK] [2.14.3] Crash on JSC::SourceProviderCache::clear() on ppc64el
Product: WebKit Reporter: Alberto Garcia <berto>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: bugs-noreply, cgarcia, fpizlo, mohanreddy.vr, tpopela
Priority: P2    
Version: Other   
Hardware: Unspecified   
OS: Unspecified   

Alberto Garcia
Reported 2017-01-24 11:50:02 PST
When running Seed [ https://wiki.gnome.org/Seed ] built using javascriptcore from WebKitGTK+ 2.14.3 I get a crash (see backtrace below). A Debian user reported this with version 2.14.2 as well. This only happens with some architectures (mips, ppc64el, s390x), see here for details: https://buildd.debian.org/status/package.php?p=seed-webkit2&suite=sid Here's the full backtrace in ppc64el: Thread 1 "seed" received signal SIGSEGV, Segmentation fault. #0 0x00003fffb76607f8 in WTF::HashTable<int, WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > > >, WTF::IntHash<int>, WTF::HashMap<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> >, WTF::IntHash<int>, WTF::UnsignedWithZeroKeyHashTraits<int>, WTF::HashTraits<std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > > >::KeyValuePairTraits, WTF::UnsignedWithZeroKeyHashTraits<int> >::deallocateTable(WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > >*, unsigned int) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #1 0x00003fffb7660660 in JSC::SourceProviderCache::clear() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #2 0x00003fffb76606c0 in JSC::SourceProviderCache::~SourceProviderCache() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #3 0x00003fffb78f731c in WTF::HashTable<WTF::RefPtr<JSC::SourceProvider>, WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> > >, WTF::PtrHash<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashMap<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache>, WTF::PtrHash<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashTraits<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashTraits<WTF::RefPtr<JSC::SourceProviderCache> > >::KeyValuePairTraits, WTF::HashTraits<WTF::RefPtr<JSC::SourceProvider> > >::deallocateTable(WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> >*, unsigned int) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #4 0x00003fffb78f1040 in JSC::VM::clearSourceProviderCaches() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #5 0x00003fffb74da4dc in JSC::Heap::deleteSourceProviderCaches() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #6 0x00003fffb74de71c in JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, __jmp_buf_tag (&) [1]) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #7 0x00003fffb74dea0c in JSC::Heap::collectWithoutAnySweep(JSC::HeapOperation) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #8 0x00003fffb74deca4 in JSC::Heap::collect(JSC::HeapOperation) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #9 0x00003fffb78c4f9c in JSC::Structure::changePrototypeTransition(JSC::VM&, JSC::Structure*, JSC::JSValue) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #10 0x00003fffb77a81c4 in JSC::JSObject::setPrototypeDirect(JSC::VM&, JSC::JSValue) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #11 0x00003fffb73ef2c0 in JSObjectMake () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #12 0x00003fffb7db2f2c in seed_gobject_define_property_from_function_info (ctx=0x3fffb3bffee0, info=0x222b26d0, object=0x3fffb358a120, instance=<optimized out>) at seed-engine.c:1088 #13 0x00003fffb7db625c in seed_struct_prototype (ctx=0x3fffb3bffee0, info=0x222ae370) at seed-structs.c:609 #14 0x00003fffb7dc05fc in seed_gi_importer_handle_struct (exception=<optimized out>, info=0x222ae370, namespace_ref=<optimized out>, ctx=0x3fffb3bffee0) at seed-importer.c:365 #15 seed_gi_importer_do_namespace (ctx=0x3fffb3bffee0, namespace=0x3fffffffccf0 "GLib", exception=0x3fffffffcd68) at seed-importer.c:542 #16 0x00003fffb7dc0b08 in seed_gi_importer_get_property (ctx=0x3fffb3bffee0, object=<optimized out>, property_name=<optimized out>, exception=0x3fffffffcd68) at seed-importer.c:620 #17 0x00003fffb73ded38 in JSC::JSCallbackObject<JSC::JSDestructibleObject>::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #18 0x00003fffb75763f4 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #19 0x00003fffb757bfa0 in JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #20 0x00003fffb757993c in vmEntryToJavaScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #21 0x00003fffb7564860 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #22 0x00003fffb7559acc in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #23 0x00003fffb76caa14 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #24 0x00003fffb76cac64 in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #25 0x00003fffb73d4594 in JSEvaluateScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #26 0x00003fffb7dae920 in seed_include (ctx=0x3fffb3bfff40, function=<optimized out>, this_object=<optimized out>, argumentCount=<optimized out>, arguments=<optimized out>, exception=0x3fffffffdee8) at seed-builtins.c:104 #27 0x00003fffb73d6358 in long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #28 0x00003fffb7565f04 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #29 0x00003fffb75790e4 in JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #30 0x00003fffb7572390 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #31 0x00003fffb757fc90 in JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #32 0x00003fffb757993c in vmEntryToJavaScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #33 0x00003fffb7564860 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #34 0x00003fffb7559acc in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #35 0x00003fffb76caa14 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #36 0x00003fffb76cac64 in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #37 0x00003fffb73d4594 in JSEvaluateScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #38 0x00003fffb7db3e5c in seed_init_with_context_and_group (argc=0x3ffffffff02c, argv=0x3ffffffff020, context=<optimized out>, group=<optimized out>) at seed-engine.c:1914 #39 0x00003fffb7db3f10 in seed_init_with_context_group (argc=0x3ffffffff02c, argv=0x3ffffffff020, group=0x3fffb41c0000) at seed-engine.c:1939 #40 0x00003fffb7db3f88 in seed_init (argc=0x3ffffffff02c, argv=<optimized out>) at seed-engine.c:1962 #41 0x000000002223112c in main (argc=<optimized out>, argv=<optimized out>) at main.c:142
Attachments
Mohan
Comment 1 2017-06-23 01:32:25 PDT
I am facing similar issue with Webkit2.12.2 version. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 25'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0xb4a23710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 [Current thread is 1 (Thread 0xb25b3000 (LWP 2119))] (gdb) bt #0 0xb4a23710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #1 0xb4a20ed4 in vmEntryToJavaScript () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #2 0xb4a11f0c in JSC::JITCode::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #3 0xb4a09fd0 in JSC::Interpreter::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #4 0xb4ba0288 in JSC::globalFuncEval () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #5 0xb4a22710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #6 0xb4a20ed4 in vmEntryToJavaScript () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #7 0xb4a11f0c in JSC::JITCode::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #8 0xb4a08500 in JSC::Interpreter::executeCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #9 0xb4b183cc in JSC::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #10 0xb4b18428 in JSC::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #11 0xb5d3edf0 in WebCore::functionCallHandlerFromAnyThread () from /usr/lib/libwebkit2gtk-4.0.so.37 #12 0xb4924d68 in Deprecated::ScriptFunctionCall::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #13 0xb49d1f08 in Inspector::InjectedScriptBase::callFunctionWithEvalEnabled () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #14 0xb49d2154 in Inspector::InjectedScriptBase::makeCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #15 0xb49d23cc in Inspector::InjectedScriptBase::makeEvalCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #16 0xb49cfc64 in Inspector::InjectedScript::evaluate () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #17 0xb4a03b14 in Inspector::InspectorRuntimeAgent::evaluate () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #18 0xb4d1d0d0 in Inspector::RuntimeBackendDispatcher::evaluate(long, WTF::RefPtr<Inspector::InspectorObject>&&) () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #19 0xb4d13798 in Inspector::RuntimeBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<Inspector::InspectorObject>&&) () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #20 0xb49d99a0 in Inspector::BackendDispatcher::dispatch () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #21 0xb5c423ec in WebKit::WebInspector::didReceiveMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #22 0xb5a59f88 in IPC::MessageReceiverMap::dispatchMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #23 0xb5b1ef6c in WebKit::WebProcess::didReceiveMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #24 0xb5a57da0 in IPC::Connection::dispatchMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #25 0xb5a58878 in IPC::Connection::dispatchOneMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #26 0xb4d420f4 in WTF::RunLoop::performWork () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #27 0xb4d6c548 in _FUN () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #28 0xb56da0f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #29 0xb56da394 in g_main_context_iterate.isra () from /usr/lib/libglib-2.0.so.0 #30 0xb56da7a0 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #31 0xb4d6d0c8 in WTF::RunLoop::run () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #32 0xb5c18c3c in WebProcessMainUnix () from /usr/lib/libwebkit2gtk-4.0.so.37 #33 0xb57fc5f0 in __libc_start_main (main=0x8684 <main()>, argc=2, argv=0xbea40d34, init=<optimized out>, fini=0x87dd <__libc_csu_fini>, rtld_fini=0xb6f650c9 <_dl_fini>, stack_end=0xbea40d34) at libc-start.c:285 #34 0x000086f0 in _start () at ../ports/sysdeps/arm/start.S:124 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb)
Note You need to log in before you can comment on or make changes to this bug.