Bug 185558
| Summary: | [GTK] Javascript on page causes total browser crash | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Beau Adkins <beau.adkins> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | beau.adkins |
| Priority: | P2 | ||
| Version: | WebKit Local Build | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| URL: | http://www.rowaytonpta.org/ | ||
Beau Adkins
If you browse to http://www.rowaytonpta.org/ in WebKitGTK, the Web process will crash after a few seconds. Unfortunately, the stack trace does not show much useful info:
Program received signal SIGSEGV, Segmentation fault.
0xac3ebc20 in ?? ()
(gdb) bt
#0 0xac3ebc20 in ?? ()
#1 0xac5d40e7 in ?? ()
#2 0xac3ca558 in ?? ()
#3 0xac3ed6d8 in ?? ()
#4 0xac5d5a38 in ?? ()
#5 0xac36bcd5 in ?? ()
#6 0xac5d5838 in ?? ()
#7 0xac400606 in ?? ()
#8 0xac20475d in ?? ()
#9 0xac5d395f in ?? ()
#10 0xac3b1e31 in ?? ()
#11 0xac3310c4 in ?? ()
#12 0xb33e8712 in llint_entry ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#13 0xb33e8712 in llint_entry ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#14 0xb33e8712 in llint_entry ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#15 0xb33e8712 in llint_entry ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#16 0xb33e8712 in llint_entry ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#17 0xac37ec88 in ?? ()
#18 0xb33e8712 in llint_entry ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#19 0xac2eb27f in ?? ()
#20 0xac2ec558 in ?? ()
#21 0xac338978 in ?? ()
#22 0xac2e3300 in ?? ()
#23 0xac2f04e5 in ?? ()
#24 0xac338865 in ?? ()
#25 0xac339878 in ?? ()
#26 0xac4751b8 in ?? ()
#27 0xac475720 in ?? ()
#28 0xac238a98 in ?? ()
#29 0xac47b19f in ?? ()
#30 0xb33e3a8d in vmEntryToJavaScript ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#31 0xb3367792 in JSC::JITCode::execute (this=this@entry=0x986e6510,
vm=vm@entry=0xa87f4000, protoCallFrame=protoCallFrame@entry=0xbfac37f4)
at ../../Source/JavaScriptCore/jit/JITCode.cpp:81
#32 0xb331f713 in JSC::Interpreter::executeCall (this=0xae3fc300,
callFrame=callFrame@entry=0xa7fdf8d0, function=function@entry=0xa048dfe0,
callType=callType@entry=<incomplete type>, callData=..., thisValue=...,
args=...) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:941
#33 0xb35104d5 in JSC::call (exec=exec@entry=0xa7fdf8d0, functionObject=...,
callType=callType@entry=<incomplete type>, callData=..., thisValue=...,
args=...) at ../../Source/JavaScriptCore/runtime/CallData.cpp:39
#34 0xb3510555 in JSC::call (exec=exec@entry=0xa7fdf8d0, functionObject=...,
callType=callType@entry=<incomplete type>, callData=..., thisValue=...,
args=..., returnedException=...)
at ../../Source/JavaScriptCore/runtime/CallData.cpp:46
#35 0xb3510870 in JSC::profiledCall (exec=0xa7fdf8d0, reason=JSC::Other,
functionObject=..., callType=<incomplete type>, callData=...,
thisValue=..., args=..., returnedException=...)
at ../../Source/JavaScriptCore/runtime/CallData.cpp:65
#36 0xb5790e6e in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) () from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#37 0xb5992ec6 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1u, WTF::CrashOnOverflow, 16u>) () from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#38 0xb59931e7 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) ()
from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#39 0xb59b375e in WebCore::Node::handleLocalEvents(WebCore::Event&) ()
from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#40 0xb598c2c5 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const () from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#41 0xb598d398 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) () from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#42 0xb59b71f2 in WebCore::Node::dispatchEvent(WebCore::Event&) [clone .localalias.411] () from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#43 0xb5b84b48 in WebCore::HTMLScriptElement::dispatchLoadEvent() ()
from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#44 0xb59d809f in WebCore::ScriptElement::executeScriptAndDispatchEvent(WebCore::LoadableScript&) () from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#45 0xb59d8134 in WebCore::ScriptElement::executePendingScript(WebCore::PendingScript&) () from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#46 0xb59dc5d7 in WebCore::ScriptRunner::timerFired() ()
from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#47 0xb59dca6b in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::ScriptRunner::*)()> (WebCore::ScriptRunner*)> >::_M_invoke(std::_Any_data const&) () from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#48 0xb512dc55 in WebCore::Timer::fired() ()
from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#49 0xb5ece8de in WebCore::ThreadTimers::sharedTimerFiredInternal() ()
from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#50 0xb5ece925 in std::_Function_handler<void (), WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::{lambda()#1}>::_M_invoke(std::_Any_data const&)
() from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#51 0xb5eb04d1 in WebCore::MainThreadSharedTimer::fired() ()
from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#52 0xb5eb04fe in WTF::RunLoop::Timer<WebCore::MainThreadSharedTimer>::fired()
() from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#53 0xb381015e in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#54 0xb380fc01 in WTF::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#55 0xb02e3a5b in g_main_dispatch ()
at /home/user/projects/sandbox/trunk/code/server/webkit/webkit-2.16/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3122
#56 g_main_context_dispatch ()
at /home/user/projects/sandbox/trunk/code/server/webkit/webkit-2.16/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3737
#57 0xb02e3e59 in g_main_context_iterate ()
at /home/user/projects/sandbox/trunk/code/server/webkit/webkit-2.16/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:3808
#58 0xb02e4209 in g_main_loop_run ()
at /home/user/projects/sandbox/trunk/code/server/webkit/webkit-2.16/WebKitBuild/DependenciesGTK/Source/glib-2.44.1/glib/gmain.c:4002
#59 0xb3810590 in WTF::RunLoop::run() ()
from /bin/NX/webkitgtk/libjavascriptcoregtk-4.0.so.18
#60 0xb550fbc0 in WebProcessMainUnix ()
from /bin/NX/webkitgtk/libwebkit2gtk-4.0.so.37
#61 0x08048a27 in main ()
Note that I am seeing this with WebKitGTK 2.16.6. Since I am still using Debian Jessie, I can't currently try it on a newer release to see if the problem still exists. I did try upgrading LLVM from 3.7.0 to 3.8.1, but it had no effect.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Beau Adkins
Note, I just switched over from a 32bit build of WebKitGTK to a 64bit build and this crash has gone away. Not sure why that fixes it but it does. Closing this ticket since 32bit Linux is so rare now.