Bug 41454

Summary: Crash in JSC::JSValue::operator bool when loading postimees.ee
Product: WebKit Reporter: Priit Laes (IRC: plaes) <plaes>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: ap, barraclough, ggaren, gustavo, ismail, oliver, uzytkownik2
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
URL: http://www.postimees.ee
Attachments:
Description Flags
crashfix.patch none

Priit Laes (IRC: plaes)
Reported 2010-07-01 04:32:07 PDT
When opening following site: http://www.postimees.ee I'm getting crash: Webkit-gtk-1.3.2 with epiphany-2.30.2 Traceback (most recent call last): File "/usr/share/gdb/auto-load/usr/lib64/libgobject-2.0.so.0.2400.1-gdb.py", line 9, in <module> from gobject import register File "/usr/share/glib-2.0/gdb/gobject.py", line 3, in <module> import gdb.backtrace ImportError: No module named backtrace [Thread debugging using libthread_db enabled] [New Thread 0x7f9ba59a4710 (LWP 5469)] [New Thread 0x7f9ba62a5710 (LWP 5468)] 0x00007f9bbcbf4cdd in __libc_waitpid (pid=5542, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 in ../sysdeps/unix/sysv/linux/waitpid.c #0 0x00007f9bbcbf4cdd in __libc_waitpid (pid=5542, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 #1 0x00007f9bbd3c0121 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff2f828038) at gspawn.c:386 #2 0x00007f9bbd3c0439 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff2f828038) at gspawn.c:700 #3 0x00007f9bab64fd61 in run_bug_buddy (signum=<value optimized out>) at gnome-breakpad.cc:369 #4 check_if_gdb (signum=<value optimized out>) at gnome-breakpad.cc:440 #5 bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:223 #6 <signal handler called> #7 JSC::JSValue::operator bool (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:824 #8 JSC::ExecState::hadException (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at ./JavaScriptCore/interpreter/CallFrame.h:83 #9 callDefaultValueFunction (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:253 #10 JSC::JSObject::defaultValue (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:272 #11 0x00007f9bc0ca412d in JSC::JSObject::toPrimitive (this=0x0, exec=0x4000007f9b9f8c1d, preferredType=2677260689) at ./JavaScriptCore/runtime/JSObject.h:631 #12 0x00007f9bc14b4414 in JSC::JSObject::toString (this=0x0, exec=0x7f9b9f93c190) at JavaScriptCore/runtime/JSObject.cpp:476 #13 0x00007f9bc14e0844 in JSC::JSValue::toThisString (exec=0x7f9b9f93c190) at JavaScriptCore/runtime/JSObject.h:739 #14 stringProtoFuncSubstring (exec=0x7f9b9f93c190) at JavaScriptCore/runtime/StringPrototype.cpp:764 #15 0x00007f9bc27261aa in ?? () #16 0xffff000000000002 in ?? () #17 0x00007f9ba4e71aba in ?? () #18 0x0000000000000000 in ?? () Thread 3 (Thread 0x7f9ba62a5710 (LWP 5468)): #0 pthread_cond_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162 No locals. #1 0x00007f9bc14eccd4 in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7f9bc1ea9ba0) at JavaScriptCore/wtf/FastMalloc.cpp:2380 No locals. #2 0x00007f9bc14eccf9 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0x7f9bc1eb7c74) at JavaScriptCore/wtf/FastMalloc.cpp:1501 No locals. #3 0x00007f9bbcbec8e4 in start_thread (arg=<value optimized out>) at pthread_create.c:297 __res = <value optimized out> pd = 0x7f9ba62a5710 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140306484451088, 8797029185233484727, 140306863321312, 0, 140306961006592, 3, -8853479575251453001, -8853467656871609417}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #4 0x00007f9bbc95e27d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 2 (Thread 0x7f9ba59a4710 (LWP 5469)): #0 pthread_cond_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162 No locals. #1 0x00007f9bc11b1c48 in WebCore::IconDatabase::syncThreadMainLoop (this=0x7f9ba59baa00) at WebCore/loader/icon/IconDatabase.cpp:1412 didAnyWork = <value optimized out> #2 0x00007f9bc11b1d18 in WebCore::IconDatabase::iconDatabaseSyncThread (this=0x7f9ba59baa00) at WebCore/loader/icon/IconDatabase.cpp:1030 journalFilename = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7f9ba59bcf20}} #3 0x00007f9bbcbec8e4 in start_thread (arg=<value optimized out>) at pthread_create.c:297 __res = <value optimized out> pd = 0x7f9ba59a4710 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140306475009808, 8797029185233484727, 140306863321312, 0, 140306961006592, 3, -8853487138151990345, -8853467656871609417}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> freesize = <value optimized out> __PRETTY_FUNCTION__ = "start_thread" #4 0x00007f9bbc95e27d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 1 (Thread 0x7f9bc28ce8c0 (LWP 5467)): #0 0x00007f9bbcbf4cdd in __libc_waitpid (pid=5542, stat_loc=<value optimized out>, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 _a3 = 0 _a1 = 5542 resultvar = <value optimized out> _a4 = 0 _a2 = 140733990469280 oldtype = 0 result = <value optimized out> #1 0x00007f9bbd3c0121 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff2f828038) at gspawn.c:386 outpipe = -1 errpipe = -1 pid = 5542 fds = {__fds_bits = {0, 16, 16, 0, 75640824, 140733990469688, 74736128, 75640800, 3, 0, 75640824, 140306871322109, 140733990469288, 140733990469280, 140733990469400, 0}} ret = <value optimized out> outstr = 0x0 errstr = 0x0 failed = 0 status = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_spawn_sync" #2 0x00007f9bbd3c0439 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff2f828038) at gspawn.c:700 retval = 0 argv = 0x4822fe0 __PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync" #3 0x00007f9bab64fd61 in run_bug_buddy (signum=<value optimized out>) at gnome-breakpad.cc:369 res = <value optimized out> warning_file = 0x0 exec_str = 0x471e1e0 "bug-buddy --appname=\"epiphany\" --pid=5467" args_str = <value optimized out> error = 0x0 #4 check_if_gdb (signum=<value optimized out>) at gnome-breakpad.cc:440 gdb = 0x1e91ea0 "/usr/bin/gdb" pid = 5467 mypath = 0x481a840 "\200\314\302\004" has_debug_symbols = <value optimized out> appname = 0x185e180 "epiphany" #5 bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:223 in_segv = 1 #6 <signal handler called> No symbol table info available. #7 JSC::JSValue::operator bool (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:824 No locals. #8 JSC::ExecState::hadException (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at ./JavaScriptCore/interpreter/CallFrame.h:83 No locals. #9 callDefaultValueFunction (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:253 callData = {native = {function = 0x7f9bc14df1c0 <stringProtoFuncToString>}, js = {functionExecutable = 0x7f9bc14df1c0, scopeChain = 0x8}} callType = <value optimized out> #10 JSC::JSObject::defaultValue (this=<value optimized out>, exec=0x7f9b9f93c190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:272 No locals. #11 0x00007f9bc0ca412d in JSC::JSObject::toPrimitive (this=0x0, exec=0x4000007f9b9f8c1d, preferredType=2677260689) at ./JavaScriptCore/runtime/JSObject.h:631 No locals. #12 0x00007f9bc14b4414 in JSC::JSObject::toString (this=0x0, exec=0x7f9b9f93c190) at JavaScriptCore/runtime/JSObject.cpp:476 primitive = <value optimized out> #13 0x00007f9bc14e0844 in JSC::JSValue::toThisString (exec=0x7f9b9f93c190) at JavaScriptCore/runtime/JSObject.h:739 No locals. #14 stringProtoFuncSubstring (exec=0x7f9b9f93c190) at JavaScriptCore/runtime/StringPrototype.cpp:764 thisValue = {m_ptr = 0x7f9b9f8e8900} s = {static NotFound = <optimized out>, m_rep = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}, static s_nullUString = 0x7f9ba59a60f0} end = <value optimized out> start = <value optimized out> #15 0x00007f9bc27261aa in ?? () No symbol table info available. #16 0xffff000000000002 in ?? () No symbol table info available. #17 0x00007f9ba4e71aba in ?? () No symbol table info available. #18 0x0000000000000000 in ?? () No symbol table info available. A debugging session is active.
Attachments
crashfix.patch (1.21 KB, patch)
2010-07-13 04:42 PDT, Priit Laes (IRC: plaes) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2010-07-01 12:09:42 PDT
This looks cross platform, but I couldn't reproduce this in Safari. Maybe it's a different revision. Geoff, Oliver, any ideas?
Geoffrey Garen
Comment 2 2010-07-01 12:36:55 PDT
Not much to go on here.
Priit Laes (IRC: plaes)
Comment 3 2010-07-02 02:45:15 PDT
(In reply to comment #2) > Not much to go on here. I'm getting it also with ToT. Any hints for printf debugging?
Oliver Hunt
Comment 4 2010-07-02 09:35:07 PDT
(In reply to comment #3) > (In reply to comment #2) > > Not much to go on here. > > I'm getting it also with ToT. Any hints for printf debugging? Do you get it with a debug build?
Priit Laes (IRC: plaes)
Comment 5 2010-07-02 09:42:37 PDT
(In reply to comment #4) > > I'm getting it also with ToT. Any hints for printf debugging? > > Do you get it with a debug build? I cannot build debug because of bug 29244 :S
Priit Laes (IRC: plaes)
Comment 6 2010-07-02 11:12:25 PDT
Got following: ASSERTION FAILED: vptr() == JSGlobalData::jsArrayVPtr (JavaScriptCore/runtime/JSArray.cpp:191 virtual JSC::JSArray::~JSArray()) #5 <signal handler called> #6 0x00007f0e22779ac7 in ~JSArray (this=0x7f0e048c0800, __in_chrg=<value optimized out>) at JavaScriptCore/runtime/JSArray.cpp:191 #7 0x00007f0e22740001 in JSC::Heap::sweep (this=0x24c6c18) at JavaScriptCore/runtime/Collector.cpp:1058 #8 0x00007f0e22740e2e in JSC::Heap::collectAllGarbage (this=0x24c6c18) at JavaScriptCore/runtime/Collector.cpp:1259 #9 0x00007f0e21c7c5ac in collect () at WebCore/bindings/js/GCController.cpp:46 #10 0x00007f0e221add33 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7c5ce0) at WebCore/platform/ThreadTimers.cpp:112 #11 0x00007f0e225c5d42 in timeout_cb () at WebCore/platform/gtk/SharedTimerGtk.cpp:48 #12 0x00007f0e174ae41b in g_timeout_dispatch (source=0x2682e60, callback=0, user_data=0x4a) at gmain.c:3480 #13 0x00007f0e174adc41 in g_main_dispatch (context=0x656880) at gmain.c:2044 #14 g_main_context_dispatch (context=0x656880) at gmain.c:2597 #15 0x00007f0e174b1b78 in g_main_context_iterate (context=0x656880, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2675 #16 0x00007f0e174b2085 in g_main_loop_run (loop=0x24a7980) at gmain.c:2883 #17 0x00007f0e1cd17717 in IA__gtk_main () at gtkmain.c:1237 #18 0x000000000040281f in main (argc=1, argv=0x7fff611e7608) at WebKitTools/GtkLauncher/main.c:224 And bt full: #5 <signal handler called> No symbol table info available. #6 0x00007f0e22779ac7 in ~JSArray (this=0x7f0e048c0800, __in_chrg=<value optimized out>) at JavaScriptCore/runtime/JSArray.cpp:191 No locals. #7 0x00007f0e22740001 in JSC::Heap::sweep (this=0x24c6c18) at JavaScriptCore/runtime/Collector.cpp:1058 cell = 0x7f0e048c0800 __PRETTY_FUNCTION__ = "void JSC::Heap::sweep()" dummyMarkableCellStructure = 0x24add80 #8 0x00007f0e22740e2e in JSC::Heap::collectAllGarbage (this=0x24c6c18) at JavaScriptCore/runtime/Collector.cpp:1259 No locals. #9 0x00007f0e21c7c5ac in collect () at WebCore/bindings/js/GCController.cpp:46 No locals. #10 0x00007f0e221add33 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7c5ce0) at WebCore/platform/ThreadTimers.cpp:112 interval = <value optimized out> fireTime = 1278097612.7114789 timeToQuit = 1278097612.7614789 #11 0x00007f0e225c5d42 in timeout_cb () at WebCore/platform/gtk/SharedTimerGtk.cpp:48 No locals. #12 0x00007f0e174ae41b in g_timeout_dispatch (source=0x2682e60, callback=0, user_data=0x4a) at gmain.c:3480 No locals. #13 0x00007f0e174adc41 in g_main_dispatch (context=0x656880) at gmain.c:2044 dispatch = 0x7f0e174ae400 <g_timeout_dispatch> user_data = 0x0 callback = 0x7f0e225c5d30 <timeout_cb> cb_funcs = 0x7f0e1776a5d0 cb_data = 0x2530520 current_source_link = {data = 0x2682e60, next = 0x0} source = 0x2682e60 current = 0x74ff90 i = 1 #14 g_main_context_dispatch (context=0x656880) at gmain.c:2597 No locals. #15 0x00007f0e174b1b78 in g_main_context_iterate (context=0x656880, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2675 max_priority = 0 timeout = 0 some_ready = 1 nfds = 3 allocated_nfds = 390851152 fds = <value optimized out> __PRETTY_FUNCTION__ = "g_main_context_iterate"
Geoffrey Garen
Comment 7 2010-07-02 12:16:35 PDT
One way this could happen would be if, in your build/link system, WebCore and JavaScriptCore used different vtables for their objects.
Alexey Proskuryakov
Comment 8 2010-07-05 14:47:38 PDT
*** Bug 41609 has been marked as a duplicate of this bug. ***
Priit Laes (IRC: plaes)
Comment 9 2010-07-09 01:59:26 PDT
Phew.. got it bisected :) c9623c29ebd05196543eff26ff51157e13ea6360 is the first bad commit commit c9623c29ebd05196543eff26ff51157e13ea6360 Author: oliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Date: Mon Jun 21 17:43:03 2010 +0000 2010-06-19 Oliver Hunt <oliver@apple.com> Reviewed by Geoffrey Garen. Need to ensure that we grow the RegisterFile when creating a callframe for host code https://bugs.webkit.org/show_bug.cgi?id=40858 <rdar://problem/8108986> In the past the use of the callframe in hostcode was much more limited. Now that we expect the callframe to always be valid we need to grow the RegisterFile so that this is actually the case. In this particular case the problem was failing to grow the registerfile could lead to a callframe that extended beyond RegisterFiler::end(), so vm re-entry would clobber the callframe other scenarios could also lead to badness. I was unable to construct a simple testcase to trigger badness, and any such testcase would be so dependent on exact vm stack layout that it would be unlikely to work as a testcase following any callframe or register allocation changes anyway. Thankfully the new assertion I added should help to catch these failures in future, and triggers on a couple of tests currently. * interpreter/CallFrame.cpp: (JSC::CallFrame::registerFile): * interpreter/CallFrame.h: (JSC::ExecState::init): * interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute): * jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@61553 268f45cc-cd09-0410-ab3c-d52691b4dbfc :040000 040000 72d529932785e4ccd65dbcf9a1852782842b220c 8ad86d61e4ac201ba4b7aa33e9fd1e4315f53de9 M JavaScriptCore
Priit Laes (IRC: plaes)
Comment 10 2010-07-13 04:42:11 PDT
Created attachment 61353 [details] crashfix.patch After commenting out one of the assertions, things work again...
Alexey Proskuryakov
Comment 11 2010-07-19 16:24:14 PDT
*** Bug 42585 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 12 2010-07-19 16:25:07 PDT
Per a duplicate, this also affects Mac.
Ismail Donmez
Comment 13 2010-07-26 01:44:10 PDT
Still reproducable with ToT also effects http://gazetevatan.com , a big Turkish newspapers website.
Ismail Donmez
Comment 14 2010-07-29 03:55:05 PDT
postimees.ee is no longer crashing but http://gazetevatan.com still crashes, are we sure those are the same problems?
Alexey Proskuryakov
Comment 15 2010-08-01 23:43:42 PDT
<rdar://problem/8260963>
Ismail Donmez
Comment 16 2010-08-06 05:47:42 PDT
This bug prevents me from testing WebKit on my machine, it would be real nice if it could be fixed.
Ismail Donmez
Comment 17 2010-08-10 06:12:11 PDT
No longer crashes with r65052
Maciej Piechotka
Comment 18 2010-09-24 10:29:18 PDT
Reproduced with 1.3.4 + patch: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff6e7c7c4 in operator bool (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:793 793 ./JavaScriptCore/runtime/JSValue.h: No such file or directory. in ./JavaScriptCore/runtime/JSValue.h Thread 24 (Thread 0x7fff5112f710 (LWP 4747)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 164703000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff5112ecb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 164703} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a5ab60 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x7fffe0024920) at gthread.c:1897 thread = 0x7fffe0024920 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 23 (Thread 0x7fff51a30710 (LWP 4746)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 200311000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff51a2fcb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 200311} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x19b6580 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x7fffe00122c0) at gthread.c:1897 thread = 0x7fffe00122c0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 22 (Thread 0x7fff52231710 (LWP 4745)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 76748000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff52230cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 76748} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a5ab00 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x7fffe001f370) at gthread.c:1897 thread = 0x7fffe001f370 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 21 (Thread 0x7fff52a32710 (LWP 4744)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 85663000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff52a31cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 85663} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a0ae40 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x7fffe0012590) at gthread.c:1897 thread = 0x7fffe0012590 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 20 (Thread 0x7fff53e3a710 (LWP 4743)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 47249000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff53e39cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 47249} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x7fffe0026d80 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x1a2dbc0) at gthread.c:1897 thread = 0x1a2dbc0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 19 (Thread 0x7fff54e3c710 (LWP 4742)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 49291000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff54e3bcb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 49291} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x19b6b00 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x1a4c510) at gthread.c:1897 thread = 0x1a4c510 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 18 (Thread 0x7fff55f89710 (LWP 4741)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 200651000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff55f88cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 200651} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a51b00 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x1a3d900) at gthread.c:1897 thread = 0x1a3d900 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 17 (Thread 0x7fff5573d710 (LWP 4740)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 50888000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff5573ccb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 50888} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x1a5a8c0 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x1a3cfc0) at gthread.c:1897 thread = 0x1a3cfc0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 16 (Thread 0x7fffd75c5710 (LWP 4739)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 90264000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fffd75c4cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 90264} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0xd21860 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x192b1f0) at gthread.c:1897 thread = 0x192b1f0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 15 (Thread 0x7fff5463b710 (LWP 4738)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 103598000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff5463acb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 103598} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x19b6580 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x18c1df0) at gthread.c:1897 thread = 0x18c1df0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 14 (Thread 0x7fff53639710 (LWP 4737)): #0 0x00007ffff181f999 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff22864d2 in g_cond_timed_wait_posix_impl ( cond=<value optimized out>, entered_mutex=<value optimized out>, abs_time=<value optimized out>) at gthread-posix.c:242 result = <value optimized out> end_time = {tv_sec = 1285348435, tv_nsec = 120788000} timed_out = <value optimized out> __PRETTY_FUNCTION__ = "g_cond_timed_wait_posix_impl" #2 0x00007ffff1f8d667 in g_async_queue_pop_intern_unlocked (queue=0xf21b70, try=0, end_time=0x7fff53638cb0) at gasyncqueue.c:423 retval = <value optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #3 0x00007ffff1fe5d91 in g_thread_pool_wait_for_new_task ( data=<value optimized out>) at gthreadpool.c:274 end_time = {tv_sec = 1285348435, tv_usec = 120788} task = <value optimized out> #4 g_thread_pool_thread_proxy (data=<value optimized out>) at gthreadpool.c:308 task = 0x7fffe0026c60 pool = 0xf21b10 #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x18c3230) at gthread.c:1897 thread = 0x18c3230 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 4 (Thread 0x7fffd8b08710 (LWP 4723)): #0 0x00007ffff181f62c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff64a5302 in WebCore::IconDatabase::syncThreadMainLoop ( this=0x7fffd8b11800) at WebCore/loader/icon/IconDatabase.cpp:1420 didAnyWork = <value optimized out> shouldReenableSuddenTermination = <value optimized out> #2 0x00007ffff64a6d20 in WebCore::IconDatabase::iconDatabaseSyncThread ( this=0x7fffd8b11800) at WebCore/loader/icon/IconDatabase.cpp:1044 journalFilename = { m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7fffd8b1ff00}} #3 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #4 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 3 (Thread 0x7fffd9409710 (LWP 4722)): #0 0x00007ffff181f62c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 No symbol table info available. #1 0x00007ffff6ecd874 in WTF::TCMalloc_PageHeap::scavengerThread ( this=0x7ffff7584a20) at JavaScriptCore/wtf/FastMalloc.cpp:2400 No locals. #2 0x00007ffff6ecd899 in WTF::TCMalloc_PageHeap::runScavengerThread ( context=0x7ffff7592af4) at JavaScriptCore/wtf/FastMalloc.cpp:1517 No locals. #3 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #4 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 2 (Thread 0x7fffe5503710 (LWP 4721)): #0 0x00007ffff15707f3 in __poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=<value optimized out>) at ../sysdeps/unix/sysv/linux/poll.c:87 resultvar = 18446744073709551100 oldtype = 0 result = <value optimized out> #1 0x00007ffff1fb9cb5 in g_main_context_poll (context=0x79a9b0, block=1, dispatch=1, self=<value optimized out>) at gmain.c:3093 poll_func = 0x7ffff1fca750 <g_poll> #2 g_main_context_iterate (context=0x79a9b0, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2775 max_priority = 2147483647 timeout = -1 some_ready = <value optimized out> nfds = 1 allocated_nfds = <value optimized out> fds = 0x79c2f0 #3 0x00007ffff1fba722 in g_main_loop_run (loop=0x79aa90) at gmain.c:2988 __PRETTY_FUNCTION__ = "g_main_loop_run" #4 0x00007ffff299d074 in gdbus_shared_thread_func (data=<value optimized out>) at gdbusprivate.c:277 No locals. #5 0x00007ffff1fe3335 in g_thread_create_proxy (data=0x79aab0) at gthread.c:1897 thread = 0x79aab0 __PRETTY_FUNCTION__ = "g_thread_create_proxy" #6 0x00007ffff181ad5c in start_thread () from /lib/libpthread.so.0 No symbol table info available. #7 0x00007ffff15795ed in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals. Thread 1 (Thread 0x7ffff7fa18c0 (LWP 4694)): #0 0x00007ffff6e7c7c4 in operator bool (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:793 No locals. #1 hadException (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at ./JavaScriptCore/interpreter/CallFrame.h:83 No locals. #2 callDefaultValueFunction (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:253 callData = {native = {function = 0x7ffff6eafbf0 <JSC::stringProtoFuncToString(JSC::ExecState*)>}, js = { functionExecutable = 0x7ffff6eafbf0, scopeChain = 0x7fffffffc3e0}} callType = 1450963377 result = {m_ptr = 0x7fff506c8540} #3 JSC::JSObject::defaultValue (this=0x7fff506c8500, exec=0x7fff567bf1b0, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:272 No locals. #4 0x00007ffff60f2aed in JSC::JSObject::toPrimitive ( this=<value optimized out>, exec=<value optimized out>, preferredType=<value optimized out>) at ./JavaScriptCore/runtime/JSObject.h:637 No locals. #5 0x00007ffff6e7b3b4 in JSC::JSObject::toString (this=<value optimized out>, exec=0x7fff567bf1b0) at JavaScriptCore/runtime/JSObject.cpp:476 primitive = <value optimized out> #6 0x00007ffff6eb035c in toThisString (exec=0x7fff567bf1b0) at JavaScriptCore/runtime/JSObject.h:751 No locals. #7 JSC::stringProtoFuncSubstring (exec=0x7fff567bf1b0) at JavaScriptCore/runtime/StringPrototype.cpp:785 thisValue = {m_ptr = 0x7fff506c8500} s = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x8}} len = <value optimized out> end = <value optimized out> start = <value optimized out> #8 0x00007fff56bbf1aa in ?? () No symbol table info available. #9 0xffff000000000000 in ?? () No symbol table info available. #10 0x00007fff56dc5366 in ?? () No symbol table info available. #11 0x0000000000000000 in ?? () No symbol table info available. A debugging session is active.
Priit Laes (IRC: plaes)
Comment 19 2010-10-08 00:33:33 PDT
Yestarday I built my webkit *without* the patch submitted here and I ran into crashes again (so the patch really helps): #6 <signal handler called> #7 operator bool (this=<value optimized out>, exec=0x7fea5ddfa190, hint=<value optimized out>) at ./JavaScriptCore/runtime/JSValue.h:793 #8 hadException (this=<value optimized out>, exec=0x7fea5ddfa190, hint=<value optimized out>) at ./JavaScriptCore/interpreter/CallFrame.h:83 #9 callDefaultValueFunction (this=<value optimized out>, exec=0x7fea5ddfa190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:253 #10 JSC::JSObject::defaultValue (this=<value optimized out>, exec=0x7fea5ddfa190, hint=<value optimized out>) at JavaScriptCore/runtime/JSObject.cpp:272 #11 0x00007fea79808c5d in JSC::JSObject::toPrimitive (this=0x0, exec=0x4000007fe9d24b84, preferredType=1574936977) at ./JavaScriptCore/runtime/JSObject.h:637 #12 0x00007fea7a497c74 in JSC::JSObject::toString (this=0x0, exec=0x7fea5ddfa190) at JavaScriptCore/runtime/JSObject.cpp:476 #13 0x00007fea7a4ce446 in toThisString (exec=0x7fea5ddfa190) at JavaScriptCore/runtime/JSObject.h:751 #14 JSC::stringProtoFuncSubstring (exec=0x7fea5ddfa190) at JavaScriptCore/runtime/StringPrototype.cpp:785
Maciej Piechotka
Comment 20 2010-10-08 01:04:38 PDT
(In reply to comment #19) > Yestarday I built my webkit *without* the patch submitted here and I ran into crashes again (so the patch really helps): > Hmm. Could you look on the my stacktrace (comment #18)? I can reproduce it with patch so it did not solve 100% od problem.
Priit Laes (IRC: plaes)
Comment 21 2010-10-08 02:16:16 PDT
(In reply to comment #20) > (In reply to comment #19) > > Yestarday I built my webkit *without* the patch submitted here and I ran into crashes again (so the patch really helps): > > > > Hmm. Could you look on the my stacktrace (comment #18)? I can reproduce it with patch so it did not solve 100% od problem. You sure that you had the patch applied, because the line numbers look unique (at least for the first 4 callframes).
Maciej Piechotka
Comment 22 2010-10-08 02:45:27 PDT
(In reply to comment #21) > (In reply to comment #20) > > (In reply to comment #19) > > > Yestarday I built my webkit *without* the patch submitted here and I ran into crashes again (so the patch really helps): > > > > > > > Hmm. Could you look on the my stacktrace (comment #18)? I can reproduce it with patch so it did not solve 100% od problem. > > You sure that you had the patch applied, because the line numbers look unique (at least for the first 4 callframes). From ebuild: # Fix invalid? assertion check # https://bugs.webkit.org/show_bug.cgi?id=41454 epatch "${FILESDIR}"/${PN}-1.3.x-disable-jsc-assertion.patch Patch is identical
Priit Laes (IRC: plaes)
Comment 23 2010-10-08 02:59:47 PDT
OK, http://www.joemonster.org/ causes the crash even *with* the patch... :S
Oliver Hunt
Comment 24 2010-10-08 08:38:16 PDT
That patch is really wrong (it essentially elides the stack overflow protection in the vm. I believe we understand this bug, but haven't yet determined the correct fix, can you try commenting out the lines: // Shrink the JS stack, in case stack overflow made it huge. m_registerFile.shrink(callFrame->registers() + callFrame->codeBlock()->m_numCalleeRegisters); in Interpreter.cpp -- it's around line 644 (i have a large patch in my tree so i can't guarantee exact line number)
Priit Laes (IRC: plaes)
Comment 25 2010-10-10 12:17:04 PDT
(In reply to comment #24) > That patch is really wrong (it essentially elides the stack overflow protection in the vm. > > I believe we understand this bug, but haven't yet determined the correct fix, can you try commenting out the lines: > > // Shrink the JS stack, in case stack overflow made it huge. > m_registerFile.shrink(callFrame->registers() + callFrame->codeBlock()->m_numCalleeRegisters); > > in Interpreter.cpp -- it's around line 644 (i have a large patch in my tree so i can't guarantee exact line number) Seems to be working after I removed these lines.
Gavin Barraclough
Comment 26 2010-10-19 12:28:34 PDT
Fix nearly complete for this, one regression fail to track down. *** This bug has been marked as a duplicate of bug 41948 ***
Alexey Proskuryakov
Comment 27 2010-11-04 00:00:17 PDT
Could you please verify that this is fixed now?
Priit Laes (IRC: plaes)
Comment 28 2010-11-04 02:38:17 PDT
(In reply to comment #27) > Could you please verify that this is fixed now? Ok, with the patch from 41948 neither postimees.ee or joemonster.org crash. Thanks ;)
Note You need to log in before you can comment on or make changes to this bug.