Bug 93765

Summary: segfault at 8195d040 ip b547d9a1 sp bfc939a4 error 4 in libjavascriptcoregtk-1.0.so.0.13.2[b5191000+3a9000]
Product: WebKit Reporter: Paul Menzel <paulepanter>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: UNCONFIRMED    
Severity: Major CC: berto, bugs-noreply, chrischavez
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Log file from `G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log midori`
none
New log file from `G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log midori` none

Paul Menzel
Reported 2012-08-11 05:56:32 PDT
Using Midori 0.4.6 to browse the WWW the application trashed and I was able to capture the core dump. libjavascriptcoregtk-1.0-0 1.8.1-3.1 i386 Javascript engine library for GTK+ The following messages were printed to the terminal. ** (midori4:6251): CRITICAL **: enchant_dict_check: assertion `len' failed ** (midori4:6251): CRITICAL **: enchant_dict_check: assertion `len' failed ** (midori4:6251): CRITICAL **: enchant_dict_check: assertion `len' failed (gtk-gnash:15057): Gdk-WARNING **: GdkWindow 0x1c00003 unexpectedly destroyed (gtk-gnash:15057): Gtk-CRITICAL **: IA__gtk_style_detach: assertion `style->attach_count > 0' failed The program 'gtk-gnash' received an X Window System error. This probably reflects a bug in the program. The error was 'BadWindow (invalid Window parameter)'. (Details: serial 199 error_code 3 request_code 18 minor_code 0) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.) [1]+ Speicherzugriffsfehler (Speicherabzug geschrieben) midori And in GDB the output of `thread apply all bt full` is the following. Thread 9 (Thread 0xa0adbb70 (LWP 15056)): #0 0xb76cb424 in __kernel_vsyscall () No symbol table info available. #1 0xb4ef3703 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236 No locals. #2 0xb75d3bb0 in g_cond_wait_until (cond=cond@entry=0xb82aca40, mutex=mutex@entry=0xb82aca38, end_time=10871307131) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthread-posix.c:855 ts = {tv_sec = 10871, tv_nsec = 307131000} status = <optimized out> #3 0xb7566d59 in g_async_queue_pop_intern_unlocked (queue=0xb82aca38, queue@entry=0x87fafb7b, wait=wait@entry=1, end_time=10871307131) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gasyncqueue.c:424 retval = <optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #4 0xb756761a in g_async_queue_timeout_pop_unlocked (queue=0x87fafb7b, timeout=2) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gasyncqueue.c:572 end_time = <optimized out> #5 0xb75b864f in g_thread_pool_wait_for_new_task (pool=0xb82ace30) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthreadpool.c:264 task = <optimized out> #6 g_thread_pool_thread_proxy (data=0xb82ace30) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthreadpool.c:298 task = 0xb9b68f00 pool = 0xb82ace30 #7 0xb75b7d93 in g_thread_proxy (data=0xb9b60290) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthread.c:801 thread = 0xb9b60290 #8 0xb4eeec39 in start_thread (arg=0xa0adbb70) at pthread_create.c:304 __res = <optimized out> __ignore1 = <optimized out> __ignore2 = <optimized out> pd = 0xa0adbb70 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1259343884, 0, 4001536, -1599229240, 970089110, -1083592514}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0xb4e5c23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Thread 8 (Thread 0xa32e0b70 (LWP 15051)): #0 0xb76cb424 in __kernel_vsyscall () No symbol table info available. #1 0xb4ef3703 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236 No locals. #2 0xb75d3bb0 in g_cond_wait_until (cond=cond@entry=0xb12e5230, mutex=mutex@entry=0xb12e5228, end_time=10871667451) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthread-posix.c:855 ts = {tv_sec = 10871, tv_nsec = 667451000} status = <optimized out> #3 0xb7566d59 in g_async_queue_pop_intern_unlocked (queue=0xb12e5228, queue@entry=0x88007afb, wait=wait@entry=1, end_time=10871667451) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gasyncqueue.c:424 retval = <optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #4 0xb756761a in g_async_queue_timeout_pop_unlocked (queue=0x88007afb, timeout=2) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gasyncqueue.c:572 end_time = <optimized out> #5 0xb75b864f in g_thread_pool_wait_for_new_task (pool=0xb071fe70) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthreadpool.c:264 task = <optimized out> #6 g_thread_pool_thread_proxy (data=0xb071fe70) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthreadpool.c:298 task = 0xb9b636b8 pool = 0xb071fe70 #7 0xb75b7d93 in g_thread_proxy (data=0xb9b605b0) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthread.c:801 thread = 0xb9b605b0 #8 0xb4eeec39 in start_thread (arg=0xa32e0b70) at pthread_create.c:304 __res = <optimized out> __ignore1 = <optimized out> __ignore2 = <optimized out> pd = 0xa32e0b70 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1259343884, 0, 4001536, -1557265720, 1051878033, -1083592514}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0xb4e5c23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Thread 7 (Thread 0xa1addb70 (LWP 15055)): #0 0xb76cb424 in __kernel_vsyscall () No symbol table info available. #1 0xb4ef3703 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236 No locals. #2 0xb75d3bb0 in g_cond_wait_until (cond=cond@entry=0xb82aca40, mutex=mutex@entry=0xb82aca38, end_time=10871709820) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthread-posix.c:855 ts = {tv_sec = 10871, tv_nsec = 709820000} status = <optimized out> #3 0xb7566d59 in g_async_queue_pop_intern_unlocked (queue=0xb82aca38, queue@entry=0x8801207c, wait=wait@entry=1, end_time=10871709820) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gasyncqueue.c:424 retval = <optimized out> __PRETTY_FUNCTION__ = "g_async_queue_pop_intern_unlocked" #4 0xb756761a in g_async_queue_timeout_pop_unlocked (queue=0x8801207c, timeout=2) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gasyncqueue.c:572 end_time = <optimized out> #5 0xb75b864f in g_thread_pool_wait_for_new_task (pool=0xb82ace30) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthreadpool.c:264 task = <optimized out> #6 g_thread_pool_thread_proxy (data=0xb82ace30) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthreadpool.c:298 task = 0xb9905518 pool = 0xb82ace30 #7 0xb75b7d93 in g_thread_proxy (data=0xb9a9f950) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthread.c:801 thread = 0xb9a9f950 #8 0xb4eeec39 in start_thread (arg=0xa1addb70) at pthread_create.c:304 __res = <optimized out> __ignore1 = <optimized out> __ignore2 = <optimized out> pd = 0xa1addb70 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1259343884, 0, 4001536, -1582443832, 957506196, -1083592514}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0xb4e5c23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Thread 6 (Thread 0xb2cf1b70 (LWP 6255)): #0 0xb76cb424 in __kernel_vsyscall () No symbol table info available. #1 0xb4e26de6 in nanosleep () at ../sysdeps/unix/syscall-template.S:82 No locals. #2 0xb4e26c10 in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138 ts = {tv_sec = 0, tv_nsec = 73466461} set = {__val = {65536, 0 <repeats 31 times>}} oset = {__val = {0, 0, 2999914756, 3038455568, 3038789543, 3077479012, 0, 0, 5, 0, 1, 3066726480, 1, 3077476340, 2999914880, 3066726920, 2999914836, 3038412912, 3066726480, 0, 4294967295, 3077476340, 3038789543, 5, 2999914736, 3077413910, 0, 3, 720896, 3034941487, 3042221908, 2829455104}} result = <optimized out> #3 0xb547d0e4 in WTF::TCMalloc_PageHeap::scavengerThread() () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #4 0xb547d16b in WTF::TCMalloc_PageHeap::runScavengerThread(void*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #5 0xb4eeec39 in start_thread (arg=0xb2cf1b70) at pthread_create.c:304 __res = <optimized out> __ignore1 = <optimized out> __ignore2 = <optimized out> pd = 0xb2cf1b70 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1259343884, 0, 4001536, -1295052088, -57515342, -1083592514}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #6 0xb4e5c23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Thread 5 (Thread 0xb1b86b70 (LWP 6257)): #0 0xb76cb424 in __kernel_vsyscall () No symbol table info available. #1 0xb4e4e846 in *__GI___poll (fds=0xb4ee4ff4, fds@entry=0xb82afcb0, nfds=nfds@entry=1, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 resultvar = <optimized out> oldtype = 0 result = <optimized out> #2 0xb75a207b in g_poll (fds=0xb82afcb0, nfds=1, timeout=-1) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gpoll.c:132 No locals. #3 0xb7593950 in g_main_context_poll (n_fds=1, fds=0xb82afcb0, timeout=<optimized out>, context=0xb82afe38, priority=<optimized out>) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gmain.c:3440 poll_func = <optimized out> #4 g_main_context_iterate (context=0xb82afe38, block=block@entry=1, dispatch=dispatch@entry=1, self=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gmain.c:3141 max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 1 allocated_nfds = <optimized out> fds = 0xb82afcb0 #5 0xb7593e2b in g_main_loop_run (loop=0xb82afca0) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gmain.c:3340 __PRETTY_FUNCTION__ = "g_main_loop_run" #6 0xb1b91604 in ?? () from /usr/lib/i386-linux-gnu/gio/modules/libdconfsettings.so No symbol table info available. #7 0xb75b7d93 in g_thread_proxy (data=0xb827f200) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthread.c:801 thread = 0xb827f200 #8 0xb4eeec39 in start_thread (arg=0xb1b86b70) at pthread_create.c:304 __res = <optimized out> __ignore1 = <optimized out> __ignore2 = <optimized out> pd = 0xb1b86b70 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1259343884, 0, 4001536, -1313316152, 309486260, -1083592514}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0xb4e5c23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Thread 4 (Thread 0xaa39cb70 (LWP 6266)): #0 0xb76cb424 in __kernel_vsyscall () No symbol table info available. #1 0xb4ef3703 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236 No locals. #2 0xb549c7e8 in WTF::ThreadCondition::timedWait(WTF::Mutex&, double) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #3 0xb52fed52 in JSC::Heap::waitForRelativeTimeWhileHoldingLock(double) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #4 0xb52fedb4 in JSC::Heap::waitForRelativeTime(double) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #5 0xb52fee07 in JSC::Heap::blockFreeingThreadMain() () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #6 0xb52feecb in JSC::Heap::blockFreeingThreadStartFunc(void*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #7 0xb549bea2 in WTF::threadEntryPoint(void*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #8 0xb549c00e in WTF::wtfThreadEntryPoint(void*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #9 0xb4eeec39 in start_thread (arg=0xaa39cb70) at pthread_create.c:304 __res = <optimized out> __ignore1 = <optimized out> __ignore2 = <optimized out> pd = 0xaa39cb70 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1259343884, 0, 4001536, -1439055160, 288514691, -1083592514}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #10 0xb4e5c23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Thread 3 (Thread 0xb23c9b70 (LWP 6259)): #0 0xb76cb424 in __kernel_vsyscall () No symbol table info available. #1 0xb4ef320a in __pthread_cond_wait (cond=0xb23ffde8, mutex=0xb23ffdd0) at pthread_cond_wait.c:153 __status = -512 _val = 167 futex_val = <optimized out> buffer = {__routine = 0xb4ef33a0 <__condvar_cleanup>, __arg = 0xb23c906c, __canceltype = 0, __prev = 0x0} cbuffer = {oldtype = 0, cond = 0xb23ffde8, mutex = 0xb23ffdd0, bc_seq = 0} err = <optimized out> pshared = 0 val = <optimized out> seq = 83 #2 0xb549c743 in WTF::ThreadCondition::wait(WTF::Mutex&) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #3 0xb5c8be9c in WebCore::IconDatabase::syncThreadMainLoop() () from /usr/lib/libwebkitgtk-1.0.so.0 No symbol table info available. #4 0xb5c8c18c in WebCore::IconDatabase::iconDatabaseSyncThread() () from /usr/lib/libwebkitgtk-1.0.so.0 No symbol table info available. #5 0xb5c8c1eb in WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) () from /usr/lib/libwebkitgtk-1.0.so.0 No symbol table info available. #6 0xb549bea2 in WTF::threadEntryPoint(void*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #7 0xb549c00e in WTF::wtfThreadEntryPoint(void*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #8 0xb4eeec39 in start_thread (arg=0xb23c9b70) at pthread_create.c:304 __res = <optimized out> __ignore1 = <optimized out> __ignore2 = <optimized out> pd = 0xb23c9b70 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1259343884, 0, 4001536, -1304653112, 462578355, -1083592514}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0xb4e5c23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Thread 2 (Thread 0xb11ffb70 (LWP 6258)): #0 0xb76cb424 in __kernel_vsyscall () No symbol table info available. #1 0xb4e4e846 in *__GI___poll (fds=0xb4ee4ff4, fds@entry=0xb82ab860, nfds=nfds@entry=3, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:87 resultvar = <optimized out> oldtype = 0 result = <optimized out> #2 0xb75a207b in g_poll (fds=0xb82ab860, nfds=3, timeout=-1) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gpoll.c:132 No locals. #3 0xb7593950 in g_main_context_poll (n_fds=3, fds=0xb82ab860, timeout=<optimized out>, context=0xb82abbe0, priority=<optimized out>) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gmain.c:3440 poll_func = <optimized out> #4 g_main_context_iterate (context=0xb82abbe0, block=block@entry=1, dispatch=dispatch@entry=1, self=<error reading variable: Unhandled dwarf expression opcode 0xfa>) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gmain.c:3141 max_priority = 2147483647 timeout = -1 some_ready = <optimized out> nfds = 3 allocated_nfds = <optimized out> fds = 0xb82ab860 #5 0xb7593e2b in g_main_loop_run (loop=0xb82abbd0) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gmain.c:3340 __PRETTY_FUNCTION__ = "g_main_loop_run" #6 0xb6f67bda in gdbus_shared_thread_func (user_data=0xb82ab650) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./gio/gdbusprivate.c:277 data = 0xb82ab650 #7 0xb75b7d93 in g_thread_proxy (data=0xb82be830) at /build/buildd-glib2.0_2.32.3-1-i386-987P8N/glib2.0-2.32.3/./glib/gthread.c:801 thread = 0xb82be830 #8 0xb4eeec39 in start_thread (arg=0xb11ffb70) at pthread_create.c:304 __res = <optimized out> __ignore1 = <optimized out> __ignore2 = <optimized out> pd = 0xb11ffb70 now = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1259343884, 0, 4001536, -1323306296, 1565680309, -1083592514}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> freesize = <optimized out> __PRETTY_FUNCTION__ = "start_thread" #9 0xb4e5c23e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 No locals. Thread 1 (Thread 0xb2f98890 (LWP 6251)): #0 0xb547d9a1 in WTF::TCMalloc_Central_FreeList::FetchFromSpans() () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #1 0xb547de6d in WTF::TCMalloc_Central_FreeList::RemoveRange(void**, void**, int*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #2 0xb54813a9 in WTF::fastRealloc(void*, unsigned int) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #3 0xb532df52 in JSC::JIT::privateCompile(JSC::MacroAssemblerCodePtr*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #4 0xb53ef15f in JSC::JIT::compile(JSC::JSGlobalData*, JSC::CodeBlock*, JSC::MacroAssemblerCodePtr*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #5 0xb53eca88 in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::ScopeChainNode*, JSC::JITCode::JITType) () from /usr/lib/libjavascriptcoregtk-1.0.so.0 No symbol table info available. #6 0xa977d250 in ?? () No symbol table info available. Backtrace stopped: previous frame inner to this frame (corrupt stack?) quit According to the Web segfaults in `WTF::TCMalloc_Central_FreeList::FetchFromSpans()` happen rather often. In 26349#2 [1] the following is written by Mark Rowe. Crashing inside TCMalloc typically indicates that there is heap corruption. Though I do not know what that applies. [1] https://bugs.webkit.org/show_bug.cgi?id=26349
Attachments
Log file from `G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log midori` (3.31 MB, text/plain)
2012-08-29 06:42 PDT, Paul Menzel 		no flags
Details
New log file from `G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log midori` (970.49 KB, text/x-log)
2015-01-24 20:05 PST, Christopher Chavez 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Paul Menzel
Comment 1 2012-08-11 06:21:18 PDT
#684583 is the number of the report assigned to this segmentation fault [1]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684583
Alexey Proskuryakov
Comment 2 2012-08-13 09:52:48 PDT
> Crashing inside TCMalloc typically indicates that there is heap corruption. Yes. If this is reproducible, the next step would be to make it happen under valgrind.
Paul Menzel
Comment 3 2012-08-13 12:05:21 PDT
(In reply to comment #2) > > Crashing inside TCMalloc typically indicates that there is heap corruption. > > Yes. If this is reproducible, the next step would be to make it happen under valgrind. I have not tried to reproduce it yet. 1. Is there a Web page giving the options needed for a good report for WebKit? 2. Can I use Valgrind on the core dump somehow?
Paul Menzel
Comment 4 2012-08-29 06:42:26 PDT
Created attachment 161214 [details] Log file from `G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log midori` Alright, the crash happened again today. *Afterward* I tried to run it under valgrind with the following command. G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log midori Unfortunately Midori was not usable at all and stayed gray all the time, after loading one Web page. `htop` showed that Valgrind was doing something though. In the end I killed the process and I attach the log file. Here is an excerpt from it regarding `libjavascript…`. ==20806== 48 bytes in 1 blocks are possibly lost in loss record 11,590 of 17,587 ==20806== at 0x4828868: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==20806== by 0x528147A: sqlite3MemMalloc (sqlite3.c:15397) ==20806== by 0x525D15D: mallocWithAlarm (sqlite3.c:18971) ==20806== by 0x5265246: sqlite3Malloc (sqlite3.c:19004) ==20806== by 0x52652F6: sqlite3DbMallocRaw (sqlite3.c:19340) ==20806== by 0x5265340: sqlite3DbMallocZero (sqlite3.c:19284) ==20806== by 0x526537F: sqlite3ValueNew (sqlite3.c:60233) ==20806== by 0x527AE0A: sqlite3Error (sqlite3.c:21276) ==20806== by 0x52807A0: createCollation (sqlite3.c:115387) ==20806== by 0x52AE637: openDatabase (sqlite3.c:115850) ==20806== by 0x52AEEE1: sqlite3_open16 (sqlite3.c:116029) ==20806== by 0x5BAD70C: WebCore::SQLiteFileSystem::openDatabase(WTF::String const&, sqlite3**, bool) (in /usr/lib/libwebkitgtk-1.0.so.0.1 3.2) ==20806== by 0x5BABDBC: WebCore::SQLiteDatabase::open(WTF::String const&, bool) (in /usr/lib/libwebkitgtk-1.0.so.0.13.2) ==20806== by 0x5A40033: WebCore::IconDatabase::iconDatabaseSyncThread() (in /usr/lib/libwebkitgtk-1.0.so.0.13.2) ==20806== by 0x5A401EA: WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) (in /usr/lib/libwebkitgtk-1.0.so.0.13.2) ==20806== by 0x6CAEEA1: WTF::threadEntryPoint(void*) (in /usr/lib/libjavascriptcoregtk-1.0.so.0.13.2) ==20806== by 0x6CAF00D: WTF::wtfThreadEntryPoint(void*) (in /usr/lib/libjavascriptcoregtk-1.0.so.0.13.2) ==20806== by 0x70E223D: clone (clone.S:130) I am guessing from »48 bytes in 1 blocks are possibly lost in loss record 11,590 of 17,587« that something is wrong here. Can you figure out what? Or do I need to provide more information?
Alberto Garcia
Comment 5 2014-03-24 02:58:18 PDT
Hey, does this still happen with a recent build?
Alberto Garcia
Comment 6 2014-05-13 03:54:47 PDT
(In reply to comment #5) > Hey, does this still happen with a recent build? Ping
Christopher Chavez
Comment 7 2015-01-24 20:05:36 PST
Created attachment 245292 [details] New log file from `G_SLICE=always-malloc G_DEBUG=gc-friendly valgrind -v --tool=memcheck --leak-check=full --num-callers=40 --log-file=valgrind.log midori` (In reply to comment #5) > Hey, does this still happen with a recent build? I believe so. Here is a new logfile from midori 0.5.9 on debian 8 powerpc.
Note You need to log in before you can comment on or make changes to this bug.