NEW 104501
[EFL?] Crash in CopyWorkList destructor while navigating gmail.com 
https://bugs.webkit.org/show_bug.cgi?id=104501
Summary [EFL?] Crash in CopyWorkList destructor while navigating gmail.com
Ryuan Choi
Reported 2012-12-09 18:39:27 PST
I got below errors while surfing gmail.com. I only did login, and choosing my sub category and clicking search button with my name. 0xb4f5320a in JSC::CopyWorkList::~CopyWorkList() () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 (gdb) bt #0 0xb4f5320a in JSC::CopyWorkList::~CopyWorkList() () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #1 0xb4f59da7 in JSC::JSObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #2 0xb4e01f21 in JSC::SlotVisitor::drain() () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #3 0xb4df54ef in JSC::Heap::markRoots(bool) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #4 0xb4df9029 in JSC::Heap::collect(JSC::Heap::SweepToggle) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #5 0xb4df958b in JSC::Heap::reportExtraMemoryCostSlowCase(unsigned int) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #6 0xb4f2071b in JSC::FunctionExecutable::compileForCallInternal(JSC::ExecState*, JSC::JSScope*, JSC::JITCode::JITType, unsigned int) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #7 0xb4ffc819 in llint_slow_path_call () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #8 0xb5001b4e in llint_op_call () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #9 0xad5706f8 in ?? () #10 0xb4e0822f in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #11 0xb4eff368 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #12 0xb4f3b581 in JSC::boundFunctionCall(JSC::ExecState*) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #13 0xb4e082d0 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #14 0xb4eff368 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libjavascriptcore_efl.so.0 #15 0xb6de230e in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #16 0xb64881f4 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1u>&) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #17 0xb6488448 in WebCore::EventTarget::fireEventListeners(WebCore::Event*) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #18 0xb64884bc in WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #19 0xb6d7715f in WebCore::XMLHttpRequestProgressEventThrottle::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #20 0xb6d77dec in WebCore::XMLHttpRequestProgressEventThrottle::dispatchReadyStateChangeEvent(WTF::PassRefPtr<WebCore::Event>, WebCore::ProgressEventAction) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #21 0xb6d6e5e2 in WebCore::XMLHttpRequest::callReadyStateChangeListener() () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #22 0xb6d6eab7 in WebCore::XMLHttpRequest::changeState(WebCore::XMLHttpRequest::State) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #23 0xb6d71a6f in WebCore::XMLHttpRequest::didReceiveData(char const*, int) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #24 0xb67d2a0c in WebCore::DocumentThreadableLoader::dataReceived(WebCore::CachedResource*, char const*, int) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #25 0xb684a766 in WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #26 0xb6819f34 in WebCore::SubresourceLoader::sendDataToResource(char const*, int) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #27 0xb681a011 in WebCore::SubresourceLoader::didReceiveData(char const*, int, long long, bool) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #28 0xb68120d8 in WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #29 0xb736ccb0 in WebCore::readCallback(_GObject*, _GAsyncResult*, void*) () from /home/ryuan/workspace/webkit/efl-webkit/WebKitBuild/Release/lib/libwebcore_efl.so.0 #30 0xb463cd98 in async_ready_callback_wrapper (source_object=0x84385c8, res=0x8aa0820, user_data=0xa33a7780) at ginputstream.c:529 #31 0xb4653d50 in g_simple_async_result_complete (simple=0x8aa0820) at gsimpleasyncresult.c:767 #32 0xb4653e7c in complete_in_idle_cb (data=0x8aa0820) at gsimpleasyncresult.c:779 #33 0xb582bf00 in g_idle_dispatch (source=0x91b8a98, callback=0xb4653e50 <complete_in_idle_cb>, user_data=0x8aa0820) at gmain.c:4657 #34 0xb582e436 in g_main_dispatch (context=0x855b900) at gmain.c:2539 #35 g_main_context_dispatch (context=0x855b900) at gmain.c:3075 #36 0xb7e1aed4 in _ecore_glib_select__locked (ecore_timeout=0xbfffdb80, efds=0xbfffdea8, wfds=0xbfffde28, rfds=0xbfffdda8, ecore_fds=10, ctx=0x855b900) at ecore_glib.c:171 #37 _ecore_glib_select (ecore_fds=10, rfds=0xbfffdda8, wfds=0xbfffde28, efds=0xbfffdea8, ecore_timeout=0xbfffdf28) at ecore_glib.c:205 #38 0xb7e14862 in _ecore_main_select (timeout=0.011871765998876072) at ecore_main.c:1444 #39 0xb7e15397 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1872 #40 0xb7e1572f in ecore_main_loop_begin () at ecore_main.c:934 #41 0x0804d6cc in main ()
Attachments
Add attachment proposed patch, testcase, etc.
Gustavo Noronha (kov)
Comment 1 2013-01-25 10:08:48 PST
I believe we're getting the same crash with webkit-clutter on x86, are you running a 32 bits version of webkit-efl?
Ryuan Choi
Comment 2 2013-02-28 02:06:05 PST
(In reply to comment #1) > I believe we're getting the same crash with webkit-clutter on x86, are you running a 32 bits version of webkit-efl? Yes, I used 32bit ubuntu 12.10 and After recently moved to 64bit system, I can't reproduce this.
Gustavo Noronha (kov)
Comment 3 2013-03-04 07:22:41 PST
Did you use GCC's stack protection flags in the 32 bits build? I have found that in my case not using those flags makes the crash go away.
Note You need to log in before you can comment on or make changes to this bug.