Bug 167377 - [GTK] [2.14.3] Crash on JSC::SourceProviderCache::clear() on ppc64el
Summary: [GTK] [2.14.3] Crash on JSC::SourceProviderCache::clear() on ppc64el
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-24 11:50 PST by Alberto Garcia
Modified: 2017-06-23 01:32 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alberto Garcia 2017-01-24 11:50:02 PST 
When running Seed [ https://wiki.gnome.org/Seed ] built using javascriptcore from WebKitGTK+ 2.14.3 I get a crash (see backtrace below). A Debian user reported this with version 2.14.2 as well.

This only happens with some architectures (mips, ppc64el, s390x), see here for details:

https://buildd.debian.org/status/package.php?p=seed-webkit2&suite=sid

Here's the full backtrace in ppc64el:

Thread 1 "seed" received signal SIGSEGV, Segmentation fault.
#0  0x00003fffb76607f8 in WTF::HashTable<int, WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > > >, WTF::IntHash<int>, WTF::HashMap<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> >, WTF::IntHash<int>, WTF::UnsignedWithZeroKeyHashTraits<int>, WTF::HashTraits<std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > > >::KeyValuePairTraits, WTF::UnsignedWithZeroKeyHashTraits<int> >::deallocateTable(WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > >*, unsigned int) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#1  0x00003fffb7660660 in JSC::SourceProviderCache::clear() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#2  0x00003fffb76606c0 in JSC::SourceProviderCache::~SourceProviderCache() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#3  0x00003fffb78f731c in WTF::HashTable<WTF::RefPtr<JSC::SourceProvider>, WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> > >, WTF::PtrHash<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashMap<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache>, WTF::PtrHash<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashTraits<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashTraits<WTF::RefPtr<JSC::SourceProviderCache> > >::KeyValuePairTraits, WTF::HashTraits<WTF::RefPtr<JSC::SourceProvider> > >::deallocateTable(WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> >*, unsigned int) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#4  0x00003fffb78f1040 in JSC::VM::clearSourceProviderCaches() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#5  0x00003fffb74da4dc in JSC::Heap::deleteSourceProviderCaches() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#6  0x00003fffb74de71c in JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, __jmp_buf_tag (&) [1]) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#7  0x00003fffb74dea0c in JSC::Heap::collectWithoutAnySweep(JSC::HeapOperation) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#8  0x00003fffb74deca4 in JSC::Heap::collect(JSC::HeapOperation) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#9  0x00003fffb78c4f9c in JSC::Structure::changePrototypeTransition(JSC::VM&, JSC::Structure*, JSC::JSValue) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#10 0x00003fffb77a81c4 in JSC::JSObject::setPrototypeDirect(JSC::VM&, JSC::JSValue) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#11 0x00003fffb73ef2c0 in JSObjectMake () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#12 0x00003fffb7db2f2c in seed_gobject_define_property_from_function_info (ctx=0x3fffb3bffee0, info=0x222b26d0, object=0x3fffb358a120, 
    instance=<optimized out>) at seed-engine.c:1088
#13 0x00003fffb7db625c in seed_struct_prototype (ctx=0x3fffb3bffee0, info=0x222ae370) at seed-structs.c:609
#14 0x00003fffb7dc05fc in seed_gi_importer_handle_struct (exception=<optimized out>, info=0x222ae370, namespace_ref=<optimized out>, 
    ctx=0x3fffb3bffee0) at seed-importer.c:365
#15 seed_gi_importer_do_namespace (ctx=0x3fffb3bffee0, namespace=0x3fffffffccf0 "GLib", exception=0x3fffffffcd68) at seed-importer.c:542
#16 0x00003fffb7dc0b08 in seed_gi_importer_get_property (ctx=0x3fffb3bffee0, object=<optimized out>, property_name=<optimized out>, 
    exception=0x3fffffffcd68) at seed-importer.c:620
#17 0x00003fffb73ded38 in JSC::JSCallbackObject<JSC::JSDestructibleObject>::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#18 0x00003fffb75763f4 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#19 0x00003fffb757bfa0 in JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#20 0x00003fffb757993c in vmEntryToJavaScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#21 0x00003fffb7564860 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#22 0x00003fffb7559acc in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#23 0x00003fffb76caa14 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#24 0x00003fffb76cac64 in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#25 0x00003fffb73d4594 in JSEvaluateScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#26 0x00003fffb7dae920 in seed_include (ctx=0x3fffb3bfff40, function=<optimized out>, this_object=<optimized out>, argumentCount=<optimized out>, 
    arguments=<optimized out>, exception=0x3fffffffdee8) at seed-builtins.c:104
#27 0x00003fffb73d6358 in long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState*) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#28 0x00003fffb7565f04 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#29 0x00003fffb75790e4 in JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#30 0x00003fffb7572390 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#31 0x00003fffb757fc90 in JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#32 0x00003fffb757993c in vmEntryToJavaScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#33 0x00003fffb7564860 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#34 0x00003fffb7559acc in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#35 0x00003fffb76caa14 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) ()
   from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#36 0x00003fffb76cac64 in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#37 0x00003fffb73d4594 in JSEvaluateScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18
#38 0x00003fffb7db3e5c in seed_init_with_context_and_group (argc=0x3ffffffff02c, argv=0x3ffffffff020, context=<optimized out>, group=<optimized out>)
    at seed-engine.c:1914
#39 0x00003fffb7db3f10 in seed_init_with_context_group (argc=0x3ffffffff02c, argv=0x3ffffffff020, group=0x3fffb41c0000) at seed-engine.c:1939
#40 0x00003fffb7db3f88 in seed_init (argc=0x3ffffffff02c, argv=<optimized out>) at seed-engine.c:1962
#41 0x000000002223112c in main (argc=<optimized out>, argv=<optimized out>) at main.c:142
Comment 1 Mohan 2017-06-23 01:32:25 PDT 
I am facing similar issue with Webkit2.12.2 version.

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 25'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xb4a23710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18
[Current thread is 1 (Thread 0xb25b3000 (LWP 2119))]
(gdb) bt
#0  0xb4a23710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#1  0xb4a20ed4 in vmEntryToJavaScript () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#2  0xb4a11f0c in JSC::JITCode::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#3  0xb4a09fd0 in JSC::Interpreter::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#4  0xb4ba0288 in JSC::globalFuncEval () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#5  0xb4a22710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#6  0xb4a20ed4 in vmEntryToJavaScript () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#7  0xb4a11f0c in JSC::JITCode::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#8  0xb4a08500 in JSC::Interpreter::executeCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#9  0xb4b183cc in JSC::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#10 0xb4b18428 in JSC::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#11 0xb5d3edf0 in WebCore::functionCallHandlerFromAnyThread () from /usr/lib/libwebkit2gtk-4.0.so.37
#12 0xb4924d68 in Deprecated::ScriptFunctionCall::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#13 0xb49d1f08 in Inspector::InjectedScriptBase::callFunctionWithEvalEnabled () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#14 0xb49d2154 in Inspector::InjectedScriptBase::makeCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#15 0xb49d23cc in Inspector::InjectedScriptBase::makeEvalCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#16 0xb49cfc64 in Inspector::InjectedScript::evaluate () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#17 0xb4a03b14 in Inspector::InspectorRuntimeAgent::evaluate () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#18 0xb4d1d0d0 in Inspector::RuntimeBackendDispatcher::evaluate(long, WTF::RefPtr<Inspector::InspectorObject>&&) () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#19 0xb4d13798 in Inspector::RuntimeBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<Inspector::InspectorObject>&&) () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#20 0xb49d99a0 in Inspector::BackendDispatcher::dispatch () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#21 0xb5c423ec in WebKit::WebInspector::didReceiveMessage () from /usr/lib/libwebkit2gtk-4.0.so.37
#22 0xb5a59f88 in IPC::MessageReceiverMap::dispatchMessage () from /usr/lib/libwebkit2gtk-4.0.so.37
#23 0xb5b1ef6c in WebKit::WebProcess::didReceiveMessage () from /usr/lib/libwebkit2gtk-4.0.so.37
#24 0xb5a57da0 in IPC::Connection::dispatchMessage () from /usr/lib/libwebkit2gtk-4.0.so.37
#25 0xb5a58878 in IPC::Connection::dispatchOneMessage () from /usr/lib/libwebkit2gtk-4.0.so.37
#26 0xb4d420f4 in WTF::RunLoop::performWork () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#27 0xb4d6c548 in _FUN () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#28 0xb56da0f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#29 0xb56da394 in g_main_context_iterate.isra () from /usr/lib/libglib-2.0.so.0
#30 0xb56da7a0 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#31 0xb4d6d0c8 in WTF::RunLoop::run () from /usr/lib/libjavascriptcoregtk-4.0.so.18
#32 0xb5c18c3c in WebProcessMainUnix () from /usr/lib/libwebkit2gtk-4.0.so.37
#33 0xb57fc5f0 in __libc_start_main (main=0x8684 <main()>, argc=2, argv=0xbea40d34, init=<optimized out>, fini=0x87dd <__libc_csu_fini>, rtld_fini=0xb6f650c9 <_dl_fini>, stack_end=0xbea40d34) at libc-start.c:285
#34 0x000086f0 in _start () at ../ports/sysdeps/arm/start.S:124
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)