WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
Bug 167377
[GTK] [2.14.3] Crash on JSC::SourceProviderCache::clear() on ppc64el
https://bugs.webkit.org/show_bug.cgi?id=167377
Summary
[GTK] [2.14.3] Crash on JSC::SourceProviderCache::clear() on ppc64el
Alberto Garcia
Reported
2017-01-24 11:50:02 PST
When running Seed [
https://wiki.gnome.org/Seed
] built using javascriptcore from WebKitGTK+ 2.14.3 I get a crash (see backtrace below). A Debian user reported this with version 2.14.2 as well. This only happens with some architectures (mips, ppc64el, s390x), see here for details:
https://buildd.debian.org/status/package.php?p=seed-webkit2&suite=sid
Here's the full backtrace in ppc64el: Thread 1 "seed" received signal SIGSEGV, Segmentation fault. #0 0x00003fffb76607f8 in WTF::HashTable<int, WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > > >, WTF::IntHash<int>, WTF::HashMap<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> >, WTF::IntHash<int>, WTF::UnsignedWithZeroKeyHashTraits<int>, WTF::HashTraits<std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > > >::KeyValuePairTraits, WTF::UnsignedWithZeroKeyHashTraits<int> >::deallocateTable(WTF::KeyValuePair<int, std::unique_ptr<JSC::SourceProviderCacheItem, std::default_delete<JSC::SourceProviderCacheItem> > >*, unsigned int) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #1 0x00003fffb7660660 in JSC::SourceProviderCache::clear() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #2 0x00003fffb76606c0 in JSC::SourceProviderCache::~SourceProviderCache() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #3 0x00003fffb78f731c in WTF::HashTable<WTF::RefPtr<JSC::SourceProvider>, WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> > >, WTF::PtrHash<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashMap<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache>, WTF::PtrHash<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashTraits<WTF::RefPtr<JSC::SourceProvider> >, WTF::HashTraits<WTF::RefPtr<JSC::SourceProviderCache> > >::KeyValuePairTraits, WTF::HashTraits<WTF::RefPtr<JSC::SourceProvider> > >::deallocateTable(WTF::KeyValuePair<WTF::RefPtr<JSC::SourceProvider>, WTF::RefPtr<JSC::SourceProviderCache> >*, unsigned int) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #4 0x00003fffb78f1040 in JSC::VM::clearSourceProviderCaches() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #5 0x00003fffb74da4dc in JSC::Heap::deleteSourceProviderCaches() () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #6 0x00003fffb74de71c in JSC::Heap::collectImpl(JSC::HeapOperation, void*, void*, __jmp_buf_tag (&) [1]) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #7 0x00003fffb74dea0c in JSC::Heap::collectWithoutAnySweep(JSC::HeapOperation) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #8 0x00003fffb74deca4 in JSC::Heap::collect(JSC::HeapOperation) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #9 0x00003fffb78c4f9c in JSC::Structure::changePrototypeTransition(JSC::VM&, JSC::Structure*, JSC::JSValue) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #10 0x00003fffb77a81c4 in JSC::JSObject::setPrototypeDirect(JSC::VM&, JSC::JSValue) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #11 0x00003fffb73ef2c0 in JSObjectMake () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #12 0x00003fffb7db2f2c in seed_gobject_define_property_from_function_info (ctx=0x3fffb3bffee0, info=0x222b26d0, object=0x3fffb358a120, instance=<optimized out>) at seed-engine.c:1088 #13 0x00003fffb7db625c in seed_struct_prototype (ctx=0x3fffb3bffee0, info=0x222ae370) at seed-structs.c:609 #14 0x00003fffb7dc05fc in seed_gi_importer_handle_struct (exception=<optimized out>, info=0x222ae370, namespace_ref=<optimized out>, ctx=0x3fffb3bffee0) at seed-importer.c:365 #15 seed_gi_importer_do_namespace (ctx=0x3fffb3bffee0, namespace=0x3fffffffccf0 "GLib", exception=0x3fffffffcd68) at seed-importer.c:542 #16 0x00003fffb7dc0b08 in seed_gi_importer_get_property (ctx=0x3fffb3bffee0, object=<optimized out>, property_name=<optimized out>, exception=0x3fffffffcd68) at seed-importer.c:620 #17 0x00003fffb73ded38 in JSC::JSCallbackObject<JSC::JSDestructibleObject>::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #18 0x00003fffb75763f4 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #19 0x00003fffb757bfa0 in JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #20 0x00003fffb757993c in vmEntryToJavaScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #21 0x00003fffb7564860 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #22 0x00003fffb7559acc in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #23 0x00003fffb76caa14 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #24 0x00003fffb76cac64 in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #25 0x00003fffb73d4594 in JSEvaluateScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #26 0x00003fffb7dae920 in seed_include (ctx=0x3fffb3bfff40, function=<optimized out>, this_object=<optimized out>, argumentCount=<optimized out>, arguments=<optimized out>, exception=0x3fffffffdee8) at seed-builtins.c:104 #27 0x00003fffb73d6358 in long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #28 0x00003fffb7565f04 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #29 0x00003fffb75790e4 in JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #30 0x00003fffb7572390 in ?? () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #31 0x00003fffb757fc90 in JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #32 0x00003fffb757993c in vmEntryToJavaScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #33 0x00003fffb7564860 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #34 0x00003fffb7559acc in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #35 0x00003fffb76caa14 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #36 0x00003fffb76cac64 in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #37 0x00003fffb73d4594 in JSEvaluateScript () from /usr/lib/powerpc64le-linux-gnu/libjavascriptcoregtk-4.0.so.18 #38 0x00003fffb7db3e5c in seed_init_with_context_and_group (argc=0x3ffffffff02c, argv=0x3ffffffff020, context=<optimized out>, group=<optimized out>) at seed-engine.c:1914 #39 0x00003fffb7db3f10 in seed_init_with_context_group (argc=0x3ffffffff02c, argv=0x3ffffffff020, group=0x3fffb41c0000) at seed-engine.c:1939 #40 0x00003fffb7db3f88 in seed_init (argc=0x3ffffffff02c, argv=<optimized out>) at seed-engine.c:1962 #41 0x000000002223112c in main (argc=<optimized out>, argv=<optimized out>) at main.c:142
Attachments
Add attachment
proposed patch, testcase, etc.
Mohan
Comment 1
2017-06-23 01:32:25 PDT
I am facing similar issue with Webkit2.12.2 version. [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/libthread_db.so.1". Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 25'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0xb4a23710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 [Current thread is 1 (Thread 0xb25b3000 (LWP 2119))] (gdb) bt #0 0xb4a23710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #1 0xb4a20ed4 in vmEntryToJavaScript () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #2 0xb4a11f0c in JSC::JITCode::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #3 0xb4a09fd0 in JSC::Interpreter::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #4 0xb4ba0288 in JSC::globalFuncEval () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #5 0xb4a22710 in JSC::LLInt::CLoop::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #6 0xb4a20ed4 in vmEntryToJavaScript () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #7 0xb4a11f0c in JSC::JITCode::execute () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #8 0xb4a08500 in JSC::Interpreter::executeCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #9 0xb4b183cc in JSC::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #10 0xb4b18428 in JSC::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #11 0xb5d3edf0 in WebCore::functionCallHandlerFromAnyThread () from /usr/lib/libwebkit2gtk-4.0.so.37 #12 0xb4924d68 in Deprecated::ScriptFunctionCall::call () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #13 0xb49d1f08 in Inspector::InjectedScriptBase::callFunctionWithEvalEnabled () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #14 0xb49d2154 in Inspector::InjectedScriptBase::makeCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #15 0xb49d23cc in Inspector::InjectedScriptBase::makeEvalCall () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #16 0xb49cfc64 in Inspector::InjectedScript::evaluate () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #17 0xb4a03b14 in Inspector::InspectorRuntimeAgent::evaluate () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #18 0xb4d1d0d0 in Inspector::RuntimeBackendDispatcher::evaluate(long, WTF::RefPtr<Inspector::InspectorObject>&&) () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #19 0xb4d13798 in Inspector::RuntimeBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<Inspector::InspectorObject>&&) () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #20 0xb49d99a0 in Inspector::BackendDispatcher::dispatch () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #21 0xb5c423ec in WebKit::WebInspector::didReceiveMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #22 0xb5a59f88 in IPC::MessageReceiverMap::dispatchMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #23 0xb5b1ef6c in WebKit::WebProcess::didReceiveMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #24 0xb5a57da0 in IPC::Connection::dispatchMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #25 0xb5a58878 in IPC::Connection::dispatchOneMessage () from /usr/lib/libwebkit2gtk-4.0.so.37 #26 0xb4d420f4 in WTF::RunLoop::performWork () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #27 0xb4d6c548 in _FUN () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #28 0xb56da0f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #29 0xb56da394 in g_main_context_iterate.isra () from /usr/lib/libglib-2.0.so.0 #30 0xb56da7a0 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #31 0xb4d6d0c8 in WTF::RunLoop::run () from /usr/lib/libjavascriptcoregtk-4.0.so.18 #32 0xb5c18c3c in WebProcessMainUnix () from /usr/lib/libwebkit2gtk-4.0.so.37 #33 0xb57fc5f0 in __libc_start_main (main=0x8684 <main()>, argc=2, argv=0xbea40d34, init=<optimized out>, fini=0x87dd <__libc_csu_fini>, rtld_fini=0xb6f650c9 <_dl_fini>, stack_end=0xbea40d34) at libc-start.c:285 #34 0x000086f0 in _start () at ../ports/sysdeps/arm/start.S:124 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb)
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug