RESOLVED DUPLICATE of bug 187139 187036
[GTK] Crash at google calendar 
https://bugs.webkit.org/show_bug.cgi?id=187036
Summary [GTK] Crash at google calendar
Xabier Rodríguez Calvar
Reported 2018-06-26 00:51:59 PDT
1. open calendar.google.com (log in if needed) 2. try the "7 days" view (I don't know if this is strictly needed, it is just my default view) 3. click on the button "right" to go to the next 7 days In my current ephy with webkitgtk-2.21.4 I get a no-op and with MiniBrowser and master I am getting #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007f86310e1231 in __GI_abort () at abort.c:79 #2 0x00007f863ea392f1 in WebCore::KeyframeEffectReadOnly::applyPendingAcceleratedActions() () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007f863ea399c5 in WebCore::DocumentTimeline::applyPendingAcceleratedAnimations() () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007f863ea39a57 in WebCore::DocumentTimeline::performInvalidationTask() () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007f863f167528 in WebCore::TaskDispatcher<WebCore::Timer>::dispatchOneTask() () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007f863f167639 in WebCore::TaskDispatcher<WebCore::Timer>::sharedTimerFired() () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007f863f196ede in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007f863bbc4bd3 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #9 0x00007f8633b2e7d5 in g_main_dispatch () at /home/calvaris/gnome/WebKit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3148 #10 g_main_context_dispatch () at /home/calvaris/gnome/WebKit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3813 #11 0x00007f8633b2eb78 in g_main_context_iterate () at /home/calvaris/gnome/WebKit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3886 #12 0x00007f8633b2ee82 in g_main_loop_run () at /home/calvaris/gnome/WebKit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:4082 #13 0x00007f863bbc4fa8 in WTF::RunLoop::run() () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #14 0x00007f863e3f4050 in WebProcessMainUnix () from /home/calvaris/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #15 0x00007f86310cca87 in __libc_start_main (main=0x557c86e1ec50 <main>, argc=3, argv=0x7fff8b933de8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff8b933dd8) at ../csu/libc-start.c:310 #16 0x0000557c86e1ecda in _start ()
Attachments
Add attachment proposed patch, testcase, etc.
Xabier Rodríguez Calvar
Comment 1 2018-06-26 01:26:56 PDT
When I tried to load the website in debug mode, between steps 2 and 3, I got: ASSERTION FAILED: !getDirect(offset) || !JSValue::encode(getDirect(offset)) DerivedSources/ForwardingHeaders/JavaScriptCore/JSObjectInlines.h(335) : bool JSC::JSObject::putDirectInternal(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&) [with JSC::JSObject::PutMode <anonymous> = (JSC::JSObject::PutMode)1] 1 0x7f5baa055317 /home/calvaris/gnome/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x9) [0x7f5baa055317] 2 0x7f5bb49d7b4f /home/calvaris/gnome/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3JSC8JSObject17putDirectInternalILNS0_7PutModeE1EEEbRNS_2VMENS_12PropertyNameENS_7JSValueEjRNS_15PutPropertySlotE+0x67b) [0x7f5bb49d7b4f] 3 0x7f5bb49d1eb1 /home/calvaris/gnome/WebKit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(_ZN3JSC8JSObject9putDirectERNS_2VMENS_12PropertyNameENS_7JSValueEj+0xff) [0x7f5bb49d1eb1] 4 0x7f5ba9cf50e6 /home/calvaris/gnome/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10JSFunction18getOwnPropertySlotEPNS_8JSObjectEPNS_9ExecStateENS_12PropertyNameERNS_12PropertySlotE+0x292) [0x7f5ba9cf50e6] 5 0x7f5ba9cf57fe /home/calvaris/gnome/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10JSFunction3putEPNS_6JSCellEPNS_9ExecStateENS_12PropertyNameENS_7JSValueERNS_15PutPropertySlotE+0x240) [0x7f5ba9cf57fe] 6 0x7f5ba94e1232 /home/calvaris/gnome/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC6JSCell9putInlineEPNS_9ExecStateENS_12PropertyNameENS_7JSValueERNS_15PutPropertySlotE+0x9e) [0x7f5ba94e1232] 7 0x7f5ba94e3fe7 /home/calvaris/gnome/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(_ZN3JSC7JSValue9putInlineEPNS_9ExecStateENS_12PropertyNameES0_RNS_15PutPropertySlotE+0x83) [0x7f5ba94e3fe7] 8 0x7f5ba9a889ec /home/calvaris/gnome/WebKit/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x278e9ec) [0x7f5ba9a889ec]
Michael Catanzaro
Comment 2 2018-06-28 10:47:35 PDT
*** This bug has been marked as a duplicate of bug 187139 ***
Michael Catanzaro
Comment 3 2018-06-28 10:48:13 PDT
Thanks for reporting. Carlos Garcia has filed another report today, with more info. I think your comment #1 is worth reporting a separate bug for.
Note You need to log in before you can comment on or make changes to this bug.