Bug 29954 - [MIPS] WebKit SIGBUS when destroying old page (closing tab or simply reloading a web page)
Summary: [MIPS] WebKit SIGBUS when destroying old page (closing tab or simply reloadin...
Status: UNCONFIRMED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-10-01 01:14 PDT by Michael Heide
Modified: 2014-09-30 03:12 PDT (History)
6 users (show)

See Also:

Attachments
patch enabling the fix for other architectures on MIPS N32 (1.06 KB, patch)
2011-07-01 15:43 PDT, Michał Masłowski 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Heide 2009-10-01 01:14:04 PDT 
I'm trying to use webkit with a Loongson 2F machine (Fuloong 2F)
(MIPS64 N32 with Loongson specific instructions).
I'm using Gentoo Linux and I tried arora (qt-webkit 4.5.2-r1) and 
midori (webkit-gtk 1.1.10). Both are crashing with the similar Bus Error
when closing tabs or loading a new web page in an old tab (i.e. clicking
on a link). Middleclicking a link, i.e. open in a new tab, is working fine.
backtraces:

(midori, webkit-gtk)
Program received signal SIGBUS, Bus error.
[Switching to Thread 0x2fc28eb0 (LWP 1181)]
0x2c6ed84c in WebCore::TimerBase::setNextFireTime (this=0x111a0364, newTime=0)
    at WebCore/platform/Timer.cpp:302
302     WebCore/platform/Timer.cpp: No such file or directory.
        in WebCore/platform/Timer.cpp
Current language:  auto; currently c++
(gdb) bt
#0  0x2c6ed84c in WebCore::TimerBase::setNextFireTime (this=0x111a0364, 
    newTime=0) at WebCore/platform/Timer.cpp:302
#1  0x2c6ecf94 in WebCore::TimerBase::stop (this=0x111a0364)
    at WebCore/platform/Timer.cpp:197
#2  0x2c6ecb10 in ~TimerBase (this=0x111a0364)
    at WebCore/platform/Timer.cpp:180
#3  0x2c94a2fc in ~Timer (this=0x111a0364) at ./WebCore/platform/Timer.h:90
#4  0x2c943250 in ~RenderTextControlSingleLine (this=0x111a02c4)
    at WebCore/rendering/RenderTextControlSingleLine.cpp:70
#5  0x2c8f0708 in WebCore::RenderObject::arenaDelete (this=0x111a02c4, 
[...]

(arora, qt-webkit)
Program received signal SIGBUS, Bus error.
[Switching to Thread 0x2aace200 (LWP 6063)]
0x2b5ab47c in WebCore::TimerBase::setNextFireTime ()
   from /usr/lib/qt4/libQtWebKit.so.4
(gdb) bt
#0  0x2b5ab47c in WebCore::TimerBase::setNextFireTime ()
   from /usr/lib/qt4/libQtWebKit.so.4
#1  0x2b5ab124 in WebCore::TimerBase::stop ()
   from /usr/lib/qt4/libQtWebKit.so.4
#2  0x2b5aaec0 in WebCore::TimerBase::~TimerBase ()
   from /usr/lib/qt4/libQtWebKit.so.4
#3  0x2b728218 in WebCore::Timer<WebCore::RenderTextControlSingleLine>::~Timer
    () from /usr/lib/qt4/libQtWebKit.so.4
#4  0x2b722550 in WebCore::RenderTextControlSingleLine::~RenderTextControlSingleLine () from /usr/lib/qt4/libQtWebKit.so.4
#5  0x2b6dcd1c in WebCore::RenderObject::arenaDelete ()
   from /usr/lib/qt4/libQtWebKit.so.4
#6  0x2b6dca48 in WebCore::RenderObject::destroy ()
   from /usr/lib/qt4/libQtWebKit.so.4
[...]

(If you tell me I can upload longer backtraces or other gdb outputs)
 
The bus error occurs while reading the value in m_nextFireTime:
"double oldTime = m_nextFireTime;" -> SIGBUS. I'm not a developer
so I cannot debug it by myself, but I added the following at the beginning 
of void TimerBase::setNextFireTime(double newTime):
printf(" m_nextFireTimeAddress:%i \n",&m_nextFireTime); fflush(stdout);
printf(" m_nextFireTime:%e \n",m_nextFireTime); fflush(stdout);

Webkit now prints many of those messages, as long as I do not close a tab or
load a new page in an existing tab. It seems there are many timers destroyed 
successfully. But if I close a tab or simply click a link in an existing web 
page which opens in the current window, the last line printed before
SIGBUS is m_nextFireTimeAddress:xxx. The address printed is always near 
all those adresses printed before, so for me it seems it could be a valid one.
(btw: it's a 32 bit binary, but the kernel is 64bit. Is "%i" right then??)
But while many addresses printed without crashing webkit are printed multiple 
times, the crashing one I cannot find upwards.
Comment 1 Jake Knickerbocker 2010-06-28 03:03:32 PDT 
I'm hitting this same issue on an older build (r44552) and was able to get rid of the SIGBUS crash by using a patch very similar to one used for Sparc as listed in bug 19946. 

https://bugs.webkit.org/show_bug.cgi?id=19946

This involves dealing with alignment in the Arena memory management and solves the problem (I think), and I am able click links and browse, but hitting pages with lots of content causes a SIGSEGV consistently.  No stability.  

I'm curious to know if there is a good solution to this.
Comment 2 deepak 2010-08-14 02:34:54 PDT 
Even I am facing same issue .. My browser doesnt have any tabs , but whenver i click on new links it crashes. I found many bug topics related to alignment issues on mips, following link helped in solve many alignment warnings , but still im getting bus error :(

https://bugs.webkit.org/show_bug.cgi?id=29415 https://bugs.webkit.org/show_bug.cgi?id=38045

Thanks
Comment 3 Petr Pisar 2010-11-17 12:12:22 PST 
webkit-gtk-1.2.5 inside Midori affected too (MIPS64 with n32 user space, Loongson processor, Gentoo).
Comment 4 Michał Masłowski 2011-07-01 15:43:33 PDT 
Created attachment 99530 [details]
patch enabling the fix for other architectures on MIPS N32

This patch for WebKit GTK 1.4.1 enables treating MIPS N32 as MIPS, so the alignment fix for O32 is used.  It also disables JIT on MIPS N32, since it needs a nonavailable file.
Comment 5 WebKit Commit Bot 2014-03-08 03:58:47 PST 
Attachment 99530 [details] did not pass style-queue:


Total errors found: 0 in 0 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 6 Martin Robinson 2014-04-08 18:17:29 PDT 
Still a problem?