UNCONFIRMED Bug 29954
[MIPS] WebKit SIGBUS when destroying old page (closing tab or simply reloading a web page) 
https://bugs.webkit.org/show_bug.cgi?id=29954
Summary [MIPS] WebKit SIGBUS when destroying old page (closing tab or simply reloadin...
Michael Heide
Reported 2009-10-01 01:14:04 PDT
I'm trying to use webkit with a Loongson 2F machine (Fuloong 2F) (MIPS64 N32 with Loongson specific instructions). I'm using Gentoo Linux and I tried arora (qt-webkit 4.5.2-r1) and midori (webkit-gtk 1.1.10). Both are crashing with the similar Bus Error when closing tabs or loading a new web page in an old tab (i.e. clicking on a link). Middleclicking a link, i.e. open in a new tab, is working fine. backtraces: (midori, webkit-gtk) Program received signal SIGBUS, Bus error. [Switching to Thread 0x2fc28eb0 (LWP 1181)] 0x2c6ed84c in WebCore::TimerBase::setNextFireTime (this=0x111a0364, newTime=0) at WebCore/platform/Timer.cpp:302 302 WebCore/platform/Timer.cpp: No such file or directory. in WebCore/platform/Timer.cpp Current language: auto; currently c++ (gdb) bt #0 0x2c6ed84c in WebCore::TimerBase::setNextFireTime (this=0x111a0364, newTime=0) at WebCore/platform/Timer.cpp:302 #1 0x2c6ecf94 in WebCore::TimerBase::stop (this=0x111a0364) at WebCore/platform/Timer.cpp:197 #2 0x2c6ecb10 in ~TimerBase (this=0x111a0364) at WebCore/platform/Timer.cpp:180 #3 0x2c94a2fc in ~Timer (this=0x111a0364) at ./WebCore/platform/Timer.h:90 #4 0x2c943250 in ~RenderTextControlSingleLine (this=0x111a02c4) at WebCore/rendering/RenderTextControlSingleLine.cpp:70 #5 0x2c8f0708 in WebCore::RenderObject::arenaDelete (this=0x111a02c4, [...] (arora, qt-webkit) Program received signal SIGBUS, Bus error. [Switching to Thread 0x2aace200 (LWP 6063)] 0x2b5ab47c in WebCore::TimerBase::setNextFireTime () from /usr/lib/qt4/libQtWebKit.so.4 (gdb) bt #0 0x2b5ab47c in WebCore::TimerBase::setNextFireTime () from /usr/lib/qt4/libQtWebKit.so.4 #1 0x2b5ab124 in WebCore::TimerBase::stop () from /usr/lib/qt4/libQtWebKit.so.4 #2 0x2b5aaec0 in WebCore::TimerBase::~TimerBase () from /usr/lib/qt4/libQtWebKit.so.4 #3 0x2b728218 in WebCore::Timer<WebCore::RenderTextControlSingleLine>::~Timer () from /usr/lib/qt4/libQtWebKit.so.4 #4 0x2b722550 in WebCore::RenderTextControlSingleLine::~RenderTextControlSingleLine () from /usr/lib/qt4/libQtWebKit.so.4 #5 0x2b6dcd1c in WebCore::RenderObject::arenaDelete () from /usr/lib/qt4/libQtWebKit.so.4 #6 0x2b6dca48 in WebCore::RenderObject::destroy () from /usr/lib/qt4/libQtWebKit.so.4 [...] (If you tell me I can upload longer backtraces or other gdb outputs) The bus error occurs while reading the value in m_nextFireTime: "double oldTime = m_nextFireTime;" -> SIGBUS. I'm not a developer so I cannot debug it by myself, but I added the following at the beginning of void TimerBase::setNextFireTime(double newTime): printf(" m_nextFireTimeAddress:%i \n",&m_nextFireTime); fflush(stdout); printf(" m_nextFireTime:%e \n",m_nextFireTime); fflush(stdout); Webkit now prints many of those messages, as long as I do not close a tab or load a new page in an existing tab. It seems there are many timers destroyed successfully. But if I close a tab or simply click a link in an existing web page which opens in the current window, the last line printed before SIGBUS is m_nextFireTimeAddress:xxx. The address printed is always near all those adresses printed before, so for me it seems it could be a valid one. (btw: it's a 32 bit binary, but the kernel is 64bit. Is "%i" right then??) But while many addresses printed without crashing webkit are printed multiple times, the crashing one I cannot find upwards.
Attachments
patch enabling the fix for other architectures on MIPS N32 (1.06 KB, patch)
2011-07-01 15:43 PDT, Michał Masłowski 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jake Knickerbocker
Comment 1 2010-06-28 03:03:32 PDT
I'm hitting this same issue on an older build (r44552) and was able to get rid of the SIGBUS crash by using a patch very similar to one used for Sparc as listed in bug 19946. https://bugs.webkit.org/show_bug.cgi?id=19946 This involves dealing with alignment in the Arena memory management and solves the problem (I think), and I am able click links and browse, but hitting pages with lots of content causes a SIGSEGV consistently. No stability. I'm curious to know if there is a good solution to this.
deepak
Comment 2 2010-08-14 02:34:54 PDT
Even I am facing same issue .. My browser doesnt have any tabs , but whenver i click on new links it crashes. I found many bug topics related to alignment issues on mips, following link helped in solve many alignment warnings , but still im getting bus error :( https://bugs.webkit.org/show_bug.cgi?id=29415 https://bugs.webkit.org/show_bug.cgi?id=38045 Thanks
Petr Pisar
Comment 3 2010-11-17 12:12:22 PST
webkit-gtk-1.2.5 inside Midori affected too (MIPS64 with n32 user space, Loongson processor, Gentoo).
Michał Masłowski
Comment 4 2011-07-01 15:43:33 PDT
Created attachment 99530 [details] patch enabling the fix for other architectures on MIPS N32 This patch for WebKit GTK 1.4.1 enables treating MIPS N32 as MIPS, so the alignment fix for O32 is used. It also disables JIT on MIPS N32, since it needs a nonavailable file.
WebKit Commit Bot
Comment 5 2014-03-08 03:58:47 PST
Attachment 99530 [details] did not pass style-queue: Total errors found: 0 in 0 files If any of these errors are false positives, please file a bug against check-webkit-style.
Martin Robinson
Comment 6 2014-04-08 18:17:29 PDT
Still a problem?
Note You need to log in before you can comment on or make changes to this bug.