Bug 33761 - segfault in JSC::JITCode::execute (Soup resolving PAC?)
Summary: segfault in JSC::JITCode::execute (Soup resolving PAC?)
Status: UNCONFIRMED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 420+
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
: 44231 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-01-16 07:18 PST by brian
Modified: 2014-10-22 10:31 PDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description brian 2010-01-16 07:18:29 PST
I don't know that the Version: field is accurate.  The version numbers here don't seem to match up with the libwebkit packages I have installed on my Ubuntu Karmic system here:

ii  libwebkit-1.0-2   1.1.15.2-1   Web content engine library for Gtk+

In any case, I seem to have gotten a segfault in gnome-panel which appears to be a fault in webkit's JS engine, as called by libproxy:

Thread 5 (Thread 26356):
#0  0x00aa0422 in __kernel_vsyscall ()
No symbol table info available.
#1  0x004a3829 in __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:142
No locals.
#2  0x0049ef3b in _L_lock_752 () from /lib/tls/i686/cmov/libpthread.so.0
No locals.
#3  0x0049ed51 in __pthread_mutex_lock (mutex=0x134e1d8) at pthread_mutex_lock.c:61
        ignore3 = 0
        ignore1 = -512
        ignore2 = 128
        __PRETTY_FUNCTION__ = "__pthread_mutex_lock"
        type = <value optimized out>
#4  0x0134ad6f in get_proxy_uri_async (proxy_uri_resolver=0x968b190, uri=0x99f8020, async_context=0x0, cancellable=0x99f8040, callback=0x1172860 <resolved_proxy_uri>, user_data=0x99f9c30) at soup-proxy-resolver-gnome.c:432
No locals.
#5  0x0116cf96 in soup_proxy_uri_resolver_get_proxy_uri_async (proxy_uri_resolver=0x968b190, uri=0x99f8020, async_context=0x0, cancellable=0x99f8040, callback=0x1172860 <resolved_proxy_uri>, user_data=0x99f9c30) at soup-proxy-uri-resolver.c:67
No locals.
#6  0x01172783 in resolve_proxy_addr (sa=<value optimized out>) at soup-session-async.c:198
No locals.
#7  run_queue (sa=<value optimized out>) at soup-session-async.c:329
        session = 0x96b4560
        queue = 0x9880050
        item = 0x99f9c30
        msg = <value optimized out>
        conn = <value optimized out>
        try_pruning = 1
        should_prune = 0
#8  0x011727c8 in idle_run_queue (sa=0x96b4560) at soup-session-async.c:397
No locals.
#9  0x004e7101 in g_idle_dispatch (source=0x99f9280, callback=0xfffffe00, user_data=0x96b4560) at /build/buildd/glib2.0-2.22.3/glib/gmain.c:4065
No locals.
#10 0x004e8e88 in g_main_dispatch (context=0x9329310) at /build/buildd/glib2.0-2.22.3/glib/gmain.c:1960
        dispatch = 0x4e70e0 <g_idle_dispatch>
        user_data = 0x96b4560
        callback = 0x1172790 <idle_run_queue>
        cb_funcs = 0x56631c
        cb_data = 0x99f9428
        current_source_link = {data = 0x99f9280, next = 0x0}
        source = 0x99f9280
        current = 0x932f2e0
        i = 4
#11 IA__g_main_context_dispatch (context=0x9329310) at /build/buildd/glib2.0-2.22.3/glib/gmain.c:2513
No locals.
#12 0x004ec730 in g_main_context_iterate (context=0x9329310, block=<value optimized out>, dispatch=1, self=0x92ee220) at /build/buildd/glib2.0-2.22.3/glib/gmain.c:2591
        max_priority = 0
        timeout = 0
        some_ready = 1
        nfds = <value optimized out>
        allocated_nfds = <value optimized out>
        fds = <value optimized out>
        __PRETTY_FUNCTION__ = "g_main_context_iterate"
#13 0x004ecb9f in IA__g_main_loop_run (loop=0x94bde20) at /build/buildd/glib2.0-2.22.3/glib/gmain.c:2799
        self = 0x92ee220
        __PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#14 0x00e07419 in IA__gtk_main () at /build/buildd/gtk+2.0-2.18.3/gtk/gtkmain.c:1218
        tmp_list = 0x9353e18
        functions = 0x0
        init = 0x0
        loop = 0x94bde20
#15 0x08063870 in main (argc=1, argv=0xbfc199f4) at main.c:154
        context = <value optimized out>
        program = <value optimized out>
        app = 0xbfc19948
        new_app = 0x79ed20
        gc = 0x932fcc0
        l = 0x935778c

Thread 4 (Thread 26879):
#0  0x00aa0422 in __kernel_vsyscall ()
No symbol table info available.
#1  0x004a3829 in __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:142
No locals.
#2  0x0049ef3b in _L_lock_752 () from /lib/tls/i686/cmov/libpthread.so.0
No locals.
#3  0x0049ed51 in __pthread_mutex_lock (mutex=0x134e1d8) at pthread_mutex_lock.c:61
        ignore3 = 0
        ignore1 = -512
        ignore2 = 128
        __PRETTY_FUNCTION__ = "__pthread_mutex_lock"
        type = <value optimized out>
#4  0x0134ac39 in get_proxy_uri_sync (proxy_uri_resolver=0x9807d80, uri=0x9a2a300, cancellable=0x99f2180, proxy_uri=0x9a58688) at soup-proxy-resolver-gnome.c:467
        status = <value optimized out>
#5  0x0134af19 in libproxy_threadpool_func (user_data=0x9a58680, thread_data=0x0) at soup-proxy-resolver-gnome.c:410
No locals.
#6  0x005149af in g_thread_pool_thread_proxy (data=0x9a05508) at /build/buildd/glib2.0-2.22.3/glib/gthreadpool.c:265
        task = 0x9a58680
        pool = 0x9a05508
#7  0x0051337f in g_thread_create_proxy (data=0xb30004b0) at /build/buildd/glib2.0-2.22.3/glib/gthread.c:635
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#8  0x0049c80e in start_thread (arg=0xb2fffb70) at pthread_create.c:300
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = 0xb2fffb70
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4902900, 0, 4001536, -1291848696, 627275499, 1225427854}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <value optimized out>
        robust = <value optimized out>
#9  0x009a97ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
No locals.

Thread 3 (Thread 26878):
#0  0x00aa0422 in __kernel_vsyscall ()
No symbol table info available.
#1  0x004a3829 in __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:142
No locals.
#2  0x0049ef3b in _L_lock_752 () from /lib/tls/i686/cmov/libpthread.so.0
No locals.
#3  0x0049ed51 in __pthread_mutex_lock (mutex=0x134e1d8) at pthread_mutex_lock.c:61
        ignore3 = 0
        ignore1 = -512
        ignore2 = 128
        __PRETTY_FUNCTION__ = "__pthread_mutex_lock"
        type = <value optimized out>
#4  0x0134ac39 in get_proxy_uri_sync (proxy_uri_resolver=0x9844440, uri=0x9a586c0, cancellable=0x9a04260, proxy_uri=0x9a587c8) at soup-proxy-resolver-gnome.c:467
        status = <value optimized out>
#5  0x0134af19 in libproxy_threadpool_func (user_data=0x9a587c0, thread_data=0x0) at soup-proxy-resolver-gnome.c:410
No locals.
#6  0x005149af in g_thread_pool_thread_proxy (data=0x9a05508) at /build/buildd/glib2.0-2.22.3/glib/gthreadpool.c:265
        task = 0x9a587c0
        pool = 0x9a05508
#7  0x0051337f in g_thread_create_proxy (data=0x9a329a8) at /build/buildd/glib2.0-2.22.3/glib/gthread.c:635
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#8  0x0049c80e in start_thread (arg=0xb3902b70) at pthread_create.c:300
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = 0xb3902b70
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4902900, 0, 4001536, -1282399224, -87853335, 1225427854}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <value optimized out>
        robust = <value optimized out>
#9  0x009a97ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
No locals.

Thread 2 (Thread 26883):
#0  0x00aa0422 in __kernel_vsyscall ()
No symbol table info available.
#1  0x004a0e15 in pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:122
No locals.
#2  0xb5037447 in WTF::TCMalloc_PageHeap::scavengerThread (this=0xb5aaec60) at ../JavaScriptCore/wtf/FastMalloc.cpp:2291
No locals.
#3  0xb5037481 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0xb5aaec60) at ../JavaScriptCore/wtf/FastMalloc.cpp:1429
No locals.
#4  0x0049c80e in start_thread (arg=0xb27feb70) at pthread_create.c:300
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = 0xb27feb70
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4902900, 0, 4001536, -1300241400, 625178346, 1225427854}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <value optimized out>
        robust = <value optimized out>
#5  0x009a97ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
No locals.

Thread 1 (Thread 26877):
#0  0x012fc4af in ?? ()
No symbol table info available.
#1  0xb4fccb88 in JSC::JITCode::execute (this=0x200, program=0xb4102fc0, callFrame=0xb1f12e24, scopeChain=0xb1efe168, thisObj=0xb1a80000, exception=0xb4102ff8) at ../JavaScriptCore/jit/JITCode.h:79
No locals.
#2  JSC::Interpreter::execute (this=0x200, program=0xb4102fc0, callFrame=0xb1f12e24, scopeChain=0xb1efe168, thisObj=0xb1a80000, exception=0xb4102ff8) at ../JavaScriptCore/interpreter/Interpreter.cpp:655
        oldEnd = 0xb1ade000
        lastGlobalObject = 0xb1a80000
        globalObject = 0xb1a80000
        newEnd = <value optimized out>
        newCallFrame = <value optimized out>
#3  0xb504911f in JSC::evaluate (exec=0xb1f12e24, scopeChain=..., source=..., thisValue=...) at ../JavaScriptCore/runtime/Completion.cpp:60
        thisObj = 0xb1a80000
        exception = {u = {asEncodedJSValue = -8589934592, asDouble = -nan(0xffffe00000000), asBits = {payload = 0, tag = -2}}}
        program = {<JSC::ScriptExecutable> = {<JSC::ExecutableBase> = {<WTF::RefCounted<JSC::ExecutableBase>> = {<WTF::RefCountedBase> = {m_refCount = 1}, <WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, <No data fields>}, _vptr.ExecutableBase = 0xb5a1f940, static NUM_PARAMETERS_IS_HOST = <optimized out>, static NUM_PARAMETERS_NOT_COMPILED = <optimized out>, m_numParameters = -1, m_jitCode = {m_ref = {m_code = {m_value = 0x12fa8e0}, m_executablePool = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0xb1f0a4b0}, m_size = 235}}}, m_source = {m_provider = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0xb1efe678}, m_startChar = 0, m_endChar = 94, m_firstLine = 1}, m_features = 0, m_firstLine = 1, m_lastLine = 1}, m_programCodeBlock = 0xb1f2dee0}
        error = <value optimized out>
        result = <value optimized out>
#4  0xb4f770bf in JSEvaluateScript (ctx=0xb1f12e24, script=0xb1f052f0, thisObject=0x0, sourceURL=0x0, startingLineNumber=1, exception=0x0) at ../JavaScriptCore/API/JSBase.cpp:54
        globalObject = 0xb1a80000
        completion = {m_type = JSC::Normal, m_value = {u = {asEncodedJSValue = -8589934592, asDouble = -nan(0xffffe00000000), asBits = {payload = 0, tag = -2}}}}
        lock = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data fields>}, <No data fields>}, m_lockBehavior = JSC::SilenceAssertionsOnly}
        source = {m_provider = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0xb1efe678}, m_startChar = 0, m_endChar = 94, m_firstLine = 1}
#5  0x03eb53bb in webkit_pacrunner (self=0x9a22828, pac=0x9a2fa90, url=0x9a334f8) at webkit.c:186
        str = 0xb1f052f0
        val = <value optimized out>
        tmp = <value optimized out>
        ctxs = 0x94b2198
#6  0x01354812 in px_proxy_factory_get_proxies (self=0x9a22828, url=0x9a325b8 "http://weather.noaa.gov/cgi-bin/mgetmetar.pl?cccc=KDEN") at proxy_factory.c:732
        realurl = 0x9a334f8
        config = <value optimized out>
        response = 0x94b2198
        tmp = <value optimized out>
        order = <value optimized out>
        orderv = 0x13558b0
        wpad_fallback_env = <value optimized out>
        do_wpad_fallback = 161685496
        ignores = 0x9a31ff8
#7  0x0134aa91 in get_proxy_for_uri (uri=<value optimized out>, proxy_uri=<value optimized out>) at soup-proxy-resolver-gnome.c:338
        uristr = 0x9a325b8 "http://weather.noaa.gov/cgi-bin/mgetmetar.pl?cccc=KDEN"
        proxies = 0xa8428197
        got_proxy = <value optimized out>
#8  0x0134acda in get_proxy_uri_sync (proxy_uri_resolver=0x9659290, uri=0x9a58760, cancellable=0x9a0bec0, proxy_uri=0x9a58668) at soup-proxy-resolver-gnome.c:472
        status = <value optimized out>
#9  0x0134af19 in libproxy_threadpool_func (user_data=0x9a58660, thread_data=0x0) at soup-proxy-resolver-gnome.c:410
No locals.
#10 0x005149af in g_thread_pool_thread_proxy (data=0x9a05508) at /build/buildd/glib2.0-2.22.3/glib/gthreadpool.c:265
        task = 0x9a58660
        pool = 0x9a05508
#11 0x0051337f in g_thread_create_proxy (data=0x95ca650) at /build/buildd/glib2.0-2.22.3/glib/gthread.c:635
        __PRETTY_FUNCTION__ = "g_thread_create_proxy"
#12 0x0049c80e in start_thread (arg=0xb4103b70) at pthread_create.c:300
        __res = <value optimized out>
        __ignore1 = <value optimized out>
        __ignore2 = <value optimized out>
        pd = 0xb4103b70
        now = <value optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4902900, 0, 4001536, -1274006520, -85756186, 1225427854}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = <value optimized out>
        robust = <value optimized out>
#13 0x009a97ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Unfortunately I have no idea what's in frame 0 of thread 1, so I don't know which debugging library I need to install to decode it.
Comment 1 brian 2010-03-11 08:25:11 PST
Is there any reason that this has not even been triaged yet?  Am I incorrect in reporting this here?
Comment 2 brian 2010-03-16 03:59:56 PDT
Per the webkit-dev list, I just wanted to add that I have hit this bug a number of times, not just the single time I reported it here.
Comment 3 Andrew Scherkus 2010-08-19 09:44:08 PDT
*** Bug 44231 has been marked as a duplicate of this bug. ***