Bug 38539 - SIGILL in JSC::JSCallbackObject<JSC::JSGlobalObject>::init(JSC::ExecState*) when visiting etherpad
Summary: SIGILL in JSC::JSCallbackObject<JSC::JSGlobalObject>::init(JSC::ExecState*) w...
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.6
: P2 Normal
Assignee: Nobody
URL: http://doc.etherpad.org
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2010-05-04 12:30 PDT by René Köcher
Modified: 2013-07-11 09:44 PDT (History)
4 users (show)

See Also:

Attachments
OSX CrashReporter log (8.40 KB, text/plain)
2010-05-04 12:30 PDT, René Köcher 		no flags Details
Complete crash log including loaded libraries etc. (41.53 KB, text/plain)
2010-05-04 15:05 PDT, René Köcher 		no flags Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description René Köcher 2010-05-04 12:30:10 PDT 
Created attachment 55037 [details]
OSX CrashReporter log

WebKit will crash when visiting an etherpad server with at least one additional person in the same pad.

STEPS TO REPRODUCE:
- browse to a public etherpad server (e.g. doc.etherpad.org)
- create or visit a public pad
- get another person to visit the same pad

EXPECTED BEHAVIOR
- collaborative editing with etherpad

OBSERVED BEHAVIOR
- WebKit will crash

REPRODUCIBLE:
- always

OSX Crash reporter indicates a crash (illegal instruction, SIGILL) in JSC::JSCallbackObject<JSC::JSGlobalObject>::init(JSC::ExecState*).
See the attached log for details.
Comment 1 René Köcher 2010-05-04 12:35:25 PDT 
#33717 is a similar bug on PC/Linux but crashing in a different code location.
Comment 2 Mark Rowe (bdash) 2010-05-04 13:37:08 PDT 
<rdar://problem/7941684>
Comment 3 Oliver Hunt 2010-05-04 14:16:15 PDT 
Do you have any screen readers or anything installed?
Comment 4 René Köcher 2010-05-04 14:26:07 PDT 
(In reply to comment #3)
> Do you have any screen readers or anything installed?

No, just plain Safari / WebKit Nightly (reproducible in both versions).
Comment 5 Oliver Hunt 2010-05-04 14:29:59 PDT 
Can you include a complete crashlog?  including the various libraries loaded?  I can't reproduce it locally are there any other steps you think maybe necessary?

I'm doing:
1. doc.etherpad.org
2. create a public pad
3. use firefox to open that same pad

i've also tried typing, and setting a user name.  Any other thoughts as to what i might be missing?
Comment 6 René Köcher 2010-05-04 15:05:37 PDT 
Created attachment 55051 [details]
Complete crash log including loaded libraries etc.

I added a complete crash log including loaded libraries etc.

This log shows the crash in WebKit Nightly, it seems more vulnerable than the normal Safari (which didn't crash in my lastest tries).
Comment 7 Oliver Hunt 2010-05-04 15:11:11 PDT 
Could you try disabling/temporarily removing the end note plugin?
Comment 8 René Köcher 2010-05-05 10:43:25 PDT 
(In reply to comment #7)

Yes, the crash seem to be related to the evernote plugin
(I assume this is what you mean by "the end note plugin").

With the enabled evernote plugin I was able to force the crash even after updating to the latest version.
However the crash was gone after removing it.
Comment 9 Oliver Hunt 2010-05-05 11:13:54 PDT 
(In reply to comment #8)
> (In reply to comment #7)
> 
> Yes, the crash seem to be related to the evernote plugin
> (I assume this is what you mean by "the end note plugin").
> 
> With the enabled evernote plugin I was able to force the crash even after
> updating to the latest version.
> However the crash was gone after removing it.

Okay cheers, i'll have to look into what the plugin is doing.  Sigh.

/me stabs haxies
Comment 10 kardan 2013-07-07 13:34:53 PDT 
this bug just appeared in epiphany 3.4.2 with webkit 2.0.3.

Happened with serveral (mozilla, titanpad, piratenpad) pads and

$ epiphany-browser https://github.com/anything

Program received signal SIGILL, Illegal instruction.
0xa3d4d087 in ?? ()

#0  0xa1bc5fc7 in ?? ()
#1  0xb4fafa19 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) ()
   from /usr/lib/libjavascriptcoregtk-3.0.so.0
#2  0xb50a3338 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) ()
   from /usr/lib/libjavascriptcoregtk-3.0.so.0
#3  0xb6376cab in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) ()
   from /usr/lib/libwebkitgtk-3.0.so.0
#4  0xb63772bb in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) ()
   from /usr/lib/libwebkitgtk-3.0.so.0
#5  0xb6589374 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) ()
   from /usr/lib/libwebkitgtk-3.0.so.0
#6  0xb676af82 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) ()
   from /usr/lib/libwebkitgtk-3.0.so.0
#7  0xb676b594 in WebCore::HTMLScriptRunner::executeParsingBlockingScript() () from /usr/lib/libwebkitgtk-3.0.so.0
#8  0xb676b8a8 in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() () from /usr/lib/libwebkitgtk-3.0.so.0
#9  0xb676b8eb in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad(WebCore::CachedResource*) ()
   from /usr/lib/libwebkitgtk-3.0.so.0
#10 0xb6756cb6 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) ()
   from /usr/lib/libwebkitgtk-3.0.so.0
#11 0xb68c7e5b in WebCore::CachedResource::checkNotify() () from /usr/lib/libwebkitgtk-3.0.so.0
#12 0xb68d7499 in WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) ()
   from /usr/lib/libwebkitgtk-3.0.so.0
#13 0xb693df19 in WebCore::SubresourceLoader::didFinishLoading(double) () from /usr/lib/libwebkitgtk-3.0.so.0
#14 0xb6932247 in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) ()
   from /usr/lib/libwebkitgtk-3.0.so.0
#15 0xb7234578 in WebCore::readCallback(_GObject*, _GAsyncResult*, void*) () from /usr/lib/libwebkitgtk-3.0.so.0
#16 0xb57cfd11 in async_ready_callback_wrapper (source_object=0x822ba00, res=0x84c8908, user_data=0xb064c870)
    at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./gio/ginputstream.c:530
#17 0xb57f6497 in g_task_return_now (task=task@entry=0x84c8908) at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./gio/gtask.c:1105
#18 0xb57f64d1 in complete_in_idle_cb (task=task@entry=0x84c8908) at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./gio/gtask.c:1114
#19 0xb555dea0 in g_idle_dispatch (source=source@entry=0x8549ee8, callback=0xb57f64b0 <complete_in_idle_cb>, 
    user_data=0x84c8908) at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./glib/gmain.c:5205
#20 0xb5561353 in g_main_dispatch (context=0x8144150, context@entry=0x8168f28)
    at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./glib/gmain.c:3054
#21 g_main_context_dispatch (context=context@entry=0x8144150) at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./glib/gmain.c:3630
#22 0xb55616f0 in g_main_context_iterate (context=context@entry=0x8144150, block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./glib/gmain.c:3701
#23 0xb55617d1 in g_main_context_iteration (context=0x8144150, context@entry=0x0, may_block=may_block@entry=1)
    at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./glib/gmain.c:3762
#24 0xb581b00c in g_application_run (application=0x813f928, argc=argc@entry=1, argv=argv@entry=0xbffffb44)
    at /build/glib2.0-Q0IaBZ/glib2.0-2.36.3/./gio/gapplication.c:1623
#25 0x0807059a in main (argc=1, argv=0xbffffb44) at ephy-main.c:483

is this fixed already for 2.1.2?
Comment 11 kardan 2013-07-11 06:53:10 PDT 
Same error with webkit 2.1.2, gtk3.0. Please let me know, if you need any further information. Thanks!
Comment 12 Alexey Proskuryakov 2013-07-11 09:44:03 PDT 
It doesn't appear that the crash is still happening on Mac. Please feel free to re-open if I am mistaken.

As for Gtk, please file a new bug if you are still seeing a crash with a similar signature. It's not very likely that it's the same thing, after three years.