[Webkit-unassigned] [Bug 33761] New: segfault in JSC::JITCode::execute
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jan 16 07:18:30 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=33761
Summary: segfault in JSC::JITCode::execute
Product: WebKit
Version: 420+
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: Critical
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: brian at interlinx.bc.ca
I don't know that the Version: field is accurate. The version numbers here
don't seem to match up with the libwebkit packages I have installed on my
Ubuntu Karmic system here:
ii libwebkit-1.0-2 1.1.15.2-1 Web content engine library for Gtk+
In any case, I seem to have gotten a segfault in gnome-panel which appears to
be a fault in webkit's JS engine, as called by libproxy:
Thread 5 (Thread 26356):
#0 0x00aa0422 in __kernel_vsyscall ()
No symbol table info available.
#1 0x004a3829 in __lll_lock_wait () at
../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:142
No locals.
#2 0x0049ef3b in _L_lock_752 () from /lib/tls/i686/cmov/libpthread.so.0
No locals.
#3 0x0049ed51 in __pthread_mutex_lock (mutex=0x134e1d8) at
pthread_mutex_lock.c:61
ignore3 = 0
ignore1 = -512
ignore2 = 128
__PRETTY_FUNCTION__ = "__pthread_mutex_lock"
type = <value optimized out>
#4 0x0134ad6f in get_proxy_uri_async (proxy_uri_resolver=0x968b190,
uri=0x99f8020, async_context=0x0, cancellable=0x99f8040, callback=0x1172860
<resolved_proxy_uri>, user_data=0x99f9c30) at soup-proxy-resolver-gnome.c:432
No locals.
#5 0x0116cf96 in soup_proxy_uri_resolver_get_proxy_uri_async
(proxy_uri_resolver=0x968b190, uri=0x99f8020, async_context=0x0,
cancellable=0x99f8040, callback=0x1172860 <resolved_proxy_uri>,
user_data=0x99f9c30) at soup-proxy-uri-resolver.c:67
No locals.
#6 0x01172783 in resolve_proxy_addr (sa=<value optimized out>) at
soup-session-async.c:198
No locals.
#7 run_queue (sa=<value optimized out>) at soup-session-async.c:329
session = 0x96b4560
queue = 0x9880050
item = 0x99f9c30
msg = <value optimized out>
conn = <value optimized out>
try_pruning = 1
should_prune = 0
#8 0x011727c8 in idle_run_queue (sa=0x96b4560) at soup-session-async.c:397
No locals.
#9 0x004e7101 in g_idle_dispatch (source=0x99f9280, callback=0xfffffe00,
user_data=0x96b4560) at /build/buildd/glib2.0-2.22.3/glib/gmain.c:4065
No locals.
#10 0x004e8e88 in g_main_dispatch (context=0x9329310) at
/build/buildd/glib2.0-2.22.3/glib/gmain.c:1960
dispatch = 0x4e70e0 <g_idle_dispatch>
user_data = 0x96b4560
callback = 0x1172790 <idle_run_queue>
cb_funcs = 0x56631c
cb_data = 0x99f9428
current_source_link = {data = 0x99f9280, next = 0x0}
source = 0x99f9280
current = 0x932f2e0
i = 4
#11 IA__g_main_context_dispatch (context=0x9329310) at
/build/buildd/glib2.0-2.22.3/glib/gmain.c:2513
No locals.
#12 0x004ec730 in g_main_context_iterate (context=0x9329310, block=<value
optimized out>, dispatch=1, self=0x92ee220) at
/build/buildd/glib2.0-2.22.3/glib/gmain.c:2591
max_priority = 0
timeout = 0
some_ready = 1
nfds = <value optimized out>
allocated_nfds = <value optimized out>
fds = <value optimized out>
__PRETTY_FUNCTION__ = "g_main_context_iterate"
#13 0x004ecb9f in IA__g_main_loop_run (loop=0x94bde20) at
/build/buildd/glib2.0-2.22.3/glib/gmain.c:2799
self = 0x92ee220
__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#14 0x00e07419 in IA__gtk_main () at
/build/buildd/gtk+2.0-2.18.3/gtk/gtkmain.c:1218
tmp_list = 0x9353e18
functions = 0x0
init = 0x0
loop = 0x94bde20
#15 0x08063870 in main (argc=1, argv=0xbfc199f4) at main.c:154
context = <value optimized out>
program = <value optimized out>
app = 0xbfc19948
new_app = 0x79ed20
gc = 0x932fcc0
l = 0x935778c
Thread 4 (Thread 26879):
#0 0x00aa0422 in __kernel_vsyscall ()
No symbol table info available.
#1 0x004a3829 in __lll_lock_wait () at
../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:142
No locals.
#2 0x0049ef3b in _L_lock_752 () from /lib/tls/i686/cmov/libpthread.so.0
No locals.
#3 0x0049ed51 in __pthread_mutex_lock (mutex=0x134e1d8) at
pthread_mutex_lock.c:61
ignore3 = 0
ignore1 = -512
ignore2 = 128
__PRETTY_FUNCTION__ = "__pthread_mutex_lock"
type = <value optimized out>
#4 0x0134ac39 in get_proxy_uri_sync (proxy_uri_resolver=0x9807d80,
uri=0x9a2a300, cancellable=0x99f2180, proxy_uri=0x9a58688) at
soup-proxy-resolver-gnome.c:467
status = <value optimized out>
#5 0x0134af19 in libproxy_threadpool_func (user_data=0x9a58680,
thread_data=0x0) at soup-proxy-resolver-gnome.c:410
No locals.
#6 0x005149af in g_thread_pool_thread_proxy (data=0x9a05508) at
/build/buildd/glib2.0-2.22.3/glib/gthreadpool.c:265
task = 0x9a58680
pool = 0x9a05508
#7 0x0051337f in g_thread_create_proxy (data=0xb30004b0) at
/build/buildd/glib2.0-2.22.3/glib/gthread.c:635
__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#8 0x0049c80e in start_thread (arg=0xb2fffb70) at pthread_create.c:300
__res = <value optimized out>
__ignore1 = <value optimized out>
__ignore2 = <value optimized out>
pd = 0xb2fffb70
now = <value optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4902900, 0, 4001536,
-1291848696, 627275499, 1225427854}, mask_was_saved = 0}}, priv = {pad = {0x0,
0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#9 0x009a97ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
No locals.
Thread 3 (Thread 26878):
#0 0x00aa0422 in __kernel_vsyscall ()
No symbol table info available.
#1 0x004a3829 in __lll_lock_wait () at
../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/lowlevellock.S:142
No locals.
#2 0x0049ef3b in _L_lock_752 () from /lib/tls/i686/cmov/libpthread.so.0
No locals.
#3 0x0049ed51 in __pthread_mutex_lock (mutex=0x134e1d8) at
pthread_mutex_lock.c:61
ignore3 = 0
ignore1 = -512
ignore2 = 128
__PRETTY_FUNCTION__ = "__pthread_mutex_lock"
type = <value optimized out>
#4 0x0134ac39 in get_proxy_uri_sync (proxy_uri_resolver=0x9844440,
uri=0x9a586c0, cancellable=0x9a04260, proxy_uri=0x9a587c8) at
soup-proxy-resolver-gnome.c:467
status = <value optimized out>
#5 0x0134af19 in libproxy_threadpool_func (user_data=0x9a587c0,
thread_data=0x0) at soup-proxy-resolver-gnome.c:410
No locals.
#6 0x005149af in g_thread_pool_thread_proxy (data=0x9a05508) at
/build/buildd/glib2.0-2.22.3/glib/gthreadpool.c:265
task = 0x9a587c0
pool = 0x9a05508
#7 0x0051337f in g_thread_create_proxy (data=0x9a329a8) at
/build/buildd/glib2.0-2.22.3/glib/gthread.c:635
__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#8 0x0049c80e in start_thread (arg=0xb3902b70) at pthread_create.c:300
__res = <value optimized out>
__ignore1 = <value optimized out>
__ignore2 = <value optimized out>
pd = 0xb3902b70
now = <value optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4902900, 0, 4001536,
-1282399224, -87853335, 1225427854}, mask_was_saved = 0}}, priv = {pad = {0x0,
0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#9 0x009a97ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
No locals.
Thread 2 (Thread 26883):
#0 0x00aa0422 in __kernel_vsyscall ()
No symbol table info available.
#1 0x004a0e15 in pthread_cond_wait@@GLIBC_2.3.2 () at
../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_wait.S:122
No locals.
#2 0xb5037447 in WTF::TCMalloc_PageHeap::scavengerThread (this=0xb5aaec60) at
../JavaScriptCore/wtf/FastMalloc.cpp:2291
No locals.
#3 0xb5037481 in WTF::TCMalloc_PageHeap::runScavengerThread
(context=0xb5aaec60) at ../JavaScriptCore/wtf/FastMalloc.cpp:1429
No locals.
#4 0x0049c80e in start_thread (arg=0xb27feb70) at pthread_create.c:300
__res = <value optimized out>
__ignore1 = <value optimized out>
__ignore2 = <value optimized out>
pd = 0xb27feb70
now = <value optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4902900, 0, 4001536,
-1300241400, 625178346, 1225427854}, mask_was_saved = 0}}, priv = {pad = {0x0,
0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#5 0x009a97ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
No locals.
Thread 1 (Thread 26877):
#0 0x012fc4af in ?? ()
No symbol table info available.
#1 0xb4fccb88 in JSC::JITCode::execute (this=0x200, program=0xb4102fc0,
callFrame=0xb1f12e24, scopeChain=0xb1efe168, thisObj=0xb1a80000,
exception=0xb4102ff8) at ../JavaScriptCore/jit/JITCode.h:79
No locals.
#2 JSC::Interpreter::execute (this=0x200, program=0xb4102fc0,
callFrame=0xb1f12e24, scopeChain=0xb1efe168, thisObj=0xb1a80000,
exception=0xb4102ff8) at ../JavaScriptCore/interpreter/Interpreter.cpp:655
oldEnd = 0xb1ade000
lastGlobalObject = 0xb1a80000
globalObject = 0xb1a80000
newEnd = <value optimized out>
newCallFrame = <value optimized out>
#3 0xb504911f in JSC::evaluate (exec=0xb1f12e24, scopeChain=..., source=...,
thisValue=...) at ../JavaScriptCore/runtime/Completion.cpp:60
thisObj = 0xb1a80000
exception = {u = {asEncodedJSValue = -8589934592, asDouble =
-nan(0xffffe00000000), asBits = {payload = 0, tag = -2}}}
program = {<JSC::ScriptExecutable> = {<JSC::ExecutableBase> =
{<WTF::RefCounted<JSC::ExecutableBase>> = {<WTF::RefCountedBase> = {m_refCount
= 1}, <WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No data
fields>}, <No data fields>}, <No data fields>}, _vptr.ExecutableBase =
0xb5a1f940, static NUM_PARAMETERS_IS_HOST = <optimized out>, static
NUM_PARAMETERS_NOT_COMPILED = <optimized out>, m_numParameters = -1, m_jitCode
= {m_ref = {m_code = {m_value = 0x12fa8e0}, m_executablePool =
{<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0xb1f0a4b0}, m_size =
235}}}, m_source = {m_provider = {<WTF::FastAllocBase> = {<No data fields>},
m_ptr = 0xb1efe678}, m_startChar = 0, m_endChar = 94, m_firstLine = 1},
m_features = 0, m_firstLine = 1, m_lastLine = 1}, m_programCodeBlock =
0xb1f2dee0}
error = <value optimized out>
result = <value optimized out>
#4 0xb4f770bf in JSEvaluateScript (ctx=0xb1f12e24, script=0xb1f052f0,
thisObject=0x0, sourceURL=0x0, startingLineNumber=1, exception=0x0) at
../JavaScriptCore/API/JSBase.cpp:54
globalObject = 0xb1a80000
completion = {m_type = JSC::Normal, m_value = {u = {asEncodedJSValue =
-8589934592, asDouble = -nan(0xffffe00000000), asBits = {payload = 0, tag =
-2}}}}
lock = {<WTFNoncopyable::Noncopyable> = {<WTF::FastAllocBase> = {<No
data fields>}, <No data fields>}, m_lockBehavior = JSC::SilenceAssertionsOnly}
source = {m_provider = {<WTF::FastAllocBase> = {<No data fields>},
m_ptr = 0xb1efe678}, m_startChar = 0, m_endChar = 94, m_firstLine = 1}
#5 0x03eb53bb in webkit_pacrunner (self=0x9a22828, pac=0x9a2fa90,
url=0x9a334f8) at webkit.c:186
str = 0xb1f052f0
val = <value optimized out>
tmp = <value optimized out>
ctxs = 0x94b2198
#6 0x01354812 in px_proxy_factory_get_proxies (self=0x9a22828, url=0x9a325b8
"http://weather.noaa.gov/cgi-bin/mgetmetar.pl?cccc=KDEN") at
proxy_factory.c:732
realurl = 0x9a334f8
config = <value optimized out>
response = 0x94b2198
tmp = <value optimized out>
order = <value optimized out>
orderv = 0x13558b0
wpad_fallback_env = <value optimized out>
do_wpad_fallback = 161685496
ignores = 0x9a31ff8
#7 0x0134aa91 in get_proxy_for_uri (uri=<value optimized out>,
proxy_uri=<value optimized out>) at soup-proxy-resolver-gnome.c:338
uristr = 0x9a325b8
"http://weather.noaa.gov/cgi-bin/mgetmetar.pl?cccc=KDEN"
proxies = 0xa8428197
got_proxy = <value optimized out>
#8 0x0134acda in get_proxy_uri_sync (proxy_uri_resolver=0x9659290,
uri=0x9a58760, cancellable=0x9a0bec0, proxy_uri=0x9a58668) at
soup-proxy-resolver-gnome.c:472
status = <value optimized out>
#9 0x0134af19 in libproxy_threadpool_func (user_data=0x9a58660,
thread_data=0x0) at soup-proxy-resolver-gnome.c:410
No locals.
#10 0x005149af in g_thread_pool_thread_proxy (data=0x9a05508) at
/build/buildd/glib2.0-2.22.3/glib/gthreadpool.c:265
task = 0x9a58660
pool = 0x9a05508
#11 0x0051337f in g_thread_create_proxy (data=0x95ca650) at
/build/buildd/glib2.0-2.22.3/glib/gthread.c:635
__PRETTY_FUNCTION__ = "g_thread_create_proxy"
#12 0x0049c80e in start_thread (arg=0xb4103b70) at pthread_create.c:300
__res = <value optimized out>
__ignore1 = <value optimized out>
__ignore2 = <value optimized out>
pd = 0xb4103b70
now = <value optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {4902900, 0, 4001536,
-1274006520, -85756186, 1225427854}, mask_was_saved = 0}}, priv = {pad = {0x0,
0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#13 0x009a97ee in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
Unfortunately I have no idea what's in frame 0 of thread 1, so I don't know
which debugging library I need to install to decode it.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list