Bug 83133
| Summary: | [Qt] REGRESSION(r113138 ): It made fast/workers/worker-multi-startup.html crash on 32 bit | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Csaba Osztrogonác <ossy> |
| Component: | Tools / Tests | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Critical | CC: | levin, ossy, yutak, zherczeg |
| Priority: | P1 | Keywords: | Qt, QtTriaged |
| Version: | 528+ (Nightly build) | ||
| Hardware: | All | ||
| OS: | All | ||
| Bug Depends on: | |||
| Bug Blocks: | 79668 | ||
Csaba Osztrogonác
http://trac.webkit.org/changeset/113138 made fast/workers/worker-multi-startup.html
crash on 32 bit QtWebKit (Qt4, Qt5 WK1 and WK2 too)
crash log:
crash log for DumpRenderTree (pid 4158):
STDOUT: <empty>
STDERR: 1 0xf7070f59 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WTF::OSAllocator::reserveAndCommit(unsigned int, WTF::OSAllocator::Usage, bool, bool, bool)+0x107) [0xf7070f59]
STDERR: 2 0xf7070fb0 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WTF::OSAllocator::reserveUncommitted(unsigned int, WTF::OSAllocator::Usage, bool, bool, bool)+0x3e) [0xf7070fb0]
STDERR: 3 0xf6e88e55 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(JSC::Interpreter::Interpreter()+0x81) [0xf6e88e55]
STDERR: 4 0xf6fb1393 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(JSC::JSGlobalData::JSGlobalData(JSC::JSGlobalData::GlobalDataType, JSC::ThreadStackType, JSC::HeapSize)+0xddd) [0xf6fb1393]
STDERR: 5 0xf6fb3471 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(JSC::JSGlobalData::create(JSC::ThreadStackType, JSC::HeapSize)+0x43) [0xf6fb3471]
STDERR: 6 0xf6754812 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::WorkerScriptController::WorkerScriptController(WebCore::WorkerContext*)+0x32) [0xf6754812]
STDERR: 7 0xf675e7a5 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::WorkerContext::WorkerContext(WebCore::KURL const&, WTF::String const&, WebCore::WorkerThread*, WTF::String const&, WebCore::ContentSecurityPolicy::HeaderType)+0x115) [0xf675e7a5]
STDERR: 8 0xf6759d31 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::DedicatedWorkerContext::DedicatedWorkerContext(WebCore::KURL const&, WTF::String const&, WebCore::DedicatedWorkerThread*, WTF::String const&, WebCore::ContentSecurityPolicy::HeaderType)+0x41) [0xf6759d31]
STDERR: 9 0xf675a376 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::DedicatedWorkerThread::createWorkerContext(WebCore::KURL const&, WTF::String const&, WTF::String const&, WebCore::ContentSecurityPolicy::HeaderType)+0x50) [0xf675a376]
STDERR: 10 0xf6765266 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::WorkerThread::workerThread()+0x56) [0xf6765266]
STDERR: 11 0xf676573f /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::WorkerThread::workerThreadStart(void*)+0x1d) [0xf676573f]
STDERR: 12 0xf705bdc2 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(+0x1b3edc2) [0xf705bdc2]
STDERR: 13 0xf70716b6 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(+0x1b546b6) [0xf70716b6]
STDERR: 14 0xf39d67b0 /lib/libpthread.so.0(+0x57b0) [0xf39d67b0]
STDERR: 15 0xf36f20be /lib/libc.so.6(clone+0x5e) [0xf36f20be]
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Csaba Osztrogonác
https://bugs.webkit.org/show_bug.cgi?id=82873 is a security bug, maybe this crash can be security bug too. Could you check it please?
Yuta Kitamura
I have no idea. Most changes of r113138 are related to WebSocket, and it's unlikely to affect tests not using WebSockets...
r113138 changed the function signature of postTaskForModeToWorkerContext() (returning bool instead of void), and that is the only change to the core worker code in r113138.
Csaba Osztrogonác
I skipped it to paint the bot green - http://trac.webkit.org/changeset/113158/trunk/LayoutTests/platform/qt/Skipped
We have a long list of crashing tests - https://bugs.webkit.org/show_bug.cgi?id=79668, so one more crashing test won't be problem. :)
Csaba Osztrogonác
Here is the gdb backtrace in debug mode:
Program received signal SIGSEGV, Segmentation fault.
0xf4cc415a in JSC::JSValue::asCell (this=0xf1158d70) at ../../../../Source/JavaScriptCore/runtime/JSValueInlineMethods.h:295
295 ASSERT(isCell());
(gdb) bt
#0 0xf4cc415a in JSC::JSValue::asCell (this=0xf1158d70) at ../../../../Source/JavaScriptCore/runtime/JSValueInlineMethods.h:295
#1 0xf4f16b36 in JSC::WeakImplAccessor<JSC::Weak<JSC::Bindings::RuntimeObject>, JSC::Bindings::RuntimeObject>::get (this=0x80f73e8) at ../../../../Source/JavaScriptCore/heap/PassWeak.h:110
#2 0xf4f1661c in JSC::Bindings::Instance::createRuntimeObject (this=0x80f73c8, exec=0xecf7fcb4) at ../../../../Source/WebCore/bridge/jsc/BridgeJSC.cpp:93
#3 0xf4cc9c2e in QWebFrame::addToJavaScriptWindowObject (this=0x81029d0, name=..., object=0x811e8d8, ownership=QScriptEngine::QtOwnership) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:697
#4 0xf4cc9a73 in QWebFrame::addToJavaScriptWindowObject (this=0x81029d0, name=..., object=0x811e8d8) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:649
#5 0x0805e722 in WebCore::DumpRenderTree::initJSObjects (this=0xffffd1e4) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:748
#6 0x0807039c in WebCore::DumpRenderTree::qt_static_metacall (_o=0xffffd1e4, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xffffcdbc) at moc_DumpRenderTreeQt.cpp:81
#7 0xf1ad1af4 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4
#8 0xf4ccfc03 in QWebFrame::javaScriptWindowObjectCleared (this=0x81029d0) at ./moc_qwebframe.cpp:187
#9 0xf4cc8d7a in QWebFramePrivate::didClearWindowObject (this=0x80fc900) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:490
#10 0xf4d2de1c in WebCore::FrameLoaderClientQt::dispatchDidClearWindowObjectInWorld (this=0x81038c0, world=0x8108a88) at ../../../Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:766
#11 0xf555fe07 in WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld (this=0x8104754, world=0x8108a88) at ../../../../Source/WebCore/loader/FrameLoader.cpp:3145
#12 0xf4ecede2 in WebCore::ScriptController::initScript (this=0x8104a78, world=0x8108a88) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:223
#13 0xf4cc5855 in WebCore::ScriptController::windowShell (this=0x8104a78, world=0x8108a88) at ../../../Source/WebCore/bindings/js/ScriptController.h:75
#14 0xf4e6c3ba in WebCore::toJSDOMWindow (frame=0x81046e0, world=0x8108a88) at ../../../../Source/WebCore/bindings/js/JSDOMWindowBase.cpp:231
#15 0xf4d2179f in DumpRenderTreeSupportQt::resetInternalsObject (frame=0x81029d0) at ../../../Source/WebKit/qt/WebCoreSupport/DumpRenderTreeSupportQt.cpp:1186
#16 0x0805b13a in WebCore::WebPage::resetSettings (this=0xef501148) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:209
#17 0x0805cdb2 in WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting (this=0xffffd1e4, url=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:533
#18 0x0805d425 in WebCore::DumpRenderTree::open (this=0xffffd1e4, url=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:596
#19 0x0805e4d0 in WebCore::DumpRenderTree::processLine (this=0xffffd1e4, input=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:726
#20 0x0805de56 in WebCore::DumpRenderTree::processArgsLine (this=0xffffd1e4, args=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:676
#21 0x08070048 in main (argc=2, argv=0xffffd384) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/main.cpp:252
Csaba Osztrogonác
Oooops, it is unrelated. Now all tests crash on 32 bit debug mode. :((
Csaba Osztrogonác
It works now, so I unskipped the test - https://trac.webkit.org/changeset/117063