RESOLVED WORKSFORME 83133
[Qt] REGRESSION(r113138 ): It made fast/workers/worker-multi-startup.html crash on 32 bit 
https://bugs.webkit.org/show_bug.cgi?id=83133
Summary [Qt] REGRESSION(r113138 ): It made fast/workers/worker-multi-startup.html cra...
Csaba Osztrogonác
Reported 2012-04-04 02:43:53 PDT
http://trac.webkit.org/changeset/113138 made fast/workers/worker-multi-startup.html crash on 32 bit QtWebKit (Qt4, Qt5 WK1 and WK2 too) crash log: crash log for DumpRenderTree (pid 4158): STDOUT: <empty> STDERR: 1 0xf7070f59 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WTF::OSAllocator::reserveAndCommit(unsigned int, WTF::OSAllocator::Usage, bool, bool, bool)+0x107) [0xf7070f59] STDERR: 2 0xf7070fb0 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WTF::OSAllocator::reserveUncommitted(unsigned int, WTF::OSAllocator::Usage, bool, bool, bool)+0x3e) [0xf7070fb0] STDERR: 3 0xf6e88e55 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(JSC::Interpreter::Interpreter()+0x81) [0xf6e88e55] STDERR: 4 0xf6fb1393 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(JSC::JSGlobalData::JSGlobalData(JSC::JSGlobalData::GlobalDataType, JSC::ThreadStackType, JSC::HeapSize)+0xddd) [0xf6fb1393] STDERR: 5 0xf6fb3471 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(JSC::JSGlobalData::create(JSC::ThreadStackType, JSC::HeapSize)+0x43) [0xf6fb3471] STDERR: 6 0xf6754812 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::WorkerScriptController::WorkerScriptController(WebCore::WorkerContext*)+0x32) [0xf6754812] STDERR: 7 0xf675e7a5 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::WorkerContext::WorkerContext(WebCore::KURL const&, WTF::String const&, WebCore::WorkerThread*, WTF::String const&, WebCore::ContentSecurityPolicy::HeaderType)+0x115) [0xf675e7a5] STDERR: 8 0xf6759d31 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::DedicatedWorkerContext::DedicatedWorkerContext(WebCore::KURL const&, WTF::String const&, WebCore::DedicatedWorkerThread*, WTF::String const&, WebCore::ContentSecurityPolicy::HeaderType)+0x41) [0xf6759d31] STDERR: 9 0xf675a376 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::DedicatedWorkerThread::createWorkerContext(WebCore::KURL const&, WTF::String const&, WTF::String const&, WebCore::ContentSecurityPolicy::HeaderType)+0x50) [0xf675a376] STDERR: 10 0xf6765266 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::WorkerThread::workerThread()+0x56) [0xf6765266] STDERR: 11 0xf676573f /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(WebCore::WorkerThread::workerThreadStart(void*)+0x1d) [0xf676573f] STDERR: 12 0xf705bdc2 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(+0x1b3edc2) [0xf705bdc2] STDERR: 13 0xf70716b6 /ramdisk/qt-linux-release/build/WebKitBuild/Release/lib/libQtWebKit.so.4(+0x1b546b6) [0xf70716b6] STDERR: 14 0xf39d67b0 /lib/libpthread.so.0(+0x57b0) [0xf39d67b0] STDERR: 15 0xf36f20be /lib/libc.so.6(clone+0x5e) [0xf36f20be]
Attachments
Add attachment proposed patch, testcase, etc.
Csaba Osztrogonác
Comment 1 2012-04-04 02:44:35 PDT
https://bugs.webkit.org/show_bug.cgi?id=82873 is a security bug, maybe this crash can be security bug too. Could you check it please?
Yuta Kitamura
Comment 2 2012-04-04 02:57:32 PDT
I have no idea. Most changes of r113138 are related to WebSocket, and it's unlikely to affect tests not using WebSockets... r113138 changed the function signature of postTaskForModeToWorkerContext() (returning bool instead of void), and that is the only change to the core worker code in r113138.
Csaba Osztrogonác
Comment 3 2012-04-04 03:15:14 PDT
I skipped it to paint the bot green - http://trac.webkit.org/changeset/113158/trunk/LayoutTests/platform/qt/Skipped We have a long list of crashing tests - https://bugs.webkit.org/show_bug.cgi?id=79668, so one more crashing test won't be problem. :)
Csaba Osztrogonác
Comment 4 2012-04-04 03:35:02 PDT
Here is the gdb backtrace in debug mode: Program received signal SIGSEGV, Segmentation fault. 0xf4cc415a in JSC::JSValue::asCell (this=0xf1158d70) at ../../../../Source/JavaScriptCore/runtime/JSValueInlineMethods.h:295 295 ASSERT(isCell()); (gdb) bt #0 0xf4cc415a in JSC::JSValue::asCell (this=0xf1158d70) at ../../../../Source/JavaScriptCore/runtime/JSValueInlineMethods.h:295 #1 0xf4f16b36 in JSC::WeakImplAccessor<JSC::Weak<JSC::Bindings::RuntimeObject>, JSC::Bindings::RuntimeObject>::get (this=0x80f73e8) at ../../../../Source/JavaScriptCore/heap/PassWeak.h:110 #2 0xf4f1661c in JSC::Bindings::Instance::createRuntimeObject (this=0x80f73c8, exec=0xecf7fcb4) at ../../../../Source/WebCore/bridge/jsc/BridgeJSC.cpp:93 #3 0xf4cc9c2e in QWebFrame::addToJavaScriptWindowObject (this=0x81029d0, name=..., object=0x811e8d8, ownership=QScriptEngine::QtOwnership) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:697 #4 0xf4cc9a73 in QWebFrame::addToJavaScriptWindowObject (this=0x81029d0, name=..., object=0x811e8d8) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:649 #5 0x0805e722 in WebCore::DumpRenderTree::initJSObjects (this=0xffffd1e4) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:748 #6 0x0807039c in WebCore::DumpRenderTree::qt_static_metacall (_o=0xffffd1e4, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xffffcdbc) at moc_DumpRenderTreeQt.cpp:81 #7 0xf1ad1af4 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/local/Trolltech/Qt-4.8.0/lib/libQtCore.so.4 #8 0xf4ccfc03 in QWebFrame::javaScriptWindowObjectCleared (this=0x81029d0) at ./moc_qwebframe.cpp:187 #9 0xf4cc8d7a in QWebFramePrivate::didClearWindowObject (this=0x80fc900) at ../../../Source/WebKit/qt/Api/qwebframe.cpp:490 #10 0xf4d2de1c in WebCore::FrameLoaderClientQt::dispatchDidClearWindowObjectInWorld (this=0x81038c0, world=0x8108a88) at ../../../Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:766 #11 0xf555fe07 in WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld (this=0x8104754, world=0x8108a88) at ../../../../Source/WebCore/loader/FrameLoader.cpp:3145 #12 0xf4ecede2 in WebCore::ScriptController::initScript (this=0x8104a78, world=0x8108a88) at ../../../../Source/WebCore/bindings/js/ScriptController.cpp:223 #13 0xf4cc5855 in WebCore::ScriptController::windowShell (this=0x8104a78, world=0x8108a88) at ../../../Source/WebCore/bindings/js/ScriptController.h:75 #14 0xf4e6c3ba in WebCore::toJSDOMWindow (frame=0x81046e0, world=0x8108a88) at ../../../../Source/WebCore/bindings/js/JSDOMWindowBase.cpp:231 #15 0xf4d2179f in DumpRenderTreeSupportQt::resetInternalsObject (frame=0x81029d0) at ../../../Source/WebKit/qt/WebCoreSupport/DumpRenderTreeSupportQt.cpp:1186 #16 0x0805b13a in WebCore::WebPage::resetSettings (this=0xef501148) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:209 #17 0x0805cdb2 in WebCore::DumpRenderTree::resetToConsistentStateBeforeTesting (this=0xffffd1e4, url=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:533 #18 0x0805d425 in WebCore::DumpRenderTree::open (this=0xffffd1e4, url=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:596 #19 0x0805e4d0 in WebCore::DumpRenderTree::processLine (this=0xffffd1e4, input=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:726 #20 0x0805de56 in WebCore::DumpRenderTree::processArgsLine (this=0xffffd1e4, args=...) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeQt.cpp:676 #21 0x08070048 in main (argc=2, argv=0xffffd384) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/main.cpp:252
Csaba Osztrogonác
Comment 5 2012-04-04 03:37:10 PDT
Oooops, it is unrelated. Now all tests crash on 32 bit debug mode. :((
Csaba Osztrogonác
Comment 6 2012-05-15 07:11:12 PDT
It works now, so I unskipped the test - https://trac.webkit.org/changeset/117063
Note You need to log in before you can comment on or make changes to this bug.