Bug#954355: marked as done (libjavascriptcoregtk-4.0-18: WebKitWebProcess crashes on ppc64el, mprotect fails)

Debian Bug Tracking System Mon, 23 Mar 2020 06:33:48 -0700

Your message dated Mon, 23 Mar 2020 14:30:21 +0100
with message-id <20200323133021.GA28610@perseus.local>
and subject line Re: Bug#954355: libjavascriptcoregtk-4.0-18: WebKitWebProcess 
crashes on ppc64el, mprotect fails
has caused the Debian Bug report #954355,
regarding libjavascriptcoregtk-4.0-18: WebKitWebProcess crashes on ppc64el, 
mprotect fails
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
954355: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954355
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libjavascriptcoregtk-4.0-18
Version: 2.28.0-2
Severity: important

Dear Maintainer,

The attached very simple C program makes WebKitWebProcess crash on ppc64el.

I managed to get a stacktrace using the following steps:

(gdb) b g_subprocess_launcher_new
(gdb) r
Thread 1 "test" hit Breakpoint 1 ...
(gdb) set follow-fork-mode child
(gdb) c
Thread 2.1 "WebKitWebProces" received signal SIGABRT, Aborted.

The crash happens in:

#0  0x00007ffff3f16f58 in __libc_signal_restore_set (set=0x7fffffffd838) at 
../sysdeps/unix/sysv/linux/internal-signals.h:84
#1  __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:48
#2  0x00007ffff3ef7e8c in __GI_abort () at abort.c:79
#3  0x00007ffff2066f74 in CRASH_WITH_INFO(...) () at 
DerivedSources/ForwardingHeaders/wtf/Assertions.h:660
#4  JSC::Config::permanentlyFreeze() () at 
../Source/JavaScriptCore/runtime/JSCConfig.cpp:78
#5  0x00007ffff2284510 in JSC::VM::VM(JSC::VM::VMType, JSC::HeapType) () at 
../Source/JavaScriptCore/runtime/VM.cpp:586
#6  0x00007ffff2285764 in JSC::VM::create(JSC::HeapType) () at 
../Source/JavaScriptCore/runtime/VM.cpp:703
#7  0x00007ffff5beced8 in WebCore::commonVMSlow() () at 
../Source/WebCore/bindings/js/CommonVM.cpp:55
#8  0x00007ffff635b504 in WebCore::commonVM() () at 
../Source/WebCore/bindings/js/CommonVM.h:52

Line 78 of JSCConfig.cpp and the preceding code is:

#elif OS(LINUX)
    result = mprotect(&g_jscConfig, ConfigSizeToProtect, PROT_READ);
#elif OS(WINDOWS)
    // FIXME: Implement equivalent, maybe with VirtualProtect.
    // Also need to fix WebKitTestRunner.
#endif
    RELEASE_ASSERT(!result);

The complete stack trace is also attached.

--
Dmitry Shachnev

#include <glib.h>
#include <glib/gprintf.h>
#include <gtk/gtk.h>
#include <webkit2/webkit2.h>

void web_process_terminated(G_GNUC_UNUSED WebKitWebView *view,
                            WebKitWebProcessTerminationReason reason,
                            G_GNUC_UNUSED gpointer user_data) {
    if (reason == WEBKIT_WEB_PROCESS_CRASHED) {
        g_printf("The process crashed.\n");
    }
    gtk_main_quit();
}

int main(int argc, char **argv) {
    gtk_init(&argc, &argv);

    WebKitWebView *view = WEBKIT_WEB_VIEW(webkit_web_view_new());
    g_object_ref(view);
    g_signal_connect(view, "web-process-terminated", G_CALLBACK(web_process_terminated), NULL);

    webkit_web_view_load_html(view, "<html></html>", NULL);

    gtk_main();

    return 0;
}

#0  0x00007ffff3f16f58 in __libc_signal_restore_set (set=0x7fffffffd838) at 
../sysdeps/unix/sysv/linux/internal-signals.h:84
#1  __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:48
#2  0x00007ffff3ef7e8c in __GI_abort () at abort.c:79
#3  0x00007ffff2066f74 in CRASH_WITH_INFO(...) () at 
DerivedSources/ForwardingHeaders/wtf/Assertions.h:660
#4  JSC::Config::permanentlyFreeze() () at 
../Source/JavaScriptCore/runtime/JSCConfig.cpp:78
#5  0x00007ffff2284510 in JSC::VM::VM(JSC::VM::VMType, JSC::HeapType) () at 
../Source/JavaScriptCore/runtime/VM.cpp:586
#6  0x00007ffff2285764 in JSC::VM::create(JSC::HeapType) () at 
../Source/JavaScriptCore/runtime/VM.cpp:703
#7  0x00007ffff5beced8 in WebCore::commonVMSlow() () at 
../Source/WebCore/bindings/js/CommonVM.cpp:55
#8  0x00007ffff635b504 in WebCore::commonVM() () at 
../Source/WebCore/bindings/js/CommonVM.h:52
#9  WebCore::PageScriptDebugServer::PageScriptDebugServer(WebCore::Page&) () at 
../Source/WebCore/inspector/PageScriptDebugServer.cpp:58
#10 0x00007ffff6343c28 in 
WebCore::InspectorController::InspectorController(WebCore::Page&, 
WebCore::InspectorClient*) () at 
../Source/WebCore/inspector/InspectorController.cpp:105
#11 0x00007ffff661b9f8 in std::make_unique<WebCore::InspectorController, 
WebCore::Page&, WebCore::InspectorClient*&>(WebCore::Page&, 
WebCore::InspectorClient*&) ()
    at /usr/include/c++/9/bits/unique_ptr.h:857
#12 WTF::makeUnique<WebCore::InspectorController, WebCore::Page&, 
WebCore::InspectorClient*&>(WebCore::Page&, WebCore::InspectorClient*&) ()
    at DerivedSources/ForwardingHeaders/wtf/StdLibExtras.h:483
#13 WebCore::Page::Page(WebCore::PageConfiguration&&) () at 
../Source/WebCore/page/Page.cpp:279
#14 0x00007ffff513eff4 in std::make_unique<WebCore::Page, 
WebCore::PageConfiguration>(WebCore::PageConfiguration&&) () at 
/usr/include/c++/9/bits/unique_ptr.h:857
#15 WTF::makeUnique<WebCore::Page, 
WebCore::PageConfiguration>(WebCore::PageConfiguration&&) () at 
DerivedSources/ForwardingHeaders/wtf/StdLibExtras.h:483
#16 
WebKit::WebPage::WebPage(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters&&) () at 
../Source/WebKit/WebProcess/WebPage/WebPage.cpp:536
#17 0x00007ffff513fdd4 in 
WebKit::WebPage::create(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters&&) ()
    at ../Source/WebKit/WebProcess/WebPage/WebPage.cpp:379
#18 0x00007ffff4eff688 in 
WebKit::WebProcess::createWebPage(WTF::ObjectIdentifier<WebCore::PageIdentifierType>,
 WebKit::WebPageCreationParameters&&) ()
    at ../Source/WebKit/WebProcess/WebProcess.cpp:685
#19 0x00007ffff49c7568 in IPC::callMemberFunctionImpl<WebKit::WebProcess, void 
(WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters&&), 
std::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters>, 0ul, 1ul>(WebKit::WebProcess*, void 
(WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters&&), 
std::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters>&&, std::integer_sequence<unsigned long, 0ul, 
1ul>) () at ../Source/WebKit/Platform/IPC/HandleMessage.h:41
#20 IPC::callMemberFunction<WebKit::WebProcess, void 
(WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters&&), 
std::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters>, std::integer_sequence<unsigned long, 0ul, 
1ul> >(std::tuple<WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters>&&, WebKit::WebProcess*, void 
(WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters&&)) ()
    at ../Source/WebKit/Platform/IPC/HandleMessage.h:47
#21 IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess, 
void 
(WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters&&)>(IPC::Decoder&, WebKit::WebProcess*, void 
(WebKit::WebProcess::*)(WTF::ObjectIdentifier<WebCore::PageIdentifierType>, 
WebKit::WebPageCreationParameters&&)) ()
    at ../Source/WebKit/Platform/IPC/HandleMessage.h:120
#22 0x00007ffff49bd764 in 
WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection&, 
IPC::Decoder&) () at DerivedSources/WebKit/WebProcessMessageReceiver.cpp:291
#23 0x00007ffff4f084dc in 
WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () at 
../Source/WebKit/WebProcess/WebProcess.cpp:750
#24 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () 
at ../Source/WebKit/WebProcess/WebProcess.cpp:744
#25 0x00007ffff4b7b8a8 in IPC::Connection::dispatchMessage(IPC::Decoder&) () at 
../Source/WebKit/Platform/IPC/Connection.cpp:1008
#26 0x00007ffff4b7d5c4 in 
IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, 
std::default_delete<IPC::Decoder> >) () at 
../Source/WebKit/Platform/IPC/Connection.cpp:1077
#27 0x00007ffff4b7df54 in IPC::Connection::dispatchOneIncomingMessage() () at 
../Source/WebKit/Platform/IPC/Connection.cpp:1146
#28 0x00007ffff4b7e4a4 in operator() () at 
../Source/WebKit/Platform/IPC/Connection.cpp:985
#29 call() () at DerivedSources/ForwardingHeaders/wtf/Function.h:52
#30 0x00007ffff2357c98 in WTF::Function<void ()>::operator()() const () at 
../Source/WTF/wtf/Function.h:84
#31 WTF::RunLoop::performWork() () at ../Source/WTF/wtf/RunLoop.cpp:124
#32 0x00007ffff23bced8 in operator() () at 
../Source/WTF/wtf/glib/RunLoopGLib.cpp:68
#33 _FUN() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:70
#34 0x00007ffff23bcf60 in operator() () at 
../Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#35 _FUN() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:46
#36 0x00007ffff2d1cab4 in g_main_dispatch (context=0x1000bcc00) at 
../../../glib/gmain.c:3309
#37 g_main_context_dispatch (context=0x1000bcc00) at ../../../glib/gmain.c:3974
#38 0x00007ffff2d1cfe8 in g_main_context_iterate (context=0x1000bcc00, 
block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at 
../../../glib/gmain.c:4047
#39 0x00007ffff2d1d54c in g_main_loop_run (loop=0x1000e8cc0) at 
../../../glib/gmain.c:4241
#40 0x00007ffff23be104 in WTF::RunLoop::run() () at 
../Source/WTF/wtf/glib/RunLoopGLib.cpp:96
#41 0x00007ffff5175b94 in WebKit::AuxiliaryProcessMain<WebKit::WebProcess, 
WebKit::WebProcessMainGtk>(int, char**) () at 
../Source/WebKit/Shared/AuxiliaryProcessMain.h:68
#42 0x00007ffff5174e88 in WebKit::WebProcessMain(int, char**) () at 
../Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:68
#43 0x00000001000007c0 in main() () at 
../Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:45

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

On Fri, Mar 20, 2020 at 08:54:40PM +0300, Dmitry Shachnev wrote:
> The crash happens in:
> 
> #0  0x00007ffff3f16f58 in __libc_signal_restore_set (set=0x7fffffffd838) at 
> ../sysdeps/unix/sysv/linux/internal-signals.h:84
> #1  __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:48
> #2  0x00007ffff3ef7e8c in __GI_abort () at abort.c:79
> #3  0x00007ffff2066f74 in CRASH_WITH_INFO(...) () at 
> DerivedSources/ForwardingHeaders/wtf/Assertions.h:660
> #4  JSC::Config::permanentlyFreeze() () at 
> ../Source/JavaScriptCore/runtime/JSCConfig.cpp:78
> #5  0x00007ffff2284510 in JSC::VM::VM(JSC::VM::VMType, JSC::HeapType) () at 
> ../Source/JavaScriptCore/runtime/VM.cpp:586
> #6  0x00007ffff2285764 in JSC::VM::create(JSC::HeapType) () at 
> ../Source/JavaScriptCore/runtime/VM.cpp:703
> #7  0x00007ffff5beced8 in WebCore::commonVMSlow() () at 
> ../Source/WebCore/bindings/js/CommonVM.cpp:55
> #8  0x00007ffff635b504 in WebCore::commonVM() () at 
> ../Source/WebCore/bindings/js/CommonVM.h:52

I think that this is the same as #954026 so I'll close it if you don't
mind.

Thanks!

Berto

--- End Message ---

Bug#954355: marked as done (libjavascriptcoregtk-4.0-18: WebKitWebProcess crashes on ppc64el, mprotect fails)

Reply via email to