Bug 275099
| Summary: | [WPE] WPEWebProcess : allocateMoreOutOfLineStorage crash | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Wouter Vanhauwaert <w.vanhauwaert> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | REOPENED | ||
| Severity: | Normal | CC: | aperez |
| Priority: | P2 | ||
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Wouter Vanhauwaert
In our application (sending and interpreting websocket data on regular time, running on imx53 if that matters), after a while we get a crash of WPEWebProcess. This results in a screen which shows:
"The renderer process crashed. Reloading the page may fix intermittent failures."
Backtrace got me to:
(gdb) bt #0 0xb4701ebc in JSC::JSObject::allocateMoreOutOfLineStorage(JSC::VM&, unsigned int, unsigned int) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#1 0xb478ba26 in JSC::LiteralParser<unsigned char>::parseRecursively(JSC::VM&, unsigned char*) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#2 0xb4789b32 in JSC::LiteralParser<unsigned char>::parseRecursively(JSC::VM&, unsigned char*) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#3 0xb4789b32 in JSC::LiteralParser<unsigned char>::parseRecursively(JSC::VM&, unsigned char*) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#4 0xb478884c in JSC::LiteralParser<unsigned char>::parseRecursively(JSC::VM&, unsigned char*) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#5 0xb4789b32 in JSC::LiteralParser<unsigned char>::parseRecursively(JSC::VM&, unsigned char*) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#6 0xb4789b32 in JSC::LiteralParser<unsigned char>::parseRecursively(JSC::VM&, unsigned char*) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#7 0xb478f1d2 in JSC::LiteralParser<unsigned char>::parseRecursivelyEntry(JSC::VM&) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#8 0xb46f5b22 in JSC::jsonProtoFuncParse(JSC::JSGlobalObject*, JSC::CallFrame*) () from /home/wv/debugfs/usr/lib/libWPEWebKit-2.0.so.1
#9 0xad2ff128 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Anyone has an idea? Of idea to dig further?
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Wouter Vanhauwaert
same function, different backtrace
#0 0xb471eebc in JSC::JSObject::allocateMoreOutOfLineStorage(JSC::VM&, unsigned int, unsigned int) () from /opt/nfsroot/rootfs_imx53_scarthgap/usr/lib/libWPEWebKit-2.0.so.1.3.2
#1 0xb423dad4 in WTF::ASCIILiteral JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)0>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&) ()
from /opt/nfsroot/rootfs_imx53_scarthgap/usr/lib/libWPEWebKit-2.0.so.1.3.2
#2 0xb4527966 in llint_slow_path_put_by_id () from /opt/nfsroot/rootfs_imx53_scarthgap/usr/lib/libWPEWebKit-2.0.so.1.3.2
#3 0xb6508ab8 in llint_op_put_by_id () from /opt/nfsroot/rootfs_imx53_scarthgap/usr/lib/libWPEWebKit-2.0.so.1.3.2
Adrian Perez
It looks like this is the same as bug #295780 as pointer by Wouter in the WPE chat room -- the other one has a bit more of information, so I am going to close this one as duplicate.
*** This bug has been marked as a duplicate of bug 295780 ***
Wouter Vanhauwaert
It appears no duplicate of the earlier mentioned bug.
Result looks the same (issue in memory allocation), but origin differs. I took a step back and avoided the recursive parsing by adding JSC_useRecursiveJSONParse=false to the environment and issue seems gone
Wouter Vanhauwaert
Hitting same on imx6q, rdk-vivante backend (no cog)
Core was generated by `/usr/libexec/wpe-webkit-1.1/WPEWebProcess 23 27 31'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x7419c8ec in JSC::JSObject::allocateMoreOutOfLineStorage(JSC::VM&, unsigned int, unsigned int) () from ./usr/lib/libWPEWebKit-1.1.so.0
[Current thread is 1 (LWP 700)]
(gdb) bt
#0 0x7419c8ec in JSC::JSObject::allocateMoreOutOfLineStorage(JSC::VM&, unsigned int, unsigned int) () from ./usr/lib/libWPEWebKit-1.1.so.0
#1 0x742741c6 in JSC::LiteralParser<unsigned char, (JSC::JSONReviverMode)0>::parseRecursively(JSC::VM&, unsigned char*) () from ./usr/lib/libWPEWebKit-1.1.so.0
#2 0x7427093c in JSC::LiteralParser<unsigned char, (JSC::JSONReviverMode)0>::parseRecursively(JSC::VM&, unsigned char*) () from ./usr/lib/libWPEWebKit-1.1.so.0
#3 0x7427093c in JSC::LiteralParser<unsigned char, (JSC::JSONReviverMode)0>::parseRecursively(JSC::VM&, unsigned char*) () from ./usr/lib/libWPEWebKit-1.1.so.0
#4 0x7426fc60 in JSC::LiteralParser<unsigned char, (JSC::JSONReviverMode)0>::parseRecursively(JSC::VM&, unsigned char*) () from ./usr/lib/libWPEWebKit-1.1.so.0
#5 0x7427093c in JSC::LiteralParser<unsigned char, (JSC::JSONReviverMode)0>::parseRecursively(JSC::VM&, unsigned char*) () from ./usr/lib/libWPEWebKit-1.1.so.0
#6 0x7427093c in JSC::LiteralParser<unsigned char, (JSC::JSONReviverMode)0>::parseRecursively(JSC::VM&, unsigned char*) () from ./usr/lib/libWPEWebKit-1.1.so.0
#7 0x7427a0a0 in JSC::LiteralParser<unsigned char, (JSC::JSONReviverMode)0>::parseRecursivelyEntry(JSC::VM&) () from ./usr/lib/libWPEWebKit-1.1.so.0
#8 0x74192484 in JSC::jsonProtoFuncParse(JSC::JSGlobalObject*, JSC::CallFrame*) () from ./usr/lib/libWPEWebKit-1.1.so.0
#9 0x6c2ff148 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb)
Idem for rockchip rk3288 with wayland/cog. No backtrace of this one, but I suspect the same