Bug#697172: ia64 (Itanium), sporadic crashes of epiphany browser due to a thread-unsafe favicon database
Stephan Schreiber
info at fs-driver.org
Wed Jan 2 07:11:51 UTC 2013
Package: libwebkitgtk-3.0-0
Version: 1.8.1-3.3
Severity: serious
Tags: patch
Machine: Dell PowerEdge 3250
Processor: 2x Itanium Madison 1.5GHz 6M
Memory: 16G
I realized this bug while working on bug#642750.
Some assertions fail on the debug build of webkit:
at Source/JavaScriptCore/wtf/RefCounted.h:53
ASSERT(m_verifier.isSafeToUse());
at Source/JavaScriptCore/wtf/RefCounted.h:122
ASSERT(m_verifier.isSafeToUse());
Stacktraces were:
Breakpoint 1, WTFReportAssertionFailure (
file=0x20000000056983c0 "../Source/JavaScriptCore/wtf/RefCounted.h",
line=53, function=0x2000000005699638 "void WTF::RefCountedBase::ref()",
assertion=0x20000000056983f0 "m_verifier.isSafeToUse()")
at ../Source/JavaScriptCore/wtf/Assertions.cpp:219
219 if (assertion)
#0 WTFReportAssertionFailure (
file=0x20000000056983c0 "../Source/JavaScriptCore/wtf/RefCounted.h",
line=53, function=0x2000000005699638 "void WTF::RefCountedBase::ref()",
assertion=0x20000000056983f0 "m_verifier.isSafeToUse()")
at ../Source/JavaScriptCore/wtf/Assertions.cpp:219
#1 0x2000000001e90ba0 in WTF::RefCountedBase::ref (this=0x2000000010033a00)
at ../Source/JavaScriptCore/wtf/RefCounted.h:53
#2 0x2000000001f43be0 in WTF::refIfNotNull<WebCore::SharedBuffer> (
ptr=0x2000000010033a00) at ../Source/JavaScriptCore/wtf/PassRefPtr.h:46
#3 0x200000000341e8d0 in WTF::RefPtr<WebCore::SharedBuffer>::operator= (
this=0x60000000008d0920, optr=0x2000000010033a00)
at ../Source/JavaScriptCore/wtf/RefPtr.h:132
#4 0x200000000388e190 in WebCore::BMPImageReader::setData (
this=0x60000000008d0910, data=0x2000000010033a00)
at ../Source/WebCore/platform/image-decoders/bmp/BMPImageReader.h:72
#5 0x20000000038a9ce0 in WebCore::ICOImageDecoder::decodeAtIndex (
this=0x20000000100468c0, index=0)
at ../Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp:203
#6 0x20000000038a9370 in WebCore::ICOImageDecoder::decode (
this=0x20000000100468c0, index=0, onlySize=false)
at ../Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp:168
#7 0x20000000038a8b10 in WebCore::ICOImageDecoder::frameBufferAtIndex (
this=0x20000000100468c0, index=0)
at ../Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp:125
#8 0x20000000037e79c0 in WebCore::ImageSource::createFrameAtIndex (
this=0x2000000010046838, index=0)
at ../Source/WebCore/platform/graphics/ImageSource.cpp:138
#9 0x20000000036d7cb0 in WebCore::BitmapImage::cacheFrame (
this=0x2000000010046800, index=0)
at ../Source/WebCore/platform/graphics/BitmapImage.cpp:127
#10 0x20000000036d96c0 in WebCore::BitmapImage::frameAtIndex (
this=0x2000000010046800, index=0)
at ../Source/WebCore/platform/graphics/BitmapImage.cpp:266
#11 0x20000000055f1690 in WebCore::BitmapImage::getGdkPixbuf (
this=0x2000000010046800)
at ../Source/WebCore/platform/graphics/gtk/ImageGtk.cpp:115
#12 0x2000000001ef89b0 in getIconPixbufSynchronously (
database=0x60000000000781c0, pageURL=..., iconSize=...)
at ../Source/WebKit/gtk/webkit/webkitfavicondatabase.cpp:401
#13 0x2000000001ef9090 in webkit_favicon_database_try_get_favicon_pixbuf (
database=0x60000000000781c0,
pageURI=0x6000000000076cd0 "http://www.gmx.net/", width=16, height=16)
at ../Source/WebKit/gtk/webkit/webkitfavicondatabase.cpp:442
#14 0x4000000000091360 in set_row_in_model (row=0x6000000000858660,
position=1, model=0x600000000018cca0) at ephy-completion-model.c:213
#15 replace_rows_in_model (new_rows=0x600000000088ada0,
model=0x600000000018cca0) at ephy-completion-model.c:244
#16 query_completed_cb (service=0x60000000001abb70, success=1,
result_data=0x60000000001f0ec0, user_data=0x60000000008fe560)
at ephy-completion-model.c:411
#17 0x40000000000fc670 in ephy_history_service_execute_job_callback (
data=0x60000000008c09e0) at ephy-history-service.c:435
#18 0x200000000980aa00 in g_idle_dispatch ()
from /lib/ia64-linux-gnu/libglib-2.0.so.0
#19 0x2000000009810f20 in g_main_context_dispatch ()
from /lib/ia64-linux-gnu/libglib-2.0.so.0
#20 0x2000000009811740 in ?? () from /lib/ia64-linux-gnu/libglib-2.0.so.0
#21 0x2000000009811ad0 in g_main_context_iteration ()
from /lib/ia64-linux-gnu/libglib-2.0.so.0
#22 0x2000000009384d00 in g_application_run ()
from /usr/lib/ia64-linux-gnu/libgio-2.0.so.0
#23 0x4000000000040020 in main (argc=1, argv=0x60000fffffffb458)
at ephy-main.c:483
No symbol "m_verifier" in current context.
#1 0x2000000001e90ba0 in WTF::RefCountedBase::ref (this=0x2000000010033a00)
at ../Source/JavaScriptCore/wtf/RefCounted.h:53
53 ASSERT(m_verifier.isSafeToUse());
$3 = {m_mode = WTF::ThreadRestrictionVerifier::MutexVerificationMode,
m_shared = true, m_owningThread = 0, m_mutex = 0x600000000024e7d8}
Continuing.
Breakpoint 1, WTFReportAssertionFailure (
file=0x2000000005683b80 "../Source/JavaScriptCore/wtf/RefCounted.h",
line=122,
function=0x2000000005683cf0 "bool WTF::RefCountedBase::derefBase()",
assertion=0x2000000005683be0 "m_verifier.isSafeToUse()")
at ../Source/JavaScriptCore/wtf/Assertions.cpp:219
219 if (assertion)
#0 WTFReportAssertionFailure (
file=0x2000000005683b80 "../Source/JavaScriptCore/wtf/RefCounted.h",
line=122,
function=0x2000000005683cf0 "bool WTF::RefCountedBase::derefBase()",
assertion=0x2000000005683be0 "m_verifier.isSafeToUse()")
at ../Source/JavaScriptCore/wtf/Assertions.cpp:219
#1 0x2000000001e548d0 in WTF::RefCountedBase::derefBase (
this=0x2000000010033a00) at ../Source/JavaScriptCore/wtf/RefCounted.h:122
#2 0x2000000001f2b940 in WTF::RefCounted<WebCore::SharedBuffer>::deref (
this=0x2000000010033a00) at ../Source/JavaScriptCore/wtf/RefCounted.h:182
#3 0x2000000001f2b560 in WTF::derefIfNotNull<WebCore::SharedBuffer> (
ptr=0x2000000010033a00) at ../Source/JavaScriptCore/wtf/PassRefPtr.h:52
#4 0x2000000001f2b100 in WTF::RefPtr<WebCore::SharedBuffer>::~RefPtr (
this=0x60000000008d0920, __in_chrg=<optimized out>)
at ../Source/JavaScriptCore/wtf/RefPtr.h:58
#5 0x200000000388f0e0 in WebCore::BMPImageReader::~BMPImageReader (
this=0x60000000008d0910, __in_chrg=<optimized out>)
at ../Source/WebCore/platform/image-decoders/bmp/BMPImageReader.h:41
#6 0x200000000388f160 in WTF::deleteOwnedPtr<WebCore::BMPImageReader> (
ptr=0x60000000008d0910) at ../Source/JavaScriptCore/wtf/OwnPtrCommon.h:54
#7 0x200000000388ea80 in WTF::OwnPtr<WebCore::BMPImageReader>::clear (
this=0x2000000010033820) at ../Source/JavaScriptCore/wtf/OwnPtr.h:100
#8 0x20000000038a95d0 in WebCore::ICOImageDecoder::decode (
this=0x20000000100468c0, index=0, onlySize=false)
at ../Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp:174
#9 0x20000000038a8b10 in WebCore::ICOImageDecoder::frameBufferAtIndex (
this=0x20000000100468c0, index=0)
at ../Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp:125
#10 0x20000000037e79c0 in WebCore::ImageSource::createFrameAtIndex (
this=0x2000000010046838, index=0)
at ../Source/WebCore/platform/graphics/ImageSource.cpp:138
#11 0x20000000036d7cb0 in WebCore::BitmapImage::cacheFrame (
this=0x2000000010046800, index=0)
at ../Source/WebCore/platform/graphics/BitmapImage.cpp:127
#12 0x20000000036d96c0 in WebCore::BitmapImage::frameAtIndex (
this=0x2000000010046800, index=0)
at ../Source/WebCore/platform/graphics/BitmapImage.cpp:266
#13 0x20000000055f1690 in WebCore::BitmapImage::getGdkPixbuf (
this=0x2000000010046800)
at ../Source/WebCore/platform/graphics/gtk/ImageGtk.cpp:115
#14 0x2000000001ef89b0 in getIconPixbufSynchronously (
database=0x60000000000781c0, pageURL=..., iconSize=...)
at ../Source/WebKit/gtk/webkit/webkitfavicondatabase.cpp:401
#15 0x2000000001ef9090 in webkit_favicon_database_try_get_favicon_pixbuf (
database=0x60000000000781c0,
pageURI=0x6000000000076cd0 "http://www.gmx.net/", width=16, height=16)
at ../Source/WebKit/gtk/webkit/webkitfavicondatabase.cpp:442
#16 0x4000000000091360 in set_row_in_model (row=0x6000000000858660,
position=1, model=0x600000000018cca0) at ephy-completion-model.c:213
#17 replace_rows_in_model (new_rows=0x600000000088ada0,
model=0x600000000018cca0) at ephy-completion-model.c:244
#18 query_completed_cb (service=0x60000000001abb70, success=1,
result_data=0x60000000001f0ec0, user_data=0x60000000008fe560)
at ephy-completion-model.c:411
#19 0x40000000000fc670 in ephy_history_service_execute_job_callback (
data=0x60000000008c09e0) at ephy-history-service.c:435
#20 0x200000000980aa00 in g_idle_dispatch ()
from /lib/ia64-linux-gnu/libglib-2.0.so.0
#21 0x2000000009810f20 in g_main_context_dispatch ()
from /lib/ia64-linux-gnu/libglib-2.0.so.0
#22 0x2000000009811740 in ?? () from /lib/ia64-linux-gnu/libglib-2.0.so.0
#23 0x2000000009811ad0 in g_main_context_iteration ()
from /lib/ia64-linux-gnu/libglib-2.0.so.0
#24 0x2000000009384d00 in g_application_run ()
from /usr/lib/ia64-linux-gnu/libgio-2.0.so.0
#25 0x4000000000040020 in main (argc=1, argv=0x60000fffffffb458)
at ephy-main.c:483
#1 0x2000000001e548d0 in WTF::RefCountedBase::derefBase (
this=0x2000000010033a00) at ../Source/JavaScriptCore/wtf/RefCounted.h:122
122 ASSERT(m_verifier.isSafeToUse());
$4 = {m_mode = WTF::ThreadRestrictionVerifier::MutexVerificationMode,
m_shared = true, m_owningThread = 0, m_mutex = 0x600000000024e7d8}
Continuing.
This indicates that there is some thread-unsafe code related to the
icon database; it can (and will) cause data corruption, sporadic
crashes which are impossible to understand with the debugger.
This is WebKit bug#67582; the problem is already fixed in the upstream:
https://bugs.webkit.org/show_bug.cgi?id=67582
The bug affects all archs, but the trouble is more likely on archs
that have a weak cache coherency model, for example, ia64.
The attached patch is a backport of the upstream's fix.
You can find a link to the built debs on Debian bug report#642750.
Stephan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: thread-safe-icon-db.patch
Type: application/octet-stream
Size: 10644 bytes
Desc: thread-safe-icon-db.patch
URL: <http://lists.alioth.debian.org/pipermail/pkg-webkit-maintainers/attachments/20130102/71e250bb/attachment.obj>
More information about the Pkg-webkit-maintainers
mailing list