Bug #1608621 “Renderer crashes with SIGILL on the device” : Bugs : Oxide

Chris Coulson (chrisccoulson) on 2016-08-01

Changed in oxide:
importance:	Undecided → Critical
assignee:	nobody → Chris Coulson (chrisccoulson)
status:	New → In Progress
milestone:	none → branch-1.18

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2016-08-02:

#1

Download full text (5.4 KiB)

(gdb) bt
#0 0x2e226e04 in ?? ()
#1 0xe780655c in Invoke (new_target=..., Ignoring packet error, continuing...
args=<error reading variable: Reply contains invalid hex digit 116>, argc=-847147712, receiver=..., target=..., is_construct=false, isolate=0x76f908)
    at ../../v8/src/execution.cc:112
#2 v8::internal::Execution::Call (isolate=0x76f908, isolate@entry=0x1, callable=..., receiver=..., receiver@entry=..., argc=7797000, argc@entry=1, argv=0x1, argv@entry=0xcd818d40)
    at ../../v8/src/execution.cc:169
#3 0xe760438a in v8::internal::Genesis::CallUtilsFunction (isolate=0xcd818d40, name=0x76f908 "(\301\264\347\320\360v") at ../../v8/src/bootstrapper.cc:2254
#4 0xe7608994 in v8::internal::Genesis::InstallExperimentalNatives (this=0x5466c000, this@entry=0xcd818e64) at ../../v8/src/bootstrapper.cc:3342
#5 0xe760be5a in v8::internal::Genesis::Genesis (this=this@entry=0xcd818e64, isolate=0xcd818e64, maybe_global_proxy=..., maybe_global_proxy@entry=..., global_proxy_template=..., extensions=0xcd818f50,
    extensions@entry=0x84b374, context_snapshot_index=0, context_snapshot_index@entry=3447820112, context_type=context_type@entry=v8::internal::FULL_CONTEXT) at ../../v8/src/bootstrapper.cc:3941
#6 0xe760bf2c in v8::internal::Bootstrapper::CreateEnvironment (this=0x0, maybe_global_proxy=..., global_proxy_template=..., global_proxy_template@entry=..., extensions=0xcd818f50, extensions@entry=0x84b374,
    context_snapshot_index=0, context_snapshot_index@entry=3447820112, context_type=context_type@entry=v8::internal::FULL_CONTEXT) at ../../v8/src/bootstrapper.cc:317
#7 0xe75b57fa in Invoke (this=<optimized out>, context_snapshot_index=0, extensions=<optimized out>, global_object_template=..., maybe_global_proxy=..., isolate=0x0) at ../../v8/src/api.cc:5676
#8 CreateEnvironment<v8::internal::Context> (context_snapshot_index=7797000, maybe_global_proxy=..., maybe_global_template=..., extensions=<optimized out>, isolate=0x0) at ../../v8/src/api.cc:5744
#9 v8::NewContext (external_isolate=external_isolate@entry=0x76f908, extensions=<optimized out>, extensions@entry=0xcd818f50, global_template=..., global_object=..., context_snapshot_index=0,
    context_snapshot_index@entry=7797000) at ../../v8/src/api.cc:5774
#10 0xe75b59d4 in v8::Context::New (external_isolate=0x0, external_isolate@entry=0x76f908, extensions=extensions@entry=0xcd818f50, global_template=..., global_template@entry=..., global_object=...)
    at ../../v8/src/api.cc:5789
#11 0xe566be1c in blink::WindowProxy::createContext (this=0x84b36c, this@entry=0x50465e30) at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:325
#12 0xe566c766 in blink::WindowProxy::initialize (this=0x50465e30) at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:234
#13 0xe566ca50 in blink::WindowProxy::initializeIfNeeded (this=this@entry=0x50465e30) at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:221
#14 0xe563546c in blink::ScriptController::windowProxy (this=0x50465e30, world=...) at ../../third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp:174
#15 0xe5635a8a in blink::ScriptController::executeScriptInIsolatedWorld (this=0x54639c60, worldID...

(gdb) bt
#0  0x2e226e04 in ?? ()
#1  0xe780655c in Invoke (new_target=..., Ignoring packet error, continuing...
args=<error reading variable: Reply contains invalid hex digit 116>, argc=-847147712, receiver=..., target=..., is_construct=false, isolate=0x76f908)
    at ../../v8/src/execution.cc:112
#2  v8::internal::Execution::Call (isolate=0x76f908, isolate@entry=0x1, callable=..., receiver=..., receiver@entry=..., argc=7797000, argc@entry=1, argv=0x1, argv@entry=0xcd818d40)
    at ../../v8/src/execution.cc:169
#3  0xe760438a in v8::internal::Genesis::CallUtilsFunction (isolate=0xcd818d40, name=0x76f908 "(\301\264\347\320\360v") at ../../v8/src/bootstrapper.cc:2254
#4  0xe7608994 in v8::internal::Genesis::InstallExperimentalNatives (this=0x5466c000, this@entry=0xcd818e64) at ../../v8/src/bootstrapper.cc:3342
#5  0xe760be5a in v8::internal::Genesis::Genesis (this=this@entry=0xcd818e64, isolate=0xcd818e64, maybe_global_proxy=..., maybe_global_proxy@entry=..., global_proxy_template=..., extensions=0xcd818f50, 
    extensions@entry=0x84b374, context_snapshot_index=0, context_snapshot_index@entry=3447820112, context_type=context_type@entry=v8::internal::FULL_CONTEXT) at ../../v8/src/bootstrapper.cc:3941
#6  0xe760bf2c in v8::internal::Bootstrapper::CreateEnvironment (this=0x0, maybe_global_proxy=..., global_proxy_template=..., global_proxy_template@entry=..., extensions=0xcd818f50, extensions@entry=0x84b374, 
    context_snapshot_index=0, context_snapshot_index@entry=3447820112, context_type=context_type@entry=v8::internal::FULL_CONTEXT) at ../../v8/src/bootstrapper.cc:317
#7  0xe75b57fa in Invoke (this=<optimized out>, context_snapshot_index=0, extensions=<optimized out>, global_object_template=..., maybe_global_proxy=..., isolate=0x0) at ../../v8/src/api.cc:5676
#8  CreateEnvironment<v8::internal::Context> (context_snapshot_index=7797000, maybe_global_proxy=..., maybe_global_template=..., extensions=<optimized out>, isolate=0x0) at ../../v8/src/api.cc:5744
#9  v8::NewContext (external_isolate=external_isolate@entry=0x76f908, extensions=<optimized out>, extensions@entry=0xcd818f50, global_template=..., global_object=..., context_snapshot_index=0, 
    context_snapshot_index@entry=7797000) at ../../v8/src/api.cc:5774
#10 0xe75b59d4 in v8::Context::New (external_isolate=0x0, external_isolate@entry=0x76f908, extensions=extensions@entry=0xcd818f50, global_template=..., global_template@entry=..., global_object=...)
    at ../../v8/src/api.cc:5789
#11 0xe566be1c in blink::WindowProxy::createContext (this=0x84b36c, this@entry=0x50465e30) at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:325
#12 0xe566c766 in blink::WindowProxy::initialize (this=0x50465e30) at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:234
#13 0xe566ca50 in blink::WindowProxy::initializeIfNeeded (this=this@entry=0x50465e30) at ../../third_party/WebKit/Source/bindings/core/v8/WindowProxy.cpp:221
#14 0xe563546c in blink::ScriptController::windowProxy (this=0x50465e30, world=...) at ../../third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp:174
#15 0xe5635a8a in blink::ScriptController::executeScriptInIsolatedWorld (this=0x54639c60, worldID=<optimized out>, sources=..., extensionGroup=-847146456, extensionGroup@entry=0, results=results@entry=0x0)
    at ../../third_party/WebKit/Source/bindings/core/v8/ScriptController.cpp:409
#16 0xe690c8ce in blink::WebLocalFrameImpl::executeScriptInIsolatedWorld (this=0x0, worldID=-426718911, sourcesIn=<optimized out>, numSources=3868248385, extensionGroup=-426718911)
    at ../../third_party/WebKit/Source/web/WebLocalFrameImpl.cpp:727
#17 0xe85d55ee in oxide::UserScriptSlave::InjectScripts (this=0x0, frame=0x43e4b0, location=781195724) at ../../oxide/shared/renderer/oxide_user_script_slave.cc:261
#18 0xe94c6fce in content::RenderFrameImpl::runScriptsAtDocumentElementAvailable (this=0x0, frame=<optimized out>) at ../../content/renderer/render_frame_impl.cc:3585
#19 0xe59d6650 in blink::HTMLTreeBuilder::processStartTag (this=0x7a3488, this@entry=0x4e7886a0, token=0x4e7886a0) at ../../third_party/WebKit/Source/core/html/parser/HTMLTreeBuilder.cpp:1062
#20 0xe59d6e22 in blink::HTMLTreeBuilder::processToken (this=0xcd8195c8, this@entry=0x4e7886a0, token=<optimized out>) at ../../third_party/WebKit/Source/core/html/parser/HTMLTreeBuilder.cpp:396
#24 0xe59b5440 in blink::HTMLDocumentParser::pumpPendingSpeculations (this=0xe619b3a0 <vtable for blink::HTMLDocumentParser+8>) at ../../third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:545
#25 0xe59b5440 in blink::HTMLDocumentParser::pumpPendingSpeculations (this=0x4ad49803) at ../../third_party/WebKit/Source/core/html/parser/HTMLDocumentParser.cpp:545

(gdb) p $_siginfo
$2 = {si_signo = 4, si_errno = 0, si_code = 1, _sifields = {_pad = {774008324, 8758996, 3960820, 8765180, 9148080, 9146168, 33, 1, -386307939, -385055467, 0, 3940800, 3952960, 9148080, 49, 1, 9148128, 0, 0, 
      9145948, 58824, 0, 8735336, 8735336, 8735336, 1, 49, 25, 25}, _kill = {si_pid = 774008324, si_uid = 8758996}, _timer = {si_tid = 774008324, si_overrun = 8758996, si_sigval = {sival_int = 3960820, 
        sival_ptr = 0x3c6ff4}}, _rt = {si_pid = 774008324, si_uid = 8758996, si_sigval = {sival_int = 3960820, sival_ptr = 0x3c6ff4}}, _sigchld = {si_pid = 774008324, si_uid = 8758996, si_status = 3960820, 
      si_utime = 8765180, si_stime = 9148080}, _sigfault = {si_addr = 0x2e226e04}, _sigpoll = {si_band = 774008324, si_fd = 8758996}}}

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2016-08-03:

#2

This seems to break somewhere between 54.0.2797.0 and 54.0.2799.0

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2016-08-03:

#3

This turned out to be caused by https://git.launchpad.net/~oxide-developers/oxide/+git/chromium/commit/?id=d3e00ac37e3722cc93d102164b23629e8cc6af31

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2016-08-03:

#4

Fixed with https://git.launchpad.net/~oxide-developers/oxide/+git/chromium/commit/?id=6be0ed6ffba7111122d61ee4cbcd01cf33b877ae and https://git.launchpad.net/oxide/commit/?id=d8d5ed870c977d04d4327e89f1e6d5f2c6dfd3b6

Changed in oxide:
status:	In Progress → Fix Released

Oxide

Renderer crashes with SIGILL on the device

Bug Description

Other bug subscribers

Remote bug watches