WebKit Crashes JVM when removing nodes from DOM on wrong thread.
Scott Palmer
swpalmer at gmail.com
Mon Feb 13 15:36:26 UTC 2023
Created JDK-8302336 <https://bugs.openjdk.org/browse/JDK-8302336>
On Mon, Feb 13, 2023 at 8:42 AM Kevin Rushforth <kevin.rushforth at oracle.com>
wrote:
> Yes, please file a bug. An intermittent exception would be one thing,
> but it shouldn't actually crash when doing that.
>
> -- Kevin
>
>
> On 2/12/2023 3:49 PM, Scott Palmer wrote:
> > I'm seeing a hard crash in native code that brings down the JVM when I
> > accidentally called removeChild on an element from a WebView Document
> > while not on the Platform thread. While I know it's my error,
> > bringing down the JVM instead of throwing an exception seems wrong.
> >
> > Should this be considered a bug or not?
> >
> > Scott
> >
> > With JavaFX 17:
> > Thread 50 Crashed:: Java: ForkJoinPool-1-worker-5
> > 0 libjfxwebkit.dylib 0x14fa2ac33
> > WTFCrashWithInfo(int, char const*, char const*, int) + 19
> > 1 libjfxwebkit.dylib 0x14ea5b60d
> > WebCore::TimerBase::setNextFireTime(WTF::MonotonicTime) + 541
> > 2 libjfxwebkit.dylib 0x14ee0a513
> >
> WebCore::RenderTreeBuilder::detachFromRenderElement(WebCore::RenderElement&,
>
> > WebCore::RenderObject&, WebCore::RenderTreeBuilder::WillBeDestroyed) +
> 179
> > 3 libjfxwebkit.dylib 0x14ee09fa2
> > WebCore::RenderTreeBuilder::Block::detach(WebCore::RenderBlock&,
> > WebCore::RenderObject&,
> > WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 562
> > 4 libjfxwebkit.dylib 0x14ee085ef
> > WebCore::RenderTreeBuilder::detach(WebCore::RenderElement&,
> > WebCore::RenderObject&,
> > WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 543
> > 5 libjfxwebkit.dylib 0x14ee082ba
> > WebCore::RenderTreeBuilder::destroy(WebCore::RenderObject&) + 58
> > 6 libjfxwebkit.dylib 0x14ee0bd57
> >
> WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers(WebCore::RenderObject&)
>
> > + 263
> > 7 libjfxwebkit.dylib 0x14ee19aae
> > WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&,
> > WebCore::RenderTreeUpdater::TeardownType,
> > WebCore::RenderTreeBuilder&)::$_7::operator()(unsigned int) const + 734
> > 8 libjfxwebkit.dylib 0x14ee18c13
> > WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&,
> > WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&)
> > + 1171
> > 9 libjfxwebkit.dylib 0x14ee196d1
> > WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&) + 65
> > 10 libjfxwebkit.dylib 0x14e46db9c
> > WebCore::ContainerNode::removeBetween(WebCore::Node*, WebCore::Node*,
> > WebCore::Node&) + 108
> > 11 libjfxwebkit.dylib 0x14e46ad44
> > WebCore::ContainerNode::removeChild(WebCore::Node&) + 324
> > 12 libjfxwebkit.dylib 0x14e50e24b
> > WebCore::Node::removeChild(WebCore::Node&) + 43
> > 13 libjfxwebkit.dylib 0x14d98deeb
> > Java_com_sun_webkit_dom_NodeImpl_removeChildImpl + 107
> > 14 ??? 0x1203e753a ???
> > 15 ??? 0x1203e335c ???
> > 16 ??? 0x1203e36a2 ???
> > 17 ??? 0x1203e342b ???
> > 18 ??? 0x1203e342b ???
> > 19 ??? 0x1203e388f ???
> > 20 ??? 0x1203e342b ???
> > 21 ??? 0x1203e3317 ???
> > 22 ??? 0x1203e3317 ???
> > 23 ??? 0x1203e342b ???
> > 24 ??? 0x1203e3317 ???
> > 25 ??? 0x1203e342b ???
> > 26 ??? 0x1203dacc9 ???
> > 27 libjvm.dylib 0x110790af6
> > JavaCalls::call_helper(JavaValue*, methodHandle const&,
> > JavaCallArguments*, JavaThread*) + 710
> > 28 libjvm.dylib 0x11078fb47
> > JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*,
> > JavaCallArguments*, JavaThread*) + 327
> > 29 libjvm.dylib 0x11078fc13
> > JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*,
> > JavaThread*) + 99
> > 30 libjvm.dylib 0x11083ab94
> > thread_entry(JavaThread*, JavaThread*) + 180
> > 31 libjvm.dylib 0x110d164af
> > JavaThread::thread_main_inner() + 335
> > 32 libjvm.dylib 0x110d1481f
> > Thread::call_run() + 207
> > 33 libjvm.dylib 0x110b1f898
> > thread_native_entry(Thread*) + 328
> > 34 libsystem_pthread.dylib 0x7ff8062b4259 _pthread_start + 125
> > 35 libsystem_pthread.dylib 0x7ff8062afc7b thread_start + 15
> >
> >
> > With JavaFX 19.0.2.1
> > Thread 48 Crashed:: Java: ForkJoinPool-1-worker-2
> > 0 libjfxwebkit.dylib 0x14f2eb9f3 0x14d0d8000 +
> > 35731955
> > 1 libjfxwebkit.dylib 0x14e3744a6 0x14d0d8000 +
> > 19514534
> > 2 libjfxwebkit.dylib 0x14e747d49 0x14d0d8000 +
> > 23526729
> > 3 libjfxwebkit.dylib 0x14e747798 0x14d0d8000 +
> > 23525272
> > 4 libjfxwebkit.dylib 0x14e745b7f 0x14d0d8000 +
> > 23518079
> > 5 libjfxwebkit.dylib 0x14e745837 0x14d0d8000 +
> > 23517239
> > 6 libjfxwebkit.dylib 0x14e749766 0x14d0d8000 +
> > 23533414
> > 7 libjfxwebkit.dylib 0x14e757dc1 0x14d0d8000 +
> > 23592385
> > 8 libjfxwebkit.dylib 0x14e757033 0x14d0d8000 +
> > 23588915
> > 9 libjfxwebkit.dylib 0x14e757aa1 0x14d0d8000 +
> > 23591585
> > 10 libjfxwebkit.dylib 0x14dd3a2ec 0x14d0d8000 +
> > 12985068
> > 11 libjfxwebkit.dylib 0x14dd37344 0x14d0d8000 +
> > 12972868
> > 12 libjfxwebkit.dylib 0x14dddd01b 0x14d0d8000 +
> > 13651995
> > 13 libjfxwebkit.dylib 0x14d18841b
> > Java_com_sun_webkit_dom_NodeImpl_removeChildImpl + 107
> > 14 ??? 0x120a6453a ???
> > 15 ??? 0x120a6035c ???
> > 16 ??? 0x120a606a2 ???
> > 17 ??? 0x120a6042b ???
> > 18 ??? 0x120a6042b ???
> > 19 ??? 0x120a6088f ???
> > 20 ??? 0x120a6042b ???
> > 21 ??? 0x120a60317 ???
> > 22 ??? 0x120a60317 ???
> > 23 ??? 0x120a6042b ???
> > 24 ??? 0x120a60317 ???
> > 25 ??? 0x120a6042b ???
> > 26 ??? 0x120a57cc9 ???
> > 27 libjvm.dylib 0x110e0daf6
> > JavaCalls::call_helper(JavaValue*, methodHandle const&,
> > JavaCallArguments*, JavaThread*) + 710
> > 28 libjvm.dylib 0x110e0cb47
> > JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*,
> > JavaCallArguments*, JavaThread*) + 327
> > 29 libjvm.dylib 0x110e0cc13
> > JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*,
> > JavaThread*) + 99
> > 30 libjvm.dylib 0x110eb7b94
> > thread_entry(JavaThread*, JavaThread*) + 180
> > 31 libjvm.dylib 0x1113934af
> > JavaThread::thread_main_inner() + 335
> > 32 libjvm.dylib 0x11139181f
> > Thread::call_run() + 207
> > 33 libjvm.dylib 0x11119c898
> > thread_native_entry(Thread*) + 328
> > 34 libsystem_pthread.dylib 0x7ff8062b4259 _pthread_start + 125
> > 35 libsystem_pthread.dylib 0x7ff8062afc7b thread_start + 15
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/openjfx-dev/attachments/20230213/2fdc0c54/attachment-0001.htm>
More information about the openjfx-dev
mailing list