-
Bug
-
Resolution: Unresolved
-
P3
-
jfx11.0.3, jfx12, 8u211
-
OS: macOS 13.2
Java: 17.0.6, 19.0.2
JavaFX: 17, 19.0.2.1
WebEngine documentation states: "WebEngine objects must be created and accessed solely from the JavaFX Application thread. This rule also applies to any DOM and JavaScript objects obtained from the WebEngine object."
However, if this rule is not followed and the code can bring down the entire JVM rather than result in incorrect behaviour or a Java exception.
The attached sample can be used to reproduce this issue.
The following stack traces show where the native crash occurred. The JavaFX 17 stack trace is included as it has more informative symbols:
With JavaFX 17:
Thread 50 Crashed:: Java: ForkJoinPool-1-worker-5
0 libjfxwebkit.dylib 0x14fa2ac33 WTFCrashWithInfo(int, char const*, char const*, int) + 19
1 libjfxwebkit.dylib 0x14ea5b60d WebCore::TimerBase::setNextFireTime(WTF::MonotonicTime) + 541
2 libjfxwebkit.dylib 0x14ee0a513 WebCore::RenderTreeBuilder::detachFromRenderElement(WebCore::RenderElement&, WebCore::RenderObject&, WebCore::RenderTreeBuilder::WillBeDestroyed) + 179
3 libjfxwebkit.dylib 0x14ee09fa2 WebCore::RenderTreeBuilder::Block::detach(WebCore::RenderBlock&, WebCore::RenderObject&, WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 562
4 libjfxwebkit.dylib 0x14ee085ef WebCore::RenderTreeBuilder::detach(WebCore::RenderElement&, WebCore::RenderObject&, WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 543
5 libjfxwebkit.dylib 0x14ee082ba WebCore::RenderTreeBuilder::destroy(WebCore::RenderObject&) + 58
6 libjfxwebkit.dylib 0x14ee0bd57 WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers(WebCore::RenderObject&) + 263
7 libjfxwebkit.dylib 0x14ee19aae WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&)::$_7::operator()(unsigned int) const + 734
8 libjfxwebkit.dylib 0x14ee18c13 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&) + 1171
9 libjfxwebkit.dylib 0x14ee196d1 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&) + 65
10 libjfxwebkit.dylib 0x14e46db9c WebCore::ContainerNode::removeBetween(WebCore::Node*, WebCore::Node*, WebCore::Node&) + 108
11 libjfxwebkit.dylib 0x14e46ad44 WebCore::ContainerNode::removeChild(WebCore::Node&) + 324
12 libjfxwebkit.dylib 0x14e50e24b WebCore::Node::removeChild(WebCore::Node&) + 43
13 libjfxwebkit.dylib 0x14d98deeb Java_com_sun_webkit_dom_NodeImpl_removeChildImpl + 107
14 ??? 0x1203e753a ???
15 ??? 0x1203e335c ???
16 ??? 0x1203e36a2 ???
17 ??? 0x1203e342b ???
18 ??? 0x1203e342b ???
19 ??? 0x1203e388f ???
20 ??? 0x1203e342b ???
21 ??? 0x1203e3317 ???
22 ??? 0x1203e3317 ???
23 ??? 0x1203e342b ???
24 ??? 0x1203e3317 ???
25 ??? 0x1203e342b ???
26 ??? 0x1203dacc9 ???
27 libjvm.dylib 0x110790af6 JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) + 710
28 libjvm.dylib 0x11078fb47 JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, JavaThread*) + 327
29 libjvm.dylib 0x11078fc13 JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*) + 99
30 libjvm.dylib 0x11083ab94 thread_entry(JavaThread*, JavaThread*) + 180
31 libjvm.dylib 0x110d164af JavaThread::thread_main_inner() + 335
32 libjvm.dylib 0x110d1481f Thread::call_run() + 207
33 libjvm.dylib 0x110b1f898 thread_native_entry(Thread*) + 328
34 libsystem_pthread.dylib 0x7ff8062b4259 _pthread_start + 125
35 libsystem_pthread.dylib 0x7ff8062afc7b thread_start + 15
With JavaFX 19.0.2.1
Thread 48 Crashed:: Java: ForkJoinPool-1-worker-2
0 libjfxwebkit.dylib 0x14f2eb9f3 0x14d0d8000 + 35731955
1 libjfxwebkit.dylib 0x14e3744a6 0x14d0d8000 + 19514534
2 libjfxwebkit.dylib 0x14e747d49 0x14d0d8000 + 23526729
3 libjfxwebkit.dylib 0x14e747798 0x14d0d8000 + 23525272
4 libjfxwebkit.dylib 0x14e745b7f 0x14d0d8000 + 23518079
5 libjfxwebkit.dylib 0x14e745837 0x14d0d8000 + 23517239
6 libjfxwebkit.dylib 0x14e749766 0x14d0d8000 + 23533414
7 libjfxwebkit.dylib 0x14e757dc1 0x14d0d8000 + 23592385
8 libjfxwebkit.dylib 0x14e757033 0x14d0d8000 + 23588915
9 libjfxwebkit.dylib 0x14e757aa1 0x14d0d8000 + 23591585
10 libjfxwebkit.dylib 0x14dd3a2ec 0x14d0d8000 + 12985068
11 libjfxwebkit.dylib 0x14dd37344 0x14d0d8000 + 12972868
12 libjfxwebkit.dylib 0x14dddd01b 0x14d0d8000 + 13651995
13 libjfxwebkit.dylib 0x14d18841b Java_com_sun_webkit_dom_NodeImpl_removeChildImpl + 107
14 ??? 0x120a6453a ???
15 ??? 0x120a6035c ???
16 ??? 0x120a606a2 ???
17 ??? 0x120a6042b ???
18 ??? 0x120a6042b ???
19 ??? 0x120a6088f ???
20 ??? 0x120a6042b ???
21 ??? 0x120a60317 ???
22 ??? 0x120a60317 ???
23 ??? 0x120a6042b ???
24 ??? 0x120a60317 ???
25 ??? 0x120a6042b ???
26 ??? 0x120a57cc9 ???
27 libjvm.dylib 0x110e0daf6 JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) + 710
28 libjvm.dylib 0x110e0cb47 JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, JavaThread*) + 327
29 libjvm.dylib 0x110e0cc13 JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*) + 99
30 libjvm.dylib 0x110eb7b94 thread_entry(JavaThread*, JavaThread*) + 180
31 libjvm.dylib 0x1113934af JavaThread::thread_main_inner() + 335
32 libjvm.dylib 0x11139181f Thread::call_run() + 207
33 libjvm.dylib 0x11119c898 thread_native_entry(Thread*) + 328
34 libsystem_pthread.dylib 0x7ff8062b4259 _pthread_start + 125
35 libsystem_pthread.dylib 0x7ff8062afc7b thread_start + 15
However, if this rule is not followed and the code can bring down the entire JVM rather than result in incorrect behaviour or a Java exception.
The attached sample can be used to reproduce this issue.
The following stack traces show where the native crash occurred. The JavaFX 17 stack trace is included as it has more informative symbols:
With JavaFX 17:
Thread 50 Crashed:: Java: ForkJoinPool-1-worker-5
0 libjfxwebkit.dylib 0x14fa2ac33 WTFCrashWithInfo(int, char const*, char const*, int) + 19
1 libjfxwebkit.dylib 0x14ea5b60d WebCore::TimerBase::setNextFireTime(WTF::MonotonicTime) + 541
2 libjfxwebkit.dylib 0x14ee0a513 WebCore::RenderTreeBuilder::detachFromRenderElement(WebCore::RenderElement&, WebCore::RenderObject&, WebCore::RenderTreeBuilder::WillBeDestroyed) + 179
3 libjfxwebkit.dylib 0x14ee09fa2 WebCore::RenderTreeBuilder::Block::detach(WebCore::RenderBlock&, WebCore::RenderObject&, WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 562
4 libjfxwebkit.dylib 0x14ee085ef WebCore::RenderTreeBuilder::detach(WebCore::RenderElement&, WebCore::RenderObject&, WebCore::RenderTreeBuilder::CanCollapseAnonymousBlock) + 543
5 libjfxwebkit.dylib 0x14ee082ba WebCore::RenderTreeBuilder::destroy(WebCore::RenderObject&) + 58
6 libjfxwebkit.dylib 0x14ee0bd57 WebCore::RenderTreeBuilder::destroyAndCleanUpAnonymousWrappers(WebCore::RenderObject&) + 263
7 libjfxwebkit.dylib 0x14ee19aae WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&)::$_7::operator()(unsigned int) const + 734
8 libjfxwebkit.dylib 0x14ee18c13 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&, WebCore::RenderTreeUpdater::TeardownType, WebCore::RenderTreeBuilder&) + 1171
9 libjfxwebkit.dylib 0x14ee196d1 WebCore::RenderTreeUpdater::tearDownRenderers(WebCore::Element&) + 65
10 libjfxwebkit.dylib 0x14e46db9c WebCore::ContainerNode::removeBetween(WebCore::Node*, WebCore::Node*, WebCore::Node&) + 108
11 libjfxwebkit.dylib 0x14e46ad44 WebCore::ContainerNode::removeChild(WebCore::Node&) + 324
12 libjfxwebkit.dylib 0x14e50e24b WebCore::Node::removeChild(WebCore::Node&) + 43
13 libjfxwebkit.dylib 0x14d98deeb Java_com_sun_webkit_dom_NodeImpl_removeChildImpl + 107
14 ??? 0x1203e753a ???
15 ??? 0x1203e335c ???
16 ??? 0x1203e36a2 ???
17 ??? 0x1203e342b ???
18 ??? 0x1203e342b ???
19 ??? 0x1203e388f ???
20 ??? 0x1203e342b ???
21 ??? 0x1203e3317 ???
22 ??? 0x1203e3317 ???
23 ??? 0x1203e342b ???
24 ??? 0x1203e3317 ???
25 ??? 0x1203e342b ???
26 ??? 0x1203dacc9 ???
27 libjvm.dylib 0x110790af6 JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) + 710
28 libjvm.dylib 0x11078fb47 JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, JavaThread*) + 327
29 libjvm.dylib 0x11078fc13 JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*) + 99
30 libjvm.dylib 0x11083ab94 thread_entry(JavaThread*, JavaThread*) + 180
31 libjvm.dylib 0x110d164af JavaThread::thread_main_inner() + 335
32 libjvm.dylib 0x110d1481f Thread::call_run() + 207
33 libjvm.dylib 0x110b1f898 thread_native_entry(Thread*) + 328
34 libsystem_pthread.dylib 0x7ff8062b4259 _pthread_start + 125
35 libsystem_pthread.dylib 0x7ff8062afc7b thread_start + 15
With JavaFX 19.0.2.1
Thread 48 Crashed:: Java: ForkJoinPool-1-worker-2
0 libjfxwebkit.dylib 0x14f2eb9f3 0x14d0d8000 + 35731955
1 libjfxwebkit.dylib 0x14e3744a6 0x14d0d8000 + 19514534
2 libjfxwebkit.dylib 0x14e747d49 0x14d0d8000 + 23526729
3 libjfxwebkit.dylib 0x14e747798 0x14d0d8000 + 23525272
4 libjfxwebkit.dylib 0x14e745b7f 0x14d0d8000 + 23518079
5 libjfxwebkit.dylib 0x14e745837 0x14d0d8000 + 23517239
6 libjfxwebkit.dylib 0x14e749766 0x14d0d8000 + 23533414
7 libjfxwebkit.dylib 0x14e757dc1 0x14d0d8000 + 23592385
8 libjfxwebkit.dylib 0x14e757033 0x14d0d8000 + 23588915
9 libjfxwebkit.dylib 0x14e757aa1 0x14d0d8000 + 23591585
10 libjfxwebkit.dylib 0x14dd3a2ec 0x14d0d8000 + 12985068
11 libjfxwebkit.dylib 0x14dd37344 0x14d0d8000 + 12972868
12 libjfxwebkit.dylib 0x14dddd01b 0x14d0d8000 + 13651995
13 libjfxwebkit.dylib 0x14d18841b Java_com_sun_webkit_dom_NodeImpl_removeChildImpl + 107
14 ??? 0x120a6453a ???
15 ??? 0x120a6035c ???
16 ??? 0x120a606a2 ???
17 ??? 0x120a6042b ???
18 ??? 0x120a6042b ???
19 ??? 0x120a6088f ???
20 ??? 0x120a6042b ???
21 ??? 0x120a60317 ???
22 ??? 0x120a60317 ???
23 ??? 0x120a6042b ???
24 ??? 0x120a60317 ???
25 ??? 0x120a6042b ???
26 ??? 0x120a57cc9 ???
27 libjvm.dylib 0x110e0daf6 JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*) + 710
28 libjvm.dylib 0x110e0cb47 JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, JavaThread*) + 327
29 libjvm.dylib 0x110e0cc13 JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, JavaThread*) + 99
30 libjvm.dylib 0x110eb7b94 thread_entry(JavaThread*, JavaThread*) + 180
31 libjvm.dylib 0x1113934af JavaThread::thread_main_inner() + 335
32 libjvm.dylib 0x11139181f Thread::call_run() + 207
33 libjvm.dylib 0x11119c898 thread_native_entry(Thread*) + 328
34 libsystem_pthread.dylib 0x7ff8062b4259 _pthread_start + 125
35 libsystem_pthread.dylib 0x7ff8062afc7b thread_start + 15
- relates to
-
JDK-8214119 Update to 607.1 version of WebKit
- Resolved