115305 2013-04-27 05:52:43 -0700 REGRESSION(r149114): cache flush for SH4 arch may flush an extra page 2013-04-27 11:24:22 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Linux RESOLVED FIXED P2 Normal --- 0 jbriance webkit-unassigned commit-queue fpizlo mark.lam oliver oldest_to_newest 882170 0 jbriance 2013-04-27 05:52:43 -0700 Since r149114, the following JavaScriptCore test crashes (sh4 arch): # ./jsc -s jsctest/js1_2/shell.js -s jsctest/js1_2/regexp/string_replace.js Executing script: string_replace.js As described in Netscape doc "Whats new in JavaScript 1.2" String: replace Unable to handle kernel paging request at virtual address 2c41f000 pc = 8080efb2 *pde = 87f54000 *pte = 00000000 Oops: 0000 [#1] last sysfs file: /sys/devices/virtual/bpamem/bpamem31/dev Modules linked in: bpamem silencegen platform stmalloc sth264pp player2 stm_monitor stmdvb pti stv090x pseudocard stm_v4l2 p2div64 ksound mmelog avs mme_host embxshm embxmailbox embxshell stmfb stmcore_display_sti7105 autofs4 e2_proc Pid : 1508, Comm: jsc CPU : 0 Not tainted (2.6.32.28_stm24_0207 #54) PC is at sh4__flush_wback_region+0x32/0xa0 PR is at sys_cacheflush+0xec/0x140 PC : 8080efb2 SP : 876e1f80 SR : 40008000 TEA : c10f8a6c R0 : 00000080 R1 : 2c41f000 R2 : 00000010 R3 : 2c41f000 R4 : 2c41f000 R5 : 000000c0 R6 : 000000e0 R7 : 00000100 R8 : 000000a0 R9 : 00000080 R10 : 00000002 R11 : 2c420000 R12 : 000000bc R13 : 006e63cc R14 : 000000c0 MACH: 00000200 MACL: 00000120 GBR : 2adec278 PR : 8080678c Call trace: [<80809920>] syscall_call+0xa/0xe [<808066a0>] sys_cacheflush+0x0/0x140 Process: jsc (pid: 1508, stack limit = 876e0001) Stack: (0x876e1f80 to 0x876e2000) 1f80: 00001000 2c41f000 0000000e 80809920 00000594 00000000 00000071 00000100 1fa0: 808066a0 7b9ceddc 00685b56 0000000b 0000007b 2c41f000 00001000 0000000e 1fc0: 7b9cedf0 2c41f000 006e63c0 2c41f000 2c41ef40 00705994 006e63cc 000000c0 1fe0: 7b9ceda0 2ad2f6d2 004509e8 00000000 2adec278 00000200 00000120 0000005c ---[ end trace 3d575c0af2b1d83a ]--- I'll submit a fix soon. 882171 1 199901 jbriance 2013-04-27 06:05:43 -0700 Created attachment 199901 Correct last page computation in SH4 cacheFlush function 882196 2 199901 commit-queue 2013-04-27 11:24:20 -0700 Comment on attachment 199901 Correct last page computation in SH4 cacheFlush function Clearing flags on attachment: 199901 Committed r149240: <http://trac.webkit.org/changeset/149240> 882197 3 commit-queue 2013-04-27 11:24:22 -0700 All reviewed patches have been landed. Closing bug. 199901 2013-04-27 06:05:43 -0700 2013-04-27 11:24:20 -0700 Correct last page computation in SH4 cacheFlush function bug-115305.patch text/plain 1500 jbriance SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTQ5MjM2KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBA CisyMDEzLTA0LTI3ICBKdWxpZW4gQnJpYW5jZWF1ICA8amJyaWFuY2VhdUBuZHMuY29tPgorCisg ICAgICAgIFJFR1JFU1NJT04ocjE0OTExNCk6IGNhY2hlIGZsdXNoIGZvciBTSDQgYXJjaCBtYXkg Zmx1c2ggYW4gZXh0cmEgcGFnZS4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hv d19idWcuY2dpP2lkPTExNTMwNQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgICogYXNzZW1ibGVyL1NINEFzc2VtYmxlci5oOgorICAgICAgICAoSlNDOjpT SDRBc3NlbWJsZXI6OmNhY2hlRmx1c2gpOgorCiAyMDEzLTA0LTI2ICBHZW9mZnJleSBHYXJlbiAg PGdnYXJlbkBhcHBsZS5jb20+CiAKICAgICAgICAgUmUtbGFuZGluZyA8aHR0cDovL3RyYWMud2Vi a2l0Lm9yZy9jaGFuZ2VzZXQvMTQ4OTk5PgpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2Fz c2VtYmxlci9TSDRBc3NlbWJsZXIuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENv cmUvYXNzZW1ibGVyL1NINEFzc2VtYmxlci5oCShyZXZpc2lvbiAxNDkyMzYpCisrKyBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvYXNzZW1ibGVyL1NINEFzc2VtYmxlci5oCSh3b3JraW5nIGNvcHkpCkBA IC0xNTg2LDcgKzE1ODYsNyBAQCBwdWJsaWM6CiAjaWYgT1MoTElOVVgpCiAgICAgICAgIC8vIEZs dXNoIGVhY2ggcGFnZSBzZXBhcmF0ZWx5LCBvdGhlcndpc2UgdGhlIHdob2xlIGZsdXNoIHdpbGwg ZmFpbCBpZiBhbiB1bmNvbW1pdGVkIHBhZ2UgaXMgaW4gdGhlIGFyZWEuCiAgICAgICAgIHVuc2ln bmVkIGN1cnJlbnRQYWdlID0gcmVpbnRlcnByZXRfY2FzdDx1bnNpZ25lZD4oY29kZSkgJiB+KHBh Z2VTaXplKCkgLSAxKTsKLSAgICAgICAgdW5zaWduZWQgbGFzdFBhZ2UgPSAocmVpbnRlcnByZXRf Y2FzdDx1bnNpZ25lZD4oY29kZSkgKyBzaXplKSAmIH4ocGFnZVNpemUoKSAtIDEpOworICAgICAg ICB1bnNpZ25lZCBsYXN0UGFnZSA9IChyZWludGVycHJldF9jYXN0PHVuc2lnbmVkPihjb2RlKSAr IHNpemUgLSAxKSAmIH4ocGFnZVNpemUoKSAtIDEpOwogICAgICAgICBkbyB7CiAjaWYgZGVmaW5l ZCBDQUNIRUZMVVNIX0RfTDIKICAgICAgICAgICAgIHN5c2NhbGwoX19OUl9jYWNoZWZsdXNoLCBj dXJyZW50UGFnZSwgcGFnZVNpemUoKSwgQ0FDSEVGTFVTSF9EX1dCIHwgQ0FDSEVGTFVTSF9JIHwg Q0FDSEVGTFVTSF9EX0wyKTsK