243978 2022-08-15 23:51:53 -0700 REGRESSION(252858@main) WPE TestWebCore API tests is segfaulting at the start w 2022-08-17 21:46:56 -0700 1 1 1 Unclassified WebKit bmalloc WebKit Nightly Build Unspecified Unspecified RESOLVED DUPLICATE 243984 https://bugs.webkit.org/show_bug.cgi?id=243868 https://bugs.webkit.org/show_bug.cgi?id=243201 P2 Normal --- 1 lmoura webkit-unassigned bugs-noreply ggaren ysuzuki oldest_to_newest 1891593 0 lmoura 2022-08-15 23:51:53 -0700 Steps to reproduce: * Build release or debug WPE build after * Run the tests, e.g, on gdb: gdb --args /app/webkit/Tools/glib/../../WebKitBuild/Debug/bin/TestWebKitAPI/TestWebCore * Expected: Test runs fine * Actual: segfault (trace below) This isn't happening to GTK. In the breakpoint[1], the kind variable is pas_segregated_page_config_kind_bmalloc_small_segregated and the value returned from pas_segregated_page_config_kind_get_config(kind) is null. Maybe some issue initializing/linking bmalloc/libpas in WPE? [1] https://github.com/WebKit/WebKit/blob/main/Source/bmalloc/libpas/src/libpas/pas_segregated_size_directory.c#L1055 Trace: Program received signal SIGSEGV, Segmentation fault. 0x000055555a267723 in pas_segregated_size_directory_num_allocator_indices () (gdb) bt #0 pas_segregated_size_directory_local_allocator_size (directory=0x7fffeaadb000) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_segregated_size_directory.c:1055 #1 0x0000555563c8acd3 in pas_segregated_size_directory_num_allocator_indices (directory=0x7fffeaadb000) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_segregated_size_directory.c:1062 #2 0x0000555563c25b69 in set_up_range (data=0x7fffffffadc0, designated_begin=0, designated_end_inclusive=1, size=16) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_designated_intrinsic_heap.c:100 #3 0x0000555563c2622f in pas_designated_intrinsic_heap_initialize (heap=0x5555641dfb60 <bmalloc_common_primitive_heap>, config_ptr=0x555564159660 <bmalloc_heap_config>) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_designated_intrinsic_heap.c:179 #4 0x0000555563be91f7 in bmalloc_heap_config_activate() () at /app/webkit/Source/bmalloc/libpas/src/libpas/bmalloc_heap_config.c:54 #5 0x0000555563c3a8fa in pas_heap_config_activate (config=0x555564159660 <bmalloc_heap_config>) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_heap_config.c:40 #6 0x0000555563c6c0eb in pas_segregated_heap_ensure_size_directory_for_size (heap=0x5555641dfb60 <bmalloc_common_primitive_heap>, size=24, alignment=1, size_lookup_mode=pas_force_size_lookup, config=0x555564159660 <bmalloc_heap_config>, cached_index=0x0, creation_mode=pas_segregated_size_directory_full_creation_mode) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_segregated_heap.c:1333 #7 0x0000555563c3a7f5 in pas_heap_ensure_size_directory_for_size_slow (heap=0x5555641dfb60 <bmalloc_common_primitive_heap>, size=24, alignment=1, force_size_lookup=pas_force_size_lookup, config=0x555564159660 <bmalloc_heap_config>, cached_index=0x0) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_heap.c:210 #8 0x0000555563be4470 in pas_heap_ensure_size_directory_for_size(__pas_heap*, size_t, size_t, pas_size_lookup_mode, pas_heap_config, unsigned int*, pas_allocator_counts*) (heap=0x5555641dfb60 <bmalloc_common_primitive_heap>, size=24, alignment=1, force_size_lookup=pas_force_size_lookup, config=..., cached_index=0x0, counts=0x555564293890 <bmalloc_allocator_counts>) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_heap_inlines.h:76 #9 0x0000555563be45ec in pas_try_allocate_common_impl_slow(__pas_heap_ref*, pas_heap_ref_kind, size_t, size_t, pas_heap_config, pas_heap_runtime_config*, pas_allocator_counts*, pas_size_lookup_mode) (heap_ref=0x7fffffffca40, heap_ref_kind=pas_fake_heap_ref_kind, size=24, alignment=1, config=..., runtime_config=0x5555641e0140 <bmalloc_intrinsic_runtime_config>, allocator_counts=0x555564293890 <bmalloc_allocator_counts>, size_lookup_mode=pas_force_size_lookup) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_try_allocate_common.h:149 #10 0x0000555563be912d in bmalloc_heap_config_specialized_try_allocate_common_impl_slow(__pas_heap_ref*, pas_heap_ref_kind, size_t, size_t, pas_heap_runtime_config*, pas_allocator_counts*, pas_size_lookup_mode) (heap_ref=0x7fffffffca40, heap_ref_kind=pas_fake_heap_ref_kind, size=24, alignment=1, runtime_config=0x5555641e0140 <bmalloc_intrinsic_runtime_config>, allocator_counts=0x555564293890 <bmalloc_allocator_counts>, size_lookup_mode=pas_force_size_lookup) at /app/webkit/Source/bmalloc/libpas/src/libpas/bmalloc_heap_config.c:43 #11 0x0000555563bcca4e in bmalloc_allocate_impl_impl_slow(__pas_heap_ref*, size_t, size_t) (heap_ref=0x7fffffffca40, size=24, alignment=1) at /app/webkit/Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h:70 #12 0x0000555563bca2c9 in pas_try_allocate_intrinsic_impl_casual_case(__pas_heap*, size_t, size_t, pas_intrinsic_heap_support*, pas_heap_config, pas_try_allocate_common_fast, pas_try_allocate_common_slow, pas_intrinsic_heap_designation_mode) (heap=0x5555641dfb60 <bmalloc_common_primitive_heap>, size=24, alignment=1, intrinsic_support=0x555564292500 <bmalloc_common_primitive_heap_support>, config=..., try_allocate_common_fast=0x555563bcc937 <bmalloc_allocate_impl_impl_fast(pas_local_allocator*, size_t, size_t)>, try_allocate_common_slow=0x555563bcc9d6 <bmalloc_allocate_impl_impl_slow(__pas_heap_ref*, size_t, size_t)>, designation_mode=pas_intrinsic_heap_is_designated) at /app/webkit/Source/bmalloc/libpas/src/libpas/pas_try_allocate_intrinsic.h:174 #13 0x0000555563bccb00 in bmalloc_allocate_impl_casual_case(size_t, size_t) (size=24, alignment=1) at /app/webkit/Source/bmalloc/libpas/src/libpas/bmalloc_heap_inlines.h:70 #14 0x0000555563bd1537 in bmalloc_allocate_casual(size_t) (size=24) at /app/webkit/Source/bmalloc/libpas/src/libpas/bmalloc_heap.c:64 #15 0x000055555ee2e3e2 in bmalloc_allocate_inline(size_t) (size=24) at /app/webkit/WebKitBuild/Debug/bmalloc/Headers/bmalloc/bmalloc_heap_inlines.h:121 #16 0x000055555ee308f8 in bmalloc::api::malloc(unsigned long, bmalloc::HeapKind) (kind=bmalloc::HeapKind::Primary, size=24) at /app/webkit/WebKitBuild/Debug/bmalloc/Headers/bmalloc/bmalloc.h:72 #17 WTF::fastMalloc(unsigned long) (size=24) at /app/webkit/Source/WTF/wtf/FastMalloc.cpp:525 #18 0x000055555e6d006a in WTF::StringImpl::operator new(unsigned long) (size=24) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/text/StringImpl.h:177 #19 0x000055555ef19426 in WTF::StringImpl::createWithoutCopyingNonEmpty(unsigned char const*, unsigned int) (characters=0x555555cd49db "This is a test", length=14) at /app/webkit/Source/WTF/wtf/text/StringImpl.cpp:169 #20 0x000055555cd3c7ab in WTF::StringImpl::createWithoutCopying(unsigned char const*, unsigned int) (characters=0x555555cd49db "This is a test", length=14) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/text/StringImpl.h:259 #21 0x000055555cd3c74f in WTF::StringImpl::create(WTF::ASCIILiteral) (literal=...) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/text/StringImpl.h:256 #22 0x000055555cd3c8bc in WTF::String::String(WTF::ASCIILiteral) (this=0x555564264298 <TestWebKitAPI::FileMonitorTestData>, characters=...) at /app/webkit/WebKitBuild/Debug/WTF/Headers/wtf/text/WTFString.h:453 #23 0x000055555cd96fe4 in __static_initialization_and_destruction_0(int, int) (__initialize_p=1, __priority=65535) at /app/webkit/Tools/TestWebKitAPI/Tests/WebCore/FileMonitor.cpp:47 #24 0x000055555cd977ac in _GLOBAL__sub_I__ZN13TestWebKitAPI33FileMonitorTest_DetectChange_Test10test_info_E() () at /app/webkit/Tools/TestWebKitAPI/Tests/WebCore/FileMonitor.cpp:376 #25 0x0000555563ead54d in __libc_csu_init (argc=argc@entry=1, argv=argv@entry=0x7fffffffd768, envp=0x7fffffffd778) at elf-init.c:89 #26 0x00007ffff3d10b42 in __libc_start_main (main=0x55555ce67241 <main(int, char**)>, argc=1, argv=0x7fffffffd768, init=0x555563ead500 <__libc_csu_init>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffd758) at ../csu/libc-start.c:279 #27 0x000055555cd1e74e in _start () at ../sysdeps/x86_64/start.S:120 1891939 1 lmoura 2022-08-17 06:39:57 -0700 More from gdb: Looks like `pas_segregated_page_config_kind_for_config_table` is filled with null pointers, not just for `pas_segregated_page_config_kind_bmalloc_small_segregated` ``` # null config (gdb) print pas_segregated_page_config_kind_for_config_table[0] $15 = (const pas_segregated_page_config *) 0x0 # pas small segregated config (gdb) print pas_segregated_page_config_kind_for_config_table[1] $16 = (const pas_segregated_page_config *) 0x0 # bmalloc small segregated config (gdb) print pas_segregated_page_config_kind_for_config_table[2] $17 = (const pas_segregated_page_config *) 0x0 (gdb) ``` But checking the generated preprocessed code (with -save-temps), for the small_segregated_config (index 1), for example, it generates: const pas_segregated_page_config* pas_segregated_page_config_kind_for_config_table[ ...] = { <config for null>, (const pas_segregated_page_config*)((... { .small_segregated_config = { .base { .page_config_ptr = &pas_utility_heap_config.small_segregated_config.base, .... } ... } ... }).small_segregated_config).base.page_config_ptr, ...} And in gdb, it's defined: (gdb) print &pas_utility_heap_config.small_segregated_config.base $20 = (pas_page_base_config *) 0x555564159fd8 <pas_utility_heap_config+56> (gdb) print pas_utility_heap_config.small_segregated_config.base $22 = {is_enabled = true, heap_config_ptr = 0x555564159fa0 <pas_utility_heap_config>, page_config_ptr = 0x555564159fd8 <pas_utility_heap_config+56>, page_config_kind = pas_page_config_kind_segregated, min_align_shift = 3 '\003', page_size = 16384, granule_size = 16384, max_object_size = 1400, page_header_for_boundary = 0x555563caca45 <pas_utility_heap_page_header_for_boundary(void*)>, boundary_for_page_header = 0x555563caca53 <pas_utility_heap_boundary_for_page_header(pas_page_base*)>, page_header_for_boundary_remote = 0x0, create_page_header = 0x555563caca61 <pas_utility_heap_create_page_header(void*, pas_page_kind, pas_lock_hold_mode)>, destroy_page_header = 0x555563cacab0 <pas_utility_heap_destroy_page_header(pas_page_base*, pas_lock_hold_mode)>} 1892130 2 lmoura 2022-08-17 21:46:56 -0700 *** This bug has been marked as a duplicate of bug 243984 ***