Bug 225095

System: Ubuntu 20.10 / Linux kernel 5.8.0-48-generic / x86_64 / KDE environment

If you send the SIGUSR1 signal to a process using webkitgtk (WebKit2Gtk-4.0 version 2.30.6), the process segfaults.

Here is a gdb log (the process is the Gambas interpreter):

---------------------------------------------------------------------------------------------

GNU gdb (Ubuntu 9.2-0ubuntu2) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from gbx3...
Attaching to program: /usr/bin/gbx3, process 24324
[New LWP 24331]
[New LWP 24332]
[New LWP 24334]
[New LWP 24335]
[New LWP 24336]
[New LWP 24337]
[New LWP 24342]
[New LWP 24345]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f6b4f6ac66f in __GI___poll (fds=0x556d2627bc10, nfds=3, timeout=5853) at ../sysdeps/unix/sysv/linux/poll.c:29
29      ../sysdeps/unix/sysv/linux/poll.c: Aucun fichier ou dossier de ce type.
(gdb) cont
Continuing.
[Thread 0x7f6b38bfb640 (LWP 24342) exited]

Thread 1 "gbx3" received signal SIGUSR1, User defined signal 1.
0x00007f6b4f6ac66f in __GI___poll (fds=0x556d2627bc10, nfds=3, timeout=90000) at ../sysdeps/unix/sysv/linux/poll.c:29
29      in ../sysdeps/unix/sysv/linux/poll.c
(gdb) cont
Continuing.

Thread 1 "gbx3" received signal SIGSEGV, Segmentation fault.
WTF::Thread::signalHandlerSuspendResume () at ../Source/WTF/wtf/posix/ThreadingPOSIX.cpp:121
121     ../Source/WTF/wtf/posix/ThreadingPOSIX.cpp: Aucun fichier ou dossier de ce type.
(gdb) bt
#0  WTF::Thread::signalHandlerSuspendResume(int, siginfo_t*, void*) () at ../Source/WTF/wtf/posix/ThreadingPOSIX.cpp:121
#1  0x00007f6b4f5e0950 in <signal handler called> () at /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007f6b4f6ac66f in __GI___poll (fds=0x556d2627bc10, nfds=3, timeout=90000) at ../sysdeps/unix/sysv/linux/poll.c:29
#3  0x00007f6b4bc0d86e in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007f6b4bc0d9a3 in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007f6b4c25aaf5 in gtk_main_iteration_do (blocking=blocking@entry=1) at ../../../../gtk/gtkmain.c:1456
#6  0x00007f6b4d219cea in MAIN_do_iteration(bool) (do_not_block=do_not_block@entry=false) at main.cpp:689
#7  0x00007f6b4d219d3e in hook_loop() () at main.cpp:586
#8  0x0000556d24bd01d2 in main (argc=<optimized out>, argv=<optimized out>) at gbx.c:480
(gdb) disassemble 
Dump of assembler code for function WTF::Thread::signalHandlerSuspendResume(int, siginfo_t*, void*):
   0x00007f6b43de2890 <+0>:     endbr64 
   0x00007f6b43de2894 <+4>:     push   %rbp
   0x00007f6b43de2895 <+5>:     push   %rbx
   0x00007f6b43de2896 <+6>:     sub    $0x98,%rsp
   0x00007f6b43de289d <+13>:    mov    %fs:0x28,%rax
   0x00007f6b43de28a6 <+22>:    mov    %rax,0x88(%rsp)
   0x00007f6b43de28ae <+30>:    xor    %eax,%eax
   0x00007f6b43de28b0 <+32>:    mov    0x3578c9(%rip),%rbx        # 0x7f6b4413a180 <_ZN3WTFL12targetThreadE>
=> 0x00007f6b43de28b7 <+39>:    mov    0x40(%rbx),%eax
   0x00007f6b43de28ba <+42>:    test   %eax,%eax
   0x00007f6b43de28bc <+44>:    jne    0x7f6b43de2958 <WTF::Thread::signalHandlerSuspendResume(int, siginfo_t*, void*)+200>
   0x00007f6b43de28c2 <+50>:    mov    %rsp,%rcx
   0x00007f6b43de28c5 <+53>:    mov    0x10(%rbx),%rax
   0x00007f6b43de28c9 <+57>:    cmp    %rcx,%rax
   0x00007f6b43de28cc <+60>:    jb     0x7f6b43de28d9 <WTF::Thread::signalHandlerSuspendResume(int, siginfo_t*, void*)+73>
   0x00007f6b43de28ce <+62>:    test   %rax,%rax
   0x00007f6b43de28d1 <+65>:    je     0x7f6b43de28d9 <WTF::Thread::signalHandlerSuspendResume(int, siginfo_t*, void*)+73>
   0x00007f6b43de28d3 <+67>:    cmp    0x18(%rbx),%rcx
   0x00007f6b43de28d7 <+71>:    ja     0x7f6b43de2910 <WTF::Thread::signalHandlerSuspendResume(int, siginfo_t*, void*)+128>
   0x00007f6b43de28d9 <+73>:    movq   $0x0,0x38(%rbx)
   0x00007f6b43de28e1 <+81>:    mov    0x88(%rsp),%rax
   0x00007f6b43de28e9 <+89>:    sub    %fs:0x28,%rax
   0x00007f6b43de28f2 <+98>:    jne    0x7f6b43de2975 <WTF::Thread::signalHandlerSuspendResume(int, siginfo_t*, void*)+229>
...
(gdb) info registers 
rax            0x0                 0
rbx            0x0                 0
rcx            0x7f6b4f6ac66f      140098870625903
rdx            0x7ffc6646e500      140722024408320
rsi            0x7ffc6646e630      140722024408624
rdi            0xa                 10
rbp            0x556d2627bc10      0x556d2627bc10
rsp            0x7ffc6646e450      0x7ffc6646e450
r8             0x0                 0
r9             0x7f6b4bcea280      140098810061440
r10            0x7ffc664fd080      140722024992896
r11            0x293               659
r12            0x3                 3
r13            0x7ffc6646eb04      140722024409860
r14            0x15f90             90000
r15            0x556d25e731c0      93927275704768
rip            0x7f6b43de28b7      0x7f6b43de28b7 <WTF::Thread::signalHandlerSuspendResume(int, siginfo_t*, void*)+39>
eflags         0x10246             [ PF ZF IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
---------------------------------------------------------------------------------------------