RESOLVED DUPLICATE of bug 209360 200566
Segmentation fault on 64K page size kernel Linux 
https://bugs.webkit.org/show_bug.cgi?id=200566
Summary Segmentation fault on 64K page size kernel Linux
jazz
Reported 2019-08-09 02:25:27 PDT
On a Linux system with a 64K page size 4.4.131 kernel, run yelp reveived SIGSEGV. webkit2gtk version: 2.20.1 gdb message: Program received signal SIGSEGV, Segmentation fault. 0x0000ffffb488c1b0 in protectGigacageBasePtrs () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/Gigacage.cpp:61 61 RELEASE_BASSERT(!(basePtrs & (vmPageSize() - 1))); (gdb) bt #0 0x0000ffffb488c1b0 in protectGigacageBasePtrs () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/Gigacage.cpp:61 #1 0x0000ffffb488cafc in operator() () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/Gigacage.cpp:173 #2 _M_invoke<> () at /usr/include/c++/5/functional:1531 #3 operator() () at /usr/include/c++/5/functional:1520 #4 __once_call_impl<std::_Bind_simple<Gigacage::ensureGigacage()::<lambda()>()> >(void) () at /usr/include/c++/5/mutex:706 #5 0x0000ffffb523ea2c in __pthread_once_slow ( once_control=0xffffb49a0028 <Gigacage::ensureGigacage()::onceFlag>, init_routine=0xffffb2cd70e8 <__once_proxy>) at pthread_once.c:116 #6 0x0000ffffb488c4c4 in __gthread_once () at /usr/include/aarch64-linux-gnu/c++/5/bits/gthr-default.h:699 #7 call_once<Gigacage::ensureGigacage()::<lambda()> > () at /usr/include/c++/5/mutex:738 #8 Gigacage::ensureGigacage () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/Gigacage.cpp:175 #9 0x0000ffffb488d32c in bmalloc::Heap::Heap () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/Heap.cpp:58 #10 0x0000ffffb488b12c in bmalloc::PerHeapKindBase<bmalloc::Heap>::PerHeapKindBase<std::lock_guard<bmalloc::StaticMutex>&> () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/PerHeapKind.h:43 #11 bmalloc::PerHeapKind<bmalloc::Heap>::PerHeapKind<std::lock_guard<bmalloc::StaticMutex>&> () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/PerHeapKind.h:95 #12 bmalloc::PerProcess<bmalloc::PerHeapKind<bmalloc::Heap> >::getSlowCase () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/PerProcess.h:81 #13 0x0000ffffb488ad20 in bmalloc::PerProcess<bmalloc::PerHeapKind<bmalloc::Heap> >::get () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/PerProcess.h:65 #14 bmalloc::Cache::Cache () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/Cache.cpp:46 #15 0x0000ffffb488b1dc in bmalloc::PerHeapKindBase<bmalloc::Cache>::PerHeapKindBase<>() () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/PerHeapKind.h:43 #16 bmalloc::PerHeapKind<bmalloc::Cache>::PerHeapKind<>() () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/PerHeapKind.h:95 #17 bmalloc::PerThread<bmalloc::PerHeapKind<bmalloc::Cache> >::getSlowCase () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/PerThread.h:145 #18 0x0000ffffb488adc4 in bmalloc::Cache::allocateSlowCaseNullCache () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/bmalloc/bmalloc/Cache.cpp:58 ---Type <return> to continue, or q <return> to quit--- #19 0x0000ffffb48700bc in WTF::StringImpl::operator new () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/WTF/wtf/text/StringImpl.h:161 #20 WTF::StringImpl::createFromLiteral () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/WTF/wtf/text/StringImpl.cpp:153 #21 0x0000ffffb4870150 in WTF::StringImpl::createFromLiteral () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/WTF/wtf/text/StringImpl.cpp:158 #22 0x0000ffffb487c860 in WTF::String::String () at /build/webkit2gtk-oPMfUy/webkit2gtk-2.20.1/Source/WTF/wtf/text/WTFString.cpp:83 #23 0x0000ffffb620cd1c in ?? () from /usr/lib/aarch64-linux-gnu/libwebkit2gtk-4.0.so.37 #24 0x0000000000000001 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) code: 57 void protectGigacageBasePtrs() 58 { 59 uintptr_t basePtrs = reinterpret_cast<uintptr_t>(g_gigacageBasePtrs); 60 // We might only get page size alignment, but that's also the minimum we need. 61 RELEASE_BASSERT(!(basePtrs & (vmPageSize() - 1))); 62 mprotect(g_gigacageBasePtrs, GIGACAGE_BASE_PTRS_SIZE, PROT_READ); 63 } (gdb) p/x g_gigacageBasePtrs $1 = 0x80000000 Is this a bug?
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2020-05-15 14:26:27 PDT
*** This bug has been marked as a duplicate of bug 209360 ***
Note You need to log in before you can comment on or make changes to this bug.