[Webkit-unassigned] [Bug 248267] New: JSC init crashes WebKit with overcommit limit enabled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 23 01:27:08 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=248267

            Bug ID: 248267
           Summary: JSC init crashes WebKit with overcommit limit enabled
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: bmalloc
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: paul at luon.net
                CC: ggaren at apple.com

With the update of WebKitGTK in Ubuntu (both 20.04LTS and 22.04LTS) of 2.36.8 to 2.38.2 on a system with a VM overcommit limit enabled, it now crashes the process on WebKit initialization via `webkit_web_context_new_ephemeral()` (or `webkit_web_context_new()`) without any error message.

I use the following overcommit configuration on 2 GiB and 4 GiB RAM systems:

  vm.overcommit_memory = 2
  vm.overcommit_ratio = 80

I get the following backtrace (unfortunately incomplete because of unavailable debug symbols):

  #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
  [Current thread is 1 (Thread 0x7f2bf1762ac0 (LWP 11568))]

  Thread 4 (Thread 0x7f2be8822700 (LWP 11574)):
  #0  futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7f2be8821b00, clockid=<optimized out>, expected=0, futex_word=0x7f2bd400e690) at ../sysdeps/nptl/futex-internal.h:320
  #1  __pthread_cond_wait_common (abstime=0x7f2be8821b00, clockid=<optimized out>, mutex=0x7f2bd400e640, cond=0x7f2bd400e668) at pthread_cond_wait.c:520
  #2  __pthread_cond_timedwait (cond=0x7f2bd400e668, mutex=0x7f2bd400e640, abstime=0x7f2be8821b00) at pthread_cond_wait.c:665
  #3  0x00007f2bf74c64ac in  () at /lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
  #4  0x00007f2bf74c6746 in  () at /lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
  #5  0x00007f2bf5b65609 in start_thread (arg=<optimized out>) at pthread_create.c:477
  #6  0x00007f2bf5a8a133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

  Thread 3 (Thread 0x7f2be9879700 (LWP 11570)):
  #0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x55fe89c24e28) at ../sysdeps/nptl/futex-internal.h:183
  #1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55fe89c24dd8, cond=0x55fe89c24e00) at pthread_cond_wait.c:508
  #2  __pthread_cond_wait (cond=0x55fe89c24e00, mutex=0x55fe89c24dd8) at pthread_cond_wait.c:647
  #3  0x00007f2bef52a5eb in  () at /usr/lib/x86_64-linux-gnu/dri/iris_dri.so
  #4  0x00007f2bef52a1eb in  () at /usr/lib/x86_64-linux-gnu/dri/iris_dri.so
  #5  0x00007f2bf5b65609 in start_thread (arg=<optimized out>) at pthread_create.c:477
  #6  0x00007f2bf5a8a133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

  Thread 2 (Thread 0x7f2be9038700 (LWP 11572)):
  #0  futex_wait_cancelable (private=<optimized out>, expected=0, futex_word=0x55fe89ca0f60) at ../sysdeps/nptl/futex-internal.h:183
  #1  __pthread_cond_wait_common (abstime=0x0, clockid=0, mutex=0x55fe89ca0f10, cond=0x55fe89ca0f38) at pthread_cond_wait.c:508
  #2  __pthread_cond_wait (cond=0x55fe89ca0f38, mutex=0x55fe89ca0f10) at pthread_cond_wait.c:647
  #3  0x00007f2bef52a5eb in  () at /usr/lib/x86_64-linux-gnu/dri/iris_dri.so
  #4  0x00007f2bef52a1eb in  () at /usr/lib/x86_64-linux-gnu/dri/iris_dri.so
  #5  0x00007f2bf5b65609 in start_thread (arg=<optimized out>) at pthread_create.c:477
  #6  0x00007f2bf5a8a133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

  Thread 1 (Thread 0x7f2bf1762ac0 (LWP 11568)):
  #0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
  #1  0x00007f2bf598d859 in __GI_abort () at abort.c:79
  #2  0x00007f2bf61aee1d in  () at /lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
  #3  0x00007f2bf6eb2847 in  () at /lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
  #4  0x00007f2bf5b6e4df in __pthread_once_slow (once_control=0x7f2bf78dfee8, init_routine=0x7f2bf5dc1c20 <__once_proxy>) at pthread_once.c:116
  #5  0x00007f2bf6eb86e1 in JSC::initialize() () at /lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
  #6  0x00007f2bf8e31e81 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
  #7  0x00007f2bf8f93845 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
  #8  0x00007f2bf5b6e4df in __pthread_once_slow (once_control=0x7f2bfc2d8d90, init_routine=0x7f2bf5dc1c20 <__once_proxy>) at pthread_once.c:116
  #9  0x00007f2bf8f93c11 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
  #10 0x00007f2bf8fcb93c in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
  #11 0x00007f2bf60301d1 in g_type_class_ref () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #12 0x00007f2bf60135e1 in g_object_new_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #13 0x00007f2bf60136cd in g_object_new () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
  #14 0x00007f2bf8fb13e0 in webkit_web_context_new_ephemeral () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.0.so.37
  #15 0x000055fe88b8b4c6 in main(int, char**) (argc=<optimized out>, argv=<optimized out>) at main.cpp:1342


and strace output:

[pid  9244] mmap(NULL, 1073750016, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x7f952bffe000
[pid  9244] madvise(0x7f952bffe000, 1073750016, MADV_DONTNEED) = 0
[pid  9244] futex(0x7f9591a750d8, FUTEX_WAKE_PRIVATE, 2147483647) = 0
[pid  9244] mmap(NULL, 8589934592, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  9244] munmap(0x100000000, 4294967296) = 0
[pid  9244] mmap(NULL, 6442450944, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  9244] munmap(0x80000000, 4294967296) = 0
[pid  9244] mmap(NULL, 5368709120, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  9244] munmap(0x40000000, 4294967296) = 0
[pid  9244] mmap(NULL, 4831838208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  9244] munmap(0x20000000, 4294967296) = 0
[pid  9244] mmap(NULL, 4563402752, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  9244] munmap(0x10000000, 4294967296) = 0
[pid  9244] mmap(NULL, 4429185024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  9244] munmap(0x8000000, 4294967296) = 0
[pid  9244] mmap(NULL, 4362076160, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  9244] munmap(0x4000000, 4294967296) = 0
[pid  9244] mmap(NULL, 4328521728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = -1 ENOMEM (Cannot allocate memory)
[pid  9244] munmap(0x2000000, 4294967296) = 0
[pid  9244] rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
[pid  9244] rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
[pid  9244] getpid()                    = 9244
[pid  9244] gettid()                    = 9244
[pid  9244] tgkill(9244, 9244, SIGABRT) = 0
[pid  9244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid  9244] --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=9244, si_uid=1000} ---

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221123/1436ec91/attachment-0001.htm>

More information about the webkit-unassigned mailing list