Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1516318 - WebKitWebProcess crash on startup with 2.19.2
Summary: WebKitWebProcess crash on startup with 2.19.2
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: webkitgtk4
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Popela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1517735 1519594 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-22 13:10 UTC by Yanko Kaneti
Modified: 2018-05-05 17:18 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-22 13:26:54 UTC


Attachments (Terms of Use)
File: backtrace (deleted)
2017-12-01 00:22 UTC, Adam Williamson
no flags Details


Links
System ID Priority Status Summary Last Updated
WebKit Project 179914 None None None 2017-11-22 13:12:32 UTC

Description Yanko Kaneti 2017-11-22 13:10:42 UTC
Description of problem:
Crash on starup of WebKitProcess

Version-Release number of selected component (if applicable):
webkitgtk4-2.19.2-1.fc28.x86_64.rpm

How reproducible:
Always


Steps to Reproduce:
1. Start MiniBrowser


Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 31'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007ffff355202e in bmalloc::IsoTLS::ensureEntries(unsigned int) () from /lib64/libjavascriptcoregtk-4.0.so.18
[Current thread is 1 (Thread 0x7ffff7f7bac0 (LWP 24929))]
Missing separate debuginfos, use: dnf debuginfo-install brotli-1.0.1-1.fc28.x86_64 libedit-3.1-20.20170329cvs.fc27.x86_64 llvm-libs-5.0.0-5.fc28.x86_64 woff2-1.0.2-1.fc28.x86_64
(gdb) bt
#0  0x00007ffff355202e in bmalloc::IsoTLS::ensureEntries(unsigned int) () at /lib64/libjavascriptcoregtk-4.0.so.18
#1  0x00007ffff6f09be2 in bmalloc::IsoTLS::ensureHeapAndEntries<WebCore::RenderView>(bmalloc::api::IsoHeap<WebCore::RenderView>&) (handle=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/bmalloc/bmalloc/IsoTLSInlines.h:128
#2  0x00007ffff6f02e34 in bmalloc::IsoTLS::allocator<bmalloc::IsoConfig<560u>, WebCore::RenderView>(bmalloc::api::IsoHeap<WebCore::RenderView>&) (handle=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/bmalloc/bmalloc/IsoTLSInlines.h:70
#3  0x00007ffff6f02e34 in bmalloc::IsoTLS::allocate<WebCore::RenderView>(bmalloc::api::IsoHeap<WebCore::RenderView>&, bool) (abortOnFailure=true, handle=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/bmalloc/bmalloc/IsoTLSInlines.h:36
#4  0x00007ffff6f02e34 in bmalloc::api::IsoHeap<WebCore::RenderView>::allocate() (this=0x7ffff7dcbbf0 <WebCore::RenderView::bisoHeap()::heap>)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/bmalloc/bmalloc/IsoHeapInlines.h:50
#5  0x00007ffff6f02e34 in WebCore::RenderView::operator new(unsigned long) (size=size@entry=560)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/rendering/RenderView.cpp:61
#6  0x00007ffff675920a in WebCore::createRenderer<WebCore::RenderView, WebCore::Document&, WebCore::RenderStyle>(WebCore::Document&, WebCore::RenderStyle&&) ()
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/rendering/RenderPtr.h:43
#7  0x00007ffff675920a in WebCore::Document::createRenderTree() (this=0x7fffd8ef1800) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/dom/Document.cpp:2214
#8  0x00007ffff676b930 in WebCore::Document::didBecomeCurrentDocumentInFrame() (this=0x7fffd8ef1800)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/dom/Document.cpp:2230
#9  0x00007ffff6b06cca in WebCore::Frame::setDocument(WTF::RefPtr<WebCore::Document>&&) (this=0x7fffe02af330, newDocument=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/page/Frame.cpp:297
#10 0x00007ffff6a41be0 in WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) (this=this@entry=0x7fffe029c080, urlReference=..., dispatch=dispatch@entry=false, ownerDocument=ownerDocument@entry=0x0) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentWriter.cpp:174
#11 0x00007ffff6a41f5d in WebCore::DocumentLoader::commitData(char const*, unsigned long) (this=this@entry=0x7fffe029c000, bytes=bytes@entry=0x0, length=length@entry=0)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentLoader.cpp:855
#12 0x00007ffff6a426f4 in WebCore::DocumentLoader::finishedLoading() (this=this@entry=0x7fffe029c000)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentLoader.cpp:413
#13 0x00007ffff6a4473f in WebCore::DocumentLoader::maybeLoadEmpty() (this=this@entry=0x7fffe029c000)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentLoader.cpp:1434
#14 0x00007ffff6a45caa in WebCore::DocumentLoader::startLoadingMainResource() (this=0x7fffe029c000)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentLoader.cpp:1446
#15 0x00007ffff6a54144 in WebCore::FrameLoader::init() (this=0x5555556253f0) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/FrameLoader.cpp:306
#16 0x00007ffff6b06c4c in WebCore::Frame::init() (this=<optimized out>) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/page/Frame.cpp:203
#17 0x00007ffff5d8335c in WebKit::WebFrame::createWithCoreMainFrame(WebKit::WebPage*, WebCore::Frame*) (page=<optimized out>, coreFrame=0x7fffe02af330)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/WebProcess/WebPage/WebFrame.cpp:120
#18 0x00007ffff5d9abba in WebKit::WebPage::WebPage(unsigned long, WebKit::WebPageCreationParameters&&) (this=0x7fffd8ef9000, pageID=<optimized out>, parameters=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/WebProcess/WebPage/WebPage.cpp:430
#19 0x00007ffff5d9b43e in WebKit::WebPage::create(unsigned long, WebKit::WebPageCreationParameters&&) (pageID=1, parameters=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/WebProcess/WebPage/WebPage.cpp:310
#20 0x00007ffff5ce691c in WebKit::WebProcess::createWebPage(unsigned long, WebKit::WebPageCreationParameters&&) (this=0x5555555a9140, pageID=<optimized out>, parameters=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/WebProcess/WebProcess.cpp:597
#21 0x00007ffff5f9e78f in IPC::callMemberFunctionImpl<WebKit::WebProcess, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&), std::tuple<unsigned long, WebKit::WebPageCreationParameters>, 0ul, 1ul>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&), std::tuple<unsigned long, WebKit::WebPageCreationParameters>&&, std::integer_sequence<unsigned long, 0ul, 1ul>) (args=..., function=<optimized out>, object=0x5555555a9140)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:40
#22 0x00007ffff5f9e78f in IPC::callMemberFunction<WebKit::WebProcess, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&), std::tuple<unsigned long, WebKit::WebPageCreationParameters>, std::integer_sequence<unsigned long, 0ul, 1ul> >(std::tuple<unsigned long, WebKit::WebPageCreationParameters>&&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&)) (function=<optimized out>, object=0x5555555a9140, args=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:46
#23 0x00007ffff5f9e78f in IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&)>(IPC::Decoder&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&)) (decoder=..., object=object@entry=0x5555555a9140, function=
    (void (WebKit::WebProcess::*)(WebKit::WebProcess * const, unsigned long, WebKit::WebPageCreationParameters &&)) 0x7ffff5ce68b0 <WebKit::WebProcess::createWebPage(unsigned long, WebKit::WebPageCreationParameters&&)>) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:126
#24 0x00007ffff5f9abc3 in WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection&, IPC::Decoder&) (this=0x5555555a9140, connection=..., decoder=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/x86_64-redhat-linux-gnu/DerivedSources/WebKit/WebProcessMessageReceiver.cpp:69
#25 0x00007ffff5b80eeb in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7fffe02e5000, message=std::unique_ptr<IPC::Decoder> containing 0x7fffe02dd060) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/Connection.cpp:928
#26 0x00007ffff5b817b5 in IPC::Connection::dispatchOneMessage() (this=0x7fffe02e5000)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/Connection.cpp:959
#27 0x00007ffff351ed9d in WTF::RunLoop::performWork() () at /lib64/libjavascriptcoregtk-4.0.so.18
#28 0x00007ffff3547b79 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /lib64/libjavascriptcoregtk-4.0.so.18
#29 0x00007fffeddcebb7 in g_main_dispatch (context=0x5555555981e0) at gmain.c:3148
#30 0x00007fffeddcebb7 in g_main_context_dispatch (context=context@entry=0x5555555981e0) at gmain.c:3813
#31 0x00007fffeddcef60 in g_main_context_iterate (context=0x5555555981e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3886
#32 0x00007fffeddcf272 in g_main_loop_run (loop=0x555555610ee0) at gmain.c:4082
#33 0x00007ffff35484e0 in WTF::RunLoop::run() () at /lib64/libjavascriptcoregtk-4.0.so.18
#34 0x00007ffff5f354a8 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7fffffffde28)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Shared/unix/ChildProcessMain.h:61
#35 0x00007fffe8ce8127 in __libc_start_main (main=
    0x555555554ce0 <main(int, char**)>, argc=2, argv=0x7fffffffde28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffde18)
    at ../csu/libc-start.c:306
#36 0x0000555555554d6a in _start ()

Comment 1 Tomas Popela 2017-11-27 10:55:18 UTC
*** Bug 1517735 has been marked as a duplicate of this bug. ***

Comment 2 Tomas Popela 2017-11-30 13:48:48 UTC
*** Bug 1519209 has been marked as a duplicate of this bug. ***

Comment 3 Adam Williamson 2017-12-01 00:22:11 UTC
Similar problem has been detected:

Tried to reply to a mail in Evolution.

reporter:       libreport-2.9.3
backtrace_rating: 4
cmdline:        /usr/libexec/webkit2gtk-4.0/WebKitWebProcess 62
crash_function: bmalloc::IsoTLS::ensureEntries
executable:     /usr/libexec/webkit2gtk-4.0/WebKitWebProcess
journald_cursor: s=4004472b06c94a3389ae23291bce9c1e;i=12213;b=f3d47b3e8ab848159d8aee3be13adbb6;m=50aef6cbf;t=55f3c1a16cc43;x=e9f39d52ccf269bb
kernel:         4.15.0-0.rc0.git7.2.fc28.x86_64
package:        webkitgtk4-2.19.2-1.fc28
reason:         WebKitWebProcess killed by SIGSEGV
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1001

Comment 4 Adam Williamson 2017-12-01 00:22:15 UTC
Created attachment 1361369 [details]
File: backtrace

Comment 5 Tomas Popela 2017-12-01 04:45:11 UTC
There is a workaround for it applied in webkitgtk4-2.19.2-2.fc28 until we figure out what's wrong upstream..

Comment 6 Tomas Popela 2017-12-01 04:45:20 UTC
*** Bug 1519594 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.