Bug 1252264 - [abrt] webkitgtk4: WTFCrash(): WebKitWebProcess killed by SIGSEGV
[abrt] webkitgtk4: WTFCrash(): WebKitWebProcess killed by SIGSEGV
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: webkitgtk4 (Show other bugs)
22
x86_64 Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Tomas Popela
Fedora Extras Quality Assurance
https://retrace.fedoraproject.org/faf...
abrt_hash:257fbf4cf7193d51e0c005e8f7e...
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-11 02:00 EDT by Joshua Rich
Modified: 2015-09-01 08:19 EDT (History)
4 users (show)

See Also:
Fixed In Version: 2.8.5-2.fc22
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-01 08:19:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
File: backtrace (98.42 KB, text/plain)
2015-08-11 02:00 EDT, Joshua Rich
no flags Details
File: cgroup (190 bytes, text/plain)
2015-08-11 02:00 EDT, Joshua Rich
no flags Details
File: core_backtrace (76.06 KB, text/plain)
2015-08-11 02:00 EDT, Joshua Rich
no flags Details
File: dso_list (18.17 KB, text/plain)
2015-08-11 02:00 EDT, Joshua Rich
no flags Details
File: environ (2.13 KB, text/plain)
2015-08-11 02:01 EDT, Joshua Rich
no flags Details
File: limits (1.29 KB, text/plain)
2015-08-11 02:01 EDT, Joshua Rich
no flags Details
File: maps (477.72 KB, text/plain)
2015-08-11 02:01 EDT, Joshua Rich
no flags Details
File: mountinfo (3.64 KB, text/plain)
2015-08-11 02:01 EDT, Joshua Rich
no flags Details
File: namespaces (85 bytes, text/plain)
2015-08-11 02:01 EDT, Joshua Rich
no flags Details
File: open_fds (2.89 KB, text/plain)
2015-08-11 02:01 EDT, Joshua Rich
no flags Details
File: proc_pid_status (1.02 KB, text/plain)
2015-08-11 02:01 EDT, Joshua Rich
no flags Details
File: var_log_messages (28 bytes, text/plain)
2015-08-11 02:01 EDT, Joshua Rich
no flags Details

  None (edit)
Description Joshua Rich 2015-08-11 02:00:51 EDT
Version-Release number of selected component:
webkitgtk4-2.8.4-3.fc22

Additional info:
reporter:       libreport-2.6.2
backtrace_rating: 4
cmdline:        /usr/libexec/webkit2gtk-4.0/WebKitWebProcess 22
crash_function: WTFCrash
executable:     /usr/libexec/webkit2gtk-4.0/WebKitWebProcess
global_pid:     30751
kernel:         4.1.3-201.fc22.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 WTFCrash at /usr/src/debug/webkitgtk-2.8.4/Source/WTF/wtf/Assertions.cpp:321
 #1 WTF::OSAllocator::reserveUncommitted at /usr/src/debug/webkitgtk-2.8.4/Source/WTF/wtf/OSAllocatorPosix.cpp:48
 #2 WTF::PageAllocationAligned::allocate at /usr/src/debug/webkitgtk-2.8.4/Source/WTF/wtf/PageAllocationAligned.cpp:55
 #3 create at /usr/src/debug/webkitgtk-2.8.4/Source/JavaScriptCore/heap/Region.h:181
 #5 allocate<JSC::CopiedBlock> at /usr/src/debug/webkitgtk-2.8.4/Source/JavaScriptCore/heap/BlockAllocator.h:157
 #6 allocateBlock at /usr/src/debug/webkitgtk-2.8.4/Source/JavaScriptCore/heap/CopiedSpaceInlines.h:146
 #7 JSC::CopiedSpace::tryAllocateSlowCase at /usr/src/debug/webkitgtk-2.8.4/Source/JavaScriptCore/heap/CopiedSpace.cpp:92
 #8 tryAllocate at /usr/src/debug/webkitgtk-2.8.4/Source/JavaScriptCore/heap/CopiedSpaceInlines.h:160
 #9 JSC::CopiedSpace::tryReallocate at /usr/src/debug/webkitgtk-2.8.4/Source/JavaScriptCore/heap/CopiedSpace.cpp:133
 #10 tryReallocateStorage at /usr/src/debug/webkitgtk-2.8.4/Source/JavaScriptCore/heap/HeapInlines.h:253
Comment 1 Joshua Rich 2015-08-11 02:00:54 EDT
Created attachment 1061316 [details]
File: backtrace
Comment 2 Joshua Rich 2015-08-11 02:00:55 EDT
Created attachment 1061317 [details]
File: cgroup
Comment 3 Joshua Rich 2015-08-11 02:00:57 EDT
Created attachment 1061318 [details]
File: core_backtrace
Comment 4 Joshua Rich 2015-08-11 02:00:59 EDT
Created attachment 1061319 [details]
File: dso_list
Comment 5 Joshua Rich 2015-08-11 02:01:00 EDT
Created attachment 1061320 [details]
File: environ
Comment 6 Joshua Rich 2015-08-11 02:01:02 EDT
Created attachment 1061321 [details]
File: limits
Comment 7 Joshua Rich 2015-08-11 02:01:05 EDT
Created attachment 1061322 [details]
File: maps
Comment 8 Joshua Rich 2015-08-11 02:01:07 EDT
Created attachment 1061323 [details]
File: mountinfo
Comment 9 Joshua Rich 2015-08-11 02:01:08 EDT
Created attachment 1061324 [details]
File: namespaces
Comment 10 Joshua Rich 2015-08-11 02:01:09 EDT
Created attachment 1061325 [details]
File: open_fds
Comment 11 Joshua Rich 2015-08-11 02:01:10 EDT
Created attachment 1061326 [details]
File: proc_pid_status
Comment 12 Joshua Rich 2015-08-11 02:01:12 EDT
Created attachment 1061327 [details]
File: var_log_messages
Comment 13 Michael Catanzaro 2015-08-11 04:10:08 EDT
OOM
Comment 14 Joshua Rich 2015-08-13 00:14:11 EDT
Hey Michael,

I don't think this is necessarily an OOM, I had this happen again today and I don't see an OOM reported in dmesg.  Instead I see this:

[Thu Aug 13 13:42:21 2015] WebKitWebProces[10726]: segfault at bbadbeef ip 00007ff454273ffc sp 00007ffd451a7de0 error 6 in libjavascriptcoregtk-4.0.so.18.1.11[7ff453bea000+7ac000]

This happens often with a web site I've made into a Epiphany web app.  It'll be sitting in the background and I'll go back to it to find it crashed.

I can't upload the data from the crash at the date/time above because this bug is closed (and Abrt thinks this latest crash is a duplicate of this bug).  Let me know if you need it, it's still in Abrt.
Comment 15 Michael Catanzaro 2015-08-14 13:54:21 EDT
The code in question is allocating with mmap:

    void* result = mmap(0, bytes, PROT_NONE, MAP_NORESERVE | MAP_PRIVATE | MAP_ANON, -1, 0);
    if (result == MAP_FAILED)
        CRASH();

Note that it can happen if you still have plenty of system memory left, if the web process exceeds its 5 GiB address space limit (should happen around ~2.5 GiB of allocated memory, way more than should ever be required).
Comment 16 Michael Catanzaro 2015-08-24 15:45:55 EDT
Reopening bugs that are probably caused by the address space limit....
Comment 17 Fedora Update System 2015-08-25 11:39:54 EDT
webkitgtk4-2.8.5-2.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14258
Comment 18 Fedora Update System 2015-08-26 13:27:07 EDT
webkitgtk4-2.8.5-2.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update webkitgtk4'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14258
Comment 19 Fedora Update System 2015-09-01 08:19:16 EDT
webkitgtk4-2.8.5-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.