Bug 1516318 - WebKitWebProcess crash on startup with 2.19.2
Summary: WebKitWebProcess crash on startup with 2.19.2
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: webkitgtk4
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Popela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 1517735 1519209 1519594 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-22 13:10 UTC by Yanko Kaneti
Modified: 2018-05-05 17:18 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2017-11-22 13:26:54 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
File: backtrace (52.02 KB, text/plain)
2017-12-01 00:22 UTC, Adam Williamson 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
WebKit Project 179914 0 None None None 2017-11-22 13:12:32 UTC

Description Yanko Kaneti 2017-11-22 13:10:42 UTC 
Description of problem:
Crash on starup of WebKitProcess

Version-Release number of selected component (if applicable):
webkitgtk4-2.19.2-1.fc28.x86_64.rpm

How reproducible:
Always


Steps to Reproduce:
1. Start MiniBrowser


Core was generated by `/usr/libexec/webkit2gtk-4.0/WebKitWebProcess 31'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007ffff355202e in bmalloc::IsoTLS::ensureEntries(unsigned int) () from /lib64/libjavascriptcoregtk-4.0.so.18
[Current thread is 1 (Thread 0x7ffff7f7bac0 (LWP 24929))]
Missing separate debuginfos, use: dnf debuginfo-install brotli-1.0.1-1.fc28.x86_64 libedit-3.1-20.20170329cvs.fc27.x86_64 llvm-libs-5.0.0-5.fc28.x86_64 woff2-1.0.2-1.fc28.x86_64
(gdb) bt
#0  0x00007ffff355202e in bmalloc::IsoTLS::ensureEntries(unsigned int) () at /lib64/libjavascriptcoregtk-4.0.so.18
#1  0x00007ffff6f09be2 in bmalloc::IsoTLS::ensureHeapAndEntries<WebCore::RenderView>(bmalloc::api::IsoHeap<WebCore::RenderView>&) (handle=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/bmalloc/bmalloc/IsoTLSInlines.h:128
#2  0x00007ffff6f02e34 in bmalloc::IsoTLS::allocator<bmalloc::IsoConfig<560u>, WebCore::RenderView>(bmalloc::api::IsoHeap<WebCore::RenderView>&) (handle=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/bmalloc/bmalloc/IsoTLSInlines.h:70
#3  0x00007ffff6f02e34 in bmalloc::IsoTLS::allocate<WebCore::RenderView>(bmalloc::api::IsoHeap<WebCore::RenderView>&, bool) (abortOnFailure=true, handle=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/bmalloc/bmalloc/IsoTLSInlines.h:36
#4  0x00007ffff6f02e34 in bmalloc::api::IsoHeap<WebCore::RenderView>::allocate() (this=0x7ffff7dcbbf0 <WebCore::RenderView::bisoHeap()::heap>)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/bmalloc/bmalloc/IsoHeapInlines.h:50
#5  0x00007ffff6f02e34 in WebCore::RenderView::operator new(unsigned long) (size=size@entry=560)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/rendering/RenderView.cpp:61
#6  0x00007ffff675920a in WebCore::createRenderer<WebCore::RenderView, WebCore::Document&, WebCore::RenderStyle>(WebCore::Document&, WebCore::RenderStyle&&) ()
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/rendering/RenderPtr.h:43
#7  0x00007ffff675920a in WebCore::Document::createRenderTree() (this=0x7fffd8ef1800) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/dom/Document.cpp:2214
#8  0x00007ffff676b930 in WebCore::Document::didBecomeCurrentDocumentInFrame() (this=0x7fffd8ef1800)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/dom/Document.cpp:2230
#9  0x00007ffff6b06cca in WebCore::Frame::setDocument(WTF::RefPtr<WebCore::Document>&&) (this=0x7fffe02af330, newDocument=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/page/Frame.cpp:297
#10 0x00007ffff6a41be0 in WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) (this=this@entry=0x7fffe029c080, urlReference=..., dispatch=dispatch@entry=false, ownerDocument=ownerDocument@entry=0x0) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentWriter.cpp:174
#11 0x00007ffff6a41f5d in WebCore::DocumentLoader::commitData(char const*, unsigned long) (this=this@entry=0x7fffe029c000, bytes=bytes@entry=0x0, length=length@entry=0)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentLoader.cpp:855
#12 0x00007ffff6a426f4 in WebCore::DocumentLoader::finishedLoading() (this=this@entry=0x7fffe029c000)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentLoader.cpp:413
#13 0x00007ffff6a4473f in WebCore::DocumentLoader::maybeLoadEmpty() (this=this@entry=0x7fffe029c000)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentLoader.cpp:1434
#14 0x00007ffff6a45caa in WebCore::DocumentLoader::startLoadingMainResource() (this=0x7fffe029c000)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/DocumentLoader.cpp:1446
#15 0x00007ffff6a54144 in WebCore::FrameLoader::init() (this=0x5555556253f0) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/loader/FrameLoader.cpp:306
#16 0x00007ffff6b06c4c in WebCore::Frame::init() (this=<optimized out>) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebCore/page/Frame.cpp:203
#17 0x00007ffff5d8335c in WebKit::WebFrame::createWithCoreMainFrame(WebKit::WebPage*, WebCore::Frame*) (page=<optimized out>, coreFrame=0x7fffe02af330)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/WebProcess/WebPage/WebFrame.cpp:120
#18 0x00007ffff5d9abba in WebKit::WebPage::WebPage(unsigned long, WebKit::WebPageCreationParameters&&) (this=0x7fffd8ef9000, pageID=<optimized out>, parameters=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/WebProcess/WebPage/WebPage.cpp:430
#19 0x00007ffff5d9b43e in WebKit::WebPage::create(unsigned long, WebKit::WebPageCreationParameters&&) (pageID=1, parameters=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/WebProcess/WebPage/WebPage.cpp:310
#20 0x00007ffff5ce691c in WebKit::WebProcess::createWebPage(unsigned long, WebKit::WebPageCreationParameters&&) (this=0x5555555a9140, pageID=<optimized out>, parameters=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/WebProcess/WebProcess.cpp:597
#21 0x00007ffff5f9e78f in IPC::callMemberFunctionImpl<WebKit::WebProcess, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&), std::tuple<unsigned long, WebKit::WebPageCreationParameters>, 0ul, 1ul>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&), std::tuple<unsigned long, WebKit::WebPageCreationParameters>&&, std::integer_sequence<unsigned long, 0ul, 1ul>) (args=..., function=<optimized out>, object=0x5555555a9140)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:40
#22 0x00007ffff5f9e78f in IPC::callMemberFunction<WebKit::WebProcess, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&), std::tuple<unsigned long, WebKit::WebPageCreationParameters>, std::integer_sequence<unsigned long, 0ul, 1ul> >(std::tuple<unsigned long, WebKit::WebPageCreationParameters>&&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&)) (function=<optimized out>, object=0x5555555a9140, args=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:46
#23 0x00007ffff5f9e78f in IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&)>(IPC::Decoder&, WebKit::WebProcess*, void (WebKit::WebProcess::*)(unsigned long, WebKit::WebPageCreationParameters&&)) (decoder=..., object=object@entry=0x5555555a9140, function=
    (void (WebKit::WebProcess::*)(WebKit::WebProcess * const, unsigned long, WebKit::WebPageCreationParameters &&)) 0x7ffff5ce68b0 <WebKit::WebProcess::createWebPage(unsigned long, WebKit::WebPageCreationParameters&&)>) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:126
#24 0x00007ffff5f9abc3 in WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection&, IPC::Decoder&) (this=0x5555555a9140, connection=..., decoder=...)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/x86_64-redhat-linux-gnu/DerivedSources/WebKit/WebProcessMessageReceiver.cpp:69
#25 0x00007ffff5b80eeb in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7fffe02e5000, message=std::unique_ptr<IPC::Decoder> containing 0x7fffe02dd060) at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/Connection.cpp:928
#26 0x00007ffff5b817b5 in IPC::Connection::dispatchOneMessage() (this=0x7fffe02e5000)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Platform/IPC/Connection.cpp:959
#27 0x00007ffff351ed9d in WTF::RunLoop::performWork() () at /lib64/libjavascriptcoregtk-4.0.so.18
#28 0x00007ffff3547b79 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /lib64/libjavascriptcoregtk-4.0.so.18
#29 0x00007fffeddcebb7 in g_main_dispatch (context=0x5555555981e0) at gmain.c:3148
#30 0x00007fffeddcebb7 in g_main_context_dispatch (context=context@entry=0x5555555981e0) at gmain.c:3813
#31 0x00007fffeddcef60 in g_main_context_iterate (context=0x5555555981e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3886
#32 0x00007fffeddcf272 in g_main_loop_run (loop=0x555555610ee0) at gmain.c:4082
#33 0x00007ffff35484e0 in WTF::RunLoop::run() () at /lib64/libjavascriptcoregtk-4.0.so.18
#34 0x00007ffff5f354a8 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7fffffffde28)
    at /usr/src/debug/webkitgtk4-2.19.2-1.fc28.x86_64/Source/WebKit/Shared/unix/ChildProcessMain.h:61
#35 0x00007fffe8ce8127 in __libc_start_main (main=
    0x555555554ce0 <main(int, char**)>, argc=2, argv=0x7fffffffde28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffde18)
    at ../csu/libc-start.c:306
#36 0x0000555555554d6a in _start ()
Comment 1 Tomas Popela 2017-11-27 10:55:18 UTC 
*** Bug 1517735 has been marked as a duplicate of this bug. ***
Comment 2 Tomas Popela 2017-11-30 13:48:48 UTC 
*** Bug 1519209 has been marked as a duplicate of this bug. ***
Comment 3 Adam Williamson 2017-12-01 00:22:11 UTC 
Similar problem has been detected:

Tried to reply to a mail in Evolution.

reporter:       libreport-2.9.3
backtrace_rating: 4
cmdline:        /usr/libexec/webkit2gtk-4.0/WebKitWebProcess 62
crash_function: bmalloc::IsoTLS::ensureEntries
executable:     /usr/libexec/webkit2gtk-4.0/WebKitWebProcess
journald_cursor: s=4004472b06c94a3389ae23291bce9c1e;i=12213;b=f3d47b3e8ab848159d8aee3be13adbb6;m=50aef6cbf;t=55f3c1a16cc43;x=e9f39d52ccf269bb
kernel:         4.15.0-0.rc0.git7.2.fc28.x86_64
package:        webkitgtk4-2.19.2-1.fc28
reason:         WebKitWebProcess killed by SIGSEGV
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1001
Comment 4 Adam Williamson 2017-12-01 00:22:15 UTC 
Created attachment 1361369 [details]
File: backtrace
Comment 5 Tomas Popela 2017-12-01 04:45:11 UTC 
There is a workaround for it applied in webkitgtk4-2.19.2-2.fc28 until we figure out what's wrong upstream..
Comment 6 Tomas Popela 2017-12-01 04:45:20 UTC 
*** Bug 1519594 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.