I get crashes from the JS engine when trying to print pages from the lenovo shop. Steps to reproduce: 1. Go to: https://www.lenovo.com/de/de/laptops/thinkpad/t-series/ThinkPad-T580/p/22TP2TT5800 2. Print the page into a file Result: * The tab crashes after a bit trying to access 0xbbadbeef [40528.394729] WebKitWebProces[19756]: segfault at bbadbeef ip 00007ff7148cba44 sp 00007ffd2dcab300 error 6 in libjavascriptcoregtk-4.0.so.18.11.3[7ff713994000+11c1000] Unfortunately, trying to get a backtrace with gdb/coredumpctl results in gdb being killed by the OOM killer.
The bt is: #0 0x00007fcfd94caa44 in WTFCrash () from /lib64/libjavascriptcoregtk-4.0.so.18 [Current thread is 1 (Thread 0x7fcfd3977ac0 (LWP 12741))] Missing separate debuginfos, use: dnf debuginfo-install glib-networking-2.58.0-2.fc29.x86_64 (gdb) bt #0 0x00007fcfd94caa44 in WTFCrash () at /lib64/libjavascriptcoregtk-4.0.so.18 #1 0x00007fcfdb55fa95 in std::optional<WebCore::LayoutSize>::operator->() const (this=0x7fcf7da00ce8) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/platform/LayoutUnit.h:246 #2 0x00007fcfdb55fa95 in WebCore::RenderView::pageOrViewLogicalHeight() const (this=0x7fcf7da00b18) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderView.cpp:252 #3 0x00007fcfdb427c6e in WebCore::RenderBox::computeLogicalHeight(WebCore::LayoutUnit, WebCore::LayoutUnit) const () at /usr/include/c++/8/bits/unique_ptr.h:342 #4 0x00007fcfdb4123b3 in WebCore::RenderBox::updateLogicalHeight() (this=0x7fcf46402a48) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/platform/graphics/LayoutSize.h:59 #5 0x00007fcfdb3facdc in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fcf46402a48, relayoutChildren=<optimized out>, pageLogicalHeight=0px (0)) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderBlockFlow.cpp:525 #6 0x00007fcfdb3dc54e in WebCore::RenderBlock::layout() (this=0x7fcf46402a48) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/platform/LayoutUnit.h:249 #7 0x00007fcfdb3f67ac in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=0x7fcf46402940, child=..., marginInfo=..., previousFloatLogicalBottom=0px (0), maxFloatLogicalBottom=0px (0)) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderBlockFlow.cpp:729 #8 0x00007fcfdb3f8245 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=0x7fcf46402940, relayoutChildren=<optimized out>, maxFloatLogicalBottom=0px (0)) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderBlockFlow.cpp:652 #9 0x00007fcfdb3faffd in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fcf46402940, relayoutChildren=<optimized out>, pageLogicalHeight=0px (0)) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderBlockFlow.cpp:504 #10 0x00007fcfdb3dc54e in WebCore::RenderBlock::layout() (this=0x7fcf46402940) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/platform/LayoutUnit.h:249 #11 0x00007fcfdb3f67ac in WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) (this=0x7fcf7da00b18, child=..., marginInfo=..., previousFloatLogicalBottom=0px (0), maxFloatLogicalBottom=0px (0)) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderBlockFlow.cpp:729 #12 0x00007fcfdb3f8245 in WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) (this=0x7fcf7da00b18, relayoutChildren=<optimized out>, maxFloatLogicalBottom=0px (0)) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderBlockFlow.cpp:652 #13 0x00007fcfdb3faffd in WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) (this=0x7fcf7da00b18, relayoutChildren=<optimized out>, pageLogicalHeight=0px (0)) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderBlockFlow.cpp:504 #14 0x00007fcfdb3dc54e in WebCore::RenderBlock::layout() (this=this@entry=0x7fcf7da00b18) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/platform/LayoutUnit.h:249 #15 0x00007fcfdb569d05 in WebCore::RenderView::layout() (this=0x7fcf7da00b18) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/rendering/RenderView.cpp:241 #16 0x00007fcfdb1812f1 in WebCore::FrameViewLayoutContext::layout() (this=0x7fcf7de01bb8) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/WeakPtr.h:81 #17 0x00007fcfdb183b72 in WebCore::Frame::setPrinting(bool, WebCore::FloatSize const&, WebCore::FloatSize const&, float, WebCore::AdjustViewSizeOrNot) (this= 0x7fcf4ea07e00, printing=<optimized out>, pageSize=..., originalPageSize=..., maximumShrinkRatio=0, shouldAdjustViewSize=WebCore::AdjustViewSize) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/page/Frame.cpp:691 #18 0x00007fcfdb183ad0 in WebCore::Frame::setPrinting(bool, WebCore::FloatSize const&, WebCore::FloatSize const&, float, WebCore::AdjustViewSizeOrNot) (this=<optimized out>, printing=printing@entry=true, pageSize=..., originalPageSize=..., maximumShrinkRatio=maximumShrinkRatio@entry=1.60000002, shouldAdjustViewSize=shouldAdjustViewSize@entry=WebCore::AdjustViewSize) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/platform/graphics/FloatSize.h:64 #19 0x00007fcfdb1abcc4 in WebCore::PrintContext::begin(float, float) (this=0x56458ac21310, width=<optimized out>, height=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebCore/page/PrintContext.cpp:161 #20 0x00007fcfda4acc3e in WebKit::WebPage::beginPrinting(unsigned long, WebKit::PrintInfo const&) (this=0x7fcf7f8fc000, frameID=<optimized out>, printInfo=...) at /usr/include/c++/8/bits/unique_ptr.h:342 #21 0x00007fcfda4ace17 in WebKit::WebPage::drawPagesForPrinting(unsigned long, WebKit::PrintInfo const&, WebKit::CallbackID) (this=this@entry=0x7fcf7f8fc000, frameID=<optimized out>, printInfo=..., callbackID=...) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebKit/WebProcess/WebPage/WebPage.cpp:4396 #22 0x00007fcfda09902e in IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long, WebKit::PrintInfo const&, WebKit::CallbackID), std::tuple<unsigned long, WebKit::PrintInfo, WebKit::CallbackID>, 0ul, 1ul, 2ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long, WebKit::PrintInfo const&, WebKit::CallbackID), std::tuple<unsigned long, WebKit::PrintInfo, WebKit::CallbackID>&&, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul>) (args=..., function=<optimized out>, object=0x7fcf7f8fc000) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebKit/Shared/CallbackID.h:47 #23 0x00007fcfda09902e in IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long, WebKit::PrintInfo const&, WebKit::CallbackID), std::tuple<unsigned long, WebKit::PrintInfo, WebKit::CallbackID>, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul> >(std::tuple<unsigned long, WebKit::PrintInfo, WebKit::CallbackID>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long, WebKit::PrintInfo const&, WebKit::CallbackID)) (function=<optimized out>, object=0x7fcf7f8fc000, args=...) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:47 #24 0x00007fcfda09902e in IPC::handleMessage<Messages::WebPage::DrawPagesForPrinting, WebKit::WebPage, void (WebKit::WebPage::*)(unsigned long, WebKit::PrintInfo const&, WebKit::CallbackID)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(unsigned long, WebKit::PrintInfo const&, WebKit::CallbackID)) (function=<optimized out>, object=0x7fcf7f8fc000, decoder=...) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:127 #25 0x00007fcfda09902e in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) (this=0x7fcf7f8fc000, connection=..., decoder=...) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/x86_64-redhat-linux-gnu/DerivedSources/WebKit/WebPageMessageReceiver.cpp:1152 #26 0x00007fcfda1330e7 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (this=this@entry=0x564589d0c158, connection=..., decoder=...) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp:123 #27 0x00007fcfda35f8ba in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (this=0x564589d0c0f0, connection=..., decoder=...) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebKit/Shared/ChildProcess.h:78 #28 0x00007fcfda12e414 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7fcfc40e8000, message=std::unique_ptr<IPC::Decoder> = {...}) at /usr/include/c++/8/bits/unique_ptr.h:342 #29 0x00007fcfda12edfa in IPC::Connection::dispatchOneIncomingMessage() (this=0x7fcfc40e8000) at /usr/include/c++/8/bits/move.h:74 #30 0x00007fcfd94e58f5 in WTF::RunLoop::performWork() () at /lib64/libjavascriptcoregtk-4.0.so.18 #31 0x00007fcfd950ea6d in () at /lib64/libjavascriptcoregtk-4.0.so.18 #32 0x00007fcfd5a6126d in g_main_dispatch (context=0x564589c52d50) at gmain.c:3182 #33 0x00007fcfd5a6126d in g_main_context_dispatch (context=context@entry=0x564589c52d50) at gmain.c:3847 #34 0x00007fcfd5a61638 in g_main_context_iterate (context=0x564589c52d50, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3920 #35 0x00007fcfd5a61962 in g_main_loop_run (loop=0x564589d49c10) at gmain.c:4116 --Type <RET> for more, q to quit, c to continue without paging--c #36 0x00007fcfd950f4e0 in WTF::RunLoop::run() () at /lib64/libjavascriptcoregtk-4.0.so.18 #37 0x00007fcfda4dff48 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7ffd29bb2148) at /usr/src/debug/webkit2gtk3-2.22.2-1.fc29.x86_64/Source/WebKit/Shared/unix/ChildProcessMain.h:41 #38 0x00007fcfd521f413 in __libc_start_main (main=0x56458857bc70 <main(int, char**)>, argc=3, argv=0x7ffd29bb2148, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd29bb2138) at ../csu/libc-start.c:308 #39 0x000056458857bcfe in _start () (building now the trunk to test it there)
It's fixed in master. Now just to find the right commit.
https://webkit.org/b/187669 (its merge to 2.22) broke it. Now bisecting the master to see what commit fixed it.
Fixed with https://bugs.webkit.org/show_bug.cgi?id=189798
webkit2gtk3-2.22.2-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-5114f491b2
webkit2gtk3-2.22.2-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-da4ea5f32a
webkit2gtk3-2.22.2-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-5114f491b2
webkit2gtk3-2.22.2-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-da4ea5f32a
webkitgtk4-2.22.2-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-12160eeac5
webkitgtk4-2.22.2-2.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-12160eeac5
webkit2gtk3-2.22.2-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
webkitgtk4-2.22.2-2.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
webkit2gtk3-2.22.2-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.