webkit crashes on amd64 architecture with SIGSEGV in WTF::OSAllocator::reserveAndCommit()

Bug #710582 reported by Jean-Baptiste Lallement on 2011-01-31
470
This bug affects 49 people
Affects Status Importance Assigned to Milestone
Webkit
Fix Released
Medium
empathy (Ubuntu)
Undecided
Unassigned
Natty
Undecided
Unassigned
qtwebkit-source (Ubuntu)
Undecided
Unassigned
Natty
Undecided
Unassigned
ubiquity (Ubuntu)
Critical
Evan
Natty
Critical
Evan
webkit (Ubuntu)
Critical
Martin Pitt
Natty
Critical
Martin Pitt
yelp (Ubuntu)
Undecided
Unassigned
Natty
Undecided
Unassigned

Bug Description

Binary package hint: ubiquity

ISO Testing:
Ubuntu natty-desktop-amd64 - 31-Jan-2011 08:21
XUbuntu natty-desktop-amd64 - 2011-02-02
Edubuntu natty-desktop-amd64 - 2011-02-02

Ubiquity crashes when the user click on 'Forward' at step 'Who are you'
This affects only amd64.

Possible cause:
Jan 31 10:42:16 ubuntu kernel: [ 259.361871] ubiquity[4700]: segfault at bbadbeef ip 00007f523d7225c5 sp 00007fff7f0eb9f0 error 6 in libwebkitgtk-1.0.so.0.5.2[7f523c584000+14bc000]
Jan 31 10:42:16 ubuntu install.py: Exception during installation:
Jan 31 10:42:16 ubuntu install.py: Traceback (most recent call last):
Jan 31 10:42:16 ubuntu install.py: File "/usr/share/ubiquity/install.py", line 610, in <module>
Jan 31 10:42:16 ubuntu install.py: install.run()
Jan 31 10:42:16 ubuntu install.py: File "/usr/share/ubiquity/install.py", line 124, in run
Jan 31 10:42:16 ubuntu install.py: self.copy_all()
Jan 31 10:42:16 ubuntu install.py: File "/usr/share/ubiquity/install.py", line 409, in copy_all
Jan 31 10:42:16 ubuntu install.py: 'INFO', 'ubiquity/install/copying_minute')
Jan 31 10:42:16 ubuntu install.py: File "/usr/lib/python2.7/dist-packages/debconf.py", line 65, in <lambda>
Jan 31 10:42:16 ubuntu install.py: lambda *args, **kw: self.command(command, *args, **kw))
Jan 31 10:42:16 ubuntu install.py: File "/usr/lib/python2.7/dist-packages/debconf.py", line 70, in command
Jan 31 10:42:16 ubuntu install.py: self.write.flush()
Jan 31 10:42:16 ubuntu install.py: IOError: [Errno 32] Broken pipe

Tested in a VM

TEST CASE:
1. Boot from the ISO
2. Select Try Ubuntu
3. Double-Click on 'Install Ubuntu'
4. Run through the installation steps

Result:
Ubiquity crashes after the step 'Who are you'
No crash report from apport.

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: ubiquity (not installed)
ProcVersionSignature: Ubuntu 2.6.38-1.28-generic 2.6.38-rc2
Uname: Linux 2.6.38-1-generic i686
Architecture: i386
Date: Mon Jan 31 11:44:55 2011
EcryptfsInUse: Yes
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, user)
 LANG=en_US.utf8
 LC_MESSAGES=en_US.utf8
 SHELL=/bin/bash
SourcePackage: ubiquity

WORKAROUND:
Open a Terminal window with Ctrl+Alt+T and do sudo apt-get purge ubiquity-slideshow-ubuntu before starting the installer. This will cause the installation progress window to become very small, but avoid the crash.

In Xubuntu, please open a terminal, using either the shortcut in the panel or Menu button -> Accessories -> Terminal and do sudo apt-get purge ubiquity-slideshow-xubuntu before starting the installer.

Jean-Baptiste Lallement (jibel) wrote :
description: updated
summary: - ubiquity crashes after step 'Who are you' : segfault
- inlibwebkitgtk-1.0.so.0.5.2
+ ubiquity crashes after step 'Who are you' : segfault in
+ libwebkitgtk-1.0.so.0.5.2
Jean-Baptiste Lallement (jibel) wrote :
  • dm Edit (3.0 KiB, text/plain)
description: updated
Changed in ubiquity (Ubuntu):
importance: Undecided → Critical
status: New → Triaged
summary: ubiquity crashes after step 'Who are you' : segfault in
- libwebkitgtk-1.0.so.0.5.2
+ libwebkitgtk-1.0.so.0.5.2 on AMD64

Boot up a live CD and hit "Try Ubuntu" to get to the desktop. From there, install libwebkitgtk-1.0-0-dbg, then run:
gdb --args /usr/lib/webkitgtk-1.0-0/libexec/GtkLauncher "file:///usr/share/ubiquity-slideshow/slides/index.html"

When it crashes, type bt and attach the backtrace to this bug report. If it doesn't crash, let me know via a comment in this bug.

Changed in ubiquity (Ubuntu Natty):
status: Triaged → Incomplete
Evan (ev) on 2011-01-31
Changed in ubiquity (Ubuntu Natty):
assignee: nobody → Evan Dandrea (ev)
Jean-Baptiste Lallement (jibel) wrote :

here is the backtrace.

Changed in ubiquity (Ubuntu Natty):
status: Incomplete → Confirmed
description: updated

This appears to be a bad use of "assert" macros in webkit

http://code.google.com/p/chromium/issues/detail?id=17247

summary: - ubiquity crashes after step 'Who are you' : segfault in
- libwebkitgtk-1.0.so.0.5.2 on AMD64
+ webkit does not implement "assert" sanely (ubiquity crashes after step
+ 'Who are you', yelp segfaults)
Martin Pitt (pitti) wrote :

CD testing results:
 - Happens on amd64 in kvm with and without network connection
 - Does not happen on i386 in kvm with network connection
 - Does not happen on i386 on Dell Mini 10 without network

I think this sufficiently proves that this isn't network related, but amd64 specific.

Evan (ev) wrote :

Oddly enough, I cannot seem to reproduce this with kvm. Martin, how much memory are you giving it?

If you have a chance, would you mind poking with gdb to get more detail on the conditions surrounding the mmap failure?

description: updated
summary: - webkit does not implement "assert" sanely (ubiquity crashes after step
- 'Who are you', yelp segfaults)
+ ubiquity crashes on amd64 architecture. was: webkit does not implement
+ "assert" sanely (ubiquity crashes after step 'Who are you', yelp
+ segfaults)

From the release notes: To work around this, open a Terminal window with Ctrl+Alt+T and do sudo apt-get purge ubiquity-slideshow-ubuntu before starting the installer. This will cause the installation progress window to become very small, but avoid the crash.

description: updated
tags: added: iso-testing
description: updated
Changed in ubiquity (Ubuntu Natty):
milestone: none → natty-alpha-3

bug 710612 is another instance of this bug but in Kubuntu. Removing ubiquity-slideshow-kubuntu workaround the issue.

Evan (ev) wrote :

Marking the ubiquity task as Invalid. This is definitely a bug in webkit.

Changed in ubiquity (Ubuntu Natty):
status: Confirmed → Invalid
Changed in webkit (Ubuntu Natty):
importance: Undecided → Critical
milestone: none → natty-alpha-3
status: New → Confirmed
Jens (jens.timmerman) wrote :

webkit is crashing with SIGSEGV in WTF::OSAllocator::reserveAndCommit()
see various duplicate bugs.

how do we proceed here, send this upstream?

summary: - ubiquity crashes on amd64 architecture. was: webkit does not implement
- "assert" sanely (ubiquity crashes after step 'Who are you', yelp
- segfaults)
+ webkit crashes on amd64 architecture with SIGSEGV in
+ WTF::OSAllocator::reserveAndCommit() was: webkit does not implement
+ "assert" sanely
Changed in webkit:
importance: Unknown → Medium
status: Unknown → New

This bug is very similar in effect to bug #705359, and the same workaround works (purging ubiquity-slideshow-ubuntu).

Jens (jens.timmerman) wrote :

Workaround:
echo 1 > /proc/sys/vm/overcommit_memory

see bug https://bugs.webkit.org/show_bug.cgi?id=42756 for more info.

Changed in webkit:
status: New → Unknown
Changed in webkit:
importance: Medium → Unknown
Changed in webkit:
importance: Unknown → Medium
status: Unknown → Confirmed
Felix Geyer (debfx) on 2011-02-04
Changed in qtwebkit-source (Ubuntu Natty):
milestone: none → natty-alpha-3
status: New → Confirmed
Changed in webkit (Ubuntu Natty):
assignee: nobody → Canonical Desktop Team (canonical-desktop-team)
Martin Pitt (pitti) on 2011-02-09
Changed in webkit (Ubuntu Natty):
assignee: Canonical Desktop Team (canonical-desktop-team) → Robert Ancell (robert-ancell)
Changed in yelp (Ubuntu Natty):
status: New → Invalid
Changed in empathy (Ubuntu Natty):
status: New → Invalid
Robert Ancell (robert-ancell) wrote :

Is anyone able to reproduce this on a fully installed natty desktop?

Mathieu Marquer (slasher-fun) wrote :

I am, when launching Miro, see duplicate bug 717865

Jens (jens.timmerman) wrote :

I can by launching gwibber-accounts,click add, select twitter, click add, click authorize.

This will try to use webkit to open the twitter page, which then segfaults.

echo 1 > /proc/sys/vm/overcommit_memory
fixes this until reboot.

here is a backtrace:
http://launchpadlibrarian.net/63485933/gdb-gwibber-accounts.txt
here is a valgrind log:
https://bugs.launchpad.net/ubuntu/+source/epiphany-browser/+bug/704393/+attachment/1827136/+files/gwibber-accounts-valgrind.log

This crash is happening because webkit is allocating 2GB's of memory with mmap and presumes the os to do overcomminting of memory. If you have enought free memory (or swap) then webkit might not crash at all.

Olaf (tholap) wrote :

Above mentioned (Kate Stewart - #9) workaround:
>> From the release notes: To work around this, open a Terminal window with Ctrl+Alt+T and do sudo apt-get purge ubiquity-slideshow-ubuntu before starting the installer. This will cause the installation progress window to become very small, but avoid the crash.<<
worked.

> Is anyone able to reproduce this on a fully installed natty desktop?

Yes, when there is no swap (I first encountered this on my laptop where
the swap had got corrupted and wasn't being mounted) then midori and
epiphany fail to start.

(That's confirming the variant of the bug in duplicate LP: #704393, not
ubiquity, which I haven't tried)

Yes, reproduced using Xubuntu natty-desktop-amd64.iso dated 2011-02-18. Without removing the 'ubiquity-slideshow-xubuntu' application, the installer will not even start. It is simply a spinning cursor.

georgz (georgz) wrote :

The workaround from comment #14 worked for me when installing Natty 64bit on VMware.

Felix Geyer (debfx) on 2011-02-22
tags: added: kubuntu
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qtwebkit-source - 2.1~really2.0.1-0ubuntu1

---------------
qtwebkit-source (2.1~really2.0.1-0ubuntu1) natty; urgency=low

  * Revert to package version 2.0.0-0ubuntu1. QtWebkit 2.1 is only supported
    on Symbian. (LP: #710582)
  * New upstream version 2.0.1.
  * Rename debian-changes-2.0.0-0ubuntu1 to kubuntu_01_include_files.diff and
    strip auto-generated files from the patch.
  * Use the lzma dh sequence.
  * Drop kubuntu_01_phonon.diff, pass DEFINES+=ENABLE_VIDEO to qmake instead.
 -- Felix Geyer <email address hidden> Sun, 27 Feb 2011 11:53:38 +0100

Changed in qtwebkit-source (Ubuntu Natty):
status: Confirmed → Fix Released
Martin Pitt (pitti) wrote :

> Oddly enough, I cannot seem to reproduce this with kvm. Martin, how much memory are you giving it?

I run with -m768, i. e. 768 MiB.

Changed in ubiquity (Ubuntu Natty):
milestone: natty-alpha-3 → none
Martin Pitt (pitti) wrote :

For the record, here this reproduces perfectly well with

  kvm -m 768 -cdrom ./natty-desktop-amd64.iso -boot d

then starting the live system, and then running

  /usr/lib/webkitgtk-1.0-0/libexec/GtkLauncher

it hangs a while during apport collection, and then crashes.

GtkLauncher runs fine on my workstation, but that has 4 GB of memory. The upstream bug indicates that this only crashes with less memory.

We might apply the overcommit_memory workaround in casper for the time being, if we can't find a real solution for this?

Martin Pitt (pitti) on 2011-02-28
Changed in webkit (Ubuntu Natty):
assignee: Robert Ancell (robert-ancell) → Martin Pitt (pitti)
status: Confirmed → In Progress
Martin Pitt (pitti) on 2011-02-28
summary: webkit crashes on amd64 architecture with SIGSEGV in
- WTF::OSAllocator::reserveAndCommit() was: webkit does not implement
- "assert" sanely
+ WTF::OSAllocator::reserveAndCommit()
Martin Pitt (pitti) wrote :

For the record, I am now building a test package which just allocates 32 MB of pool size on amd64 instead of 1 GB. This will match what is happening on i386.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkit - 1.3.12-0ubuntu2

---------------
webkit (1.3.12-0ubuntu2) natty; urgency=low

  * Add bzr-builddeb configuration (merge mode).
  * Add 02_no_amd64_overcommit: Do not try to reserve 1 GB of memory for pool
    pages on x86_64, as this will crash on machines with less than ~ 1.5 GB
    RAM. This only works if overcommitting memory is enabled, which we don't
    have by default. (LP: #710582)
 -- Martin Pitt <email address hidden> Mon, 28 Feb 2011 19:26:00 +0100

Changed in webkit (Ubuntu Natty):
status: In Progress → Fix Released
Fabrizio Narni (shiba89) wrote :

Fixed for me in Natty 64bit 20110228.1

bsfmig (bigslowfat) wrote :

Confirmed fixed, also using 20110228.1_daily.

Changed in webkit:
status: Confirmed → Fix Released
tags: added: testcase
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.