Bug 279883

Summary: [GTK] [2.46.0] Web process crashes in armhf: RELEASE_ASSERT(!g_wtfConfig.isPermanentlyFrozen);
Product: WebKit Reporter: Alberto Garcia <berto>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: bugs-noreply
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Alberto Garcia 2024-09-18 05:01:37 PDT 
How to reproduce the problem:

$ xvfb-run --server-args='-screen 0 640x480x16' /usr/lib/*/webkit2gtk-4.1/MiniBrowser https://webkitgtk.org/

libEGL warning: DRI3: Screen seems not DRI3 capable
libEGL warning: DRI3: Screen seems not DRI3 capable
MESA: error: ZINK: vkCreateInstance failed (VK_ERROR_INCOMPATIBLE_DRIVER)
libEGL warning: egl: failed to create dri2 screen

** (MiniBrowser:2440926): WARNING **: 11:54:48.880: WebProcess CRASHED

$ gdb -c core /usr/lib/arm-linux-gnueabihf/webkit2gtk-4.1/WebKitWebProcessCore was generated by `/usr/lib/arm-linux-gnueabihf/webkit2gtk-4.1/WebKitWebProcess 13 117 119'.
Program terminated with signal SIGABRT, Aborted.
#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47

warning: 47     ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S: No such file or directory
[Current thread is 1 (Thread 0xe5473020 (LWP 2440959))]
(gdb) bt

#0  __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
#1  0xf49db7d4 in __pthread_kill_implementation (threadid=3846647840, signo=6, no_tid=<optimized out>) at pthread_kill.c:43
#2  0xf49aa022 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0xf499afec in __GI_abort () at abort.c:79
#4  0xf46ac290 in WTFCrashWithInfo () at ./Source/WTF/wtf/Assertions.h:864
#5  WTF::Config::AssertNotFrozenScope::~AssertNotFrozenScope () at ./Source/WTF/wtf/WTFConfig.h:128
#6  WTF::SignalHandlers::finalize () at ./Source/WTF/wtf/threads/Signals.cpp:608
#7  0xf468c83c in operator() () at ./Source/WTF/wtf/WTFConfig.cpp:121
#8  __invoke_impl<void, WTF::Config::finalize()::<lambda()> > () at /usr/include/c++/14/bits/invoke.h:61
#9  __invoke<WTF::Config::finalize()::<lambda()> > () at /usr/include/c++/14/bits/invoke.h:96
#10 operator() () at /usr/include/c++/14/mutex:909
#11 operator() () at /usr/include/c++/14/mutex:845
#12 _FUN () at /usr/include/c++/14/mutex:845
#13 0xf49ddf0c in __pthread_once_slow (once_control=0xf47fcd3c <WTF::Config::finalize()::once>, init_routine=0xf1c66a2d <__once_proxy>) at pthread_once.c:116
#14 0xf468c788 in __gthread_once () at /usr/include/arm-linux-gnueabihf/c++/14/bits/gthr-default.h:713
#15 call_once<WTF::Config::finalize()::<lambda()> > () at /usr/include/c++/14/mutex:916
#16 WTF::Config::finalize () at ./Source/WTF/wtf/WTFConfig.cpp:120
#17 0xf435467c in JSC::Config::finalize () at ./Source/JavaScriptCore/runtime/JSCConfig.h:49
#18 JSC::VM::VM () at ./Source/JavaScriptCore/runtime/VM.cpp:436
#19 0xf4354e00 in JSC::VM::create () at ./Source/JavaScriptCore/runtime/VM.cpp:551
#20 0xf5f1b3c2 in WebCore::commonVMSlow () at ./Source/WebCore/bindings/js/CommonVM.cpp:68
#21 0xf52cb776 in WebCore::commonVM () at ./build-soup3/WebCore/PrivateHeaders/WebCore/CommonVM.h:52
#22 WebKit::WebProcess::initializeWebProcess () at ./Source/WebKit/WebProcess/WebProcess.cpp:605
#23 0xf4ed137e in IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>, void (WebCore::ProcessIdentity)>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&)::{lambda((auto:1&&)...)#1}::operator()<WebKit::WebProcessCreationParameters>(WebKit::WebProcessCreationParameters&&) const () at ./Source/WebKit/Platform/IPC/HandleMessage.h:146
#24 std::__invoke_impl<void, IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>, void (WebCore::ProcessIdentity)>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&)::{lambda((auto:1&&)...)#1}, WebKit::WebProcessCreationParameters>(std::__invoke_other, IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>, void (WebCore::ProcessIdentity)>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&)::{lambda((auto:1&&)...)#1}&&, WebKit::WebProcessCreationParameters&&) () at /usr/include/c++/14/bits/invoke.h:61
#25 std::__invoke<IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>, void (WebCore::ProcessIdentity)>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&)::{lambda((auto:1&&)...)#1}, WebKit::WebProcessCreationParameters>(IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>, void (WebCore::ProcessIdentity)>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&)::{lambda((auto:1&&)...)#1}&&, WebKit::WebProcessCreationParameters&&) () at /usr/include/c++/14/bits/invoke.h:96
#26 std::__apply_impl<IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>, void (WebCore::ProcessIdentity)>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&)::{lambda((auto:1&&)...)#1}, std::tuple<WebKit::WebProcessCreationParameters>, 0u>(IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void (WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>, void (WebCore::ProcessIdentity)>(WebKit::WebProcess*, void (WebKit::WebProcess::*)(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>&&, WTF::CompletionHandler<void (WebCore::ProcessIdentity)>&&)::{lambda((auto:1&&)...)#1}&&, std::tuple<WebKit::WebProcessCreationParameters>&&, std::integer_sequence<unsigned int, 0u>) ()
    at /usr/include/c++/14/tuple:2921
#27 _ZSt5applyIZN3IPC18callMemberFunctionIN6WebKit10WebProcessES3_FvONS2_28WebProcessCreationParametersEON3WTF17CompletionHandlerIFvN7WebCore15ProcessIdentityEEEEESt5tupleIJS4_EESA_EEvPT_MT0_T1_OT2_ONS7_IT3_EEEUlDpOT_E_TkSt12__tuple_likeSF_EDcOSG_OSI_
    () at /usr/include/c++/14/tuple:2936
#28 IPC::callMemberFunction<WebKit::WebProcess, WebKit::WebProcess, void(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void(WebCore::ProcessIdentity)>&&), std::tuple<WebKit::WebProcessCreationParameters>, void(WebCore::ProcessIdentity)>
    () at ./Source/WebKit/Platform/IPC/HandleMessage.h:144
#29 IPC::handleMessageAsync<Messages::WebProcess::InitializeWebProcess, WebKit::WebProcess, WebKit::WebProcess, void(WebKit::WebProcessCreationParameters&&, WTF::CompletionHandler<void(WebCore::ProcessIdentity)>&&)> ()
    at ./Source/WebKit/Platform/IPC/HandleMessage.h:336
#30 0xf4ed4df6 in WebKit::WebProcess::didReceiveWebProcessMessage () at ./build-soup3/DerivedSources/WebKit/WebProcessMessageReceiver.cpp:112
#31 0xf50cd4f0 in IPC::Connection::dispatchMessage () at ./Source/WebKit/Platform/IPC/Connection.cpp:1451
#32 0xf50cda98 in IPC::Connection::dispatchMessage () at ./Source/WebKit/Platform/IPC/Connection.cpp:1408
#33 IPC::Connection::dispatchOneIncomingMessage () at ./Source/WebKit/Platform/IPC/Connection.cpp:1518
#34 0xf46641fc in WTF::Function<void()>::operator() () at ./Source/WTF/wtf/Function.h:82
#35 WTF::RunLoop::performWork () at ./Source/WTF/wtf/RunLoop.cpp:147
#36 0xf46aeab6 in operator() () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:80
#37 _FUN () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:82
#38 0xf46af4bc in operator() () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#39 _FUN () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#40 0xf1f6eb06 in g_main_dispatch (context=context@entry=0x1c9ef80) at ../../../glib/gmain.c:3357
#41 0xf1f70620 in g_main_context_dispatch_unlocked (context=0x1c9ef80) at ../../../glib/gmain.c:4208
#42 g_main_context_iterate_unlocked (context=0x1c9ef80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4273
#43 0xf1f70ee0 in g_main_loop_run (loop=0x1cb9160) at ../../../glib/gmain.c:4475
#44 0xf46af638 in WTF::RunLoop::run () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#45 0xf54582ea in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run () at ./Source/WebKit/Shared/AuxiliaryProcessMain.h:72
#46 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run () at ./Source/WebKit/Shared/AuxiliaryProcessMain.h:59
#47 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk> () at ./Source/WebKit/Shared/AuxiliaryProcessMain.h:98
#48 0xf499b4fa in __libc_start_call_main (main=main@entry=0x6ce57d <main()>, argc=argc@entry=4, argv=0xffcc8f24, argv@entry=0xf4a8be44) at ../sysdeps/nptl/libc_start_call_main.h:58
#49 0xf499b59e in __libc_start_main_impl (main=0x6ce57d <main()>, argc=4, argv=0xf4a8be44, init=<optimized out>, fini=0x0, rtld_fini=0xf7e1099d <_dl_fini>, stack_end=0xffcc8f24) at libc-start.c:360
#50 0x006ce5a8 in _start ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
Comment 1 Alberto Garcia 2024-09-19 07:37:54 PDT 
This seems to happen if the system malloc is used instead of bmalloc.

I had to disable bmalloc on armhf due to bug 278858, but if I re-enable it again I cannot reproduce this crash.