webkit crashes on amd64 architecture with SIGSEGV in WTF::OSAllocator::reserveAndCommit()

Boot up a live CD and hit "Try Ubuntu" to get to the desktop. From there, install libwebkitgtk-1.0-0-dbg, then run:
gdb --args /usr/lib/webkitgtk-1.0-0/libexec/GtkLauncher "file:///usr/share/ubiquity-slideshow/slides/index.html"

When it crashes, type bt and attach the backtrace to this bug report. If it doesn't crash, let me know via a comment in this bug.

here is the backtrace.

This appears to be a bad use of "assert" macros in webkit

http://code.google.com/p/chromium/issues/detail?id=17247

CD testing results:
 - Happens on amd64 in kvm with and without network connection
 - Does not happen on i386 in kvm with network connection
 - Does not happen on i386 on Dell Mini 10 without network

I think this sufficiently proves that this isn't network related, but amd64 specific.

Oddly enough, I cannot seem to reproduce this with kvm. Martin, how much memory are you giving it?

If you have a chance, would you mind poking with gdb to get more detail on the conditions surrounding the mmap failure?

From the release notes: To work around this, open a Terminal window with Ctrl+Alt+T and do sudo apt-get purge ubiquity-slideshow-ubuntu before starting the installer. This will cause the installation progress window to become very small, but avoid the crash.

bug 710612 is another instance of this bug but in Kubuntu. Removing ubiquity-slideshow-kubuntu workaround the issue.

Marking the ubiquity task as Invalid. This is definitely a bug in webkit.

webkit is crashing with SIGSEGV in WTF::OSAllocator::reserveAndCommit()
see various duplicate bugs.

how do we proceed here, send this upstream?

This bug is very similar in effect to bug #705359, and the same workaround works (purging ubiquity-slideshow-ubuntu).

Workaround:
echo 1 > /proc/sys/vm/overcommit_memory

see bug https://bugs.webkit.org/show_bug.cgi?id=42756 for more info.

Is anyone able to reproduce this on a fully installed natty desktop?

I am, when launching Miro, see duplicate bug 717865

I can by launching gwibber-accounts,click add, select twitter, click add, click authorize.

This will try to use webkit to open the twitter page, which then segfaults.

echo 1 > /proc/sys/vm/overcommit_memory
fixes this until reboot.

here is a backtrace:
http://launchpadlibrarian.net/63485933/gdb-gwibber-accounts.txt
here is a valgrind log:
https://bugs.launchpad.net/ubuntu/+source/epiphany-browser/+bug/704393/+attachment/1827136/+files/gwibber-accounts-valgrind.log

This crash is happening because webkit is allocating 2GB's of memory with mmap and presumes the os to do overcomminting of memory. If you have enought free memory (or swap) then webkit might not crash at all.

Above mentioned (Kate Stewart - #9) workaround:
>> From the release notes: To work around this, open a Terminal window with Ctrl+Alt+T and do sudo apt-get purge ubiquity-slideshow-ubuntu before starting the installer. This will cause the installation progress window to become very small, but avoid the crash.<<
worked.

> Is anyone able to reproduce this on a fully installed natty desktop?

Yes, when there is no swap (I first encountered this on my laptop where
the swap had got corrupted and wasn't being mounted) then midori and
epiphany fail to start.

(That's confirming the variant of the bug in duplicate LP: #704393, not
ubiquity, which I haven't tried)

Yes, reproduced using Xubuntu natty-desktop-amd64.iso dated 2011-02-18. Without removing the 'ubiquity-slideshow-xubuntu' application, the installer will not even start. It is simply a spinning cursor.

The workaround from comment #14 worked for me when installing Natty 64bit on VMware.

This bug was fixed in the package qtwebkit-source - 2.1~really2.0.1-0ubuntu1

---------------
qtwebkit-source (2.1~really2.0.1-0ubuntu1) natty; urgency=low

  * Revert to package version 2.0.0-0ubuntu1. QtWebkit 2.1 is only supported
    on Symbian. (LP: #710582)
  * New upstream version 2.0.1.
  * Rename debian-changes-2.0.0-0ubuntu1 to kubuntu_01_include_files.diff and
    strip auto-generated files from the patch.
  * Use the lzma dh sequence.
  * Drop kubuntu_01_phonon.diff, pass DEFINES+=ENABLE_VIDEO to qmake instead.
 -- Felix Geyer <email address hidden> Sun, 27 Feb 2011 11:53:38 +0100

> Oddly enough, I cannot seem to reproduce this with kvm. Martin, how much memory are you giving it?

I run with -m768, i. e. 768 MiB.

For the record, here this reproduces perfectly well with

  kvm -m 768 -cdrom ./natty-desktop-amd64.iso -boot d

then starting the live system, and then running

  /usr/lib/webkitgtk-1.0-0/libexec/GtkLauncher

it hangs a while during apport collection, and then crashes.

GtkLauncher runs fine on my workstation, but that has 4 GB of memory. The upstream bug indicates that this only crashes with less memory.

We might apply the overcommit_memory workaround in casper for the time being, if we can't find a real solution for this?

For the record, I am now building a test package which just allocates 32 MB of pool size on amd64 instead of 1 GB. This will match what is happening on i386.

This bug was fixed in the package webkit - 1.3.12-0ubuntu2

---------------
webkit (1.3.12-0ubuntu2) natty; urgency=low

  * Add bzr-builddeb configuration (merge mode).
  * Add 02_no_amd64_overcommit: Do not try to reserve 1 GB of memory for pool
    pages on x86_64, as this will crash on machines with less than ~ 1.5 GB
    RAM. This only works if overcommitting memory is enabled, which we don't
    have by default. (LP: #710582)
 -- Martin Pitt <email address hidden> Mon, 28 Feb 2011 19:26:00 +0100

Fixed for me in Natty 64bit 20110228.1

Confirmed fixed, also using 20110228.1_daily.