Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1364781
Summary: | QtWebEngine 5.7.0 breaks when built against glibc 2.24 (2.23.90) which defines MADV_FREE | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Kevin Kofler <kevin> |
Component: | qt5-qtwebengine | Assignee: | Kevin Kofler <kevin> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | high | ||
Version: | rawhide | CC: | arjun.is, awilliam, codonell, dj, eddy.pilon, fweimer, gmarr, jakub, kde-sig, kevin, law, lupinix.fedora, mfabian, pfrankli, rdieter, satellitgo, siddhesh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mail-archive.com/openembedded-core@lists.openembedded.org/msg82915.html | ||
Whiteboard: | AcceptedFreezeException | ||
Fixed In Version: | qt5-qtwebengine-5.7.0-6.fc25 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-08-17 03:17:42 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1277285 |
Description
Kevin Kofler
2016-08-07 11:41:34 UTC
(Actually, the /dev/shm issue from step 3 is already filed, it is bug #1347436. Once you work around bug #1363914 and bug #1347436, you run into this one, which is the worst because it does not have a simple workaround.) I can reproduce this with glibc-2.23.90-30.fc25 and qupzilla-2.0.1-1.fc25. We need a better backtrace or a coredump. I don't know how to get that; for me, the Chromium sandbox is pretty effective anti-debugging technology. So I got 3 backtraces by installing the Rawhide ISO to a virtual HDD, installing qt5-qtwebengine-debuginfo there, then attaching gdb to the second zygote process, which shows up in ps ax as: 2497 pts/1 S 0:00 /usr/lib/qt5/libexec/QtWebEngineProcess --type=zyg (There was also 2495 that looked the same, but was not interesting.) and running: (gdb) set follow-fork-mode child (gdb) c The first one I got is a SIGSYS on sched_getparam, probably not what is causing the bug, but I am still posting it in case it is of interest: Thread 2.3 "QtWebEngineProc" received signal SIGSYS, Bad system call. [Switching to Thread 0xad1ffb40 (LWP 2869)] 0xb7fd7d49 in __kernel_vsyscall () (gdb) bt #0 0xb7fd7d49 in __kernel_vsyscall () #1 0xb22370a6 in sched_getparam () from /lib/libc.so.6 #2 0xb2536a42 in pthread_getschedparam () from /lib/libpthread.so.0 #3 0xb517da9e in base::internal::GetCurrentThreadPriorityForPlatform () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/threading/platform_thread_linux.cc:66 #4 0xb517db1f in base::internal::SetCurrentThreadPriorityForPlatform () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/threading/platform_thread_linux.cc:47 #5 0xb517e0ed in base::PlatformThread::SetCurrentThreadPriority () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/threading/platform_thread_posix.cc:217 #6 0xb517e14e in ThreadFunc () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/threading/platform_thread_posix.cc:60 #7 0xb25354ee in start_thread () from /lib/libpthread.so.0 #8 0xb2257f9e in clone () from /lib/libc.so.6 After a continue, I get yet another SIGSYS, again, just in case it is of interest: Thread 2.3 "QtWebEngineProc" received signal SIGSYS, Bad system call. 0xb7fd7d49 in __kernel_vsyscall () (gdb) bt #0 0xb7fd7d49 in __kernel_vsyscall () #1 0xb2237102 in sched_getscheduler () from /lib/libc.so.6 #2 0xb2536a1b in pthread_getschedparam () from /lib/libpthread.so.0 #3 0xb517da9e in base::internal::GetCurrentThreadPriorityForPlatform () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/threading/platform_thread_linux.cc:66 #4 0xb517db1f in base::internal::SetCurrentThreadPriorityForPlatform () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/threading/platform_thread_linux.cc:47 #5 0xb517e0ed in base::PlatformThread::SetCurrentThreadPriority () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/threading/platform_thread_posix.cc:217 #6 0xb517e14e in ThreadFunc () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/threading/platform_thread_posix.cc:60 #7 0xb25354ee in start_thread () from /lib/libpthread.so.0 #8 0xb2257f9e in clone () from /lib/libc.so.6 But after yet another continue, I finally get the illegal instruction: Thread 2.1 "QtWebEngineProc" received signal SIGILL, Illegal instruction. [Switching to Thread 0xae5fdb40 (LWP 2867)] WTF::discardSystemPages () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/wtf/PageAllocator.cpp:244 244 decommitSystemPages(addr, len); (gdb) bt #0 WTF::discardSystemPages () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/wtf/PageAllocator.cpp:244 #1 0xb5b28f46 in blink::MemoryRegion::decommit () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/PageMemory.cpp:26 #2 0xb5b29393 in blink::PageMemory::decommit () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/PageMemory.h:179 #3 blink::FreePagePool::addFreePage () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/PagePool.cpp:31 #4 0xb5b27c35 in blink::NormalPageHeap::allocatePage () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/HeapPage.cpp:445 #5 0xb5b282f1 in blink::NormalPageHeap::outOfLineAllocate () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/HeapPage.cpp:744 #6 0xb62e4480 in blink::NormalPageHeap::allocateObject () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/HeapPage.h:878 #7 blink::Heap::allocateOnHeapIndex () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/Heap.h:443 #8 blink::Heap::allocate<blink::FetchContext> () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/Heap.h:450 #9 blink::GarbageCollected<blink::FetchContext>::allocateObject () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/Heap.h:348 #10 blink::GarbageCollected<blink::FetchContext>::operator new () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/platform/heap/Heap.h:343 #11 blink::FrameFetchContext::createContextAndFetcher () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/core/loader/FrameFetchContext.h:56 #12 blink::DocumentLoader::DocumentLoader () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/core/loader/DocumentLoader.cpp:101 #13 0xb47abf05 in blink::WebDataSourceImpl::WebDataSourceImpl () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/web/WebDataSourceImpl.cpp:134 #14 blink::WebDataSourceImpl::create () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/web/WebDataSourceImpl.cpp:42 #15 0xb477e86b in blink::FrameLoaderClientImpl::createDocumentLoader () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/web/FrameLoaderClientImpl.cpp:711 #16 0xb62fd0cb in blink::FrameLoader::init () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/core/loader/FrameLoader.cpp:198 #17 0xb4743161 in blink::LocalFrame::init () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/core/frame/LocalFrame.h:244 #18 blink::WebLocalFrameImpl::initializeCoreFrame () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp:1793 #19 0xb4754210 in blink::WebViewImpl::setMainFrame () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/third_party/WebKit/Source/web/WebViewImpl.cpp:432 #20 0xb4e47ab3 in content::RenderFrameImpl::CreateMainFrame () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/renderer/render_frame_impl.cc:750 #21 0xb4e66b17 in content::RenderViewImpl::Initialize () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/renderer/render_view_impl.cc:683 #22 0xb4e6c088 in content::RenderViewImpl::Create () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/renderer/render_view_impl.cc:1133 #23 0xb4e51afb in content::RenderThreadImpl::OnCreateNewView () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/renderer/render_thread_impl.cc:1800 #24 0xb4e5bcbd in base::DispatchToMethodImpl<content::RenderThreadImpl, void (content::RenderThreadImpl::*)(ViewMsg_New_Params const&), ViewMsg_New_Params, 0u> () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/tuple.h:252 #25 base::DispatchToMethod<content::RenderThreadImpl, void (content::RenderThreadImpl::*)(ViewMsg_New_Params const&), ViewMsg_New_Params> () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/tuple.h:259 #26 ViewMsg_New::Dispatch<content::RenderThreadImpl, content::RenderThreadImpl, void, void (content::RenderThreadImpl::*)(ViewMsg_New_Params const&)> () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/common/view_messages.h:621 #27 content::RenderThreadImpl::OnControlMessageReceived () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/renderer/render_thread_impl.cc:1739 #28 0xb3fc6cd5 in content::ChildThreadImpl::OnMessageReceived () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/child/child_thread_impl.cc:635 #29 0xb4d93583 in IPC::ChannelProxy::Context::OnDispatchMessage () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/ipc/ipc_channel_proxy.cc:293 #30 0xb4d92f03 in base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>::Run () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/bind_internal.h:178 #31 base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, base::internal::TypeList<IPC::ChannelProxy::Context* const&, IPC::Message const&> >::MakeItSo () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/bind_internal.h:297 #32 base::internal::Invoker<base::IndexSequence<0u, 1u>, base::internal::BindState<base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, void (IPC::ChannelProxy::Context*, IPC::Message const&), IPC::ChannelProxy::Context*, IPC::Message>, base::internal::TypeList<base::internal::UnwrapTraits<IPC::ChannelProxy::Context*>, base::internal::UnwrapTraits<IPC::Message> >, base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(IPC::Message const&)>, base::internal::TypeList<IPC::ChannelProxy::Context* const&, IPC::Message const&> >, void ()>::Run(base::internal::BindStateBase*) () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/bind_internal.h:350 #33 0xb51b03f3 in base::Callback<void ()>::Run() const () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/callback.h:394 #34 base::debug::TaskAnnotator::RunTask () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/debug/task_annotator.cc:51 #35 0xb65b826f in scheduler::TaskQueueManager::ProcessTaskFromWorkQueue () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/components/scheduler/base/task_queue_manager.cc:264 #36 0xb65b8cde in scheduler::TaskQueueManager::DoWork () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/components/scheduler/base/task_queue_manager.cc:180 #37 0xb65b5e8f in base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)>::Run () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/bind_internal.h:178 #38 base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)>, base::internal::TypeList<base::WeakPtr<scheduler::TaskQueueManager> const&, base::TimeTicks const&, bool const&> >::MakeItSo () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/bind_internal.h:307 #39 base::internal::Invoker<base::IndexSequence<0u, 1u, 2u>, base::internal::BindState<base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)>, void (scheduler::TaskQueueManager*, base::TimeTicks, bool), base::WeakPtr<scheduler::TaskQueueManager>, base::TimeTicks, bool>, base::internal::TypeList<base::internal::UnwrapTraits<base::WeakPtr<scheduler::TaskQueueManager> >, base::internal::UnwrapTraits<base::TimeTicks>, base::internal::UnwrapTraits<bool> >, base::internal::InvokeHelper<true, void, base::internal::RunnableAdapter<void (scheduler::TaskQueueManager::*)(base::TimeTicks, bool)>, base::internal::TypeList<base::WeakPtr<scheduler::TaskQueueManager> const&, base::TimeTicks const&, bool const&> >, void ()>::Run(base::internal::BindStateBase*) () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/bind_internal.h:350 #40 0xb51b03f3 in base::Callback<void ()>::Run() const () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/callback.h:394 #41 base::debug::TaskAnnotator::RunTask () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/debug/task_annotator.cc:51 #42 0xb514e691 in base::MessageLoop::RunTask () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/message_loop/message_loop.cc:486 #43 0xb514f354 in base::MessageLoop::DeferOrRunPendingTask () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/message_loop/message_loop.cc:495 #44 0xb5150858 in base::MessageLoop::DoDelayedWork () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/message_loop/message_loop.cc:645 #45 0xb515196c in base::MessagePumpDefault::Run () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/message_loop/message_pump_default.cc:37 #46 0xb514def0 in base::MessageLoop::RunHandler () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/message_loop/message_loop.cc:450 #47 0xb5166888 in base::RunLoop::Run () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/run_loop.cc:56 #48 0xb514d841 in base::MessageLoop::Run () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/base/message_loop/message_loop.cc:293 #49 0xb4e84534 in content::RendererMain () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/renderer/renderer_main.cc:235 #50 0xb4263ebd in content::RunZygote () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/app/content_main_runner.cc:308 #51 0xb42643bf in content::ContentMainRunnerImpl::Run () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/app/content_main_runner.cc:801 #52 0xb42637e0 in content::ContentMain () at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/content/app/content_main.cc:19 #53 0xb3b68245 in QtWebEngine::processMain (argc=3, argv=0xbfffefa4) at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/core/process_main.cpp:67 #54 0x80000775 in main (argc=<optimized out>, argv=0xbfffefa4) at /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/process/main.cpp:166 (In reply to Kevin Kofler from comment #3) > So I got 3 backtraces by installing the Rawhide ISO to a virtual HDD, > installing qt5-qtwebengine-debuginfo there, then attaching gdb to the second > zygote process, which shows up in ps ax as: > 2497 pts/1 S 0:00 /usr/lib/qt5/libexec/QtWebEngineProcess --type=zyg > (There was also 2495 that looked the same, but was not interesting.) > and running: > (gdb) set follow-fork-mode child > (gdb) c > > The first one I got is a SIGSYS on sched_getparam, probably not what is > causing the bug, but I am still posting it in case it is of interest: Does Chromium have a SIGSYS handler? The sandbox may not be prepared for glibc and QtWebkit using these system calls. > But after yet another continue, I finally get the illegal instruction: > > Thread 2.1 "QtWebEngineProc" received signal SIGILL, Illegal instruction. > [Switching to Thread 0xae5fdb40 (LWP 2867)] > WTF::discardSystemPages () > at > /usr/src/debug/qtwebengine-opensource-src-5.7.0/src/3rdparty/chromium/ > third_party/WebKit/Source/wtf/PageAllocator.cpp:244 > 244 decommitSystemPages(addr, len); > (gdb) bt What's the disassembly at this point? I had the same idea than you of looking at the disassembly: (gdb) disas $pc-10,$pc+10 Dump of assembler code from 0xb4d10e1e to 0xb4d10e32: 0xb4d10e1e <WTF::discardSystemPages(void*, unsigned int)+46>: jne 0xb4d10e28 <WTF::discardSystemPages(void*, unsigned int)+56> 0xb4d10e20 <WTF::discardSystemPages(void*, unsigned int)+48>: lea 0x18(%esp),%esp 0xb4d10e24 <WTF::discardSystemPages(void*, unsigned int)+52>: pop %ebx 0xb4d10e25 <WTF::discardSystemPages(void*, unsigned int)+53>: ret 0xb4d10e26 <WTF::discardSystemPages(void*, unsigned int)+54>: xchg %ax,%ax => 0xb4d10e28 <WTF::discardSystemPages(void*, unsigned int)+56>: ud2 0xb4d10e2a: lea 0x0(%esi),%esi 0xb4d10e30 <_ZN3WTF19decommitSystemPagesEPvj+0>: jmp 0xb4d10df0 <WTF::discardSystemPages(void*, unsigned int)> End of assembler dump. I think it's this assertion that is failing: http://code.qt.io/cgit/qt/qtwebengine-chromium.git/tree/chromium/third_party/WebKit/Source/wtf/PageAllocator.cpp?h=49-based#n243 No, it must actually be a RELEASE_ASSERT that is failing. It is this one from decommitSystemPages: http://code.qt.io/cgit/qt/qtwebengine-chromium.git/tree/chromium/third_party/WebKit/Source/wtf/PageAllocator.cpp?h=49-based#n225 that is being inlined. madvise is returning a non-zero error code. Proof: Here is the full disassembly of WTF::discardSystemPages up to the offending point: (gdb) disas $pc-56,$pc+10 Dump of assembler code from 0xb4d10df0 to 0xb4d10e32: 0xb4d10df0 <WTF::discardSystemPages(void*, unsigned int)+0>: push %ebx 0xb4d10df1 <WTF::discardSystemPages(void*, unsigned int)+1>: call 0xb3b2f450 <__x86.get_pc_thunk.bx> 0xb4d10df6 <WTF::discardSystemPages(void*, unsigned int)+6>: add $0x31e9eb6,%ebx 0xb4d10dfc <WTF::discardSystemPages(void*, unsigned int)+12>: lea -0x18(%esp),%esp 0xb4d10e00 <WTF::discardSystemPages(void*, unsigned int)+16>: mov 0x24(%esp),%eax 0xb4d10e04 <WTF::discardSystemPages(void*, unsigned int)+20>: movl $0x8,0x8(%esp) 0xb4d10e0c <WTF::discardSystemPages(void*, unsigned int)+28>: mov %eax,0x4(%esp) 0xb4d10e10 <WTF::discardSystemPages(void*, unsigned int)+32>: mov 0x20(%esp),%eax 0xb4d10e14 <WTF::discardSystemPages(void*, unsigned int)+36>: mov %eax,(%esp) 0xb4d10e17 <WTF::discardSystemPages(void*, unsigned int)+39>: call 0xb3b1d8f0 <madvise@plt> 0xb4d10e1c <WTF::discardSystemPages(void*, unsigned int)+44>: test %eax,%eax 0xb4d10e1e <WTF::discardSystemPages(void*, unsigned int)+46>: jne 0xb4d10e28 <WTF::discardSystemPages(void*, unsigned int)+56> 0xb4d10e20 <WTF::discardSystemPages(void*, unsigned int)+48>: lea 0x18(%esp),%esp 0xb4d10e24 <WTF::discardSystemPages(void*, unsigned int)+52>: pop %ebx 0xb4d10e25 <WTF::discardSystemPages(void*, unsigned int)+53>: ret 0xb4d10e26 <WTF::discardSystemPages(void*, unsigned int)+54>: xchg %ax,%ax => 0xb4d10e28 <WTF::discardSystemPages(void*, unsigned int)+56>: ud2 0xb4d10e2a: lea 0x0(%esi),%esi 0xb4d10e30 <_ZN3WTF19decommitSystemPagesEPvj+0>: jmp 0xb4d10df0 <WTF::discardSystemPages(void*, unsigned int)> End of assembler dump. As you can see, it calls madvise, tests its return value, and if it is non-zero, jumps to the ud2. So that's the RELEASE_ASSERT at line 225. Hmm. What's the contents of errno? I really doubt this is a glibc bug. It's more likely the sandbox is making incorrect assumptions about how other libraries behave. Also be warned that were it says "MADV_FREE", it's actually using "MADV_DONTNEED", not "MADV_FREE": http://code.qt.io/cgit/qt/qtwebengine-chromium.git/tree/chromium/third_party/WebKit/Source/wtf/PageAllocator.cpp?h=49-based#n42 errno is 1. (In reply to Kevin Kofler from comment #11) > errno is 1. #define EPERM 1 /* Operation not permitted */ This doesn't look something like the kernel implementation of madvise would return for MADV_DONTNEED. Is this code running under the sandbox? Yes, I think so. This looks more and more like an error deep in Chromium code (and in code that is already gone from Google's master, there's no PageAllocator.cpp there anymore, grrr). OK, so actually, looking at it, it seems the hack to redefine MADV_FREE to MADV_DONTNEED is not in our package yet (see also the assembly that passes $8, not $4), and so we fail this check in the sandboxing code: http://code.qt.io/cgit/qt/qtwebengine-chromium.git/tree/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc?h=49-based#n172 Backporting this: http://code.qt.io/cgit/qt/qtwebengine-chromium.git/commit/?h=49-based&id=b12ffcd411d4776f7120ccecb3be34344d930d2b should fix it. I am going to do it ASAP. The only reason the glibc version matters at all is that only recent versions of glibc contain this commit: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=981569c74cbb6bafa2ddcefa6dd9dbdc938ff1c8 that actually defines MADV_FREE. Before this commit, we always got MADV_DONTNEED that passes the sandbox. I am building new qt5-qtwebengine packages for Rawhide and then F25 which should fix this. Florian, thanks for your help debugging this. (For the record, I verified (but forgot to post) that glibc 2.24 is really the first release that defines MADV_FREE in its headers, glibc 2.23 did not define it. So the breakage only happened when building against glibc 2.24. It should be fixed in qt5-qtwebengine-5.7.0-6 no matter what glibc is used.) qt5-qtwebengine-5.7.0-6.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb971cbd03 Proposed as a Freeze Exception for 25-alpha by Fedora user lupinix using the blocker tracking app because: QupZilla, a component shipped by KDE Spin, does not work due to a bug in qt5-qtwebengine in combination with glibc 2.24. A fix already exists and has been submitted as a testing update. qt5-qtwebengine-5.7.0-6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-bb971cbd03 Discussed during the 2016-08-15 blocker review meeting: [1] The decision to classify this bug as an accepted Alpha Freeze Exception was made due to the fact that the fix cannot be made with just an update. Also, the fix does not touch glibc, so the possibility for negative impact is minute. [1] https://meetbot.fedoraproject.org/fedora-blocker-review/2016-08-15/f25-blocker-review.2016-08-15-16.00.txt *** Bug 1361442 has been marked as a duplicate of this bug. *** Confirmed both the bug and the fix here. Thanks. qt5-qtwebengine-5.7.0-6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. |