Bug 31294 - Classical Installer Release notes fail to be displayed due to segfault in WebKitWebProcess
Summary: Classical Installer Release notes fail to be displayed due to segfault in Web...
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: release_blocker normal
Target Milestone: ---
Assignee: Jani Välimaa
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-12-18 16:09 CET by Martin Whitaker
Modified: 2023-06-07 23:14 CEST (History)
3 users (show)

See Also:
Source RPM: webkit2-2.38.2-5.mga9.src.rpm, libglvnd-1.6.0-1.mga9.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Martin Whitaker 2022-12-18 16:09:18 CET 
This has been seen using both the alpha1 and abortive beta1 Mageia-9 classical installer ISOs. When clicking on the button to display the release notes, the pop-up window is blank. Checking the kernel log shows

<6>[  108.764832] eadedCompositor[1169]: segfault at 8 ip b2577cd9 sp aa4fed48 error 4 in libGLX.so.0.0.0[b2574000+2b000]

This only occurs with the 32-bit ISOs, not the 64-bit ISOs.

The command that fails is

  /usr/bin/display_release_notes.pl

which uses webkit2gtk to display the HTML version of the release notes.

I managed to run the offending command manually and get a core dump. Subsequent analysis with gdb provides the following back-trace:

Core was generated by `/usr/libexec/webkit2gtk-4.1/WebKitWebProcess 11 15'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0xb25bfcd9 in glXCreateContext (dpy=0x97095b0, vis=0x0, share_list=0x0, direct=1) at ../src/GLX/libglx.c:240
240	    __GLXvendorInfo *vendor = __glXGetDynDispatch(dpy, vis->screen);
[Current thread is 1 (Thread 0xaa4ffb40 (LWP 1204))]
(gdb) bt
#0  0xb25bfcd9 in glXCreateContext (dpy=0x97095b0, vis=0x0, share_list=0x0, direct=1) at ../src/GLX/libglx.c:240
#1  0xb5e6c443 in WebCore::GLContextGLX::createWindowContext ()
    at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:198
#2  0xb5e6ccc4 in WebCore::GLContextGLX::createContext () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WebCore/platform/graphics/glx/GLContextGLX.cpp:280
#3  0xb5e214de in WebCore::GLContext::createContextForWindow () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WebCore/platform/graphics/GLContext.cpp:97
#4  0xb422cd0f in WebKit::ThreadedCompositor::createGLContext ()
    at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:96
#5  0xb422cdf2 in operator() ()
    at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:73
#6  call () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Mageia-linux-build/webkit2gtk-4.1/WTF/Headers/wtf/Function.h:53
#7  0xb422261e in WTF::Function<void ()>::operator()() const ()
    at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Mageia-linux-build/webkit2gtk-4.1/WTF/Headers/wtf/Function.h:82
#8  operator() () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:90
#9  call () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Mageia-linux-build/webkit2gtk-4.1/WTF/Headers/wtf/Function.h:53
#10 0xb34de970 in WTF::Function<void ()>::operator()() const () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/Function.h:82
#11 WTF::RunLoop::performWork () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/RunLoop.cpp:133
#12 0xb3540988 in operator() () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/glib/RunLoopGLib.cpp:80
#13 _FUN () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/glib/RunLoopGLib.cpp:82
#14 0xb35414d9 in operator() () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#15 _FUN () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#16 0xb0afa4d5 in g_main_dispatch (context=0x99265d0) at ../glib/gmain.c:3444
#17 g_main_context_dispatch (context=<optimized out>) at ../glib/gmain.c:4162
#18 0xb0afa899 in g_main_context_iterate (context=0x99265d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4238
#19 0xb0afabc1 in g_main_loop_run (loop=<optimized out>) at ../glib/gmain.c:4438
#20 0xb3541621 in WTF::RunLoop::run () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#21 0xb42225bc in operator() ()
    at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/CompositingRunLoop.cpp:49
#22 call () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Mageia-linux-build/webkit2gtk-4.1/WTF/Headers/wtf/Function.h:53
#23 0xb34e1174 in WTF::Function<void ()>::operator()() const () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/Function.h:82
#24 WTF::Thread::entryPoint () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/Threading.cpp:236
#25 0xb35440c8 in wtfThreadEntryPoint () at /usr/src/debug/webkit2-2.38.2-5.mga9.i386/Source/WTF/wtf/posix/ThreadingPOSIX.cpp:242
#26 0xb7e3b8a8 in start_thread (arg=0xaa4ffb40) at pthread_create.c:442
#27 0xb7ebce88 in clone3 () at ../sysdeps/unix/sysv/linux/i386/clone3.S:111

I can't reproduce the bug when running the command in an installed system, so I guess it depends on the graphics display environment.
Comment 1 Martin Whitaker 2022-12-18 16:13:17 CET 
CC'ing Ben, who originally reported this on the qa-discuss ML.

CC: (none) => westel

Comment 2 Lewis Smith 2022-12-18 20:22:58 CET 
Thanks for the highly researched report.

Assigning to wally who has had most to do with webkit2 lately.
CC'ing tv who deals often with libglvnd (for lib64glx0), since the original error message was from that:
 eadedCompositor[1169]: segfault at 8 ip b2577cd9 sp aa4fed48 error 4 in libGLX.so.0.0.0

Maybe those should be reversed.

CC: (none) => thierry.vignaud
Source RPM: (none) => webkit2-2.38.2-5.mga9.src.rpm, libglvnd-1.6.0-1.mga9.src.rpm
Assignee: bugsquad => jani.valimaa

Comment 3 Martin Whitaker 2022-12-23 12:51:33 CET 
Setting as a release blocker, as this affects the installer ISOs.

Priority: Normal => release_blocker

Comment 4 Ben McMonagle 2022-12-31 23:20:19 CET 
seems to now also affect x86_64 beta 1 (30/12/2022)

hopefully same cause.
Ben McMonagle 2022-12-31 23:20:34 CET

Hardware: i586 => All

Ben McMonagle 2022-12-31 23:24:31 CET

Summary: Release notes fail to be displayed in 32-bit installer due to segfault in WebKitWebProcess => Classical Installer Release notes fail to be displayed due to segfault in WebKitWebProcess

Comment 5 Martin Whitaker 2023-01-02 13:51:00 CET 
This looks like https://bugs.webkit.org/show_bug.cgi?id=238721, and the workaround of disabling hardware acceleration by setting the environment variable WEBKIT_DISABLE_COMPOSITING_MODE=1 fixes the problem for us.

I don't know why we didn't see this fault in the first round x86_64 beta 1 CI ISO (2022-12-06). I went back and retested the alpha1 ISOs, and found it on both i586 and x86_64.
Comment 6 Nicolas Lécureuil 2023-06-06 16:04:41 CEST 
is it still valid on beta2 isos ?

CC: (none) => mageia

Comment 7 Martin Whitaker 2023-06-07 23:14:39 CEST 
I added the workaround described in comment 5 to the installer, so the release notes are now displayed. The underlying bug in webkit2 is still there though, so may affect other applications.

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.