[Webkit-unassigned] [Bug 166420] New: [GTK] Crash in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 22 07:31:42 PST 2016 

https://bugs.webkit.org/show_bug.cgi?id=166420

            Bug ID: 166420
           Summary: [GTK] Crash in
                    WebCore::CoordinatedGraphicsLayer::notifyFlushRequired
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

Downstream reporter says "This issue happens with WebKit rendering mails inside evolution. It is probably related to https://bugzilla.gnome.org/show_bug.cgi?id=776391". Indeed, I see a bunch of web inspector stuff in the backtrace.


Thread 1 (Thread 0x7f8d612cdfc0 (LWP 2745)):
#0  0x00007f8d6003226b in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired() (this=0x7f8cd859a800) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:57
#1  0x00007f8d60032a79 in WebCore::CoordinatedGraphicsLayer::didChangeGeometry() (this=0x7f8cd859a800) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:104
#2  0x00007f8d5fa67218 in WebCore::PageOverlayController::installPageOverlay(WTF::PassRefPtr<WebCore::PageOverlay>, WebCore::PageOverlay::FadeMode) (this=0x7f8d499f44b0, pageOverlay=..., fadeMode=fadeMode at entry=WebCore::PageOverlay::FadeMode::Fade) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/page/PageOverlayController.cpp:110
        overlay = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d499828a0}
        layer = std::unique_ptr<WebCore::GraphicsLayer> containing 0x7f8cd859a800
#3  0x00007f8d5f1486c2 in WebKit::WebInspectorClient::highlight() (this=0x55b67236a3c0) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/WebProcess/WebCoreSupport/WebInspectorClient.cpp:112
        highlightOverlay = {static isRef = <optimized out>, m_ptr = 0x0}
        this = 0x55b67236a3c0
#4  0x00007f8d5f90d268 in WebCore::InspectorOverlay::update() (this=0x7f8d499ca000) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/inspector/InspectorOverlay.cpp:346
        viewportSize = {m_width = 1653, m_height = 320}
        frameViewFullSize = <optimized out>
#5  0x00007f8d5f8cc12d in WebCore::InspectorDOMAgent::highlightNode(WTF::String&, Inspector::InspectorObject const&, int const*, WTF::String const*) (this=0x7f8d499a7000, errorString=..., highlightInspectorObject=..., nodeId=<optimized out>, objectId=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WebCore/inspector/InspectorDOMAgent.cpp:1141
        node = 0x7f8d498f4840
        highlightConfig = std::unique_ptr<WebCore::HighlightConfig> containing 0x7f8cd85e3d20
#6  0x00007f8d5e60e0ea in Inspector::DOMBackendDispatcher::highlightNode(long, WTF::RefPtr<Inspector::InspectorObject>&&) (this=0x7f8d499ae8e0, requestId=43, parameters=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/x86_64-redhat-linux-gnu/DerivedSources/JavaScriptCore/inspector/InspectorBackendDispatchers.cpp:1585
        in_highlightConfig = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85ccf80}
        opt_in_nodeId_valueFound = true
        opt_in_nodeId = 2
        opt_in_objectId_valueFound = false
        opt_in_objectId = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d5e86d1d0 <WTF::StringImpl::empty()::emptyString>}}
        error = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}
        result = {static isRef = <optimized out>, m_ptr = 0x7f8cd85d04c0}
#7  0x00007f8d5e61b4fb in Inspector::DOMBackendDispatcher::dispatch(long, WTF::String const&, WTF::Ref<Inspector::InspectorObject>&&) (this=0x7f8d499ae8e0, requestId=43, method=..., message=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/x86_64-redhat-linux-gnu/DerivedSources/JavaScriptCore/inspector/InspectorBackendDispatchers.cpp:936
        parameters = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85ccf40}
        dispatchMap = {m_storage = {__data = "\000\344\276\362\214\177\000\000\200\000\000\000\177\000\000\000#\000\000\000\000\000\000", __align = {<No data fields>}}}
        findResult = <optimized out>
#8  0x00007f8d5e1f2408 in Inspector::BackendDispatcher::dispatch(WTF::String const&) (this=0x7f8d499ef360, message=...) at /usr/src/debug/webkitgtk-2.14.2/Source/JavaScriptCore/inspector/InspectorBackendDispatcher.cpp:181
        methodString = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85bdc30}}
        scopedRequestId = {m_scopedVariable = @0x7f8d499ef398, m_originalValue = {m_isEngaged = false, m_value = {__data = "\200l\207I\215\177\000", __align = {<No data fields>}}}}
        methodValue = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85cdd38}
        domainAndMethod = {<WTF::VectorBuffer<WTF::String, 0ul>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x7f8cd85b9d80, m_capacity = 16, m_size = 2}, <No data fields>}, <No data fields>}
        method = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8cd85bdc80}}
        protect = {static isRef = <optimized out>, m_ptr = 0x7f8d499ef360}
        requestId = 43
        messageObject = {static isRefPtr = <optimized out>, m_ptr = 0x0}
#9  0x00007f8d5f2a9304 in IPC::callMemberFunctionImpl<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::tuple<WTF::String>, 0ul>(WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&), std::tuple<WTF::String>&&, std::integer_sequence<unsigned long, 0ul>) (args=<optimized out>, function=<optimized out>, object=0x7f8d498ef188) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/HandleMessage.h:13
        arguments = std::tuple containing = {[1] = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d49876c80}}}
#10 0x00007f8d5f2a9304 in IPC::callMemberFunction<WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&), std::tuple<WTF::String>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WTF::String>&&, WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&)) (function=<optimized out>, object=0x7f8d498ef188, args=<unknown type in /usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.14.9.debug, CU 0xf44375b, DIE 0xf464bcf>) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/HandleMessage.h:19
        arguments = std::tuple containing = {[1] = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d49876c80}}}
#11 0x00007f8d5f2a9304 in IPC::handleMessage<Messages::WebInspector::SendMessageToBackend, WebKit::WebInspector, void (WebKit::WebInspector::*)(WTF::String const&)>(IPC::Decoder&, WebKit::WebInspector*, void (WebKit::WebInspector::*)(WTF::String const&)) (decoder=..., object=object at entry=0x7f8d498ef188, function=(void (WebKit::WebInspector::*)(WebKit::WebInspector * const, const WTF::String &)) 0x7f8d5f158530 <WebKit::WebInspector::sendMessageToBackend(WTF::String const&)>) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/HandleMessage.h:99
        arguments = std::tuple containing = {[1] = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8d49876c80}}}
#12 0x00007f8d5f2a9248 in WebKit::WebInspector::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (this=0x7f8d498ef188, connection=..., decoder=...) at /usr/src/debug/webkitgtk-2.14.2/x86_64-redhat-linux-gnu/DerivedSources/WebKit2/WebInspectorMessageReceiver.cpp:88
#13 0x00007f8d5ef952b6 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=this at entry=0x7f8d499e85a0, message=std::unique_ptr<IPC::Decoder> containing 0x7f8d49891948) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/Connection.cpp:858
        oldDidReceiveInvalidMessage = false
#14 0x00007f8d5ef95f48 in IPC::Connection::dispatchOneMessage() (this=0x7f8d499e85a0) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Platform/IPC/Connection.cpp:889
#15 0x00007f8d5e656825 in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Function.h:50
        function = {m_callableWrapper = std::unique_ptr<WTF::Function<void()>::CallableWrapperBase> containing 0x7f8d498b1ea0}
        functionsToHandle = <optimized out>
#16 0x00007f8d5e656825 in WTF::RunLoop::performWork() (this=0x7f8d499f7000) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/RunLoop.cpp:105
        function = {m_callableWrapper = std::unique_ptr<WTF::Function<void()>::CallableWrapperBase> containing 0x7f8d498b1ea0}
        functionsToHandle = <optimized out>
#17 0x00007f8d5e67d2b9 in WTF::RunLoop::<lambda(gpointer)>::operator() (__closure=0x0, userData=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:66
#18 0x00007f8d5e67d2b9 in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:68
#19 0x00007f8d57d1ae42 in g_main_dispatch (context=0x55b67226ea10) at gmain.c:3203
        dispatch = 0x7f8d5e67d2d0 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x7f8d499f7000
        callback = 0x7f8d5e67d2b0 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)>
        cb_funcs = 0x7f8d57fe2280 <g_source_callback_funcs>
        cb_data = 0x55b6722e46c0
        need_destroy = <optimized out>
        source = 0x55b6722e5000
        current = 0x55b6722a8a90
        i = 0
#20 0x00007f8d57d1ae42 in g_main_context_dispatch (context=context at entry=0x55b67226ea10) at gmain.c:3856
#21 0x00007f8d57d1b1c0 in g_main_context_iterate (context=0x55b67226ea10, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3929
        max_priority = 2147483647
        timeout = 6
        some_ready = 1
        nfds = 4
        allocated_nfds = 4
        fds = <optimized out>
#22 0x00007f8d57d1b4e2 in g_main_loop_run (loop=0x55b6722e4fe0) at gmain.c:4125
        __func__ = "g_main_loop_run"
#23 0x00007f8d5e67db70 in WTF::RunLoop::run() () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/glib/RunLoopGLib.cpp:94
        runLoop = @0x7f8d499f7000: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = 1}, <No data fields>}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7f8d5e83cba0 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {m_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002", '\000' <repeats 21 times>, __align = 0}}, m_functionQueue = {m_start = 8, m_end = 8, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {m_buffer = 0x7f8d499da0a8, m_capacity = 21, m_size = 0}, <No data fields>}}, m_mainContext = {m_ptr = 0x55b67226ea10}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0ul>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {m_buffer = 0x7f8d499fa180, m_capacity =
        nestedMainLoop = <optimized out>
#24 0x00007f8d5f2508a9 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=<optimized out>, argv=0x7ffc09a82f98) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
        childMain = {<WebKit::ChildProcessMainBase> = {_vptr.ChildProcessMainBase = 0x7f8d60fddbe0 <vtable for WebKit::WebProcessMain+16>, m_parameters = {uiProcessName = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, clientIdentifier = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, connectionIdentifier = 57, extraInitializationData = {m_impl = {static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}}}, <No data fields>}
#25 0x00007f8d52e71401 in __libc_start_main (main=0x55b670ebfc00 <main(int, char**)>, argc=2, argv=0x7ffc09a82f98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc09a82f88) at ../csu/libc-start.c:289
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 5904416883543918654, 94242066922544, 140720470503312, 0, 0, 388507317331839038, 398278049944455230}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffc09a82fb0, 0x7f8d613b8128}, data = {prev = 0x0, cleanup = 0x0, canceltype = 162017200}}}
        not_first_call = <optimized out>
#26 0x000055b670ebfc5a in _start ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161222/842993c5/attachment-0001.html>

More information about the webkit-unassigned mailing list