[Webkit-unassigned] [Bug 167307] New: [GTK] UI process crash in webkit_back_forward_list_get_current_item

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 23 08:24:35 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=167307

            Bug ID: 167307
           Summary: [GTK] UI process crash in
                    webkit_back_forward_list_get_current_item
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

I have 51 reports of this UI process crash in webkit_back_forward_list_get_current_item. Looks like this occurs when performing a delayed page load (loading a saved tab for the first time after opening Epiphany):

Thread 1 (Thread 0x7f7119147fc0 (LWP 2493)):
#0  0x00007f71154d8a3c in WTFCrash() () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Assertions.cpp:323
#1  0x00007f7115c8c199 in WTF::CrashOnOverflow::crash() () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/CheckedArithmetic.h:85
#2  0x00007f7115c8c199 in WTF::CrashOnOverflow::overflowed() () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/CheckedArithmetic.h:78
#3  0x00007f7115c8c199 in WTF::Vector<WTF::RefPtr<WebKit::WebBackForwardListItem>, 0ul, WTF::CrashOnOverflow, 16ul>::at(unsigned long) const (i=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:661
#4  0x00007f7115c8c199 in WTF::Vector<WTF::RefPtr<WebKit::WebBackForwardListItem>, 0ul, WTF::CrashOnOverflow, 16ul>::operator[](unsigned long) const (i=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:676
#5  0x00007f7115c8c199 in WebKit::WebBackForwardList::currentItem() const (this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/UIProcess/WebBackForwardList.cpp:212
#6  0x00007f7115e66fd4 in webkit_back_forward_list_get_current_item(WebKitBackForwardList*) (backForwardList=0x560cbd098720 [WebKitBackForwardList]) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/UIProcess/API/gtk/WebKitBackForwardList.cpp:166
#7  0x0000560cbbc45fa2 in load_delayed_request_if_mapped (user_data=user_data at entry=0x560cbc98f2d0) at ephy-embed.c:648
        embed = 0x560cbc98f2d0 [EphyEmbed]
        web_view = 0x560cbd0063d0 [EphyWebView]
        item = <optimized out>
#8  0x00007f71111f688d in g_timeout_dispatch (source=0x560cbcf6c120, callback=0x560cbbc45f00 <load_delayed_request_if_mapped>, user_data=0x560cbc98f2d0) at gmain.c:4674
        timeout_source = 0x560cbcf6c120
        again = <optimized out>

I considered that this might be an Epiphany bug, but I don't think it is. We are careful to ensure that callback is not called after the EphyEmbed is disposed. I think the WebBackForwardList has been somehow corrupted, possibly due to a problem with session state.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170123/71e5c4f2/attachment-0001.html>

More information about the webkit-unassigned mailing list