[Webkit-unassigned] [Bug 183091] New: [GTK] UI process crash in WebKit::WaylandCompositor::Surface::flushPendingFrameCallbacks

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 23 12:44:09 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=183091

            Bug ID: 183091
           Summary: [GTK] UI process crash in
                    WebKit::WaylandCompositor::Surface::flushPendingFrameC
                    allbacks
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at igalia.com
                CC: bugs-noreply at webkitgtk.org

We have 569 reports of this crash in Fedora:

Thread 1 (Thread 0x7f05c353aac0 (LWP 8748)):
#0  0x00007f05bdce0430 in WebKit::WaylandCompositor::Surface::flushPendingFrameCallbacks() (this=this at entry=0x7f05ab0f0d10) at /usr/src/debug/webkitgtk4-2.18.5-1.fc27.x86_64/Source/WebKit/UIProcess/gtk/WaylandCompositor.cpp:258
        resource = <optimized out>
        __for_range = <synthetic pointer>: {<WTF::VectorBuffer<wl_resource*, 0>> = {<WTF::VectorBufferBase<wl_resource*>> = {m_buffer = 0x616d612d73656761, m_capacity = <optimized out>, m_size = <optimized out>}, <No data fields>}, <No data fields>}
        __for_begin = 0x616d612d73656761
        list = {<WTF::VectorBuffer<wl_resource*, 0>> = {<WTF::VectorBufferBase<wl_resource*>> = {m_buffer = 0x616d612d73656761, m_capacity = <optimized out>, m_size = <optimized out>}, <No data fields>}, <No data fields>}
#1  0x00007f05bdce0496 in WebKit::WaylandCompositor::Surface::setWebPage(WebKit::WebPageProxy*) (this=0x7f05ab0f0d10, webPage=0x0) at /usr/src/debug/webkitgtk4-2.18.5-1.fc27.x86_64/Source/WebKit/UIProcess/gtk/WaylandCompositor.cpp:181
#2  0x00007f05bdcd8663 in WebKit::AcceleratedBackingStoreWayland::~AcceleratedBackingStoreWayland() (this=0x7f054839c030, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk4-2.18.5-1.fc27.x86_64/Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreWayland.cpp:61
#3  0x00007f05bdcd8689 in WebKit::AcceleratedBackingStoreWayland::~AcceleratedBackingStoreWayland() (this=0x7f054839c030, __in_chrg=<optimized out>) at /usr/src/debug/webkitgtk4-2.18.5-1.fc27.x86_64/Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreWayland.cpp:62
#4  0x00007f05bdcc2f3a in std::default_delete<WebKit::AcceleratedBackingStore>::operator()(WebKit::AcceleratedBackingStore*) const (this=<optimized out>, __ptr=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:78
        __ptr = <optimized out>
        webView = 0x55e3c6bcbdd0 [EphyWebView]
#5  0x00007f05bdcc2f3a in std::unique_ptr<WebKit::AcceleratedBackingStore, std::default_delete<WebKit::AcceleratedBackingStore> >::reset(WebKit::AcceleratedBackingStore*) (__p=<optimized out>, this=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:376
        webView = 0x55e3c6bcbdd0 [EphyWebView]
#6  0x00007f05bdcc2f3a in std::unique_ptr<WebKit::AcceleratedBackingStore, std::default_delete<WebKit::AcceleratedBackingStore> >::operator=(decltype(nullptr)) (this=<optimized out>) at /usr/include/c++/7/bits/unique_ptr.h:312
        webView = 0x55e3c6bcbdd0 [EphyWebView]
#7  0x00007f05bdcc2f3a in webkitWebViewBaseDispose(GObject*) (gobject=0x55e3c6bcbdd0 [EphyWebView]) at /usr/src/debug/webkitgtk4-2.18.5-1.fc27.x86_64/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:508
        webView = 0x55e3c6bcbdd0 [EphyWebView]
#8  0x00007f05c2c56e5c in g_object_run_dispose (object=0x55e3c6bcbdd0 [EphyWebView]) at gobject.c:1100
        __func__ = "g_object_run_dispose"
#9  0x00007f05c1eee690 in gtk_overlay_forall (overlay=<optimized out>, include_internals=<optimized out>, callback=0x7f05c2003750 <gtk_widget_destroy>, callback_data=0x0) at gtkoverlay.c:625
        priv = 0x55e3c72845c0
        child = <optimized out>
        children = <optimized out>
        main_widget = <optimized out>
#10 0x00007f05c1deee0e in gtk_container_destroy (widget=0x55e3c72846f0 [GtkOverlay]) at gtkcontainer.c:1700
        container = 0x55e3c72846f0 [GtkOverlay]
        priv = 0x55e3c72845e0

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180223/c9826099/attachment.html>

More information about the webkit-unassigned mailing list