[Webkit-unassigned] [Bug 225970] New: [GTK] REGRESSION(r277425) Oops on navigation after back
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 19 09:17:40 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=225970
Bug ID: 225970
Summary: [GTK] REGRESSION(r277425) Oops on navigation after
back
Product: WebKit
Version: WebKit Local Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: History
Assignee: webkit-unassigned at lists.webkit.org
Reporter: jmason at ibinx.com
***NOTE: Checking the ChangeLog just now, I see this is apparently a dup of 225795, which I am not authorized to access.
Due to the fact I cannot view 225795, search does not find it, so I want to enter a **publicly visible** bug to document it for anyone else who experiences this issue.
It is not at all clear to me why a regression would be marked restricted access in the bug database. I spent a couple days tracking this down; hiding bugs like this is not helpful.
Based on the ChangeLog, I surmise the issue has been resolved, but due to lack of access to 225795, I don't know for sure. I'm building now to find out.
Here are my findings:
Since r277425, when I click on a link in a page after browser back, I get an Oops in epiphany.
Steps to reproduce:
1) open https://zookeeper.stanford.edu/
2) click on any link in the page
3) back
4) click on another link in page. Oops.
WebKitWebProcess segfaults with this backtrace:
Thread 17 received signal SIGSEGV, Segmentation fault.
0x00007fff4a7a3710 in WebCore::FrameTree::parent() const ()
from /usr/lib/64/libwebkit2gtk-4.0.so.37
(gdb) bt
#0 0x00007fff4a7a3710 in WebCore::FrameTree::parent() const ()
at /usr/lib/64/libwebkit2gtk-4.0.so.37
#1 0x00007fff4a24d939 in WebCore::FrameSelection::selectFrameElementInParentIfFullySelected() () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#2 0x00007fff4a24e305 in WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#3 0x00007fff4a24e6e8 in WebCore::FrameSelection::willBeRemovedFromFrame() ()
at /usr/lib/64/libwebkit2gtk-4.0.so.37
#4 0x00007fff4a11729d in WebCore::Document::willBeRemovedFromFrame() ()
at /usr/lib/64/libwebkit2gtk-4.0.so.37
#5 0x00007fff4a2f3c5c in WebCore::CachedFrame::destroy() ()
at /usr/lib/64/libwebkit2gtk-4.0.so.37
#6 0x00007fff4a2f3d1e in WebCore::CachedPage::~CachedPage() ()
at /usr/lib/64/libwebkit2gtk-4.0.so.37
#7 0x00007fff4a2f516f in WebCore::BackForwardCache::prune(WebCore::PruningReason) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#8 0x00007fff4a2f5adb in WebCore::BackForwardCache::addIfCacheable(WebCore::HistoryItem&, WebCore::Page*) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#9 0x00007fff4a68c0a1 in WebCore::FrameLoader::commitProvisionalLoad() ()
at /usr/lib/64/libwebkit2gtk-4.0.so.37
#10 0x00007fff4a657ea0 in WebCore::DocumentLoader::commitLoad(char const*, int)
--Type <RET> for more, q to quit, c to continue without paging--c
() at /usr/lib/64/libwebkit2gtk-4.0.so.37
#11 0x00007fff4a714fe1 in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) [clone .part.0] () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#12 0x00007fff4a715424 in WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) [clone .part.0] () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#13 0x00007fff4a6cf857 in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::RawPtrTraits<WebCore::SharedBuffer>, WTF::DefaultRefDerefTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#14 0x00007fff4a6cf9bb in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#15 0x00007fff48d6928d in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long)) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#16 0x00007fff48d68fd4 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#17 0x00007fff48f08275 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#18 0x00007fff48f0996d in IPC::Connection::dispatchOneIncomingMessage() () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#19 0x00007fff460c1ab4 in WTF::RunLoop::performWork() () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
#20 0x00007fff4612f8f9 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
#21 0x00007fff46130469 in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
#22 0x00007fff4637e2b0 in g_main_context_dispatch () at /usr/lib/64/libglib-2.0.so.0
#23 0x00007fff4637e638 in g_main_context_iterate.constprop () at /usr/lib/64/libglib-2.0.so.0
#24 0x00007fff4637e923 in g_main_loop_run () at /usr/lib/64/libglib-2.0.so.0
#25 0x00007fff461305a0 in WTF::RunLoop::run() () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
#26 0x00007fff49340622 in WebKit::WebProcessMain(int, char**) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#27 0x0000000000400d9c in _start ()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210519/1b0efc09/attachment.htm>
More information about the webkit-unassigned
mailing list