[Webkit-unassigned] [Bug 248823] New: [GTK] Crash in webkitWebViewBaseEnterAcceleratedCompositingMode

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 6 08:57:10 PST 2022


https://bugs.webkit.org/show_bug.cgi?id=248823

            Bug ID: 248823
           Summary: [GTK] Crash in
                    webkitWebViewBaseEnterAcceleratedCompositingMode
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bugs-noreply at webkitgtk.org

Here's a seemingly-random UI process crash inside webkitWebViewBaseEnterAcceleratedCompositingMode, with WebKitGTK 2.39.2. I'll attach a full backtrace. webkitWebViewBase->priv->acceleratedBackingStore has been optimized out, but I assume that's somehow invalid.

Core was generated by `epiphany https://arstechnica.com/?p=1902045'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f9cce80ea36 in webkitWebViewBaseEnterAcceleratedCompositingMode (webkitWebViewBase=<optimized out>, layerTreeContext=...) at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:2617
2617        webkitWebViewBase->priv->acceleratedBackingStore->update(layerTreeContext);
[Current thread is 1 (Thread 0x7f9cc7c64c00 (LWP 2))]
(gdb) bt
#0  0x00007f9cce80ea36 in webkitWebViewBaseEnterAcceleratedCompositingMode(_WebKitWebViewBase*, WebKit::LayerTreeContext const&) (webkitWebViewBase=<optimized out>, layerTreeContext=...)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:2617
#1  0x00007f9cce3b8db6 in _ZZN3IPC18callMemberFunctionIN6WebKit16DrawingAreaProxyES2_FvmRKNS1_16LayerTreeContextEESt5tupleIJmS3_EEEEvPT_MT0_T1_OT2_ENKUlDpOT_E_clIJmS3_EEEDaSI_ (__closure=<optimized out>)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/HandleMessage.h:132
#2  _ZSt13__invoke_implIvZN3IPC18callMemberFunctionIN6WebKit16DrawingAreaProxyES3_FvmRKNS2_16LayerTreeContextEESt5tupleIJmS4_EEEEvPT_MT0_T1_OT2_EUlDpOT_E_JmS4_EESA_St14__invoke_otherOSC_DpOT1_ (__f=<optimized out>)
    at /usr/include/c++/12.1.0/bits/invoke.h:61
#3  _ZSt8__invokeIZN3IPC18callMemberFunctionIN6WebKit16DrawingAreaProxyES3_FvmRKNS2_16LayerTreeContextEESt5tupleIJmS4_EEEEvPT_MT0_T1_OT2_EUlDpOT_E_JmS4_EENSt15__invoke_resultISA_JDpT0_EE4typeEOSA_DpOSM_ (__fn=<optimized out>)
    at /usr/include/c++/12.1.0/bits/invoke.h:96
#4  _ZSt12__apply_implIZN3IPC18callMemberFunctionIN6WebKit16DrawingAreaProxyES3_FvmRKNS2_16LayerTreeContextEESt5tupleIJmS4_EEEEvPT_MT0_T1_OT2_EUlDpOT_E_S9_JLm0ELm1EEEDcOSA_OSC_St16integer_sequenceImJXspT1_EEE
    (__t=..., __f=<optimized out>) at /usr/include/c++/12.1.0/tuple:1852
#5  _ZSt5applyIZN3IPC18callMemberFunctionIN6WebKit16DrawingAreaProxyES3_FvmRKNS2_16LayerTreeContextEESt5tupleIJmS4_EEEEvPT_MT0_T1_OT2_EUlDpOT_E_S9_EDcOSA_OSC_ (__t=..., __f=<optimized out>) at /usr/include/c++/12.1.0/tuple:1863
#6  IPC::callMemberFunction<WebKit::DrawingAreaProxy, WebKit::DrawingAreaProxy, void (unsigned long, WebKit::LayerTreeContext const&), std::tuple<unsigned long, WebKit::LayerTreeContext> >(WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(unsigned long, WebKit::LayerTreeContext const&), std::tuple<unsigned long, WebKit::LayerTreeContext>&&) (tuple=..., function=<optimized out>, object=<optimized out>)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/HandleMessage.h:131
#7  IPC::handleMessage<Messages::DrawingAreaProxy::EnterAcceleratedCompositingMode, WebKit::DrawingAreaProxy, WebKit::DrawingAreaProxy, void (unsigned long, WebKit::LayerTreeContext const&)>(IPC::Connection&, IPC::Decoder&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(unsigned long, WebKit::LayerTreeContext const&))
    (connection=<optimized out>, function=<optimized out>, object=0x7f9c4e41cf00, decoder=...)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/HandleMessage.h:213
#8  WebKit::DrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
    (this=0x7f9c4e41cf00, connection=<optimized out>, decoder=...)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/_builddir/DerivedSources/WebKit/DrawingAreaProxyMessageReceiver.cpp:48
#9  0x00007f9cce624b89 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
    (this=this at entry=0x7f9c4e61c1c8, connection=..., decoder=...)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp:129
#10 0x00007f9cce698750 in WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&)
    (this=this at entry=0x7f9c4e61c130, connection=..., decoder=...)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:274
#11 0x00007f9cce6debdf in WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
    (this=0x7f9c4e61c130, connection=..., decoder=...)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebProcessProxy.cpp:883
#12 0x00007f9cce61d01a in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7f9a4de084e0, message=std::unique_ptr<IPC::Decoder> = {...})
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/Connection.cpp:1242
#13 0x00007f9cce61ecc9 in IPC::Connection::dispatchIncomingMessages() (this=0x7f9a4de084e0)
    at /usr/include/c++/12.1.0/bits/unique_ptr.h:189
#14 0x00007f9ccd691c55 in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/Function.h:79
#15 WTF::RunLoop::performWork() (this=0x7f9cc50100e0)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/RunLoop.cpp:147
#16 0x00007f9ccd6f330d in operator() (userData=<optimized out>, __closure=0x0)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:80
#17 _FUN(gpointer) () at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:82
#18 0x00007f9ccd6f3d8d in operator()
    (__closure=0x0, userData=0x7f9cc50100e0, callback=0x7f9ccd6f3300 <_FUN(gpointer)>, source=0x56553dfe72b0)
    at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#19 _FUN(GSource*, GSourceFunc, gpointer) () at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#20 0x00007f9cd33ffa21 in g_main_dispatch (context=<optimized out>) at ../glib/gmain.c:3444
#21 g_main_context_dispatch (context=<optimized out>) at ../glib/gmain.c:4162
#22 0x00007f9cd33fff78 in g_main_context_iterate (context=context at entry=0x56553dfb27b0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4238
#23 0x00007f9cd3400013 in g_main_context_iteration (context=context at entry=0x56553dfb27b0, may_block=may_block at entry=1) at ../glib/gmain.c:4303
#24 0x00007f9cd32a92bd in g_application_run (application=0x56553dfe1100 [EphyShell], argc=<optimized out>, argv=<optimized out>) at ../gio/gapplication.c:2571
#25 0x000056553d2c104b in main ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221206/acebdce7/attachment-0001.htm>


More information about the webkit-unassigned mailing list