[Webkit-unassigned] [Bug 274780] New: [GTK] WebProcess crashes when reading pages
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 28 08:22:18 PDT 2024
https://bugs.webkit.org/show_bug.cgi?id=274780
Bug ID: 274780
Summary: [GTK] WebProcess crashes when reading pages
Product: WebKit
Version: Other
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKitGTK
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcrha at redhat.com
CC: bugs-noreply at webkitgtk.org
Moving this from a downstream bug:
https://gitlab.gnome.org/GNOME/evolution/-/issues/2759
Reproducer with MiniBrowser from webkit2gtk4.1-2.45.2-2.fc41.x86_64:
a) run from a terminal:
/usr/libexec/webkit2gtk-4.1/MiniBrowser https://www.gnome.org
b) click on the "Get GNOME" link at the top (or maybe other)
The terminal says:
** (MiniBrowser:6350): WARNING **: 17:12:18.205: WebProcess CRASHED
After which also the MiniBrowser itself crashes.
coredumpctl says:
Tue 2024-05-28 17:12:18 CEST 6372 1000 1000 SIGSEGV none /usr/libexec/webkit2gtk-4.1/WebKitWebProcess -
Tue 2024-05-28 17:12:21 CEST 6350 1000 1000 SIGSEGV present /usr/libexec/webkit2gtk-4.1/MiniBrowser 5.9M
The WebProcess gdb output (the downstream bug contains a different backtrace though):
Thread 1 "WebKitWebProces" received signal SIGSEGV, Segmentation fault.
0x00007fa99ee42938 in auto WebCore::TextDecorationPainter::paintBackgroundDecorations(WebCore::RenderStyle const&, WebCore::TextRun const&, WebCore::TextDecorationPainter::BackgroundDecorationGeometry const&, WTF::OptionSet<WebCore::TextDecorationLine>, WebCore::TextDecorationPainter::Styles const&)::$_0::operator()<WebCore::TextDecorationLine, WebCore::TextDecorationStyle, WebCore::Color const, WebCore::FloatRect>(WebCore::TextDecorationLine, WebCore::TextDecorationStyle, WebCore::Color const&, WebCore::FloatRect&) const () from /lib64/libwebkit2gtk-4.1.so.0
(gdb) bt
#0 0x00007fa99ee42938 in auto WebCore::TextDecorationPainter::paintBackgroundDecorations(WebCore::RenderStyle const&, WebCore::TextRun const&, WebCore::TextDecorationPainter::BackgroundDecorationGeometry const&, WTF::OptionSet<WebCore::TextDecorationLine>, WebCore::TextDecorationPainter::Styles const&)::$_0::operator()<WebCore::TextDecorationLine, WebCore::TextDecorationStyle, WebCore::Color const, WebCore::FloatRect>(WebCore::TextDecorationLine, WebCore::TextDecorationStyle, WebCore::Color const&, WebCore::FloatRect&) const () at /lib64/libwebkit2gtk-4.1.so.0
#1 0x00007fa99ee37ba0 in WebCore::TextDecorationPainter::paintBackgroundDecorations(WebCore::RenderStyle const&, WebCore::TextRun const&, WebCore::TextDecorationPainter::BackgroundDecorationGeometry const&, WTF::OptionSet<WebCore::TextDecorationLine>, WebCore::TextDecorationPainter::Styles const&) ()
at /lib64/libwebkit2gtk-4.1.so.0
#2 0x00007fa99ee33811 in WebCore::TextBoxPainter<WebCore::InlineIterator::BoxModernPath>::paintForegroundAndDecorations() ()
at /lib64/libwebkit2gtk-4.1.so.0
#3 0x00007fa99ee30ab8 in WebCore::TextBoxPainter<WebCore::InlineIterator::BoxModernPath>::paint() () at /lib64/libwebkit2gtk-4.1.so.0
#4 0x00007fa99e6547ed in WebCore::LayoutIntegration::InlineContentPainter::paintDisplayBox(WebCore::InlineDisplay::Box const&) ()
at /lib64/libwebkit2gtk-4.1.so.0
#5 0x00007fa99e65494b in WebCore::LayoutIntegration::InlineContentPainter::paint() () at /lib64/libwebkit2gtk-4.1.so.0
#6 0x00007fa99e65a913 in WebCore::LayoutIntegration::LineLayout::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::RenderInline const*) ()
at /lib64/libwebkit2gtk-4.1.so.0
#7 0x00007fa99ec6ef37 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#8 0x00007fa99ec6db9e in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#9 0x00007fa99ec6e523 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () at /lib64/libwebkit2gtk-4.1.so.0
#10 0x00007fa99ec6e31f in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
at /lib64/libwebkit2gtk-4.1.so.0
#11 0x00007fa99ec6ef1f in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#12 0x00007fa99ec6db9e in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#13 0x00007fa99ecdd7a3 in WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#14 0x00007fa99ec6e50e in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () at /lib64/libwebkit2gtk-4.1.so.0
#15 0x00007fa99ecf31af in WebCore::RenderFlexibleBox::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
at /lib64/libwebkit2gtk-4.1.so.0
#16 0x00007fa99ec6ef1f in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#17 0x00007fa99ec6db9e in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#18 0x00007fa99ec6e523 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () at /lib64/libwebkit2gtk-4.1.so.0
#19 0x00007fa99ec6e31f in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
at /lib64/libwebkit2gtk-4.1.so.0
#20 0x00007fa99ec6ef1f in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#21 0x00007fa99ec6db9e in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#22 0x00007fa99ec6e523 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () at /lib64/libwebkit2gtk-4.1.so.0
#23 0x00007fa99ec6e31f in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
at /lib64/libwebkit2gtk-4.1.so.0
#24 0x00007fa99ec6ef1f in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#25 0x00007fa99ec6db9e in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#26 0x00007fa99ec6e523 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () at /lib64/libwebkit2gtk-4.1.so.0
#27 0x00007fa99ec6e31f in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
at /lib64/libwebkit2gtk-4.1.so.0
#28 0x00007fa99ec6ef1f in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#29 0x00007fa99ec6db9e in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#30 0x00007fa99ec6e523 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () at /lib64/libwebkit2gtk-4.1.so.0
#31 0x00007fa99ec6e31f in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) ()
at /lib64/libwebkit2gtk-4.1.so.0
#32 0x00007fa99ec6ef1f in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#33 0x00007fa99ec6db9e in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () at /lib64/libwebkit2gtk-4.1.so.0
#34 0x00007fa99ed380f9 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) () at /lib64/libwebkit2gtk-4.1.so.0
#35 0x00007fa99ed3285b in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) () at /lib64/libwebkit2gtk-4.1.so.0
#36 0x00007fa99ed332f2 in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) () at /lib64/libwebkit2gtk-4.1.so.0
#37 0x00007fa99ed332f2 in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) () at /lib64/libwebkit2gtk-4.1.so.0
#38 0x00007fa99ed535d4 in WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RegionContext*)::$_0::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const () at /lib64/libwebkit2gtk-4.1.so.0
#39 0x00007fa99ed53082 in WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RegionContext*) () at /lib64/libwebkit2gtk-4.1.so.0
#40 0x00007fa99ed53e4b in WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, WTF::OptionSet<WebCore::GraphicsLayerPaintBehavior>) () at /lib64/libwebkit2gtk-4.1.so.0
#41 0x00007fa99ce89e99 in WebCore::CoordinatedGraphicsLayer::paintTile(WebCore::IntRect const&, WebCore::IntRect const&, float)::$_1::operator()(WebCore::GraphicsContext&) const () at /lib64/libwebkit2gtk-4.1.so.0
#42 0x00007fa99ce89803 in WebCore::CoordinatedGraphicsLayer::paintTile(WebCore::IntRect const&, WebCore::IntRect const&, float) ()
at /lib64/libwebkit2gtk-4.1.so.0
#43 0x00007fa99ce859dc in WebCore::CoordinatedGraphicsLayer::updateContentBuffers() () at /lib64/libwebkit2gtk-4.1.so.0
#44 0x00007fa99ce850e6 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /lib64/libwebkit2gtk-4.1.so.0
#45 0x00007fa99ce8511c in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /lib64/libwebkit2gtk-4.1.so.0
#46 0x00007fa99ce8511c in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /lib64/libwebkit2gtk-4.1.so.0
#47 0x00007fa99ce8511c in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /lib64/libwebkit2gtk-4.1.so.0
#48 0x00007fa99ce8511c in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /lib64/libwebkit2gtk-4.1.so.0
#49 0x00007fa99ce8511c in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers() () at /lib64/libwebkit2gtk-4.1.so.0
#50 0x00007fa99cdffbfd in WebKit::CompositingCoordinator::flushPendingLayerChanges(WTF::OptionSet<WebCore::FinalizeRenderingUpdateFlags>) ()
at /lib64/libwebkit2gtk-4.1.so.0
#51 0x00007fa99ce0ba65 in WebKit::LayerTreeHost::layerFlushTimerFired() () at /lib64/libwebkit2gtk-4.1.so.0
#52 0x00007fa99baaca85 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*) [clone .llvm.2038710169385785088] ()
at /lib64/libjavascriptcoregtk-4.1.so.0
#53 0x00007fa99baab831 in WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*) () at /lib64/libjavascriptcoregtk-4.1.so.0
#54 0x00007fa99820c90c in g_main_context_dispatch_unlocked.lto_priv () at /lib64/libglib-2.0.so.0
#55 0x00007fa99826d978 in g_main_context_iterate_unlocked.isra () at /lib64/libglib-2.0.so.0
#56 0x00007fa9982128c7 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#57 0x00007fa99baabe29 in WTF::RunLoop::run() () at /lib64/libjavascriptcoregtk-4.1.so.0
#58 0x00007fa99ce185ac in WebKit::WebProcessMain(int, char**) () at /lib64/libwebkit2gtk-4.1.so.0
#59 0x00007fa99c23c1c8 in __libc_start_call_main () at /lib64/libc.so.6
#60 0x00007fa99c23c28b in __libc_start_main_impl () at /lib64/libc.so.6
#61 0x0000000000401075 in _start ()
=======================================================================
The MiniBrowser backtrace:
(gdb) bt
#0 0x00007f629e092502 in WebKit::WebPageProxy::keyEventHandlingCompleted(std::optional<WebKit::WebEventType>, bool) () at /lib64/libwebkit2gtk-4.1.so.0
#1 0x00007f629e00fb1f in WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<IPC::ConnectionAsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::$_1, void, IPC::Decoder*>::call(IPC::Decoder*) () at /lib64/libwebkit2gtk-4.1.so.0
#2 0x00007f629dfd7d81 in WTF::Detail::CallableWrapper<IPC::Connection::sendMessageWithAsyncReply(WTF::UniqueRef<IPC::Encoder>&&, IPC::ConnectionAsyncReplyHandler, WTF::OptionSet<IPC::SendOption>, std::optional<WTF::Thread::QOS>)::$_0, void>::call() [clone .llvm.15857245043833178621] ()
at /lib64/libwebkit2gtk-4.1.so.0
#3 0x00007f629ca4430b in WTF::RunLoop::performWork() () at /lib64/libjavascriptcoregtk-4.1.so.0
#4 0x00007f629caac9dd in WTF::RunLoop::RunLoop()::$_0::__invoke(void*) () at /lib64/libjavascriptcoregtk-4.1.so.0
#5 0x00007f629caab831 in WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*) () at /lib64/libjavascriptcoregtk-4.1.so.0
#6 0x00007f62a21f290c in g_main_context_dispatch_unlocked.lto_priv () at /lib64/libglib-2.0.so.0
#7 0x00007f62a2253978 in g_main_context_iterate_unlocked.isra () at /lib64/libglib-2.0.so.0
#8 0x00007f62a21f3d83 in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#9 0x00007f629b3135bd in g_application_run () at /lib64/libgio-2.0.so.0
#10 0x00000000004194ed in main ()
P.S.: the debuginfo for WebKitGTK is too large, I'm sorry
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240528/254edcb9/attachment-0001.htm>
More information about the webkit-unassigned
mailing list