157605 2016-05-11 20:21:08 -0700 [GTK] Browser plugins crash under Wayland 2016-06-10 05:48:52 -0700 1 1 1 Unclassified WebKit Plug-ins Other PC Linux RESOLVED FIXED https://bugzilla.redhat.com/show_bug.cgi?id=1335352 https://bugzilla.gnome.org/show_bug.cgi?id=766657 P2 Normal --- 1 mcatanzaro webkit-unassigned bugs-noreply cgarcia mcatanzaro oldest_to_newest 1192194 0 mcatanzaro 2016-05-11 20:21:08 -0700 The Evince browser plugin is crashing 100% when run under Wayland. See the downstream bug for a backtrace. (I can't paste it here like I usually do, because we haven't implemented paste yet. ;) Note that it goes through GtkPlug, which is sure to crash under Wayland. Whatever code we have to disable windowed plugins in Wayland must not be working. 1195419 1 mcatanzaro 2016-05-22 08:25:35 -0700 Truncated backtrace: Thread 1 (Thread 0x7ffff7f0fac0 (LWP 15147)): #0 0x00005555565b2cd0 in () #1 0x00007ffff78bfbf3 in XGetWindowAttributes () at /lib64/libX11.so.6 #2 0x00007ffff233f894 in gtk_socket_realize () at /lib64/libgtk-3.so.0 #3 0x00007ffff0455617 in _g_closure_invoke_va () at /lib64/libgobject-2.0.so.0 #4 0x00007ffff046fea9 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0 #5 0x00007ffff04704ff in g_signal_emit () at /lib64/libgobject-2.0.so.0 #6 0x00007ffff2309a9e in gtk_widget_realize () at /lib64/libgtk-3.so.0 #7 0x00007ffff230d0d8 in gtk_widget_set_parent () at /lib64/libgtk-3.so.0 #8 0x00007ffff4be7d74 in webkitWebViewBaseContainerAdd(_GtkContainer*, _GtkWidget*) () at /lib64/libwebkit2gtk-4.0.so.37 #9 0x00007ffff0458470 in g_cclosure_marshal_VOID__OBJECTv () at /lib64/libgobject-2.0.so.0 #10 0x00007ffff0455617 in _g_closure_invoke_va () at /lib64/libgobject-2.0.so.0 #11 0x00007ffff046fea9 in g_signal_emit_valist () at /lib64/libgobject-2.0.so.0 #12 0x00007ffff04704ff in g_signal_emit () at /lib64/libgobject-2.0.so.0 #13 0x00007ffff20f5ff5 in gtk_container_add () at /lib64/libgtk-3.so.0 #14 0x00007ffff4c07f7c in WebKit::WebPageProxy::createPluginContainer(unsigned long&) () at /lib64/libwebkit2gtk-4.0.so.37 #15 0x00007ffff4c37a54 in WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&) () at /lib64/libwebkit2gtk-4.0.so.37 #16 0x00007ffff49a9b91 in IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&) () at /lib64/libwebkit2gtk-4.0.so.37 #17 0x00007ffff4a5ac0b in WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&) () at /lib64/libwebkit2gtk-4.0.so.37 #18 0x00007ffff49a5b3b in IPC::Connection::dispatchSyncMessage(IPC::MessageDecoder&) () at /lib64/libwebkit2gtk-4.0.so.37 #19 0x00007ffff49a5c2d in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () at /lib64/libwebkit2gtk-4.0.so.37 #20 0x00007ffff49a63e6 in IPC::Connection::dispatchOneMessage() () at /lib64/libwebkit2gtk-4.0.so.37 #21 0x00007ffff42de8bd in WTF::RunLoop::performWork() () at /lib64/libjavascriptcoregtk-4.0.so.18 #22 0x00007ffff4301da9 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /lib64/libjavascriptcoregtk-4.0.so.18 #23 0x00007ffff0181703 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0 #24 0x00007ffff0181ab0 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0 #25 0x00007ffff0181b5c in g_main_context_iteration () at /lib64/libglib-2.0.so.0 #26 0x00007ffff074458d in g_application_run () at /lib64/libgio-2.0.so.0 #27 0x0000555555586954 in main () This backtrace is slightly different as it goes through GtkSocket rather than GtkPlug, but any rate WebKit should definitely not be using either when running under Wayland. See GNOME #766657 for a full backtrace. 1197008 2 cgarcia 2016-05-27 01:22:29 -0700 createPluginContainer() starts in NetscapePluginX11::create() and that's called from NetscapePlugin::platformPostInitialize (in NetscapePluginUnix.cpp) which checks if PlatformDisplay::sharedDisplay().type() == PlatformDisplay::Type::X11. So I don't understand why that's happening. Could you check if we are returning PlatformDisplay::Type::X11 there in Wayland? 1200451 3 mcatanzaro 2016-06-08 08:23:23 -0700 Hm, I guess we have two different plugin process crashes here. My backtrace (see the Red Hat bug) does not go through createPluginContainer at all. 1200453 4 cgarcia 2016-06-08 08:35:04 -0700 (In reply to comment #3) > Hm, I guess we have two different plugin process crashes here. My backtrace > (see the Red Hat bug) does not go through createPluginContainer at all. It doesn't matter the same applies to the geometry did change method that is specific to windowed plugins 1200553 5 mcatanzaro 2016-06-08 13:10:49 -0700 (In reply to comment #2) > createPluginContainer() starts in NetscapePluginX11::create() and that's > called from NetscapePlugin::platformPostInitialize (in > NetscapePluginUnix.cpp) which checks if > PlatformDisplay::sharedDisplay().type() == PlatformDisplay::Type::X11. So I > don't understand why that's happening. Could you check if we are returning > PlatformDisplay::Type::X11 there in Wayland? No, it's PlatformDisplay::Type::Wayland as expected. We never create the NetscapePluginX11 object. 1200572 6 mcatanzaro 2016-06-08 13:40:37 -0700 The plugin process is creating a GtkPlug before it crashes, but I don't think it's being created anywhere inside WebKit. Yes, I know that doesn't make sense, but our only use of gtk_plug_new is in NetscapePluginX11.cpp in the constructor, and I've added WTFLogAlways and ASSERT_NOT_REACHED at the top of the constructor and it's definitely not being called. I even checked to make sure we're not passing GTK_TYPE_PLUG directly to g_object_new anywhere. Anyway, PluginProxy::geometryDidChange and then NetscapePlugin::geometryDidChange are both being called before the crash. It's not so unexpected because this is the evince browser plugin, it's a windowed plugin; the code to stop us from creating a windowed plugin under Wayland must not be working. Related: it's quite frustrating that we have the NetscapePlugin class under the WebProcess directory when it's also used by the plugin process; makes everything needlessly confusing. ;/ 1200758 7 cgarcia 2016-06-09 00:35:49 -0700 (In reply to comment #6) > The plugin process is creating a GtkPlug before it crashes, but I don't > think it's being created anywhere inside WebKit. Yes, I know that doesn't > make sense, but our only use of gtk_plug_new is in NetscapePluginX11.cpp in > the constructor, and I've added WTFLogAlways and ASSERT_NOT_REACHED at the > top of the constructor and it's definitely not being called. I even checked > to make sure we're not passing GTK_TYPE_PLUG directly to g_object_new > anywhere. > > Anyway, PluginProxy::geometryDidChange and then > NetscapePlugin::geometryDidChange are both being called before the crash. > It's not so unexpected because this is the evince browser plugin, it's a > windowed plugin; the code to stop us from creating a windowed plugin under > Wayland must not be working. > > Related: it's quite frustrating that we have the NetscapePlugin class under > the WebProcess directory when it's also used by the plugin process; makes > everything needlessly confusing. ;/ Ah, it must be EvBrowserPlugin::setWindow() the one creating the plug. That shouldn't be called when we don't have an X11 implementation, but we can probably just fail the initialization when we don't have a platform implementation and the plugin is windowed. 1200759 8 280894 cgarcia 2016-06-09 00:36:19 -0700 Created attachment 280894 Patch Could you try this patch, please? 1200832 9 280894 mcatanzaro 2016-06-09 07:55:10 -0700 Comment on attachment 280894 Patch This fixes the crash and I even understand the code change, r+. However, it is still impossible to view PDFs unless I uninstall the browser plugin, which is very bad. I see a black surface instead of the PDF. With the plugin uninstalled, Epiphany instead downloads the PDFs. This could be treated as a separate bug, though. 1201219 10 cgarcia 2016-06-10 05:48:52 -0700 Committed r201921: <http://trac.webkit.org/changeset/201921> 280894 2016-06-09 00:36:19 -0700 2016-06-09 07:55:10 -0700 Patch wk2-wayland-windowed-plugins.diff text/plain 1668 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCBlNmE2NjY5Li42MzU5MTlhIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUg QEAKKzIwMTYtMDYtMDkgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2FsaWEuY29t PgorCisgICAgICAgIFtHVEtdIEJyb3dzZXIgcGx1Z2lucyBjcmFzaCB1bmRlciBXYXlsYW5kCisg ICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNTc2MDUKKwor ICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBGYWlsIHRoZSBp bml0aWFsaXphdGlvbiBvZiB3aW5kb3dlZCBwbHVnaW5zIGlmIHdlIGRvbid0IGhhdmUgYSBwbGF0 Zm9ybSBpbXBsZW1lbnRhdGlvbi4KKworICAgICAgICAqIFdlYlByb2Nlc3MvUGx1Z2lucy9OZXRz Y2FwZS91bml4L05ldHNjYXBlUGx1Z2luVW5peC5jcHA6CisgICAgICAgIChXZWJLaXQ6Ok5ldHNj YXBlUGx1Z2luOjpwbGF0Zm9ybVBvc3RJbml0aWFsaXplKToKKwogMjAxNi0wNi0wOCAgQ2FybG9z IEdhcmNpYSBDYW1wb3MgIDxjZ2FyY2lhQGlnYWxpYS5jb20+CiAKICAgICAgICAgW1RocmVhZGVk IENvbXBvc2l0b3JdIFJlbW92ZSBUaHJlYWRlZENvbXBvc2l0b3I6OnNldE5lZWRzRGlzcGxheSgp CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1BsdWdpbnMvTmV0c2NhcGUv dW5peC9OZXRzY2FwZVBsdWdpblVuaXguY3BwIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9Q bHVnaW5zL05ldHNjYXBlL3VuaXgvTmV0c2NhcGVQbHVnaW5Vbml4LmNwcAppbmRleCBiMzk2YjBi My4uOGI4ZWFhMCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9QbHVnaW5z L05ldHNjYXBlL3VuaXgvTmV0c2NhcGVQbHVnaW5Vbml4LmNwcAorKysgYi9Tb3VyY2UvV2ViS2l0 Mi9XZWJQcm9jZXNzL1BsdWdpbnMvTmV0c2NhcGUvdW5peC9OZXRzY2FwZVBsdWdpblVuaXguY3Bw CkBAIC01MSwxMyArNTEsMTQgQEAgYm9vbCBOZXRzY2FwZVBsdWdpbjo6cGxhdGZvcm1Qb3N0SW5p dGlhbGl6ZSgpCiAgICAgfQogI2VuZGlmCiAKLSAgICBpZiAobV9pbXBsKSB7Ci0gICAgICAgIG1f bnBXaW5kb3cudHlwZSA9IG1faW1wbC0+d2luZG93VHlwZSgpOwotICAgICAgICBtX25wV2luZG93 LndpbmRvdyA9IG1faW1wbC0+d2luZG93KCk7Ci0gICAgICAgIG1fbnBXaW5kb3cud3NfaW5mbyA9 IG1faW1wbC0+d2luZG93U3lzdGVtSW5mbygpOwotICAgICAgICBjYWxsU2V0V2luZG93KCk7Ci0g ICAgfQorICAgIC8vIFdpbmRvd2VkIHBsdWdpbnMgbmVlZCBhIHBsYXRmb3JtIGltcGxlbWVudGF0 aW9uLgorICAgIGlmICghbV9pbXBsKQorICAgICAgICByZXR1cm4gIW1faXNXaW5kb3dlZDsKIAor ICAgIG1fbnBXaW5kb3cudHlwZSA9IG1faW1wbC0+d2luZG93VHlwZSgpOworICAgIG1fbnBXaW5k b3cud2luZG93ID0gbV9pbXBsLT53aW5kb3coKTsKKyAgICBtX25wV2luZG93LndzX2luZm8gPSBt X2ltcGwtPndpbmRvd1N5c3RlbUluZm8oKTsKKyAgICBjYWxsU2V0V2luZG93KCk7CiAgICAgcmV0 dXJuIHRydWU7CiB9CiAK