314087 2026-05-05 07:50:31 -0700 REGRESSION(308116@main): Crash in WebKit::AcceleratedSurface::sendFrame 2026-05-06 02:40:24 -0700 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build PC Linux RESOLVED FIXED P2 Normal --- 1 mcatanzaro cgarcia bugs-noreply jan.brummer mcatanzaro oldest_to_newest 2207660 0 mcatanzaro 2026-05-05 07:50:31 -0700 We have a non-public email client application, which sometimes crashes when creating a web view. Carlos Garcia requested that I create this bug report even though I do not have a reproducer to share: (gdb) bt #0 WTFCrash () at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Assertions.cpp:380 #1 0x00007ff9ce8e8aa9 in WTF::CrashOnOverflow::crash () at WTF/Headers/wtf/OverflowHandler.h:66 #2 0x00007ff9ce8e8a99 in WTF::CrashOnOverflow::overflowed () at WTF/Headers/wtf/OverflowHandler.h:59 #3 0x00007ff9cf47c3b4 in WTF::Vector<std::pair<WebKit::AcceleratedSurface::RenderTarget*, WTF::Vector<WebCore::IntRect, 1, WTF::CrashOnOverflow, 16, WTF::FastMalloc> >, 1, WTF::CrashOnOverflow, 16, WTF::FastMalloc>::takeLast (this=<optimized out>) at WTF/Headers/wtf/Vector.h:826 #4 0x00007ff9cf47c1e8 in WebKit::AcceleratedSurface::sendFrame (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/AcceleratedSurface.cpp:1079 #5 0x00007ff9cf48e728 in WebKit::NonCompositedFrameRenderer::finishRenderingUpdate (this=0x7ff9a60287e0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/NonCompositedFrameRenderer.cpp:279 #6 WebKit::NonCompositedFrameRenderer::updateRendering (this=0x7ff9a60287e0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/NonCompositedFrameRenderer.cpp:273 #7 0x00007ff9cf48398b in WebKit::DrawingAreaCoordinatedGraphics::updateGeometry (this=this@entry=0x7ff9a6024300, size=..., completionHandler=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphicsGLib.cpp:261 #8 0x00007ff9cea76f0c in IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}::operator()<WebCore::IntSize>(WebCore::IntSize&&) const (args=..., this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:150 #9 std::__invoke_impl<void, IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}, WebCore::IntSize>(std::__invoke_other, IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}&&, WebCore::IntSize&&) (__args=..., __f=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/16/../../../../include/c++/16/bits/invoke.h:63 #10 std::__invoke<IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}, WebCore::IntSize>(IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}&&, WebCore::IntSize&&) (__args=..., __fn=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/16/../../../../include/c++/16/bits/invoke.h:98 #11 std::__apply_impl<IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}, std::tuple<WebCore::IntSize>, 0ul>(IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}&&, std::tuple<WebCore::IntSize>&&, std::integer_sequence<unsigned long, 0ul>) (__t=..., __f=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/16/../../../../include/c++/16/tuple:2976 #12 apply<(lambda at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:148:9), std::tuple<WebCore::IntSize> > ( __t=..., __f=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/16/../../../../include/c++/16/tuple:2991 #13 IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void(WebCore::IntSize const&, WTF::CompletionHandler<void()>&&), std::tuple<WebCore::IntSize>, void()> (object=<optimized out>, function=<optimized out>, tuple=..., completionHandler=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:147 #14 IPC::handleMessageAsync<Messages::DrawingArea::UpdateGeometry, IPC::Connection, WebKit::DrawingArea, WebKit::DrawingArea, void(WebCore::IntSize const&, WTF::CompletionHandler<void()>&&)> (connection=..., decoder=..., object=object@entry=0x7ff9a6024300, function=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:553 #15 0x00007ff9cea76c71 in WebKit::DrawingArea::didReceiveMessage (this=0x7ff9a6024300, connection=..., decoder=...) at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk4/DerivedSources/WebKit/DrawingAreaMessageReceiver.cpp:71 #16 0x00007ff9ceea755c in IPC::MessageReceiverMap::dispatchMessage (this=<optimized out>, connection=..., decoder=...) at WTF/Headers/wtf/Ref.h:54 #17 0x00007ff9ceeb0d1c in WebKit::AuxiliaryProcess::dispatchMessage (this=this@entry=0x7ff9a6018460, connection=..., decoder=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcess.cpp:154 #18 0x00007ff9ce9ecb96 in WebKit::AuxiliaryProcess::didReceiveMessage (this=0x7ff9a6018460, connection=..., decoder=...) at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk4/DerivedSources/WebKit/AuxiliaryProcessMessageReceiver.cpp:74 #19 0x00007ff9cee9e7bb in IPC::Connection::dispatchMessage (this=this@entry=0x7ff9a6054100, decoder=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1421 #20 0x00007ff9cee9ea22 in IPC::Connection::dispatchMessage (this=0x7ff9a6054100, message=...) --Type <RET> for more, q to quit, c to continue without paging--c at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1481 #21 0x00007ff9cee9eb31 in IPC::Connection::dispatchOneIncomingMessage (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1555 #22 0x00007ff9ca9f2925 in WTF::Function<void()>::operator() (this=0x7ffda93ae090) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Function.h:103 #23 WTF::RunLoop::performWork (this=this@entry=0x7ff9a6018110) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/RunLoop.cpp:145 #24 0x00007ff9caab71e9 in WTF::RunLoop::RunLoop()::$_0::operator()(void*) const (userData=0x7ffda93ad8c8, userData@entry=0x7ff9a6018110, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:153 #25 __invoke (userData=0x7ffda93ad8c8, userData@entry=0x7ff9a6018110) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:152 #26 0x00007ff9caab5d29 in WTF::RunLoop::$_3::operator() (source=0x2322f640, callback=0x7ff9caab71e0 <__invoke()>, userData=0x7ff9a6018110, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:116 #27 __invoke (source=0x2322f640, callback=0x7ff9caab71e0 <__invoke()>, userData=0x7ff9a6018110) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:89 #28 0x00007ff9cad7362c in g_main_dispatch (context=0x2322f6e0) at ../../../../Projects/glib/glib/gmain.c:3591 #29 0x00007ff9cad74a77 in g_main_context_dispatch_unlocked (context=0x2322f6e0) at ../../../../Projects/glib/glib/gmain.c:4451 #30 0x00007ff9cad74a41 in g_main_context_dispatch (context=0x2322f6e0) at ../../../../Projects/glib/glib/gmain.c:4439 #31 0x00007ff9caab63c3 in WTF::RunLoop::runGLibMainLoopIteration (this=this@entry=0x7ff9a6018110, mayBlock=mayBlock@entry=WTF::RunLoop::MayBlock::Yes) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:191 #32 0x00007ff9caab66ca in WTF::RunLoop::runGLibMainLoop (this=0x7ff9a6018110) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:200 #33 WTF::RunLoop::run () at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:213 #34 0x00007ff9cf499913 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run (this=0x7ffda93ae2a0, argc=<optimized out>, argv=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:77 #35 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk> (argc=3, argv=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:103 #36 0x00007ff9c5e08681 in __libc_start_call_main (main=main@entry=0x201890 <main(int, char**)>, argc=argc@entry=3, argv=argv@entry=0x7ffda93ae448) at ../sysdeps/nptl/libc_start_call_main.h:59 #37 0x00007ff9c5e08798 in __libc_start_main_impl (main=0x201890 <main(int, char**)>, argc=3, argv=0x7ffda93ae448, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffda93ae438) at ../csu/libc-start.c:360 #38 0x00000000002017c5 in _start () (gdb) bt full #0 WTFCrash () at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Assertions.cpp:380 No locals. #1 0x00007ff9ce8e8aa9 in WTF::CrashOnOverflow::crash () at WTF/Headers/wtf/OverflowHandler.h:66 No locals. #2 0x00007ff9ce8e8a99 in WTF::CrashOnOverflow::overflowed () at WTF/Headers/wtf/OverflowHandler.h:59 No locals. #3 0x00007ff9cf47c3b4 in WTF::Vector<std::pair<WebKit::AcceleratedSurface::RenderTarget*, WTF::Vector<WebCore::IntRect, 1, WTF::CrashOnOverflow, 16, WTF::FastMalloc> >, 1, WTF::CrashOnOverflow, 16, WTF::FastMalloc>::takeLast (this=<optimized out>) at WTF/Headers/wtf/Vector.h:826 result = <optimized out> #4 0x00007ff9cf47c1e8 in WebKit::AcceleratedSurface::sendFrame (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/AcceleratedSurface.cpp:1079 target = <optimized out> damageRects = <optimized out> #5 0x00007ff9cf48e728 in WebKit::NonCompositedFrameRenderer::finishRenderingUpdate (this=0x7ff9a60287e0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/NonCompositedFrameRenderer.cpp:279 No locals. #6 WebKit::NonCompositedFrameRenderer::updateRendering (this=0x7ff9a60287e0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/NonCompositedFrameRenderer.cpp:273 scaledSize = {m_width = 815, m_height = 0} reentrancyProtector = {m_scopedVariable = @0x7ff9a60287f2, m_valueToRestore = false} webPage = {static isRef = <optimized out>, m_ptr = 0x7ff9a60c8680} drawingArea = <optimized out> #7 0x00007ff9cf48398b in WebKit::DrawingAreaCoordinatedGraphics::updateGeometry (this=this@entry=0x7ff9a6024300, size=..., completionHandler=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphicsGLib.cpp:261 inUpdateGeometry = {m_scopedVariable = @0x7ff9a6024343, m_valueToRestore = false} webPage = {static isRef = <optimized out>, m_ptr = 0x7ff9a60c8680} #8 0x00007ff9cea76f0c in IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}::operator()<WebCore::IntSize>(WebCore::IntSize&&) const (args=..., this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:150 No locals. #9 std::__invoke_impl<void, IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}, WebCore::IntSize>(std::__invoke_other, IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}&&, WebCore::IntSize&&) (__args=..., __f=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/16/../../../../include/c++/16/bits/invoke.h:63 No locals. #10 std::__invoke<IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}, WebCore::IntSize>(IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}&&, WebCore::IntSize&&) (__args=..., __fn=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/16/../../../../include/c++/16/bits/invoke.h:98 No locals. #11 std::__apply_impl<IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}, std::tuple<WebCore::IntSize>, 0ul>(IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void (WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>, void ()>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(WebCore::IntSize const&, WTF::CompletionHandler<void ()>&&), std::tuple<WebCore::IntSize>&&, WTF::CompletionHandler<void ()>&&)::{lambda((auto:1&&)...)#1}&&, std::tuple<WebCore::IntSize>&&, std::integer_sequence<unsigned long, 0ul>) (__t=..., __f=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/16/../../../../include/c++/16/tuple:2976 No locals. #12 apply<(lambda at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:148:9), std::tuple<WebCore::IntSize> > ( __t=..., __f=...) at /usr/bin/../lib/gcc/x86_64-redhat-linux/16/../../../../include/c++/16/tuple:2991 --Type <RET> for more, q to quit, c to continue without paging--c No locals. #13 IPC::callMemberFunction<WebKit::DrawingArea, WebKit::DrawingArea, void(WebCore::IntSize const&, WTF::CompletionHandler<void()>&&), std::tuple<WebCore::IntSize>, void()> (object=<optimized out>, function=<optimized out>, tuple=..., completionHandler=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:147 No locals. #14 IPC::handleMessageAsync<Messages::DrawingArea::UpdateGeometry, IPC::Connection, WebKit::DrawingArea, WebKit::DrawingArea, void(WebCore::IntSize const&, WTF::CompletionHandler<void()>&&)> (connection=..., decoder=..., object=object@entry=0x7ff9a6024300, function=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:553 arguments = std::optional containing std::tuple containing = {[0] = {m_width = 815, m_height = 0}} completionHandler = {m_function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<UNKNOWN_TYPE>> = { get() = 0x7ff9a61f5fe0}}, m_callThread = {<No data fields>}} replyID = Python Exception <class 'gdb.error'>: value has been optimized out {<std::_Optional_base<WTF::ObjectIdentifierGeneric<IPC::AsyncReplyIDType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long>, unsigned long>, 1, 1>> = { _M_payload = {<std::_Optional_payload_base<WTF::ObjectIdentifierGeneric<IPC::AsyncReplyIDType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long>, unsigned long> >> = {_M_payload = {_M_empty = {<No data fields>}, _M_value = {<WTF::ObjectIdentifierGenericBase<unsigned long>> = { static safeToCompareToHashTableEmptyOrDeletedValue = true, m_identifier = 106}, static m_generationProtected = false}}, _M_engaged = <optimized out>}, <No data fields>}}, <std::_Enable_copy_move<1, 1, 1, 1, std::optional<WTF::ObjectIdentifierGeneric<IPC::AsyncReplyIDType, WTF::ObjectIdentifierThreadSafeAccessTraits<unsigned long>, unsigned long> > >> = {<No data fields>}, <No data fields>} #15 0x00007ff9cea76c71 in WebKit::DrawingArea::didReceiveMessage (this=0x7ff9a6024300, connection=..., decoder=...) at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk4/DerivedSources/WebKit/DrawingAreaMessageReceiver.cpp:71 protectedThis = {static isRef = <optimized out>, m_ptr = 0x7ff9a6024300} #16 0x00007ff9ceea755c in IPC::MessageReceiverMap::dispatchMessage (this=<optimized out>, connection=..., decoder=...) at WTF/Headers/wtf/Ref.h:54 No locals. #17 0x00007ff9ceeb0d1c in WebKit::AuxiliaryProcess::dispatchMessage (this=this@entry=0x7ff9a6018460, connection=..., decoder=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcess.cpp:154 No locals. #18 0x00007ff9ce9ecb96 in WebKit::AuxiliaryProcess::didReceiveMessage (this=0x7ff9a6018460, connection=..., decoder=...) at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk4/DerivedSources/WebKit/AuxiliaryProcessMessageReceiver.cpp:74 protectedThis = {static isRef = <optimized out>, m_ptr = 0x7ff9a6018460} #19 0x00007ff9cee9e7bb in IPC::Connection::dispatchMessage (this=this@entry=0x7ff9a6054100, decoder=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1421 client = {static isRefPtr = <optimized out>, m_ptr = 0x7ff9a6018460} #20 0x00007ff9cee9ea22 in IPC::Connection::dispatchMessage (this=0x7ff9a6054100, message=...) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1481 oldDidReceiveInvalidMessage = false isDispatchingMessageWhileWaitingForSyncReply = <optimized out> didReceiveInvalidMessage = <optimized out> #21 0x00007ff9cee9eb31 in IPC::Connection::dispatchOneIncomingMessage (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1555 message = std::unique_ptr<IPC::Decoder> = {get() = 0x0} #22 0x00007ff9ca9f2925 in WTF::Function<void()>::operator() (this=0x7ffda93ae090) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Function.h:103 No locals. #23 WTF::RunLoop::performWork (this=this@entry=0x7ff9a6018110) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/RunLoop.cpp:145 function = <optimized out> didSuspendFunctions = false #24 0x00007ff9caab71e9 in WTF::RunLoop::RunLoop()::$_0::operator()(void*) const (userData=0x7ffda93ad8c8, userData@entry=0x7ff9a6018110, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:153 No locals. #25 __invoke (userData=0x7ffda93ad8c8, userData@entry=0x7ff9a6018110) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:152 No locals. #26 0x00007ff9caab5d29 in WTF::RunLoop::$_3::operator() (source=0x2322f640, callback=0x7ff9caab71e0 <__invoke()>, userData=0x7ff9a6018110, this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:116 readyTime = <optimized out> name = 0x23205f10 "[WebKit] RunLoop work" runLoopSource = @0x2322f640: {source = {callback_data = 0x2322f900, callback_funcs = 0x7ff9caeb4ba0 <g_source_callback_funcs>, source_funcs = 0x7ff9cab9cb30 <WTF::RunLoop::s_runLoopSourceFunctions>, ref_count = 3, context = 0x2322f6e0, priority = 100, flags = 35, source_id = 1, poll_fds = 0x0, prev = 0x0, next = 0x23233e30, name = 0x23205f10 "[WebKit] RunLoop work", priv = 0x2322f880}, runLoop = 0x7ff9a6018110, timerFd = -1, timerFdSpec = {it_interval = {tv_sec = 0, tv_nsec = 0}, it_value = {tv_sec = 0, tv_nsec = 0}}} returnValue = <optimized out> shouldEnableSourceDispatchSignposts = false #27 __invoke (source=0x2322f640, callback=0x7ff9caab71e0 <__invoke()>, userData=0x7ff9a6018110) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:89 No locals. #28 0x00007ff9cad7362c in g_main_dispatch (context=0x2322f6e0) at ../../../../Projects/glib/glib/gmain.c:3591 dispatch = 0x7ff9caab5c70 <__invoke()> prev_source = 0x0 begin_time_nsec = 30214578368426 was_in_call = 0 user_data = 0x7ff9a6018110 callback = 0x7ff9caab71e0 <__invoke()> cb_funcs = 0x7ff9caeb4ba0 <g_source_callback_funcs> cb_data = 0x2322f900 need_destroy = 0 source = 0x2322f640 current = 0x23201bf0 i = 0 __func__ = "g_main_dispatch" #29 0x00007ff9cad74a77 in g_main_context_dispatch_unlocked (context=0x2322f6e0) at ../../../../Projects/glib/glib/gmain.c:4451 No locals. #30 0x00007ff9cad74a41 in g_main_context_dispatch (context=0x2322f6e0) at ../../../../Projects/glib/glib/gmain.c:4439 No locals. #31 0x00007ff9caab63c3 in WTF::RunLoop::runGLibMainLoopIteration (this=this@entry=0x7ff9a6018110, mayBlock=mayBlock@entry=WTF::RunLoop::MayBlock::Yes) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:191 maxPriority = 100 timeoutInMilliseconds = 0 numFDs = <optimized out> #32 0x00007ff9caab66ca in WTF::RunLoop::runGLibMainLoop (this=0x7ff9a6018110) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:200 No locals. #33 WTF::RunLoop::run () at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:213 runLoop = {static isRef = <optimized out>, m_ptr = 0x7ff9a6018110} #34 0x00007ff9cf499913 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run (this=0x7ffda93ae2a0, argc=<optimized out>, argv=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:77 No locals. #35 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk> (argc=3, argv=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:103 auxiliaryMain = {m_storage = {m_storage = {data = {224, 38, 43, 210, 249, 127, 0 <repeats 26 times>, 10, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 255, 255, 255, 255, 1, 0 <repeats 19 times>}}}} #36 0x00007ff9c5e08681 in __libc_start_call_main (main=main@entry=0x201890 <main(int, char**)>, argc=argc@entry=3, argv=argv@entry=0x7ffda93ae448) at ../sysdeps/nptl/libc_start_call_main.h:59 self = <optimized out> result = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -3814188971436946901, 140727442662472, 3, 140710954594304, 2107648, -3814188971449529813, -3811840915947664853}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x7ffda93ae448}, data = { prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <optimized out> #37 0x00007ff9c5e08798 in __libc_start_main_impl (main=0x201890 <main(int, char**)>, argc=3, argv=0x7ffda93ae448, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffda93ae438) at ../csu/libc-start.c:360 No locals. #38 0x00000000002017c5 in _start () No symbol table info available. 2207787 1 mcatanzaro 2026-05-05 14:01:48 -0700 Good news! It was easy to bisect. 603ace503c08e9f648f95eb6dde1d3a638f21616 is the first bad commit commit 603ace503c08e9f648f95eb6dde1d3a638f21616 Author: Carlos Garcia Campos <cgarcia@igalia.com> Date: Tue Feb 24 03:27:12 2026 -0800 [GTK][WPE] Non-composited renderer should not wait for UI process frame done notification to start rendering the next frame https://bugs.webkit.org/show_bug.cgi?id=308464 Reviewed by Nikolas Zimmermann. We need to wait until frame done notification from UI process to send the next frame message, but it can be rendered already. This patch splits didRenderFrame() moving the Frame message notification to sendFrame() method. This allows the non-composited renderer to render the next frame and notify later when waiting for previous frame done. * Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/AcceleratedSurface.cpp: (WebKit::AcceleratedSurface::RenderTargetShareableBuffer::sendFrame): (WebKit::AcceleratedSurface::RenderTargetSHMImage::didRenderFrame): (WebKit::AcceleratedSurface::RenderTargetSHMImageWithoutGL::sendFrame): (WebKit::AcceleratedSurface::RenderTargetWPEBackend::didRenderFrame): (WebKit::AcceleratedSurface::SwapChain::handleBufferFormatChangeIfNeeded): (WebKit::AcceleratedSurface::SwapChain::nextTarget): (WebKit::AcceleratedSurface::willDestroyGLContext): (WebKit::AcceleratedSurface::willRenderFrame): (WebKit::AcceleratedSurface::didRenderFrame): (WebKit::AcceleratedSurface::sendFrame): (WebKit::AcceleratedSurface::frameDone): (WebKit::AcceleratedSurface::RenderTargetShareableBuffer::didRenderFrame): Deleted. (WebKit::AcceleratedSurface::RenderTargetSHMImageWithoutGL::didRenderFrame): Deleted. * Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/AcceleratedSurface.h: * Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/NonCompositedFrameRenderer.cpp: (WebKit::NonCompositedFrameRenderer::sizeDidChange): (WebKit::NonCompositedFrameRenderer::scheduleRenderingUpdate): (WebKit::NonCompositedFrameRenderer::canUpdateRendering const): (WebKit::NonCompositedFrameRenderer::updateRendering): (WebKit::NonCompositedFrameRenderer::finishRenderingUpdate): (WebKit::NonCompositedFrameRenderer::frameComplete): (WebKit::NonCompositedFrameRenderer::updateRenderingWithForcedRepaint): * Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/NonCompositedFrameRenderer.h: * Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp: (WebKit::ThreadedCompositor::renderLayerTree): Canonical link: https://commits.webkit.org/308116@main Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/AcceleratedSurface.cpp | 57 ++++++++++++++++++++++++++++++++++--------------- Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/AcceleratedSurface.h | 14 +++++++----- Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/NonCompositedFrameRenderer.cpp | 39 +++++++++++++++++++++++---------- Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/NonCompositedFrameRenderer.h | 4 +++- Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/ThreadedCompositor.cpp | 1 + 5 files changed, 81 insertions(+), 34 deletions(-) 2207997 2 cgarcia 2026-05-05 22:34:25 -0700 Pull request: https://github.com/WebKit/WebKit/pull/64341 2208051 3 ews-feeder 2026-05-06 02:40:21 -0700 Committed 312680@main (cf5c74d947a1): <https://commits.webkit.org/312680@main> Reviewed commits have been landed. Closing PR #64341 and removing active labels.