Bug 190787

Summary:	[GTK] Crash while doing drag and drop
Product:	WebKit	Reporter:	Tomas Popela <tpopela>
Component:	WebKitGTK	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED WORKSFORME
Severity:	Normal	CC:	bugs-noreply, mcatanzaro
Priority:	P2
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://bugzilla.redhat.com/show_bug.cgi?id=1641396 https://bugzilla.redhat.com/show_bug.cgi?id=1166599 https://bugs.webkit.org/show_bug.cgi?id=217482

Description Tomas Popela 2018-10-22 00:17:18 PDT

Reported in downstream in 2.22.0 - https://bugzilla.redhat.com/show_bug.cgi?id=1641396. But what's even more interesting is that the same crash was reported in past against 2.6 as well in https://bugzilla.redhat.com/show_bug.cgi?id=1166599

#0  WebKit::ShareableBitmap::isBackedBySharedMemory (this=0x0) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Shared/ShareableBitmap.h:109
No locals.
#1  WebKit::ShareableBitmap::data (this=this@entry=0x0) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Shared/ShareableBitmap.cpp:170
No locals.
#2  0x00007f8fe9e38876 in WebKit::ShareableBitmap::createCairoSurface (this=0x0) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Shared/cairo/ShareableBitmapCairo.cpp:85
        image = {static isRefPtr = <optimized out>, m_ptr = 0x0}
        dataKey = {unused = 0}
#3  0x00007f8fe9e388f0 in WebKit::ShareableBitmap::createGraphicsContext (this=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Shared/cairo/ShareableBitmapCairo.cpp:61
        image = {static isRefPtr = <optimized out>, m_ptr = 0x0}
        bitmapContext = <optimized out>
#4  0x00007f8fea134886 in WebKit::convertCairoSurfaceToShareableBitmap (surface=0x55f87d0de270) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/WebProcess/WebCoreSupport/gtk/WebDragClientGtk.cpp:54
        imageSize = {m_width = 200, m_height = 0}
        bitmap = {static isRefPtr = <optimized out>, m_ptr = 0x0}
        graphicsContext = {_M_t = {_M_t = {<std::_Tuple_impl<0, WebCore::GraphicsContext*, std::default_delete<WebCore::GraphicsContext> >> = {<std::_Tuple_impl<1, std::default_delete<WebCore::GraphicsContext> >> = {<std::_Head_base<1, std::default_delete<WebCore::GraphicsContext>, true>> = {<std::default_delete<WebCore::GraphicsContext>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebCore::GraphicsContext*, false>> = {_M_head_impl = 0x1}, <No data fields>}, <No data fields>}}}
        state = <optimized out>
        imageSize = <optimized out>
        bitmap = <optimized out>
        graphicsContext = <optimized out>
        state = <optimized out>
#5  WebKit::WebDragClient::startDrag (this=0x55f87cb29c00, item=..., dataTransfer=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/WebProcess/WebCoreSupport/gtk/WebDragClientGtk.cpp:69
        dragImage = <optimized out>
        bitmap = <optimized out>
        handle = {m_handle = {m_attachment = {m_type = IPC::Attachment::Uninitialized, m_fileDescriptor = 200, m_size = 0}}, m_size = {m_width = 1090519040, m_height = 1115160576}, m_configuration = {isOpaque = false}}
        selection = {selectionData = {static isRef = <optimized out>, m_ptr = 0xca000004b0}}
#6  0x00007f8feadf821f in WebCore::DragController::doSystemDrag (this=this@entry=0x7f8fc70f72d0, image=..., dragLoc=..., eventPos=..., frame=..., state=..., promisedBlob=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebCore/page/DragController.cpp:1266
        frameProtector = {static isRef = <optimized out>, m_ptr = 0x7f8f58a4b900}
        viewProtector = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f61a02600}
        item = {image = {m_dragImageRef = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_indicatorData = {<std::optional_base<WebCore::TextIndicatorData>> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = {selectionRectInRootViewCoordinates = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 0.766094208, m_height = 4.59163468e-41}}, textBoundingRectInRootViewCoordinates = {m_location = {m_x = 1.07387699e+09, m_y = 4.57594014e-41}, m_size = {m_width = -1.65900553e+26, m_height = 4.57594014e-41}}, contentImageWithoutSelectionRectInRootViewCoordinates = {m_location = {m_x = 0.766031742, m_y = 4.59163468e-41}, m_size = {m_width = 0, m_height = 4.57594014e-41}}, textRectsInBoundingRectCoordinates = {<WTF::VectorBuffer<WebCore::FloatRect, 0>> = {<WTF::VectorBufferBase<WebCore::FloatRect>> = {m_buffer = 0x0, m_capacity = 3964258072, m_size = 32655}, <No data fields>}, <No data fields>}, contentImageScaleFactor = 53018624, contentImageWithHighlight = {static isRefPtr = <optimized out>, m_ptr = 0x5c000}, contentImageWithoutSelection = {static isRefPtr = <optimized out>, m_ptr = 0x20000000200}, contentImage = {static isRefPtr = <optimized out>, m_ptr = 0x20000000200}, estimatedBackgroundColor = {static black = 4278190080, static white = 4294967295, static darkGray = 4286611584, static gray = 4288716960, static lightGray = 4290822336, static transparent = 0, static cyan = 4278255615, static yellow = 4294967040, static compositionFill = 4292992341, static extendedColor = 0, static invalidRGBAColor = 1, static validRGBAColorBit = 2, static validRGBAColor = 3, static isSemanticRBGAColorBit = 4, static deletedHashValue = 18446744073709551613, static emptyHashValue = 18446744073709551611, m_colorData = {rgbaAndFlags = 1, extendedColor = 0x1}}, presentationTransition = -126, options = 59578}}}, <No data fields>}}, imageAnchorPoint = {m_x = 0, m_y = 0}, sourceAction = WebCore::DragSourceActionImage, eventPositionInContentCoordinates = {m_x = 343, m_y = 72}, dragLocationInContentCoordinates = {m_x = 328, m_y = 72}, dragLocationInWindowCoordinates = {m_x = 328, m_y = 72}, title = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, url = {m_string = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_isValid = 0, m_protocolIsInHTTPFamily = 0, m_cannotBeABaseURL = 0, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 0, m_userStart = 0, m_userEnd = 0, m_passwordEnd = 0, m_hostEnd = 0, m_pathAfterLastSlash = 0, m_pathEnd = 0, m_queryEnd = 0}, dragPreviewFrameInRootViewCoordinates = {m_location = {m_x = 8, m_y = 62}, m_size = {m_width = 4152, m_height = 17}}, data = {m_plainText = {<std::optional_base<WebCore::PasteboardWriterData::PlainText>> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = {canSmartCopyOrDelete = false, text = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8fe4a905ae <_cairo_pattern_is_clear+270>}}}}}, <No data fields>}, m_url = {<std::optional_base<WebCore::PasteboardWriterData::URL>> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = {url = {m_string = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_isValid = 0, m_protocolIsInHTTPFamily = 0, m_cannotBeABaseURL = 0, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 0, m_userStart = 0, m_userEnd = 0, m_passwordEnd = 1072693248, m_hostEnd = 1061428192, m_pathAfterLastSlash = 4294934527, m_pathEnd = 0, m_queryEnd = 0}, title = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8fe4b1b3e0 <__cairo_clip_all>}}, markup = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0xe7d48aabfbe05300}}}}}, <No data fields>}, m_webContent = {<std::optional_base<WebCore::PasteboardWriterData::WebContent>> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = {<No data fields>}}}, <No data fields>}}, promisedBlob = {blobURL = {m_string = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_isValid = 0, m_protocolIsInHTTPFamily = 0, m_cannotBeABaseURL = 0, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 0, m_userStart = 0, m_userEnd = 0, m_passwordEnd = 0, m_hostEnd = 0, m_pathAfterLastSlash = 0, m_pathEnd = 0, m_queryEnd = 0}, contentType = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, filename = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, additionalTypes = {<WTF::VectorBuffer<WTF::String, 0>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}, additionalData = {<WTF::VectorBuffer<WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >, 0>> = {<WTF::VectorBufferBase<WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> > >> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}}}
        eventPositionInRootViewCoordinates = {m_x = 343, m_y = 72}
        dragLocationInRootViewCoordinates = {m_x = 328, m_y = 72}
#7  0x00007f8feadf8f5d in WebCore::DragController::doImageDrag (this=this@entry=0x7f8fc70f72d0, element=..., dragOrigin=..., layoutRect=..., frame=..., dragImageOffset=..., state=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebCore/platform/URL.h:58
        mouseDownPoint = {m_x = 343, m_y = 72}
        dragImage = {m_dragImageRef = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_indicatorData = {<std::optional_base<WebCore::TextIndicatorData>> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = {selectionRectInRootViewCoordinates = {m_location = {m_x = 0.766082764, m_y = 4.59163468e-41}, m_size = {m_width = -1.84637372e+26, m_height = 4.57594014e-41}}, textBoundingRectInRootViewCoordinates = {m_location = {m_x = 6.15004957e+15, m_y = 4.57594014e-41}, m_size = {m_width = 0, m_height = 0}}, contentImageWithoutSelectionRectInRootViewCoordinates = {m_location = {m_x = 2084, m_y = 70.5}, m_size = {m_width = 8, m_height = 62}}, textRectsInBoundingRectCoordinates = {<WTF::VectorBuffer<WebCore::FloatRect, 0>> = {<WTF::VectorBufferBase<WebCore::FloatRect>> = {m_buffer = 0x4278000045820000, m_capacity = 1166147584, m_size = 1117650944}, <No data fields>}, <No data fields>}, contentImageScaleFactor = 8, contentImageWithHighlight = {static isRefPtr = <optimized out>, m_ptr = 0x0}, contentImageWithoutSelection = {static isRefPtr = <optimized out>, m_ptr = 0x0}, contentImage = {static isRefPtr = <optimized out>, m_ptr = 0x0}, estimatedBackgroundColor = {static black = 4278190080, static white = 4294967295, static darkGray = 4286611584, static gray = 4288716960, static lightGray = 4290822336, static transparent = 0, static cyan = 4278255615, static yellow = 4294967040, static compositionFill = 4292992341, static extendedColor = 0, static invalidRGBAColor = 1, static validRGBAColorBit = 2, static validRGBAColor = 3, static isSemanticRBGAColorBit = 4, static deletedHashValue = 18446744073709551613, static emptyHashValue = 18446744073709551611, m_colorData = {rgbaAndFlags = 1325465856, extendedColor = 0x4f010100}}, presentationTransition = WebCore::TextIndicatorPresentationTransition::None, options = 64480}}}, <No data fields>}}
        scaledOrigin = <optimized out>
        orientationDescription = {m_respectOrientation = <optimized out>, m_orientation = WebCore::OriginTopLeft}
        image = <optimized out>
#8  0x00007f8feadfb449 in WebCore::DragController::startDrag (this=0x7f8fc70f72d0, src=..., state=..., srcOp=<optimized out>, dragEvent=..., dragOrigin=..., hasData=WebCore::HasNonDefaultPasteboardData::No) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebCore/page/DragController.cpp:1019
        protector = {static isRef = <optimized out>, m_ptr = 0x7f8f58a4b900}
        hitTestResult = {m_hitTestLocation = {m_point = {m_x = {m_value = 21952}, m_y = {m_value = 4608}}, m_boundingBox = {m_location = {m_x = 343, m_y = 72}, m_size = {m_width = 1, m_height = 1}}, m_transformedPoint = {m_x = 343, m_y = 72}, m_transformedRect = {m_p1 = {m_x = 343, m_y = 72}, m_p2 = {m_x = 344, m_y = 72}, m_p3 = {m_x = 344, m_y = 73}, m_p4 = {m_x = 343, m_y = 73}}, m_isRectBased = false, m_isRectilinear = true}, m_innerNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_innerNonSharedNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_pointInInnerNodeFrame = {m_x = {m_value = 21952}, m_y = {m_value = 4608}}, m_localPoint = {m_x = {m_value = 21440}, m_y = {m_value = 640}}, m_innerURLElement = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_scrollbar = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_isOverWidget = false, m_listBasedTestResult = {_M_t = {_M_t = {<std::_Tuple_impl<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Tuple_impl<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Head_base<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >, true>> = {<std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}}
        includeShadowDOM = <optimized out>
        sourceContainsHitNode = <optimized out>
        linkURL = {m_string = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_isValid = 0, m_protocolIsInHTTPFamily = 0, m_cannotBeABaseURL = 0, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 0, m_userStart = 0, m_userEnd = 0, m_passwordEnd = 0, m_hostEnd = 0, m_pathAfterLastSlash = 0, m_pathEnd = 0, m_queryEnd = 0}
        imageURL = {m_string = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f6c1cd000}}, m_isValid = 1, m_protocolIsInHTTPFamily = 0, m_cannotBeABaseURL = 1, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 4, m_userStart = 5, m_userEnd = 5, m_passwordEnd = 5, m_hostEnd = 5, m_pathAfterLastSlash = 19567, m_pathEnd = 19746, m_queryEnd = 19746}
        mouseDraggedPoint = {m_x = 349, m_y = 71}
        dragImage = {m_dragImageRef = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_indicatorData = {<std::optional_base<WebCore::TextIndicatorData>> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = {selectionRectInRootViewCoordinates = {m_location = {m_x = 1.15638941e+37, m_y = 3.08397766e-41}, m_size = {m_width = -1.44175582e+20, m_height = 4.57594014e-41}}, textBoundingRectInRootViewCoordinates = {m_location = {m_x = 1.15639144e+37, m_y = 3.08397766e-41}, m_size = {m_width = 1.40129846e-45, m_height = 0}}, contentImageWithoutSelectionRectInRootViewCoordinates = {m_location = {m_x = 1.15639246e+37, m_y = 3.08397766e-41}, m_size = {m_width = -2.32951587e+36, m_height = -2.00739933e+24}}, textRectsInBoundingRectCoordinates = {<WTF::VectorBuffer<WebCore::FloatRect, 0>> = {<WTF::VectorBufferBase<WebCore::FloatRect>> = {m_buffer = 0x7fff3f442290, m_capacity = 1061429904, m_size = 32767}, <No data fields>}, <No data fields>}, contentImageScaleFactor = 0.766153812, contentImageWithHighlight = {static isRefPtr = <optimized out>, m_ptr = 0x55f87d0b3210}, contentImageWithoutSelection = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f58a329d8}, contentImage = {static isRefPtr = <optimized out>, m_ptr = 0x7f8fea021852 <WebKit::GObjectEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)+178>}, estimatedBackgroundColor = {static black = 4278190080, static white = 4294967295, static darkGray = 4286611584, static gray = 4288716960, static lightGray = 4290822336, static transparent = 0, static cyan = 4278255615, static yellow = 4294967040, static compositionFill = 4292992341, static extendedColor = 0, static invalidRGBAColor = 1, static validRGBAColorBit = 2, static validRGBAColor = 3, static isSemanticRBGAColorBit = 4, static deletedHashValue = 18446744073709551613, static emptyHashValue = 18446744073709551611, m_colorData = {rgbaAndFlags = 0, extendedColor = 0x0}}, presentationTransition = WebCore::TextIndicatorPresentationTransition::None, options = 0}}}, <No data fields>}}
        dragLoc = {m_x = 0, m_y = 0}
        dragImageOffset = {m_x = 0, m_y = 0}
        dataTransfer = @0x7f8f59aae930: {<WTF::RefCounted<WebCore::DataTransfer>> = {<WTF::RefCountedBase> = {m_refCount = 1}, <No data fields>}, m_originIdentifier = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, m_storeMode = WebCore::DataTransfer::StoreMode::Invalid, m_pasteboard = {_M_t = {_M_t = {<std::_Tuple_impl<0, WebCore::Pasteboard*, std::default_delete<WebCore::Pasteboard> >> = {<std::_Tuple_impl<1, std::default_delete<WebCore::Pasteboard> >> = {<std::_Head_base<1, std::default_delete<WebCore::Pasteboard>, true>> = {<std::default_delete<WebCore::Pasteboard>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebCore::Pasteboard*, false>> = {_M_head_impl = 0x7f8f59a9f870}, <No data fields>}, <No data fields>}}}, m_itemList = {_M_t = {_M_t = {<std::_Tuple_impl<0, WebCore::DataTransferItemList*, std::default_delete<WebCore::DataTransferItemList> >> = {<std::_Tuple_impl<1, std::default_delete<WebCore::DataTransferItemList> >> = {<std::_Head_base<1, std::default_delete<WebCore::DataTransferItemList>, true>> = {<std::default_delete<WebCore::DataTransferItemList>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebCore::DataTransferItemList*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}, m_fileList = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_type = WebCore::DataTransfer::Type::DragAndDropData, m_dropEffect = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f59a9f8b8}}, m_effectAllowed = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f59a9f8d0}}, m_shouldUpdateDragImage = true, m_dragLocation = {m_x = 0, m_y = 0}, m_dragImage = {<WebCore::CachedResourceHandleBase> = {m_resource = 0x0}, <No data fields>}, m_dragImageElement = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_dragImageLoader = {_M_t = {_M_t = {<std::_Tuple_impl<0, WebCore::DragImageLoader*, std::default_delete<WebCore::DragImageLoader> >> = {<std::_Tuple_impl<1, std::default_delete<WebCore::DragImageLoader> >> = {<std::_Head_base<1, std::default_delete<WebCore::DragImageLoader>, true>> = {<std::default_delete<WebCore::DragImageLoader>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WebCore::DragImageLoader*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}}
        element = @0x7f8f4f0029a0: {<WebCore::ContainerNode> = {<WebCore::Node> = {<WebCore::EventTarget> = {<WebCore::ScriptWrappable> = {m_wrapper = {m_impl = 0x0}}, _vptr.EventTarget = 0x7f8fec19a3a0 <vtable for WebCore::HTMLImageElement+16>}, m_refCount = 19, m_nodeFlags = 1058078, m_parentNode = 0x7f8f5b603ba0, m_treeScope = 0x7f8f4c603350, m_previous = 0x0, m_next = 0x0, m_data = {m_renderer = 0x7f8f4fe01700, m_rareData = 0x7f8f4fe01700}}, m_firstChild = 0x0, m_lastChild = 0x0}, m_tagName = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x7f8fc7095e10}}, m_elementData = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f58a73420}}
        mustUseLegacyDragClient = <optimized out>
        dragImageBounds = <optimized out>
        image = <optimized out>
#9  0x00007f8feadfbdc2 in WebCore::EventHandler::handleDrag (this=0x7f8fc702d240, event=..., checkDragHysteresis=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebCore/page/MouseEventWithHitTestResults.h:34
        page = <optimized out>
        protectedFrame = {static isRef = <optimized out>, m_ptr = 0x7f8f58a4b900}
        srcOp = WebCore::DragOperationEvery
        hasNonDefaultPasteboardData = WebCore::HasNonDefaultPasteboardData::No
        event = @0x7fff3f4428f0: {m_event = {<WebCore::PlatformEvent> = {m_type = 5, m_modifiers = {m_storage = 0 '\000'}, m_timestamp = {static clockType = WTF::ClockType::Wall, m_value = 1540125218.1370258}}, m_position = {m_x = 349, m_y = 71}, m_globalPosition = {m_x = 387, m_y = 542}, m_button = WebCore::LeftButton, m_buttons = 1, m_clickCount = 0, m_modifierFlags = 0, m_force = 0, m_syntheticClickType = WebCore::NoTap}, m_hitTestResult = {m_hitTestLocation = {m_point = {m_x = {m_value = 22336}, m_y = {m_value = 4544}}, m_boundingBox = {m_location = {m_x = 349, m_y = 71}, m_size = {m_width = 1, m_height = 1}}, m_transformedPoint = {m_x = 349, m_y = 71}, m_transformedRect = {m_p1 = {m_x = 349, m_y = 71}, m_p2 = {m_x = 350, m_y = 71}, m_p3 = {m_x = 350, m_y = 72}, m_p4 = {m_x = 349, m_y = 72}}, m_isRectBased = false, m_isRectilinear = true}, m_innerNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_innerNonSharedNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_pointInInnerNodeFrame = {m_x = {m_value = 22336}, m_y = {m_value = 4544}}, m_localPoint = {m_x = {m_value = 21824}, m_y = {m_value = 576}}, m_innerURLElement = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_scrollbar = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_isOverWidget = false, m_listBasedTestResult = {_M_t = {_M_t = {<std::_Tuple_impl<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Tuple_impl<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Head_base<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >, true>> = {<std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}}}
        this = 0x7f8fc702d240
        protectedFrame = <optimized out>
        view = <optimized out>
        dragStartDataTransfer = <optimized out>
        renderer = <optimized out>
        delta = <optimized out>
        srcOp = <optimized out>
        absolutePosition = <optimized out>
        page = <optimized out>
        checkDragHysteresis = <optimized out>
        hasNonDefaultPasteboardData = <optimized out>
        request = <optimized out>
        result = <optimized out>
        protectedFrame = <optimized out>
        srcOp = <optimized out>
        hasNonDefaultPasteboardData = <optimized out>
        request = <optimized out>
        result = <optimized out>
        view = <optimized out>
        dragStartDataTransfer = <optimized out>
        renderer = <optimized out>
        absolutePosition = <optimized out>
        delta = <optimized out>
        page = <optimized out>
#10 0x00007f8feadfc438 in WebCore::EventHandler::handleMouseDraggedEvent (this=0x7f8fc702d240, event=..., checkDragHysteresis=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebCore/page/EventHandler.cpp:848
        protectedFrame = {static isRef = <optimized out>, m_ptr = 0x7f8f58a4b900}
        targetNode = <optimized out>
        renderer = <optimized out>
        checkDragHysteresis = <optimized out>
        this = 0x7f8fc702d240
        parent = <optimized out>
        event = @0x7fff3f4428f0: {m_event = {<WebCore::PlatformEvent> = {m_type = 5, m_modifiers = {m_storage = 0 '\000'}, m_timestamp = {static clockType = WTF::ClockType::Wall, m_value = 1540125218.1370258}}, m_position = {m_x = 349, m_y = 71}, m_globalPosition = {m_x = 387, m_y = 542}, m_button = WebCore::LeftButton, m_buttons = 1, m_clickCount = 0, m_modifierFlags = 0, m_force = 0, m_syntheticClickType = WebCore::NoTap}, m_hitTestResult = {m_hitTestLocation = {m_point = {m_x = {m_value = 22336}, m_y = {m_value = 4544}}, m_boundingBox = {m_location = {m_x = 349, m_y = 71}, m_size = {m_width = 1, m_height = 1}}, m_transformedPoint = {m_x = 349, m_y = 71}, m_transformedRect = {m_p1 = {m_x = 349, m_y = 71}, m_p2 = {m_x = 350, m_y = 71}, m_p3 = {m_x = 350, m_y = 72}, m_p4 = {m_x = 349, m_y = 72}}, m_isRectBased = false, m_isRectilinear = true}, m_innerNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_innerNonSharedNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_pointInInnerNodeFrame = {m_x = {m_value = 22336}, m_y = {m_value = 4544}}, m_localPoint = {m_x = {m_value = 21824}, m_y = {m_value = 576}}, m_innerURLElement = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_scrollbar = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_isOverWidget = false, m_listBasedTestResult = {_M_t = {_M_t = {<std::_Tuple_impl<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Tuple_impl<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Head_base<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >, true>> = {<std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}}}
        protectedFrame = <optimized out>
        targetNode = <optimized out>
        renderer = <optimized out>
        result = <optimized out>
        protectedFrame = <optimized out>
        targetNode = <optimized out>
        renderer = <optimized out>
        parent = <optimized out>
        result = <optimized out>
#11 0x00007f8feadfcb0f in WebCore::EventHandler::handleMouseMoveEvent (this=0x7f8fc702d240, platformMouseEvent=..., hoveredNode=0x7fff3f442a40, onlyUpdateScrollbars=<optimized out>) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebCore/page/EventHandler.cpp:2003
        defaultPrevented = <optimized out>
        protectedFrame = {static isRef = <optimized out>, m_ptr = 0x7f8f58a4b900}
        protector = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f61a02600}
        hitType = <optimized out>
        request = {m_requestType = 780}
        mouseEvent = {m_event = {<WebCore::PlatformEvent> = {m_type = 5, m_modifiers = {m_storage = 0 '\000'}, m_timestamp = {static clockType = WTF::ClockType::Wall, m_value = 1540125218.1370258}}, m_position = {m_x = 349, m_y = 71}, m_globalPosition = {m_x = 387, m_y = 542}, m_button = WebCore::LeftButton, m_buttons = 1, m_clickCount = 0, m_modifierFlags = 0, m_force = 0, m_syntheticClickType = WebCore::NoTap}, m_hitTestResult = {m_hitTestLocation = {m_point = {m_x = {m_value = 22336}, m_y = {m_value = 4544}}, m_boundingBox = {m_location = {m_x = 349, m_y = 71}, m_size = {m_width = 1, m_height = 1}}, m_transformedPoint = {m_x = 349, m_y = 71}, m_transformedRect = {m_p1 = {m_x = 349, m_y = 71}, m_p2 = {m_x = 350, m_y = 71}, m_p3 = {m_x = 350, m_y = 72}, m_p4 = {m_x = 349, m_y = 72}}, m_isRectBased = false, m_isRectilinear = true}, m_innerNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_innerNonSharedNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_pointInInnerNodeFrame = {m_x = {m_value = 22336}, m_y = {m_value = 4544}}, m_localPoint = {m_x = {m_value = 21824}, m_y = {m_value = 576}}, m_innerURLElement = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_scrollbar = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_isOverWidget = false, m_listBasedTestResult = {_M_t = {_M_t = {<std::_Tuple_impl<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Tuple_impl<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Head_base<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >, true>> = {<std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}}}
        swallowEvent = <optimized out>
        newSubframe = {static isRefPtr = <optimized out>, m_ptr = 0x0}
#12 0x00007f8feadfcccd in WebCore::EventHandler::mouseMoved (this=0x7f8fc702d240, event=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebCore/page/EventHandler.cpp:1859
        protectedFrame = {static isRef = <optimized out>, m_ptr = 0x7f8f58a4b900}
        protector = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f61a02600}
        maxDurationTracker = {m_maxDuration = 0x7f8fc70e6000, m_start = {static clockType = WTF::ClockType::Monotonic, m_value = 1027023.316871}}
        hoveredNode = {m_hitTestLocation = {m_point = {m_x = {m_value = 22336}, m_y = {m_value = 4544}}, m_boundingBox = {m_location = {m_x = 349, m_y = 71}, m_size = {m_width = 1, m_height = 1}}, m_transformedPoint = {m_x = 349, m_y = 71}, m_transformedRect = {m_p1 = {m_x = 349, m_y = 71}, m_p2 = {m_x = 350, m_y = 71}, m_p3 = {m_x = 350, m_y = 72}, m_p4 = {m_x = 349, m_y = 72}}, m_isRectBased = false, m_isRectilinear = true}, m_innerNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_innerNonSharedNode = {static isRefPtr = <optimized out>, m_ptr = 0x7f8f4f0029a0}, m_pointInInnerNodeFrame = {m_x = {m_value = 22336}, m_y = {m_value = 4544}}, m_localPoint = {m_x = {m_value = 21824}, m_y = {m_value = 576}}, m_innerURLElement = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_scrollbar = {static isRefPtr = <optimized out>, m_ptr = 0x0}, m_isOverWidget = false, m_listBasedTestResult = {_M_t = {_M_t = {<std::_Tuple_impl<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Tuple_impl<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > > >> = {<std::_Head_base<1, std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >, true>> = {<std::default_delete<WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > > >> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, WTF::ListHashSet<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node, WTF::DumbPtrTraits<WebCore::Node> > > >*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}}
        result = <optimized out>
        page = <optimized out>
#13 0x00007f8fea155390 in WebKit::WebPage::mouseEvent (this=this@entry=0x7f8fc4cbbb80, mouseEvent=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebCore/page/Page.h:239
        userIsInteractingChange = {m_scopedVariable = @0x7f8fc4cbbe98, m_originalValue = false}
        shouldHandleEvent = true
        handled = <optimized out>
#14 0x00007f8fe9d21067 in IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&), std::tuple<WebKit::WebMouseEvent>, 0ul> (args=..., function=<optimized out>, object=0x7f8fc4cbbb80) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/x86_64-redhat-linux-gnu/DerivedSources/WebKit/WebPageMessageReceiver.cpp:219
No locals.
#15 IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&), std::tuple<WebKit::WebMouseEvent>, std::integer_sequence<unsigned long, 0ul> > (function=<optimized out>, object=0x7f8fc4cbbb80, args=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:47
No locals.
#16 IPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)> (function=<optimized out>, object=0x7f8fc4cbbb80, decoder=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Platform/IPC/HandleMessage.h:127
        arguments = {<std::_Tuple_impl<0, WebKit::WebMouseEvent>> = {<std::_Head_base<0, WebKit::WebMouseEvent, false>> = {_M_head_impl = {<WebKit::WebEvent> = {m_type = 2, m_modifiers = 0, m_timestamp = {static clockType = WTF::ClockType::Wall, m_value = 1540125218.1370258}}, m_button = 0, m_buttons = 1, m_position = {m_x = 349, m_y = 71}, m_globalPosition = {m_x = 387, m_y = 542}, m_deltaX = 0, m_deltaY = 0, m_deltaZ = 0, m_clickCount = 0, m_force = 0, m_syntheticClickType = 0}}, <No data fields>}, <No data fields>}
        arguments = <optimized out>
#17 WebKit::WebPage::didReceiveWebPageMessage (this=0x7f8fc4cbbb80, connection=..., decoder=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/x86_64-redhat-linux-gnu/DerivedSources/WebKit/WebPageMessageReceiver.cpp:219
No locals.
#18 0x00007f8fe9dbbf17 in IPC::MessageReceiverMap::dispatchMessage (this=this@entry=0x55f87cb90968, connection=..., decoder=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp:123
        messageReceiver = <optimized out>
#19 0x00007f8fe9feb02a in WebKit::WebProcess::didReceiveMessage (this=0x55f87cb90900, connection=..., decoder=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Shared/ChildProcess.h:78
No locals.
#20 0x00007f8fe9db7244 in IPC::Connection::dispatchMessage (this=0x7f8fc70e8000, message=...) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Platform/IPC/Connection.cpp:984
        oldDidReceiveInvalidMessage = false
#21 0x00007f8fe9db7c2a in IPC::Connection::dispatchOneIncomingMessage (this=0x7f8fc70e8000) at /usr/src/debug/webkit2gtk3-2.22.0-1.fc28.x86_64/Source/WebKit/Platform/IPC/Connection.cpp:1053
        message = {_M_t = {_M_t = {<std::_Tuple_impl<0, IPC::Decoder*, std::default_delete<IPC::Decoder> >> = {<std::_Tuple_impl<1, std::default_delete<IPC::Decoder> >> = {<std::_Head_base<1, std::default_delete<IPC::Decoder>, true>> = {<std::default_delete<IPC::Decoder>> = {<No data fields>}, <No data fields>}, <No data fields>}, <std::_Head_base<0, IPC::Decoder*, false>> = {_M_head_impl = 0x0}, <No data fields>}, <No data fields>}}}
#22 0x00007f8fe8b72415 in ?? ()
No symbol table info available.
#23 0x00007fff3f442ea0 in ?? ()
No symbol table info available.
#24 0x0000000000000001 in ?? ()
No symbol table info available.
#25 0xffffffffffffffff in ?? ()
No symbol table info available.
#26 0x000055f87cb46900 in ?? ()
No symbol table info available.
#27 0x000055f87cb93630 in ?? ()
No symbol table info available.
#28 0x00007f8fe1289280 in depth_private () from /lib64/libglib-2.0.so.0
No symbol table info available.
#29 0x0000000000000000 in ?? ()
No symbol table info available.

Comment 1 Michael Catanzaro 2020-11-06 09:11:41 PST

I'm going to go ahead and close this, since the dnd code has been completely rewritten for 2.30, and it's unclear whether this particular crash is still possible. There are a couple more dnd fixes going into 2.30.3, so feel free to reopen with a fresh backtrace if you see it again after that.