Bug 242518

This one is in platform-specific Unix code.

This explains why running under Address Sanitizer on macOS didn’t find this problem. Having difficulty understanding what is uninitialized. It says: msg.msg_iov[2] The iov vector itself is initialized with memset. The thing that msg_iov[2] points to is initialized by this code: iov[iovLength].iov_base = reinterpret_cast<void*>(outputMessage.body()); iov[iovLength].iov_len = outputMessage.bodySize(); Maybe there’s a problem where outputMessage.body() does not have a suitable lifetime? Or it has uininitialized data in it? Apparently outputMessage is a UnixMessage. May need to look at the construction that makes a UnixMessage from an encoder. Not sure why valgrind would call the bytes pointed to by msg.msg_iov[2].iov_base just msg.msg_iov[2] but let's assume that is what it means.

Managed to get a potentially related crash after reloading the crashed renderer a few times(rendered then crashed again shortly after when trying to change framerate in https://mozilla.github.io/webrtc-landing/gum_test.html) ASSERTION FAILED: anchorType() == PositionIsOffsetInAnchor /app/webkit/Source/WebCore/dom/Position.h(94) : int WebCore::Position::offsetInContainerNode() const 1 0x10f7e8ab WTFCrash 2 0xd95b1a6 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x91081a6) [0xd95b1a6] 3 0x130aa5ae /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xe8575ae) [0x130aa5ae] 4 0x13a88116 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf235116) [0x13a88116] 5 0x13c63f26 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf410f26) [0x13c63f26] 6 0x13c4d009 WebCore::operator<<(WTF::TextStream&, WebCore::VisibleSelection const&) 7 0x13bc5823 WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) 8 0x13bb53e5 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf3623e5) [0x13bb53e5] 9 0x13ba9664 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf356664) [0x13ba9664] 10 0x13c284b4 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf3d54b4) [0x13c284b4] 11 0x13c29fe2 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf3d6fe2) [0x13c29fe2] 12 0x13c27bcd /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf3d4bcd) [0x13c27bcd] 13 0x13b66c53 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf313c53) [0x13b66c53] 14 0x13c26ceb /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf3d3ceb) [0x13c26ceb] 15 0x13ba5a04 WebCore::Editor::deleteWithDirection(WebCore::SelectionDirection, WebCore::TextGranularity, bool, bool) 16 0x13bbbaa0 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf368aa0) [0x13bbbaa0] 17 0x13bc0e78 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const 18 0xef48e2f /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa6f5e2f) [0xef48e2f] 19 0xef4906c /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa6f606c) [0xef4906c] 20 0x13ba470f /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf35170f) [0x13ba470f] 21 0x144d0df2 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xfc7ddf2) [0x144d0df2] 22 0x13a64a65 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf211a65) [0x13a64a65] [-> UI 17 receiver 0x1c1b6370] WebPageProxy_SetRenderTreeSize (treeSize 57) 23 0x13d3fa9e /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf4eca9e) [0x13d3fa9e] 24 0x139c6d16 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf173d16) [0x139c6d16] 25 0x139c78a8 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf1748a8) [0x139c78a8] 26 0x13a645c7 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xf2115c7) [0x13a645c7] 27 0x144d0021 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xfc7d021) [0x144d0021] 28 0x144cf48d WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) 29 0x150409fc WebCore::UserInputBridge::handleKeyEvent(WebCore::PlatformKeyboardEvent const&, WebCore::InputSource) 30 0xef88a9c /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa735a9c) [0xef88a9c] 31 0xef88bb7 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa735bb7) [0xef88bb7] ==138== Invalid write of size 4 ==138== at 0x10F7E8B0: WTFCrash (Assertions.cpp:328) ==138== by 0xD95B1A5: WTFCrashWithInfo(int, char const*, char const*, int) (Assertions.h:754) ==138== by 0x130AA5AD: WebCore::Position::offsetInContainerNode() const (Position.h:94) ==138== by 0x13A88115: WebCore::operator<<(WTF::TextStream&, WebCore::Position const&) (Position.cpp:1564) ==138== by 0x13C63F25: void WTF::TextStream::dumpProperty<WebCore::Position>(char const*, WebCore::Position const&) (TextStream.h:109) ==138== by 0x13C4D008: WebCore::operator<<(WTF::TextStream&, WebCore::VisibleSelection const&) (VisibleSelection.cpp:739) ==138== by 0x13BC5822: WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) (FrameSelection.cpp:431) ==138== by 0x13BB53E4: WebCore::Editor::changeSelectionAfterCommand(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>) (Editor.cpp:3325) ==138== by 0x13BA9663: WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&) (Editor.cpp:1163) ==138== by 0x13C284B3: WebCore::TypingCommand::typingAddedToOpenCommand(WebCore::TypingCommand::ETypingCommand) (TypingCommand.cpp:507) ==138== by 0x13C29FE1: WebCore::TypingCommand::deleteKeyPressed(WebCore::TextGranularity, bool) (TypingCommand.cpp:747) ==138== by 0x13C27BCC: WebCore::TypingCommand::doApply() (TypingCommand.cpp:365) ==138== by 0x13B66C52: WebCore::CompositeEditCommand::apply() (CompositeEditCommand.cpp:398) ==138== by 0x13C26CEA: WebCore::TypingCommand::deleteKeyPressed(WebCore::Document&, unsigned int, WebCore::TextGranularity) (TypingCommand.cpp:194) ==138== by 0x13BA5A03: WebCore::Editor::deleteWithDirection(WebCore::SelectionDirection, WebCore::TextGranularity, bool, bool) (Editor.cpp:605) ==138== by 0x13BBBA9F: WebCore::executeDeleteBackward(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) (EditorCommand.cpp:309) ==138== by 0x13BC0E77: WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const (EditorCommand.cpp:1887) ==138== by 0xEF48E2E: WebKit::handleKeyDown(WebCore::Frame&, WebCore::KeyboardEvent&, WebCore::PlatformKeyboardEvent const&) (WebEditorClientWPE.cpp:205) ==138== by 0xEF4906B: WebKit::WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent&) (WebEditorClientWPE.cpp:235) ==138== by 0x13BA470E: WebCore::Editor::handleKeyboardEvent(WebCore::KeyboardEvent&) (Editor.cpp:327) ==138== by 0x144D0DF1: WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent&) (EventHandler.cpp:3879) ==138== by 0x13A64A64: WebCore::Node::defaultEventHandler(WebCore::Event&) (Node.cpp:2448) ==138== by 0x13D3FA9D: WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&) (HTMLInputElement.cpp:1165) ==138== by 0x139C6D15: WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&) (EventDispatcher.cpp:64) ==138== by 0x139C78A7: WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) (EventDispatcher.cpp:206) ==138== by 0x13A645C6: WebCore::Node::dispatchEvent(WebCore::Event&) (Node.cpp:2404) ==138== by 0x144D0020: WebCore::EventHandler::internalKeyEvent(WebCore::PlatformKeyboardEvent const&) (EventHandler.cpp:3707) ==138== by 0x144CF48C: WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) (EventHandler.cpp:3556) ==138== by 0x150409FB: WebCore::UserInputBridge::handleKeyEvent(WebCore::PlatformKeyboardEvent const&, WebCore::InputSource) (UserInputBridge.cpp:83) ==138== by 0xEF88A9B: WebKit::handleKeyEvent(WebKit::WebKeyboardEvent const&, WebCore::Page*) (WebPage.cpp:3219) ==138== by 0xEF88BB6: WebKit::WebPage::keyEvent(WebKit::WebKeyboardEvent const&) (WebPage.cpp:3232) ==138== by 0xDFEF002: void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::tuple<WebKit::WebKeyboardEvent>, 0ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::tuple<WebKit::WebKeyboardEvent>&&, std::integer_sequence<unsigned long, 0ul>) (HandleMessage.h:131) ==138== by 0xDFE04DF: void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::tuple<WebKit::WebKeyboardEvent>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WebKit::WebKeyboardEvent>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)) (HandleMessage.h:137) ==138== by 0xDFCCAF0: void IPC::handleMessage<Messages::WebPage::KeyEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)) (HandleMessage.h:259) ==138== by 0xDFC16F4: WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) (WebPageMessageReceiver.cpp:2510) ==138== by 0xEF8EF4C: WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebPage.cpp:5350) ==138== by 0xE5B3DD7: IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (MessageReceiverMap.cpp:129) ==138== by 0xECA8FA8: WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebProcess.cpp:912) ==138== by 0xE58B523: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:1108) ==138== by 0xE58B7BA: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1153) ==138== by 0xE58BD61: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1222) ==138== by 0xE58B233: IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}::operator()() (Connection.cpp:1072) ==138== by 0xE592317: WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}, void>::call() (Function.h:53) ==138== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==138== by 0x10FD52E0: WTF::RunLoop::performWork() (RunLoop.cpp:133) ==138== by 0x11080AEF: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const (RunLoopGLib.cpp:80) ==138== by 0x11080B13: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82) ==138== by 0x11080A82: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const (RunLoopGLib.cpp:53) ==138== by 0x11080AD0: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56) ==138== by 0x15FB5293: g_main_dispatch (gmain.c:3381) ==138== by 0x15FB5293: g_main_context_dispatch (gmain.c:4099) ==138== by 0x15FB5637: g_main_context_iterate.constprop.0 (gmain.c:4175) ==138== by 0x15FB5942: g_main_loop_run (gmain.c:4373) ==138== by 0x1108113B: WTF::RunLoop::run() (RunLoopGLib.cpp:108) ==138== by 0xF022550: WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (AuxiliaryProcessMain.h:70) ==138== by 0xF01FC02: int WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWPE>(int, char**) (AuxiliaryProcessMain.h:96) ==138== by 0xF01C15A: WebKit::WebProcessMain(int, char**) (WebProcessMainWPE.cpp:75) ==138== by 0x109918: main (WebProcessMain.cpp:31) ==138== Address 0xbbadbeef is not stack'd, malloc'd or (recently) free'd ==138== ==138== Process terminating with default action of signal 11 (SIGSEGV) ==138== Access not within mapped region at address 0xBBADBEEF ==138== at 0x10F7E8B0: WTFCrash (Assertions.cpp:328) ==138== by 0xD95B1A5: WTFCrashWithInfo(int, char const*, char const*, int) (Assertions.h:754) ==138== by 0x130AA5AD: WebCore::Position::offsetInContainerNode() const (Position.h:94) ==138== by 0x13A88115: WebCore::operator<<(WTF::TextStream&, WebCore::Position const&) (Position.cpp:1564) ==138== by 0x13C63F25: void WTF::TextStream::dumpProperty<WebCore::Position>(char const*, WebCore::Position const&) (TextStream.h:109) ==138== by 0x13C4D008: WebCore::operator<<(WTF::TextStream&, WebCore::VisibleSelection const&) (VisibleSelection.cpp:739) ==138== by 0x13BC5822: WebCore::FrameSelection::setSelection(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::AXTextStateChangeIntent, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) (FrameSelection.cpp:431) ==138== by 0x13BB53E4: WebCore::Editor::changeSelectionAfterCommand(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>) (Editor.cpp:3325) ==138== by 0x13BA9663: WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&) (Editor.cpp:1163) ==138== by 0x13C284B3: WebCore::TypingCommand::typingAddedToOpenCommand(WebCore::TypingCommand::ETypingCommand) (TypingCommand.cpp:507) ==138== by 0x13C29FE1: WebCore::TypingCommand::deleteKeyPressed(WebCore::TextGranularity, bool) (TypingCommand.cpp:747) ==138== by 0x13C27BCC: WebCore::TypingCommand::doApply() (TypingCommand.cpp:365) ==138== by 0x13B66C52: WebCore::CompositeEditCommand::apply() (CompositeEditCommand.cpp:398) ==138== by 0x13C26CEA: WebCore::TypingCommand::deleteKeyPressed(WebCore::Document&, unsigned int, WebCore::TextGranularity) (TypingCommand.cpp:194) ==138== by 0x13BA5A03: WebCore::Editor::deleteWithDirection(WebCore::SelectionDirection, WebCore::TextGranularity, bool, bool) (Editor.cpp:605) ==138== by 0x13BBBA9F: WebCore::executeDeleteBackward(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) (EditorCommand.cpp:309) ==138== by 0x13BC0E77: WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const (EditorCommand.cpp:1887) ==138== by 0xEF48E2E: WebKit::handleKeyDown(WebCore::Frame&, WebCore::KeyboardEvent&, WebCore::PlatformKeyboardEvent const&) (WebEditorClientWPE.cpp:205) ==138== by 0xEF4906B: WebKit::WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent&) (WebEditorClientWPE.cpp:235) ==138== by 0x13BA470E: WebCore::Editor::handleKeyboardEvent(WebCore::KeyboardEvent&) (Editor.cpp:327) ==138== by 0x144D0DF1: WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent&) (EventHandler.cpp:3879) ==138== by 0x13A64A64: WebCore::Node::defaultEventHandler(WebCore::Event&) (Node.cpp:2448) ==138== by 0x13D3FA9D: WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&) (HTMLInputElement.cpp:1165) ==138== by 0x139C6D15: WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&) (EventDispatcher.cpp:64) ==138== by 0x139C78A7: WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) (EventDispatcher.cpp:206) ==138== by 0x13A645C6: WebCore::Node::dispatchEvent(WebCore::Event&) (Node.cpp:2404) ==138== by 0x144D0020: WebCore::EventHandler::internalKeyEvent(WebCore::PlatformKeyboardEvent const&) (EventHandler.cpp:3707) ==138== by 0x144CF48C: WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) (EventHandler.cpp:3556) ==138== by 0x150409FB: WebCore::UserInputBridge::handleKeyEvent(WebCore::PlatformKeyboardEvent const&, WebCore::InputSource) (UserInputBridge.cpp:83) ==138== by 0xEF88A9B: WebKit::handleKeyEvent(WebKit::WebKeyboardEvent const&, WebCore::Page*) (WebPage.cpp:3219) ==138== by 0xEF88BB6: WebKit::WebPage::keyEvent(WebKit::WebKeyboardEvent const&) (WebPage.cpp:3232) ==138== by 0xDFEF002: void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::tuple<WebKit::WebKeyboardEvent>, 0ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::tuple<WebKit::WebKeyboardEvent>&&, std::integer_sequence<unsigned long, 0ul>) (HandleMessage.h:131) ==138== by 0xDFE04DF: void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::tuple<WebKit::WebKeyboardEvent>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<WebKit::WebKeyboardEvent>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)) (HandleMessage.h:137) ==138== by 0xDFCCAF0: void IPC::handleMessage<Messages::WebPage::KeyEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)) (HandleMessage.h:259) ==138== by 0xDFC16F4: WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) (WebPageMessageReceiver.cpp:2510) ==138== by 0xEF8EF4C: WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebPage.cpp:5350) ==138== by 0xE5B3DD7: IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (MessageReceiverMap.cpp:129) ==138== by 0xECA8FA8: WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebProcess.cpp:912) ==138== by 0xE58B523: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:1108) ==138== by 0xE58B7BA: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1153) ==138== by 0xE58BD61: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1222) ==138== by 0xE58B233: IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}::operator()() (Connection.cpp:1072) ==138== by 0xE592317: WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}, void>::call() (Function.h:53) ==138== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==138== by 0x10FD52E0: WTF::RunLoop::performWork() (RunLoop.cpp:133) ==138== by 0x11080AEF: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const (RunLoopGLib.cpp:80) ==138== by 0x11080B13: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82) ==138== by 0x11080A82: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const (RunLoopGLib.cpp:53) ==138== by 0x11080AD0: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56) ==138== by 0x15FB5293: g_main_dispatch (gmain.c:3381) ==138== by 0x15FB5293: g_main_context_dispatch (gmain.c:4099) ==138== by 0x15FB5637: g_main_context_iterate.constprop.0 (gmain.c:4175) ==138== by 0x15FB5942: g_main_loop_run (gmain.c:4373) ==138== by 0x1108113B: WTF::RunLoop::run() (RunLoopGLib.cpp:108) ==138== by 0xF022550: WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (AuxiliaryProcessMain.h:70) ==138== by 0xF01FC02: int WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWPE>(int, char**) (AuxiliaryProcessMain.h:96) ==138== by 0xF01C15A: WebKit::WebProcessMain(int, char**) (WebProcessMainWPE.cpp:75) ==138== by 0x109918: main (WebProcessMain.cpp:31)

Also hit this one doing reloads [-> UI 17 receiver 0x1c37c710] WebProcessPool_HandleMessage (messageName WebPage.DidInitiateLoadForResource) (messageBody ...) [-> UI 17 receiver 0x1c1b6370] WebPageProxy_SetNetworkRequestsInProgress (networkRequestsInProgress 1) [-> Web 74 receiver 0x37568640] DrawingArea_TargetRefreshRateDidChange (rate 60000) WebPageProxy 8 activityStateDidChange - mayHaveChanged loading ASSERTION FAILED: !RunLoop::isMain() /app/webkit/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp(315) : void WebKit::ThreadedCompositor::targetRefreshRateDidChange(unsigned int) WebPageProxy 8 dispatchActivityStateChange - potentiallyChangedActivityStateFlags loading [-> UI 17 receiver 0x1c37c710] WebProcessPool_HandleMessage (messageName WebPage.DidSendRequestForResource) (messageBody ...) 1 0x10f7e8ab WTFCrash 2 0xd95b1a6 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x91081a6) [0xd95b1a6] 3 0xe6e3105 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9e90105) [0xe6e3105] 4 0xeffa8f5 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa7a78f5) [0xeffa8f5] 5 0xeff8387 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa7a5387) [0xeff8387] 6 0xdfb33ad /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x97603ad) [0xdfb33ad] 7 0xdfb2df6 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x975fdf6) [0xdfb2df6] 8 0xdfb2b6b /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x975fb6b) [0xdfb2b6b] 9 0xdfb2710 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x975f710) [0xdfb2710] 10 0xe5b3dd8 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d60dd8) [0xe5b3dd8] 11 0xeca8fa9 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa455fa9) [0xeca8fa9] 12 0xe58b524 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d38524) [0xe58b524] 13 0xe58b7bb /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d387bb) [0xe58b7bb] 14 0xe58bd62 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d38d62) [0xe58bd62] 15 0xe58b234 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d38234) [0xe58b234] 16 0xe592318 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d3f318) [0xe592318] 17 0xd9d63d5 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x91833d5) [0xd9d63d5] 18 0x10fd52e1 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc7822e1) [0x10fd52e1] 19 0x11080af0 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc82daf0) [0x11080af0] 20 0x11080b14 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc82db14) [0x11080b14] 21 0x11080a83 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc82da83) [0x11080a83] 22 0x11080ad1 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc82dad1) [0x11080ad1] 23 0x15fb5294 g_main_context_dispatch 24 0x15fb5638 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x58638) [0x15fb5638] 25 0x15fb5943 g_main_loop_run 26 0x1108113c WTF::RunLoop::run() 27 0xf022551 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa7cf551) [0xf022551] 28 0xf01fc03 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa7ccc03) [0xf01fc03] 29 0xf01c15b WebKit::WebProcessMain(int, char**) 30 0x109919 /app/webkit/WebKitBuild/Debug/bin/WPEWebProcess(+0x1919) [0x109919] 31 0x1669fbc0 __libc_start_main ==74== Thread 1: ==74== Invalid write of size 4 ==74== at 0x10F7E8B0: WTFCrash (Assertions.cpp:328) ==74== by 0xD95B1A5: WTFCrashWithInfo(int, char const*, char const*, int) (Assertions.h:754) ==74== by 0xE6E3104: WebKit::ThreadedCompositor::targetRefreshRateDidChange(unsigned int) (ThreadedCompositor.cpp:315) ==74== by 0xEFFA8F4: WebKit::LayerTreeHost::targetRefreshRateDidChange(unsigned int) (LayerTreeHost.cpp:254) ==74== by 0xEFF8386: WebKit::DrawingAreaCoordinatedGraphics::targetRefreshRateDidChange(unsigned int) (DrawingAreaCoordinatedGraphics.cpp:469) ==74== by 0xDFB33AC: void IPC::callMemberFunctionImpl<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>, 0ul>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>&&, std::integer_sequence<unsigned long, 0ul>) (HandleMessage.h:131) ==74== by 0xDFB2DF5: void IPC::callMemberFunction<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<unsigned int>&&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int)) (HandleMessage.h:137) ==74== by 0xDFB2B6A: void IPC::handleMessage<Messages::DrawingArea::TargetRefreshRateDidChange, WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int)>(IPC::Connection&, IPC::Decoder&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int)) (HandleMessage.h:259) ==74== by 0xDFB270F: WebKit::DrawingArea::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (DrawingAreaMessageReceiver.cpp:79) ==74== by 0xE5B3DD7: IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (MessageReceiverMap.cpp:129) ==74== by 0xECA8FA8: WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebProcess.cpp:912) ==74== by 0xE58B523: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:1108) ==74== by 0xE58B7BA: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1153) ==74== by 0xE58BD61: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1222) ==74== by 0xE58B233: IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}::operator()() (Connection.cpp:1072) ==74== by 0xE592317: WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}, void>::call() (Function.h:53) ==74== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==74== by 0x10FD52E0: WTF::RunLoop::performWork() (RunLoop.cpp:133) ==74== by 0x11080AEF: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const (RunLoopGLib.cpp:80) ==74== by 0x11080B13: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82) ==74== by 0x11080A82: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const (RunLoopGLib.cpp:53) ==74== by 0x11080AD0: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56) ==74== by 0x15FB5293: g_main_dispatch (gmain.c:3381) ==74== by 0x15FB5293: g_main_context_dispatch (gmain.c:4099) ==74== by 0x15FB5637: g_main_context_iterate.constprop.0 (gmain.c:4175) ==74== by 0x15FB5942: g_main_loop_run (gmain.c:4373) ==74== by 0x1108113B: WTF::RunLoop::run() (RunLoopGLib.cpp:108) ==74== by 0xF022550: WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (AuxiliaryProcessMain.h:70) ==74== by 0xF01FC02: int WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWPE>(int, char**) (AuxiliaryProcessMain.h:96) ==74== by 0xF01C15A: WebKit::WebProcessMain(int, char**) (WebProcessMainWPE.cpp:75) ==74== by 0x109918: main (WebProcessMain.cpp:31) ==74== Address 0xbbadbeef is not stack'd, malloc'd or (recently) free'd ==74== ==74== Process terminating with default action of signal 11 (SIGSEGV) ==74== Access not within mapped region at address 0xBBADBEEF ==74== at 0x10F7E8B0: WTFCrash (Assertions.cpp:328) ==74== by 0xD95B1A5: WTFCrashWithInfo(int, char const*, char const*, int) (Assertions.h:754) ==74== by 0xE6E3104: WebKit::ThreadedCompositor::targetRefreshRateDidChange(unsigned int) (ThreadedCompositor.cpp:315) ==74== by 0xEFFA8F4: WebKit::LayerTreeHost::targetRefreshRateDidChange(unsigned int) (LayerTreeHost.cpp:254) ==74== by 0xEFF8386: WebKit::DrawingAreaCoordinatedGraphics::targetRefreshRateDidChange(unsigned int) (DrawingAreaCoordinatedGraphics.cpp:469) ==74== by 0xDFB33AC: void IPC::callMemberFunctionImpl<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>, 0ul>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>&&, std::integer_sequence<unsigned long, 0ul>) (HandleMessage.h:131) ==74== by 0xDFB2DF5: void IPC::callMemberFunction<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<unsigned int>&&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int)) (HandleMessage.h:137) ==74== by 0xDFB2B6A: void IPC::handleMessage<Messages::DrawingArea::TargetRefreshRateDidChange, WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int)>(IPC::Connection&, IPC::Decoder&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int)) (HandleMessage.h:259) ==74== by 0xDFB270F: WebKit::DrawingArea::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (DrawingAreaMessageReceiver.cpp:79) ==74== by 0xE5B3DD7: IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (MessageReceiverMap.cpp:129) ==74== by 0xECA8FA8: WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebProcess.cpp:912) ==74== by 0xE58B523: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:1108) ==74== by 0xE58B7BA: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1153) ==74== by 0xE58BD61: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1222) ==74== by 0xE58B233: IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}::operator()() (Connection.cpp:1072) ==74== by 0xE592317: WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}, void>::call() (Function.h:53) ==74== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==74== by 0x10FD52E0: WTF::RunLoop::performWork() (RunLoop.cpp:133) ==74== by 0x11080AEF: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const (RunLoopGLib.cpp:80) ==74== by 0x11080B13: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82) ==74== by 0x11080A82: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const (RunLoopGLib.cpp:53) ==74== by 0x11080AD0: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56) ==74== by 0x15FB5293: g_main_dispatch (gmain.c:3381) ==74== by 0x15FB5293: g_main_context_dispatch (gmain.c:4099) ==74== by 0x15FB5637: g_main_context_iterate.constprop.0 (gmain.c:4175) ==74== by 0x15FB5942: g_main_loop_run (gmain.c:4373) ==74== by 0x1108113B: WTF::RunLoop::run() (RunLoopGLib.cpp:108) ==74== by 0xF022550: WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (AuxiliaryProcessMain.h:70) ==74== by 0xF01FC02: int WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWPE>(int, char**) (AuxiliaryProcessMain.h:96) ==74== by 0xF01C15A: WebKit::WebProcessMain(int, char**) (WebProcessMainWPE.cpp:75) ==74== by 0x109918: main (WebProcessMain.cpp:31)

Those others aren’t related.

Managed to trigger an assert for one that looks like the original trace: Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Total layers primary secondary obligatory backing (KB) secondary backing(KB) total backing (KB) update time (ms) 1 1 0 0.00 0.00 0.00 686.28 RenderLayerCompositor::updateCompositingLayers - post (S)tacking Context/(F)orced SC/O(P)portunistic SC, (N)ormal flow only, (O)verflow clip, (A)lpha (opacity or mask), has (B)lend mode, (I)solates blending, (T)ransform-ish, (F)ilter, Fi(X)ed position, Behaves as fi(x)ed, (C)omposited, (P)rovides backing/uses (p)rovided backing/paints to (a)ncestor, (c)omposited descendant, (s)scrolling ancestor, (t)transformed ancestor Dirty (z)-lists, Dirty (n)ormal flow lists Traversal needs: requirements (t)raversal on descendants, (b)acking or hierarchy traversal on descendants, (r)equirements traversal on all descendants, requirements traversal on all (s)ubsequent layers, (h)ierarchy traversal on all descendants, update of paint (o)rder children Update needs: post-(l)ayout requirements, (g)eometry, (k)ids geometry, (c)onfig, layer conne(x)ion, (s)crolling tree Scrolling scope: box contents S---------C---- -- ------ ------ 1 1 0x37578390 (0,0) width=1280 height=720 [SA 0x37578500] (layerID 8) {sc 1} RenderView 0x37576ba0 S-------------- -- ------ ------ 1 1 + 0x37bb3d30 (0,0) width=1280 height=720 [SA 0x37bb3ea0] RenderBlock 0x37bb3b70 HTML 0x376bc7c0 FrameView 0x3756eb50 performPostLayoutTasks Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [ScrollingTreeUpdate] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 FrameView 0x3756eb50 updateLayoutViewport() totalContentSize width=1280 height=720 unscaledDocumentRect (0,0) width=1280 height=720 header height 0 footer height 0 fixed behavior 1 layoutViewport: (0,0) width=1280 height=720 visualViewport: (0,0) width=1280 height=720 (is override 0) stable origins: min: (0.00,0.00) max: (0.00,0.00) Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [Resize] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 FrameView 0x3756eb50 Frame 0x3749fe70 (main frame) updateScrollSnapState: isScrollSnapInProgress 0 isUserScrollInProgress 0 Scope 0x37570bb0 collectActiveStyleSheets() Scope::updateActiveStyleSheets for document Document 0x3756f750 (main frame) sheets [] MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 0 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 0 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 0 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 0 [-> UI 17 receiver 0x2032f6f0] WebPageProxy_SetCanShortCircuitHorizontalWheelEvents (canShortCircuitHorizontalWheelEvents 1) [-> UI 17 receiver 0x2032f6f0] WebPageProxy_SetRenderTreeSize (treeSize 3) RenderLayerCompositor 0x37577180 [FrameView 0x3756eb50 Frame 0x3749fe70 (main frame) ] updateCompositingLayers after style change contentLayersCount 0 (S)tacking Context/(F)orced SC/O(P)portunistic SC, (N)ormal flow only, (O)verflow clip, (A)lpha (opacity or mask), has (B)lend mode, (I)solates blending, (T)ransform-ish, (F)ilter, Fi(X)ed position, Behaves as fi(x)ed, (C)omposited, (P)rovides backing/uses (p)rovided backing/paints to (a)ncestor, (c)omposited descendant, (s)scrolling ancestor, (t)transformed ancestor Dirty (z)-lists, Dirty (n)ormal flow lists Traversal needs: requirements (t)raversal on descendants, (b)acking or hierarchy traversal on descendants, (r)equirements traversal on all descendants, requirements traversal on all (s)ubsequent layers, (h)ierarchy traversal on all descendants, update of paint (o)rder children Update needs: post-(l)ayout requirements, (g)eometry, (k)ids geometry, (c)onfig, layer conne(x)ion, (s)crolling tree Scrolling scope: box contents S---------C---- -- ------ ------ 1 1 0x37578390 (0,0) width=1280 height=720 [SA 0x37578500] (layerID 8) {sc 1} RenderView 0x37576ba0 S-------------- -- ------ ------ 1 1 + 0x37bb3d30 (0,0) width=1280 height=720 [SA 0x37bb3ea0] RenderBlock 0x37bb3b70 HTML 0x376bc7c0 updateRoot has no dirty child and doesn't need update ScrollView::updateScrollbars (0,0) isRubberBandInProgress 0 [-> UI 17 receiver 0x2032f6f0] WebPageProxy_FocusedFrameChanged (frameID 3) ERROR: Failed to make thread real time: GDBus.Error:org.freedesktop.DBus.Error.Failed: GDBus.Error:org.freedesktop.DBus.Error.Failed: No such file or directory /app/webkit/Source/WTF/wtf/linux/RealTimeThreads.cpp(221) : void WTF::RealTimeThreads::realTimeKitMakeThreadRealTime(uint64_t, uint64_t, uint32_t) [-> Web 74 receiver 0x37499bc0] WebPage_LoadRequest (loadParameters ...) NavigationScheduler 0x374a05c0 cancel(newLoadInProgress=1) WebProcess 74 - dispatchDecidePolicyForNavigationAction to request url https://mozilla.github.io/webrtc-landing/gum_test.html UNIMPLEMENTED: /app/webkit/Source/WebKit/WebProcess/WebPage/wpe/WebPageWPE.cpp(50) : static bool WebKit::WebPage::platformCanHandleRequest(const WebCore::ResourceRequest&) [-> Web 74 receiver 0x37499bc0] WebPage_SetActivityState (activityState active window, focused, visible, visible or occluded, in-window, loading) (activityStateChangeID 0) WebPage 9 setActivityState to active window, focused, visible, visible or occluded, in-window, loading [-> Web 74 receiver 0x37568df0] DrawingArea_UpdateBackingStoreState (backingStoreStateID 1) (respondImmediately 1) (deviceScaleFactor 1.00) (size width=1280 height=673) (scrollOffset width=0 height=0) ScrollView::updateScrollbars (0,0) isRubberBandInProgress 0 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 FrameView 0x3756eb50 updateLayoutViewport() totalContentSize width=1280 height=720 unscaledDocumentRect (0,0) width=1280 height=720 header height 0 footer height 0 fixed behavior 1 layoutViewport: (0,0) width=1280 height=720 visualViewport: (0,0) width=1280 height=673 (is override 0) stable origins: min: (0.00,0.00) max: (0.00,47.00) Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [Resize] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 ScrollView::updateScrollbars (0,0) isRubberBandInProgress 0 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [] RenderingUpdateScheduler for page 0x3749d790 scheduleTimedRenderingUpdate() - already scheduled 0 page visible 1 Page 0x3749d790 updateRendering() - re-entering 0 Scope 0x37570bb0 collectActiveStyleSheets() Scope::updateActiveStyleSheets for document Document 0x3756f750 (main frame) sheets [] MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 0 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 0 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 1 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 0 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 0 FrameView 0x3756eb50 FrameViewLayoutContext::layout() with size width=1280 height=673 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (prefers-dark-interface) returning 0 MediaQueryEvaluator::evaluate on MediaQueryEvaluator::evaluate (inverted-colors) returning 0 layout size changed from 1280.000x720.000 to 1280.000x673.000 FrameView 0x3756eb50 adjustViewSize: unscaled document rect changed to (0,0) width=1280 height=673 (scaled to width=1280 height=673) ScrollView::updateScrollbars (0,0) isRubberBandInProgress 0 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [[Resize, Scroll, MediaQueryEvaluation, Animations, Fullscreen, AnimationFrameCallbacks, IntersectionObservations, ResizeObservations, Images, WheelEventMonitorCallbacks, CursorUpdate, EventRegionUpdate, LayerFlush, ScrollingTreeUpdate, FlushAutofocusCandidates, PrepareCanvasesForDisplay]] Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [[Resize, Scroll, MediaQueryEvaluation, Animations, Fullscreen, AnimationFrameCallbacks, IntersectionObservations, ResizeObservations, Images, WheelEventMonitorCallbacks, CursorUpdate, EventRegionUpdate, LayerFlush, ScrollingTreeUpdate, FlushAutofocusCandidates, PrepareCanvasesForDisplay]] RenderLayer 0x37578390 updateLayerPositionsAfterLayout RenderLayerBacking::updateAfterLayout (layer 0x37578390 needsClippingUpdate 0 needsFullRepaint 1 RenderLayerCompositor 0x37577180 [FrameView 0x3756eb50 Frame 0x3749fe70 (main frame) ] updateCompositingLayers after layout contentLayersCount 0 (S)tacking Context/(F)orced SC/O(P)portunistic SC, (N)ormal flow only, (O)verflow clip, (A)lpha (opacity or mask), has (B)lend mode, (I)solates blending, (T)ransform-ish, (F)ilter, Fi(X)ed position, Behaves as fi(x)ed, (C)omposited, (P)rovides backing/uses (p)rovided backing/paints to (a)ncestor, (c)omposited descendant, (s)scrolling ancestor, (t)transformed ancestor Dirty (z)-lists, Dirty (n)ormal flow lists Traversal needs: requirements (t)raversal on descendants, (b)acking or hierarchy traversal on descendants, (r)equirements traversal on all descendants, requirements traversal on all (s)ubsequent layers, (h)ierarchy traversal on all descendants, update of paint (o)rder children Update needs: post-(l)ayout requirements, (g)eometry, (k)ids geometry, (c)onfig, layer conne(x)ion, (s)crolling tree Scrolling scope: box contents S---------C---- -- ------ -gk--- 1 1 0x37578390 (0,0) width=1280 height=673 [SA 0x37578500] (layerID 8) {sc 1} RenderView 0x37576ba0 S-------------- -- ------ ------ 1 1 + 0x37bb3d30 (0,0) width=1280 height=673 [SA 0x37bb3ea0] RenderBlock 0x37bb3b70 HTML 0x376bc7c0 Update 2 of main frame - compositing policy is normal RenderLayerCompositor::updateCompositingLayers - mid (S)tacking Context/(F)orced SC/O(P)portunistic SC, (N)ormal flow only, (O)verflow clip, (A)lpha (opacity or mask), has (B)lend mode, (I)solates blending, (T)ransform-ish, (F)ilter, Fi(X)ed position, Behaves as fi(x)ed, (C)omposited, (P)rovides backing/uses (p)rovided backing/paints to (a)ncestor, (c)omposited descendant, (s)scrolling ancestor, (t)transformed ancestor Dirty (z)-lists, Dirty (n)ormal flow lists Traversal needs: requirements (t)raversal on descendants, (b)acking or hierarchy traversal on descendants, (r)equirements traversal on all descendants, requirements traversal on all (s)ubsequent layers, (h)ierarchy traversal on all descendants, update of paint (o)rder children Update needs: post-(l)ayout requirements, (g)eometry, (k)ids geometry, (c)onfig, layer conne(x)ion, (s)crolling tree Scrolling scope: box contents S---------C---- -- ------ -gk--s 1 1 0x37578390 (0,0) width=1280 height=673 [SA 0x37578500] (layerID 8) {sc 1} RenderView 0x37576ba0 S-------------- -- ------ ------ 1 1 + 0x37bb3d30 (0,0) width=1280 height=673 [SA 0x37bb3ea0] RenderBlock 0x37bb3b70 HTML 0x376bc7c0 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [[Resize, Scroll, MediaQueryEvaluation, Animations, Fullscreen, AnimationFrameCallbacks, IntersectionObservations, ResizeObservations, Images, WheelEventMonitorCallbacks, CursorUpdate, EventRegionUpdate, LayerFlush, ScrollingTreeUpdate, FlushAutofocusCandidates, PrepareCanvasesForDisplay]] Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [LayerFlush] remaining steps [[Resize, Scroll, MediaQueryEvaluation, Animations, Fullscreen, AnimationFrameCallbacks, IntersectionObservations, ResizeObservations, Images, WheelEventMonitorCallbacks, CursorUpdate, EventRegionUpdate, LayerFlush, ScrollingTreeUpdate, FlushAutofocusCandidates, PrepareCanvasesForDisplay]] AsyncScrollingCoordinator::insertNode main-frame-scrolling node 1 parent 0 index 0 ScrollingStateTree 0x376b20a0 insertNode 1 in parent 0 at 0 RenderLayerCompositor 0x37577180 attachScrollingNode 1 (layer 8) type main-frame-scrolling parent 0 37578390 id 8 (0,0-1280,673) 3365.00KB (root) [opaque] RenderView 0x37576ba0 - updateBackingAndHierarchy Total layers primary secondary obligatory backing (KB) secondary backing(KB) total backing (KB) update time (ms) 1 1 0 3365.00 0.00 3365.00 31.63 RenderLayerCompositor::updateCompositingLayers - post (S)tacking Context/(F)orced SC/O(P)portunistic SC, (N)ormal flow only, (O)verflow clip, (A)lpha (opacity or mask), has (B)lend mode, (I)solates blending, (T)ransform-ish, (F)ilter, Fi(X)ed position, Behaves as fi(x)ed, (C)omposited, (P)rovides backing/uses (p)rovided backing/paints to (a)ncestor, (c)omposited descendant, (s)scrolling ancestor, (t)transformed ancestor Dirty (z)-lists, Dirty (n)ormal flow lists Traversal needs: requirements (t)raversal on descendants, (b)acking or hierarchy traversal on descendants, (r)equirements traversal on all descendants, requirements traversal on all (s)ubsequent layers, (h)ierarchy traversal on all descendants, update of paint (o)rder children Update needs: post-(l)ayout requirements, (g)eometry, (k)ids geometry, (c)onfig, layer conne(x)ion, (s)crolling tree Scrolling scope: box contents S---------C---- -- ------ ------ 1 1 0x37578390 (0,0) width=1280 height=673 [SA 0x37578500] (layerID 8) {sc 1} RenderView 0x37576ba0 S-------------- -- ------ ------ 1 1 + 0x37bb3d30 (0,0) width=1280 height=673 [SA 0x37bb3ea0] RenderBlock 0x37bb3b70 HTML 0x376bc7c0 FrameView 0x3756eb50 performPostLayoutTasks Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [ScrollingTreeUpdate] remaining steps [[Resize, Scroll, MediaQueryEvaluation, Animations, Fullscreen, AnimationFrameCallbacks, IntersectionObservations, ResizeObservations, Images, WheelEventMonitorCallbacks, CursorUpdate, EventRegionUpdate, LayerFlush, ScrollingTreeUpdate, FlushAutofocusCandidates, PrepareCanvasesForDisplay]] FrameView 0x3756eb50 scheduleResizeEventIfNeeded scheduling resize event for document0x3756f750, size width=1280 height=673 Page 0x3749d790 scheduleTimedRenderingUpdate() - requestedSteps [Resize] remaining steps [[Resize, Scroll, MediaQueryEvaluation, Animations, Fullscreen, AnimationFrameCallbacks, IntersectionObservations, ResizeObservations, Images, WheelEventMonitorCallbacks, CursorUpdate, EventRegionUpdate, LayerFlush, ScrollingTreeUpdate, FlushAutofocusCandidates, PrepareCanvasesForDisplay]] FrameView 0x3756eb50 updateLayoutViewport() totalContentSize width=1280 height=673 unscaledDocumentRect (0,0) width=1280 height=673 header height 0 footer height 0 fixed behavior 1 layoutViewport: (0,0) width=1280 height=673 visualViewport: (0,0) width=1280 height=673 (is override 0) stable origins: min: (0.00,0.00) max: (0.00,0.00) FrameView 0x3756eb50 Frame 0x3749fe70 (main frame) updateScrollSnapState: isScrollSnapInProgress 0 isUserScrollInProgress 0 ScrollingTree 0x376b21d0 commitTreeState ScrollingTreeFrameScrollingNode 1 layoutViewportForScrollPosition: (visibleContentOrigin (0,0), visualViewportSize width=1280 height=673) fixed behavior 1 layoutViewport: (0,0) width=1280 height=673 visualViewport: (0,0) width=1280 height=673 scroll positions: min: (0,0) max: (0,0) committed ScrollingTree (scrolling tree (frame scrolling node (nodeID 1) (scrollable area size width=1280 height=673) (total content size width=1280 height=673) (last committed scroll position (0,0)) (scrollable area parameters (horizontal scroll elasticity 1) (vertical scroll elasticity 1) (horizontal scrollbar mode 0) (vertical scrollbar mode 0)) (layout viewport (0,0) width=1280 height=673) (min layoutViewport origin (0,0)) (max layoutViewport origin (0,0)) (behavior for fixed 1))) Document 0x3756f750 sending resize events to window Document 0x3756f750 sending resize events to visualViewport [-> UI 17 receiver 0x2032f6f0] WebPageProxy_DecidePolicyForNavigationActionAsync (frameID 3) (frameInfo ...) (policyCheckIdentifier ...) (navigationID 1) (navigationActionData ...) (originatingFrameInfoData ...) (originatingPageID 8) (originalRequest ...) (request ...) (requestBody ...) (redirectResponse ...) (userData ...) (listenerID 1) WebPageProxy::decidePolicyForNavigationAction - Original URL https://mozilla.github.io/webrtc-landing/gum_test.html, current target URL https://mozilla.github.io/webrtc-landing/gum_test.html RenderLayer 0x37578390 1280x673 RenderLayerBacking 0x38834e90 bounds (0,0) width=1280 height=673 primary layer ID 8 scrolling node 1 0x38834e90 updateEventRegion (needs update: 1, maintainsEventRegion: 0) Page 0x3749d790 finalizeRenderingUpdate() RenderLayerCompositor 0x37577180 flushPendingLayerChanges (is root 1) visible rect (0,0) width=1280 height=673 [-> UI 17 receiver 0x1f9b8670] WebProcessProxy_StopResponsivenessTimer [-> UI 17 receiver 0x2032f6f0] WebPageProxy_DidChangeContentSize (newSize width=1280 height=673) [-> UI 17 receiver 0x2032f6f0] WebPageProxy_SetRenderTreeSize (treeSize 3) memoryControllerName - empty namespace (hierarchy: 0): /user.slice/user-1001.slice/user@1001.service/app.slice/app-flatpak-org.webkit.Sdk-867804.scope /app/webkit/Source/WebKit/UIProcess/linux/MemoryPressureMonitor.cpp(234) : WTF::CString WebKit::getCgroupControllerPath(FILE*, const char*) MemoryPressureMonitor::memory: real (memory total=131763020 MB) (memory available=120200008 MB) (memory usage percentage=8 MB) /app/webkit/Source/WebKit/UIProcess/linux/MemoryPressureMonitor.cpp(285) : int WebKit::systemMemoryUsedAsPercentage(FILE*, FILE*, WebKit::CGroupMemoryController*) MemoryPressureMonitor::memory: memoryUsagePercentage (8) /app/webkit/Source/WebKit/UIProcess/linux/MemoryPressureMonitor.cpp(296) : int WebKit::systemMemoryUsedAsPercentage(FILE*, FILE*, WebKit::CGroupMemoryController*) RenderLayerCompositor::flushPendingLayerChanges (GraphicsLayer 0x38827c30 "overflow controls host" (primary-layer-id 3) (backingStoreAttached 1) (paintingPhases [background, foreground]) (children 1 (GraphicsLayer 0x3882a840 "frame clipping" (anchor 0.00 0.00) (bounds 1280.00 673.00) (clips 1) (primary-layer-id 5) (backingStoreAttached 1) (event region (rect (0,0) width=1280 height=673) ) (paintingPhases [background, foreground]) (children 1 (GraphicsLayer 0x38828ea0 "frame scrolled contents" (anchor 0.00 0.00) (primary-layer-id 4) (backingStoreAttached 1) (paintingPhases [background, foreground]) (children 1 (GraphicsLayer 0x38825800 "content root" (anchor 0.00 0.00) (bounds 1280.00 673.00) (primary-layer-id 2) (backingStoreAttached 1) (paintingPhases [background, foreground]) (children 1 (GraphicsLayer 0x38835020 "RenderView 0x37576ba0" (bounds 1280.00 673.00) (contentsOpaque 1) (drawsContent 1) (primary-layer-id 8) (backingStoreAttached 1) (paintingPhases [background, foreground]) ) ) ) ) ) ) ) ) ) Page 0x3749d790 renderingUpdateCompleted() - steps [] unfulfilled steps [] Page 0x3749d790 updateRendering() - re-entering 0 RenderLayer 0x37578390 1280x673 RenderLayerBacking 0x38834e90 bounds (0,0) width=1280 height=673 primary layer ID 8 scrolling node 1 0x38834e90 updateEventRegion (needs update: 1, maintainsEventRegion: 0) Page 0x3749d790 finalizeRenderingUpdate() RenderLayerCompositor 0x37577180 flushPendingLayerChanges (is root 1) visible rect (0,0) width=1280 height=673 RenderLayerCompositor::flushPendingLayerChanges (GraphicsLayer 0x38827c30 "overflow controls host" (primary-layer-id 3) (backingStoreAttached 1) (paintingPhases [background, foreground]) (children 1 (GraphicsLayer 0x3882a840 "frame clipping" (anchor 0.00 0.00) (bounds 1280.00 673.00) (clips 1) (primary-layer-id 5) (backingStoreAttached 1) (event region (rect (0,0) width=1280 height=673) ) (paintingPhases [background, foreground]) (children 1 (GraphicsLayer 0x38828ea0 "frame scrolled contents" (anchor 0.00 0.00) (primary-layer-id 4) (backingStoreAttached 1) (paintingPhases [background, foreground]) (children 1 (GraphicsLayer 0x38825800 "content root" (anchor 0.00 0.00) (bounds 1280.00 673.00) (primary-layer-id 2) (backingStoreAttached 1) (paintingPhases [background, foreground]) (children 1 (GraphicsLayer 0x38835020 "RenderView 0x37576ba0" (bounds 1280.00 673.00) (contentsOpaque 1) (drawsContent 1) (primary-layer-id 8) (backingStoreAttached 1) (paintingPhases [background, foreground]) ) ) ) ) ) ) ) ) ) Page 0x3749d790 renderingUpdateCompleted() - steps [] unfulfilled steps [] RenderLayerCompositor 0x37577180 rootBackgroundColorOrTransparencyChanged. isTransparent=0 RenderLayer 0x37bb3d30 backgroundClipRect with context (root layer: 0x37578390) (type: painting) (overflow-clip: respect) returning rect infinite RenderLayer 0x37bb3d30 backgroundClipRect with context (root layer: 0x37578390) (type: painting) (overflow-clip: respect) returning rect infinite RenderLayer 0x37bb3d30 backgroundClipRect with context (root layer: 0x37578390) (type: painting) (overflow-clip: respect) returning rect infinite RenderLayer 0x37bb3d30 backgroundClipRect with context (root layer: 0x37578390) (type: painting) (overflow-clip: respect) returning rect infinite RenderLayer 0x37bb3d30 backgroundClipRect with context (root layer: 0x37578390) (type: painting) (overflow-clip: respect) returning rect infinite RenderLayer 0x37bb3d30 backgroundClipRect with context (root layer: 0x37578390) (type: painting) (overflow-clip: respect) returning rect infinite [-> Web 74 receiver 0x37568df0] DrawingArea_TargetRefreshRateDidChange (rate 60000) ASSERTION FAILED: !RunLoop::isMain() /app/webkit/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp(315) : void WebKit::ThreadedCompositor::targetRefreshRateDidChange(unsigned int) 1 0x10f7e8ab WTFCrash 2 0xd95b1a6 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x91081a6) [0xd95b1a6] 3 0xe6e3105 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9e90105) [0xe6e3105] 4 0xeffa8f5 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa7a78f5) [0xeffa8f5] 5 0xeff8387 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa7a5387) [0xeff8387] 6 0xdfb33ad /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x97603ad) [0xdfb33ad] 7 0xdfb2df6 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x975fdf6) [0xdfb2df6] 8 0xdfb2b6b /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x975fb6b) [0xdfb2b6b] 9 0xdfb2710 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x975f710) [0xdfb2710] 10 0xe5b3dd8 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d60dd8) [0xe5b3dd8] 11 0xeca8fa9 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa455fa9) [0xeca8fa9] 12 0xe58b524 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d38524) [0xe58b524] 13 0xe58b7bb /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d387bb) [0xe58b7bb] 14 0xe58bd62 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d38d62) [0xe58bd62] 15 0xe58b234 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d38234) [0xe58b234] 16 0xe592318 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x9d3f318) [0xe592318] 17 0xd9d63d5 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0x91833d5) [0xd9d63d5] 18 0x10fd52e1 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc7822e1) [0x10fd52e1] 19 0x11080af0 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc82daf0) [0x11080af0] 20 0x11080b14 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc82db14) [0x11080b14] 21 0x11080a83 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc82da83) [0x11080a83] 22 0x11080ad1 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xc82dad1) [0x11080ad1] 23 0x15fb5294 g_main_context_dispatch 24 0x15fb5638 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0(+0x58638) [0x15fb5638] 25 0x15fb5943 g_main_loop_run 26 0x1108113c WTF::RunLoop::run() 27 0xf022551 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa7cf551) [0xf022551] 28 0xf01fc03 /app/webkit/WebKitBuild/Debug/lib/libWPEWebKit-1.1.so.0(+0xa7ccc03) [0xf01fc03] 29 0xf01c15b WebKit::WebProcessMain(int, char**) 30 0x109919 /app/webkit/WebKitBuild/Debug/bin/WPEWebProcess(+0x1919) [0x109919] 31 0x1669fbc0 __libc_start_main ==74== Thread 4 ReceiveQueue: ==74== Syscall param sendmsg(msg.msg_iov[2]) points to uninitialised byte(s) ==74== at 0x1678109B: __libc_sendmsg (sendmsg.c:28) ==74== by 0x1678109B: sendmsg (sendmsg.c:25) ==74== by 0xE5DAD59: IPC::Connection::sendOutputMessage(IPC::UnixMessage&) (ConnectionUnix.cpp:548) ==74== by 0xE5DA2D7: IPC::Connection::sendOutgoingMessage(WTF::UniqueRef<IPC::Encoder>&&) (ConnectionUnix.cpp:462) ==74== by 0xE58AC0F: IPC::Connection::sendOutgoingMessages() (Connection.cpp:975) ==74== by 0xE5884CD: IPC::Connection::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<WTF::Thread::QOS>)::{lambda()#1}::operator()() (Connection.cpp:511) ==74== by 0xE59246D: WTF::Detail::CallableWrapper<IPC::Connection::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<WTF::Thread::QOS>)::{lambda()#1}, void>::call() (Function.h:53) ==74== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==74== by 0x1107BB21: WTF::WorkQueueBase::dispatch(WTF::Function<void ()>&&)::{lambda()#1}::operator()() const (WorkQueueGeneric.cpp:70) ==74== by 0x1107DAD1: WTF::Detail::CallableWrapper<WTF::WorkQueueBase::dispatch(WTF::Function<void ()>&&)::{lambda()#1}, void>::call() (Function.h:53) ==74== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==74== by 0x10FD52E0: WTF::RunLoop::performWork() (RunLoop.cpp:133) ==74== by 0x11080AEF: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const (RunLoopGLib.cpp:80) ==74== by 0x11080B13: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82) ==74== by 0x11080A82: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const (RunLoopGLib.cpp:53) ==74== by 0x11080AD0: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56) ==74== by 0x15FB5293: g_main_dispatch (gmain.c:3381) ==74== by 0x15FB5293: g_main_context_dispatch (gmain.c:4099) ==74== by 0x15FB5637: g_main_context_iterate.constprop.0 (gmain.c:4175) ==74== by 0x15FB5942: g_main_loop_run (gmain.c:4373) ==74== by 0x1108113B: WTF::RunLoop::run() (RunLoopGLib.cpp:108) ==74== by 0x1107B965: WTF::WorkQueueBase::platformInitialize(char const*, WTF::WorkQueueBase::Type, WTF::Thread::QOS)::{lambda()#1}::operator()() const (WorkQueueGeneric.cpp:51) ==74== by 0x1107DB11: WTF::Detail::CallableWrapper<WTF::WorkQueueBase::platformInitialize(char const*, WTF::WorkQueueBase::Type, WTF::Thread::QOS)::{lambda()#1}, void>::call() (Function.h:53) ==74== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==74== by 0x10FDDC14: WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (Threading.cpp:236) ==74== by 0x1108DD82: WTF::wtfThreadEntryPoint(void*) (ThreadingPOSIX.cpp:242) ==74== by 0x18A433B9: start_thread (pthread_create.c:481) ==74== by 0x1677F952: clone (clone.S:95) ==74== Address 0x389208f8 is 104 bytes inside a block of size 576 alloc'd ==74== at 0x4840899: malloc (vg_replace_malloc.c:381) ==74== by 0x10F91B41: WTF::fastMalloc(unsigned long) (FastMalloc.cpp:232) ==74== by 0xD95BA91: IPC::Encoder::operator new(unsigned long) (Encoder.h:44) ==74== by 0xD961455: WTF::UniqueRef<IPC::Encoder> WTF::makeUniqueRefWithoutFastMallocCheck<IPC::Encoder, IPC::MessageName, unsigned long&>(IPC::MessageName&&, unsigned long&) (UniqueRef.h:40) ==74== by 0xD960261: WTF::UniqueRef<IPC::Encoder> WTF::makeUniqueRef<IPC::Encoder, IPC::MessageName, unsigned long&>(IPC::MessageName&&, unsigned long&) (UniqueRef.h:47) ==74== by 0xF00D6E6: bool IPC::MessageSender::send<Messages::DrawingAreaProxy::DidUpdateBackingStoreState>(Messages::DrawingAreaProxy::DidUpdateBackingStoreState&&, unsigned long, WTF::OptionSet<IPC::SendOption>) (MessageSender.h:47) ==74== by 0xF00A044: bool WebKit::DrawingArea::send<Messages::DrawingAreaProxy::DidUpdateBackingStoreState>(Messages::DrawingAreaProxy::DidUpdateBackingStoreState&&) (DrawingArea.h:162) ==74== by 0xEFF8788: WebKit::DrawingAreaCoordinatedGraphics::sendDidUpdateBackingStoreState() (DrawingAreaCoordinatedGraphics.cpp:565) ==74== by 0xEFF82EC: WebKit::DrawingAreaCoordinatedGraphics::updateBackingStoreState(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&) (DrawingAreaCoordinatedGraphics.cpp:453) ==74== by 0xDFB331B: void IPC::callMemberFunctionImpl<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&), std::tuple<unsigned long, bool, float, WebCore::IntSize, WebCore::IntSize>, 0ul, 1ul, 2ul, 3ul, 4ul>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&), std::tuple<unsigned long, bool, float, WebCore::IntSize, WebCore::IntSize>&&, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul>) (HandleMessage.h:131) ==74== by 0xDFB2DB7: void IPC::callMemberFunction<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&), std::tuple<unsigned long, bool, float, WebCore::IntSize, WebCore::IntSize>, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul> >(std::tuple<unsigned long, bool, float, WebCore::IntSize, WebCore::IntSize>&&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&)) (HandleMessage.h:137) ==74== by 0xDFB2A92: void IPC::handleMessage<Messages::DrawingArea::UpdateBackingStoreState, WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&)>(IPC::Connection&, IPC::Decoder&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned long, bool, float, WebCore::IntSize const&, WebCore::IntSize const&)) (HandleMessage.h:259) ==74== by 0xDFB26BB: WebKit::DrawingArea::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (DrawingAreaMessageReceiver.cpp:75) ==74== by 0xE5B3DD7: IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (MessageReceiverMap.cpp:129) ==74== by 0xECA8FA8: WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebProcess.cpp:912) ==74== by 0xE58B523: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:1108) ==74== by 0xE58B7BA: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1153) ==74== by 0xE58BD61: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1222) ==74== by 0xE58B233: IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}::operator()() (Connection.cpp:1072) ==74== by 0xE592317: WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}, void>::call() (Function.h:53) ==74== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==74== by 0x10FD52E0: WTF::RunLoop::performWork() (RunLoop.cpp:133) ==74== by 0x11080AEF: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const (RunLoopGLib.cpp:80) ==74== by 0x11080B13: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82) ==74== by 0x11080A82: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const (RunLoopGLib.cpp:53) ==74== by 0x11080AD0: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56) ==74== by 0x15FB5293: g_main_dispatch (gmain.c:3381) ==74== by 0x15FB5293: g_main_context_dispatch (gmain.c:4099) ==74== by 0x15FB5637: g_main_context_iterate.constprop.0 (gmain.c:4175) ==74== by 0x15FB5942: g_main_loop_run (gmain.c:4373) ==74== by 0x1108113B: WTF::RunLoop::run() (RunLoopGLib.cpp:108) ==74== by 0xF022550: WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (AuxiliaryProcessMain.h:70) ==74== by 0xF01FC02: int WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWPE>(int, char**) (AuxiliaryProcessMain.h:96) ==74== by 0xF01C15A: WebKit::WebProcessMain(int, char**) (WebProcessMainWPE.cpp:75) ==74== by 0x109918: main (WebProcessMain.cpp:31) ==74== Uninitialised value was created by a stack allocation ==74== at 0xEFF83E8: WebKit::DrawingAreaCoordinatedGraphics::sendDidUpdateBackingStoreState() (DrawingAreaCoordinatedGraphics.cpp:529) ==74== ==74== Thread 1: ==74== Invalid write of size 4 ==74== at 0x10F7E8B0: WTFCrash (Assertions.cpp:328) ==74== by 0xD95B1A5: WTFCrashWithInfo(int, char const*, char const*, int) (Assertions.h:754) ==74== by 0xE6E3104: WebKit::ThreadedCompositor::targetRefreshRateDidChange(unsigned int) (ThreadedCompositor.cpp:315) ==74== by 0xEFFA8F4: WebKit::LayerTreeHost::targetRefreshRateDidChange(unsigned int) (LayerTreeHost.cpp:254) ==74== by 0xEFF8386: WebKit::DrawingAreaCoordinatedGraphics::targetRefreshRateDidChange(unsigned int) (DrawingAreaCoordinatedGraphics.cpp:469) ==74== by 0xDFB33AC: void IPC::callMemberFunctionImpl<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>, 0ul>(WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>&&, std::integer_sequence<unsigned long, 0ul>) (HandleMessage.h:131) ==74== by 0xDFB2DF5: void IPC::callMemberFunction<WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int), std::tuple<unsigned int>, std::integer_sequence<unsigned long, 0ul> >(std::tuple<unsigned int>&&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int)) (HandleMessage.h:137) ==74== by 0xDFB2B6A: void IPC::handleMessage<Messages::DrawingArea::TargetRefreshRateDidChange, WebKit::DrawingArea, void (WebKit::DrawingArea::*)(unsigned int)>(IPC::Connection&, IPC::Decoder&, WebKit::DrawingArea*, void (WebKit::DrawingArea::*)(unsigned int)) (HandleMessage.h:259) ==74== by 0xDFB270F: WebKit::DrawingArea::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (DrawingAreaMessageReceiver.cpp:79) ==74== by 0xE5B3DD7: IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) (MessageReceiverMap.cpp:129) ==74== by 0xECA8FA8: WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebProcess.cpp:912) ==74== by 0xE58B523: IPC::Connection::dispatchMessage(IPC::Decoder&) (Connection.cpp:1108) ==74== by 0xE58B7BA: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1153) ==74== by 0xE58BD61: IPC::Connection::dispatchOneIncomingMessage() (Connection.cpp:1222) ==74== by 0xE58B233: IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}::operator()() (Connection.cpp:1072) ==74== by 0xE592317: WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}, void>::call() (Function.h:53) ==74== by 0xD9D63D4: WTF::Function<void ()>::operator()() const (Function.h:82) ==74== by 0x10FD52E0: WTF::RunLoop::performWork() (RunLoop.cpp:133) ==74== by 0x11080AEF: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::operator()(void*) const (RunLoopGLib.cpp:80) ==74== by 0x11080B13: WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (RunLoopGLib.cpp:82) ==74== by 0x11080A82: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::operator()(_GSource*, int (*)(void*), void*) const (RunLoopGLib.cpp:53) ==74== by 0x11080AD0: WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (RunLoopGLib.cpp:56) ==74== by 0x15FB5293: g_main_dispatch (gmain.c:3381) ==74== by 0x15FB5293: g_main_context_dispatch (gmain.c:4099) ==74== by 0x15FB5637: g_main_context_iterate.constprop.0 (gmain.c:4175) ==74== by 0x15FB5942: g_main_loop_run (gmain.c:4373) ==74== by 0x1108113B: WTF::RunLoop::run() (RunLoopGLib.cpp:108) ==74== by 0xF022550: WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (AuxiliaryProcessMain.h:70) ==74== by 0xF01FC02: int WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainWPE>(int, char**) (AuxiliaryProcessMain.h:96) ==74== by 0xF01C15A: WebKit::WebProcessMain(int, char**) (WebProcessMainWPE.cpp:75) ==74== by 0x109918: main (WebProcessMain.cpp:31) ==74== Address 0xbbadbeef is not stack'd, malloc'd or (recently) free'd ==74==

Also looks unrelated.

If I'm reading the trace right...it looks like something relating to part of layerTreeContext being uninitialized might be the issue? https://github.com/WebKit/WebKit/blob/e4ff5dfc94ce873599833e9fbfcbe130b2ce3c9f/Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp#L565 It looks like the uninitialized bytes originate from that function scope: ==137== Uninitialised value was created by a stack allocation ==137== at 0xEFF7EA8: WebKit::DrawingAreaCoordinatedGraphics::sendDidUpdateBackingStoreState() (DrawingAreaCoordinatedGraphics.cpp:529)

Yes, but why are we using one bug report to look into multiple separate issues?

That's part of the original issue trace(and the last trace the looked similar to me).

(In reply to James Hilliard from comment #8) > If I'm reading the trace right...it looks like something relating to part of > layerTreeContext being uninitialized might be the issue? > > https://github.com/WebKit/WebKit/blob/ > e4ff5dfc94ce873599833e9fbfcbe130b2ce3c9f/Source/WebKit/WebProcess/WebPage/ > CoordinatedGraphics/DrawingAreaCoordinatedGraphics.cpp#L565 > > It looks like the uninitialized bytes originate from that function scope: > ==137== Uninitialised value was created by a stack allocation > ==137== at 0xEFF7EA8: > WebKit::DrawingAreaCoordinatedGraphics::sendDidUpdateBackingStoreState() > (DrawingAreaCoordinatedGraphics.cpp:529) layerTreeContext is initialized (see LayerTreeContext constructor). UpdateInfo has uninitialized part and valgrind is reporting it, but it does not affect on the behavior.

Hmm, should the IPC encoder/decoder maybe be modified to avoid using unallocated memory? It seems this is triggering a fatal error in valgrind.

Pull request: https://github.com/WebKit/WebKit/pull/2273

Committed 252330@main (f4367f2cffe4): <https://commits.webkit.org/252330@main> Reviewed commits have been landed. Closing PR #2273 and removing active labels.

<rdar://problem/96802851>