Bug 254117

Created attachment 465492 [details] Full backtrace

It's also easy to reproduce with WPE+Cog using F11 to switch to fullscreen. Reverting this commit in WPEBackend-fdo makes the crash go away, but I think then we are leaking: https://github.com/Igalia/WPEBackend-fdo/commit/0d6a75a61e8377d65130eeb59b752cac8e9c9fca Interestingly, Pablo (added in CC) has not been able to reproduce it with a nested Weston session, but for me using either a GNOME Shell Wayland session or a wlroots based compositor (non-nested), it's quite fast to reproduce. We are still not sure if the issue is in WPEBackend-fdo or in WebKit.

(In reply to Adrian Perez from comment #2) > It's also easy to reproduce with WPE+Cog using F11 to switch to fullscreen. > Reverting this commit in WPEBackend-fdo makes the crash go away, but I think > then we are leaking: > > https://github.com/Igalia/WPEBackend-fdo/commit/ > 0d6a75a61e8377d65130eeb59b752cac8e9c9fca Of course, this is the same as https://github.com/Igalia/WPEBackend-fdo/pull/178

I just hit this four times in less than two minutes. O_O We'd better figure out how the ownership here is supposed to work....

(In reply to Adrian Perez from comment #2) > It's also easy to reproduce with WPE+Cog using F11 to switch to fullscreen. Doesn't happen for me either. Since it's happening for you, please try to get it with 'valgrind --track-origins=yes'

Oh and the cog crash must be somewhat different, because AcceleratedBackingStoreWayland is GTK-specific code, but I've no doubt the two problems are related.

I can't reproduce the issue in this scenario: ii epiphany-browser 43.1-1 amd64 Intuitive GNOME web browser ii epiphany-browser-data 43.1-1 all Data files for the GNOME web browser ii epiphany-browser-dbgsym 43.1-1 amd64 debug symbols for epiphany-browser ii libmutter-10-0:amd64 42.5-0ubuntu1 amd64 window manager library from the Mutter window manager ... ii libwayland-egl1:i386 1.20.0-1ubuntu0.1 i386 wayland compositor infrastructure - EGL library ii libwayland-server0:amd64 1.20.0-1ubuntu0.1 amd64 wayland compositor infrastructure - server library ii libwayland-server0:i386 1.20.0-1ubuntu0.1 i386 wayland compositor infrastructure - server library ii libwpe-1.0-1:amd64 1.12.0-1 amd64 Base library for the WPE WebKit port ii libwpe-1.0-dev:amd64 1.12.0-1 amd64 Base library for the WPE WebKit port - development files ii libwpebackend-fdo-1.0-1:amd64 1.14.1-1 amd64 WPE backend for FreeDesktop.org ii libwpewebkit-1.0-3:amd64 2.36.0-2ubuntu3 amd64 Web content engine for embedded devices ii libwpewebkit-1.0-dev:amd64 2.36.0-2ubuntu3 amd64 Web content engine for embedded devices - development files and not notorious patches applied to the the packages. Still I have libwebkit2gtk-4.1-0:amd64 2.38.5-0ubuntu0.22.04.1 installed. I will try a backport and test 2.39 built on local.

This is very likely "fixed" by wpebackend-fdo 1.14.2, which just reverts the problematic commit.

So I discovered that I'm able to reproduce this crash reliably by attempting to log into gitlab.com, and managed to catch it under valgrind. Unfortunately it seems the GNOME runtime's debuginfo for libwayland-server.so is broken. But here is what I've got: ==3== Invalid read of size 8 ==3== at 0xEA37814: releaseImage (view-backend-exportable-fdo-egl.cpp:250) ==3== by 0xEA37814: wpe_view_backend_exportable_fdo_egl_dispatch_release_exported_image (view-backend-exportable-fdo-egl.cpp:330) ==3== by 0x6B519A2: WebKit::AcceleratedBackingStoreWayland::tryEnsureTexture(unsigned int&, WebCore::IntSize&) (Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreWayland.cpp:408) ==3== by 0x6B51D32: WebKit::AcceleratedBackingStoreWayland::snapshot(_GdkSnapshot*) (Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreWayland.cpp:485) ==3== by 0x6AB6B39: webkitWebViewBaseSnapshot(_GtkWidget*, _GdkSnapshot*) (Source/WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp:757) ==3== by 0x501CB37: gtk_widget_create_render_node (gtkwidget.c:11777) ==3== by 0x501F5AB: gtk_widget_do_snapshot (gtkwidget.c:11817) ==3== by 0x502B3D1: gtk_widget_snapshot_child (gtkwidget.c:12238) ==3== by 0x4F5F2B6: gtk_overlay_snapshot_child (gtkoverlay.c:201) ==3== by 0x4F5F2B6: gtk_overlay_snapshot (gtkoverlay.c:224) ==3== by 0x501C72A: gtk_widget_create_render_node (gtkwidget.c:11782) ==3== by 0x501F5AB: gtk_widget_do_snapshot (gtkwidget.c:11817) ==3== by 0x502B3D1: gtk_widget_snapshot_child (gtkwidget.c:12238) ==3== by 0x502B47D: gtk_widget_real_snapshot (gtkwidget.c:757) ==3== Address 0x89a0e640 is 16 bytes inside a block of size 48 free'd ==3== at 0x484989F: operator delete(void*) (vg_replace_malloc.c:935) ==3== by 0xF176D37: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF1749CF: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF17DBD2: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF17DC1D: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF174D82: wl_client_destroy (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF17410C: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF177FB7: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF1796D0: wl_event_loop_dispatch (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xEA38A6A: operator() (ws.cpp:77) ==3== by 0xEA38A6A: WS::ServerSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) (ws.cpp:86) ==3== by 0x4AA1D48: g_main_dispatch (gmain.c:3460) ==3== by 0x4AA1D48: g_main_context_dispatch (gmain.c:4200) ==3== by 0x4AA22A7: g_main_context_iterate.constprop.0 (gmain.c:4276) ==3== Block was alloc'd at ==3== at 0x4847003: operator new(unsigned long) (vg_replace_malloc.c:434) ==3== by 0xEA3748A: exportBuffer (view-backend-exportable-fdo-egl.cpp:212) ==3== by 0xEA3748A: (anonymous namespace)::ClientBundleEGL::exportBuffer(linux_dmabuf_buffer const*) (view-backend-exportable-fdo-egl.cpp:201) ==3== by 0xBC25055: ffi_call_unix64 (unix64.S:104) ==3== by 0xBC23ADC: ffi_call_int (ffi64.c:673) ==3== by 0xBC242B2: ffi_call (ffi64.c:710) ==3== by 0xF17BE41: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF1744B5: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF177FB7: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xF1796D0: wl_event_loop_dispatch (in /usr/lib/x86_64-linux-gnu/libwayland-server.so.0.21.0) ==3== by 0xEA38A6A: operator() (ws.cpp:77) ==3== by 0xEA38A6A: WS::ServerSource::{lambda(_GSource*, int (*)(void*), void*)#3}::_FUN(_GSource*, int (*)(void*), void*) (ws.cpp:86) ==3== by 0x4AA1D48: g_main_dispatch (gmain.c:3460) ==3== by 0x4AA1D48: g_main_context_dispatch (gmain.c:4200) ==3== by 0x4AA22A7: g_main_context_iterate.constprop.0 (gmain.c:4276) Unfortunately we don't really know what's going on when freening the "16 bytes inside a block of size 48 free'd" due to all the ??? frames due to broken debuginfo. However, that's the dispatch callback of WS::ServerSource::s_sourceFuncs, so surely it's being deleted during the call to wl_event_loop_dispatch. That doesn't really tell us as much as I had hoped, though. :/

(In reply to Michael Catanzaro from comment #9) > > [...] > > Unfortunately we don't really know what's going on when freening the "16 > bytes inside a block of size 48 free'd" due to all the ??? frames due to > broken debuginfo. However, that's the dispatch callback of > WS::ServerSource::s_sourceFuncs, so surely it's being deleted during the > call to wl_event_loop_dispatch. That doesn't really tell us as much as I had > hoped, though. :/ Thanks for the information Michael! I think it kind of goes in the direction that we suspected, the gtk code that runs in the loop waiting to generate a new snapshot is not protected for the situation where the export is already gone because wayland decided to destroy it. Hopefully we can write a patch where we can check if the export is there or even stop the previous rendering signals if the destruction happens. We have a very similar code in cog gtk4 backend, so we should try to check both. I hope we can confirm this sooner than later.

OK I was able to reproduce it (or one similar to the one reported by Michael in comment#1 ). I got the crash by closing epiphany with the https://webkit.org/blog-files/3d-transforms/poster-circle.html open in one tab: ``` Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `./bin/epiphany'. Program terminated with signal SIGBUS, Bus error. #0 0x00007f350554e2bd in wl_resource_post_event () from /lib/x86_64-linux-gnu/libwayland-server.so.0 [Current thread is 1 (Thread 0x7f35021ccd40 (LWP 2356518))] (gdb) bt #0 0x00007f350554e2bd in wl_resource_post_event () at /lib/x86_64-linux-gnu/libwayland-server.so.0 #1 0x00007f3505f51c98 in wl_buffer_send_release(wl_resource*) (resource_=0x2d6e692d6e6f6974) at /usr/include/wayland-server-protocol.h:1713 #2 0x00007f3505f522f6 in ViewBackend::releaseBuffer(wl_resource*) (this=0x5629de7f0250, buffer_resource=0x2d6e692d6e6f6974) at ../src/view-backend-private.cpp:115 #3 0x00007f3505f50c4a in (anonymous namespace)::ClientBundleEGL::releaseImage(wpe_fdo_egl_exported_image*) (this=0x5629de7f1e90, image=0x5629dea25c70) at ../src/view-backend-exportable-fdo-egl.cpp:251 #4 0x00007f3505f50f64 in wpe_view_backend_exportable_fdo_egl_dispatch_release_exported_image(wpe_view_backend_exportable_fdo*, wpe_fdo_egl_exported_image*) (exportable=0x5629de7f1ec0, image=0x5629dea25c70) at ../src/view-backend-exportable-fdo-egl.cpp:330 #5 0x00007f35099847b4 in WebKit::AcceleratedBackingStoreWayland::~AcceleratedBackingStoreWayland() () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #6 0x00007f35098e90d7 in webkitWebViewBaseDispose(_GObject*) () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #7 0x00007f350ee3d943 in ephy_web_view_dispose (object=0x5629dcd4a610) at ../embed/ephy-web-view.c:3908 #8 0x00007f350ec96011 in g_object_run_dispose () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #9 0x00007f350e681e04 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #10 0x00007f350e57702a in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #11 0x00007f350ec87c6c in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #12 0x00007f350eca3ba0 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #13 0x00007f350eca5614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #14 0x00007f350eca5863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #15 0x00007f350e7a7600 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #16 0x00007f350ec96011 in g_object_run_dispose () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #17 0x00007f350e52c6f0 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #18 0x00007f350e57702a in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #19 0x00007f350ec87c6c in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #20 0x00007f350eca3ba0 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #21 0x00007f350eca5614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #22 0x00007f350eca5863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #23 0x00007f350e7a7600 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #24 0x00007f350ee221a2 in ephy_embed_dispose (object=0x5629dd263040) at ../embed/ephy-embed.c:373 #25 0x00007f350ec95ed1 in g_object_unref () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #26 0x00007f3508b99c9e in () at /lib/x86_64-linux-gnu/libhandy-1.so.0 #27 0x00007f350ec95f9d in g_object_unref () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #28 0x00007f3508ba401d in () at /lib/x86_64-linux-gnu/libhandy-1.so.0 #29 0x00007f350ec96011 in g_object_run_dispose () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #30 0x00007f350e57702a in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #31 0x00007f350ec87c6c in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #32 0x00007f350eca3ba0 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #33 0x00007f350eca5614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #34 0x00007f350eca5863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #35 0x00007f350e7a7600 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #36 0x00007f350ec96011 in g_object_run_dispose () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #37 0x00007f350e52c6f0 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #38 0x00007f350e57702a in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #39 0x00007f350ec87c6c in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #40 0x00007f350eca3ba0 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #41 0x00007f350eca5614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #42 0x00007f350eca5863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #43 0x00007f350e7a7600 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #44 0x00007f350ec96011 in g_object_run_dispose () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #45 0x00007f3508b80788 in () at /lib/x86_64-linux-gnu/libhandy-1.so.0 #46 0x00007f350edc712c in ephy_fullscreen_box_forall (container=0x5629dd0214a0, include_internals=0, callback=0x7f350e7976b0 <gtk_widget_destroy>, callback_data=0x0) at ../src/ephy-fullscreen-box.c:282 #47 0x00007f350e57702a in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #48 0x00007f350ec87c6c in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #49 0x00007f350eca3ba0 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #50 0x00007f350eca5614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #51 0x00007f350eca5863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #52 0x00007f350e7a7600 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #53 0x00007f350edc74ee in ephy_fullscreen_box_dispose (object=0x5629dd0214a0) at ../src/ephy-fullscreen-box.c:360 #54 0x00007f350ec96011 in g_object_run_dispose () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #55 0x00007f3508bc4b3b in () at /lib/x86_64-linux-gnu/libhandy-1.so.0 --Type <RET> for more, q to quit, c to continue without paging--c #56 0x00007f350e57702a in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #57 0x00007f350ec87c6c in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #58 0x00007f350eca3ba0 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #59 0x00007f350eca5614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #60 0x00007f350eca5863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #61 0x00007f350e7a7600 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #62 0x00007f350ec96011 in g_object_run_dispose () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #63 0x00007f3508bc4b3b in () at /lib/x86_64-linux-gnu/libhandy-1.so.0 #64 0x00007f350e57702a in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #65 0x00007f350ec87c6c in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #66 0x00007f350eca3ba0 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #67 0x00007f350eca5614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #68 0x00007f350eca5863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #69 0x00007f350e7a7600 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #70 0x00007f350ec95ed1 in g_object_unref () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #71 0x00007f350e5277b8 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #72 0x00007f3508bbf8b9 in () at /lib/x86_64-linux-gnu/libhandy-1.so.0 #73 0x00007f350ede8926 in ephy_window_destroy (widget=0x5629dd0b62c0) at ../src/ephy-window.c:3230 #74 0x00007f350ec87d2f in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #75 0x00007f350eca3ba0 in () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #76 0x00007f350eca5614 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #77 0x00007f350eca5863 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #78 0x00007f350e7a7600 in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #79 0x00007f350e7b70ee in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #80 0x00007f350e52126f in () at /lib/x86_64-linux-gnu/libgtk-3.so.0 #81 0x00007f350ede80b1 in ephy_window_dispose (object=0x5629dd0b62c0) at ../src/ephy-window.c:3064 #82 0x00007f350ec96011 in g_object_run_dispose () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #83 0x00007f350edeb426 in finish_window_close_after_modified_forms_check (data=0x5629dcd9e500) at ../src/ephy-window.c:4125 #84 0x00007f350edeb5c8 in continue_window_close_after_modified_forms_check (data=0x5629dcd9e500) at ../src/ephy-window.c:4172 #85 0x00007f350edeb679 in window_has_modified_forms_cb (view=0x5629dd9bf900, result=0x5629de978700, data=0x5629dcd9e500) at ../src/ephy-window.c:4197 #86 0x00007f350e2d9e39 in () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #87 0x00007f350e2da05b in () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #88 0x00007f350ee3bff7 in has_modified_forms_cb (view=0x5629dd9bf900, result=0x5629de9816f0, task=0x5629de978700) at ../embed/ephy-web-view.c:3263 #89 0x00007f350e2d9e39 in () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #90 0x00007f350e2da05b in () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #91 0x00007f350e2dc014 in g_task_return_new_error () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #92 0x00007f35097b5d61 in WTF::Detail::CallableWrapper<IPC::Connection::makeAsyncReplyHandler<Messages::WebPage::RunJavaScriptInFrameInScriptWorld, WebKit::WebPageProxy::runJavaScriptInFrameInScriptWorld(WebCore::RunJavaScriptParameters&&, std::optional<WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> > >, API::ContentWorld&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<API::SerializedScriptValue, WTF::RawPtrTraits<API::SerializedScriptValue>, WTF::DefaultRefDerefTraits<API::SerializedScriptValue> >, WebCore::ExceptionDetails>&&)>&&)::{lambda(WTF::Span<unsigned char const, 18446744073709551615ul> const&, std::optional<WebCore::ExceptionDetails>&&)#1}>(WebKit::WebPageProxy::runJavaScriptInFrameInScriptWorld(WebCore::RunJavaScriptParameters&&, std::optional<WebCore::ProcessQualified<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> > >, API::ContentWorld&, WTF::CompletionHandler<void (std::experimental::fundamentals_v3::expected<WTF::RefPtr<API::SerializedScriptValue, WTF::RawPtrTraits<API::SerializedScriptValue>, WTF::DefaultRefDerefTraits<API::SerializedScriptValue> >, WebCore::ExceptionDetails>&&)>&&)::{lambda(WTF::Span<unsigned char const, 18446744073709551615ul> const&, std::optional<WebCore::ExceptionDetails>&&)#1}&&, WTF::ThreadLikeAssertion)::{lambda(IPC::Decoder*)#1}, void, IPC::Decoder*>::call(IPC::Decoder*) () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #93 0x00007f350974562b in WTF::Detail::CallableWrapper<WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::optional<IPC::Connection::AsyncReplyHandler>, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity)::{lambda(IPC::Decoder*)#2}, void, IPC::Decoder*>::call(IPC::Decoder*) () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #94 0x00007f35096c110d in IPC::Connection::cancelAsyncReplyHandlers() () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #95 0x00007f35096c51ad in IPC::Connection::invalidate() () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #96 0x00007f350974cfb7 in WebKit::AuxiliaryProcessProxy::shutDownProcess() () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #97 0x00007f350980dda7 in WebKit::WebProcessProxy::shutDown() () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #98 0x00007f350980f2fd in WebKit::WebProcessProxy::processDidTerminateOrFailedToLaunch(WebKit::ProcessTerminationReason) () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #99 0x00007f35096c52db in WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAndInvalidate()::{lambda()#1}, void>::call() () at /home/psaavedra/install/lib/libwebkit2gtk-4.1.so.0 #100 0x00007f350853bf22 in WTF::RunLoop::performWork() () at /home/psaavedra/install/lib/libjavascriptcoregtk-4.1.so.0 #101 0x00007f35085b661d in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /home/psaavedra/install/lib/libjavascriptcoregtk-4.1.so.0 #102 0x00007f35085b70b3 in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /home/psaavedra/install/lib/libjavascriptcoregtk-4.1.so.0 #103 0x00007f350e143c44 in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #104 0x00007f350e1986c8 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #105 0x00007f350e1413e3 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #106 0x00007f350e308fb5 in g_application_run () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #107 0x00005629dc20b737 in main (argc=1, argv=0x7ffd9358a998) at ../src/ephy-main.c:434 ```

*** Bug 254527 has been marked as a duplicate of this bug. ***

Created attachment 465819 [details] crash in different function, after restarting just epiphany usage was possible Is it possible that the issue has been resolved with mesa 23.0.2 or wayland-1.22.0? I didn't got this crash during testing with Epiphany today. I've to admit that there was a single crash after roughly one hour of consecutive browsing - but in another function and this time restarting Epiphany didn't lead to repeating crashes.

(In reply to Peter from comment #13) > Is it possible that the issue has been resolved with mesa 23.0.2 or > wayland-1.22.0? I didn't got this crash during testing with Epiphany today. Nope. See comment #8.

(In reply to Michael Catanzaro from comment #8) > This is very likely "fixed" by wpebackend-fdo 1.14.2, which just reverts the > problematic commit. I guess we should close this now, as there are likely no plans to reland the bad commit in wpebackend-fdo.