Bug 271477

Summary: REGRESSION(273818@main): [GTK] Eclipse crashes when rendering tooltips: gdk_window_create_gl_context: assertion 'GDK_IS_WINDOW (window)' failed in WebKit::AcceleratedBackingStoreDMABuf::ensureGLContext
Product: WebKit Reporter: Robert Marcano <robert>
Component: WebKitGTKAssignee: Carlos Garcia Campos <cgarcia>
Status: RESOLVED FIXED    
Severity: Major CC: bugs-noreply, mcatanzaro, oreo6391
Priority: P2    
Version: Other   
Hardware: PC   
OS: Linux   
See Also: https://bugs.webkit.org/show_bug.cgi?id=278230
Attachments:
Description Flags
Stack trace of the crash with debuginfo.
none
Backtrace of gdk_window_create_gl_context() error with G_DEBUG=fatal-criticals none

Robert Marcano
Reported 2024-03-22 11:03:19 PDT
Created attachment 470510 [details] Stack trace of the crash with debuginfo. After the javascriptcoregtk4.1 2.44.0-2.fc39 update in Fedora, Eclipse keeps crashing every time it will try to render HTML. Reproducible: Always Steps to Reproduce: 1. Open Eclipse in a Wayland session. 2. Open any Java source file. 3. Hover over a Java class or method from the base class library like String to shot its javadoc 4. The UI hangs and a few second later it crashes. Actual Results: Eclipse crashed completely. The message before the crash is:: (Eclipse:26511): Gdk-CRITICAL **: 12:06:11.663: > gdk_window_create_gl_context: assertion 'GDK_IS_WINDOW (window)' failed Expected Results: A Javadoc tooltip is shown. Details: Eclipse crashes only on tooltips with HTML, not on the Javadoc view that is displayed on a portion of the main window. Running Eclipse with the X11 backed instead of Wayland with GDK_BACKEND=x11 is a workaround. Reported downstream on the bug: https://bugzilla.redhat.com/show_bug.cgi?id=2271072
Attachments
Stack trace of the crash with debuginfo. (6.95 KB, text/x-log)
2024-03-22 11:03 PDT, Robert Marcano 		no flags
Details
Backtrace of gdk_window_create_gl_context() error with G_DEBUG=fatal-criticals (3.76 KB, text/plain)
2024-06-12 21:43 PDT, oreo6391 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Robert Marcano
Comment 1 2024-04-02 06:47:47 PDT
Based on Eclipse developers debugging [1], this can be tracked to another WebKitGTK bug with hardware acceleration [2] Bug 239429 comment 11 [1] https://github.com/eclipse-platform/eclipse.platform.swt/issues/1108#issuecomment-2023256520 WEBKIT_DISABLE_COMPOSITING_MODE=1 is another workaround
Michael Catanzaro
Comment 2 2024-04-02 06:53:05 PDT
I don't think this looks similar to bug #239429.
Robert Marcano
Comment 3 2024-04-02 07:29:11 PDT
They already disabled HW acceleration for the next Eclipse release. I will point them to this bug for reference. I will keep a copy of this Eclipse release around just in case someone needs to test on my hardware about this bug.
oreo6391
Comment 4 2024-06-12 21:43:30 PDT
Created attachment 471668 [details] Backtrace of gdk_window_create_gl_context() error with G_DEBUG=fatal-criticals I reproduced this on Void Linux, the backtrace is attached as a text file. After updating to 2.44.x from 2.42.x, in some circumstances gdk_window_create_gl_context() fails where it previously did not with the message "Gdk-CRITICAL **: 21:29:29.313: gdk_window_create_gl_context: assertion 'GDK_IS_WINDOW (window)' failed". Shortly after that, libwebkit2gtk crashes due to a nullptr dereference on the following line: WebKit::AcceleratedBackingStoreDMABuf::ensureGLContext () at ../Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreDMABuf.cpp:537 https://github.com/WebKit/WebKit/blob/webkitgtk-2.44.2/Source/WebKit/UIProcess/gtk/AcceleratedBackingStoreDMABuf.cpp#L537 It appears that after updating from 2.42.x to 2.44.x gtk_widget_get_window() can get called here without a realized window, resulting in it returning a nullptr (also while leaving the error pointer null), this gets passed in to gdk_window_create_gl_context() which cannot create a gl context for a null window, which causes libwebkit2gtk to try to abort while printing the message from the error pointer, which results in it dereferencing the null error pointer value and crashing. Btw, this bug affects nyxt as well: https://github.com/atlas-engineer/nyxt/issues/3393 I'm not sure how to reproduce it consistently with nyxt though.
Carlos Garcia Campos
Comment 5 2024-06-14 00:57:17 PDT
Pull request: https://github.com/WebKit/WebKit/pull/29811
EWS
Comment 6 2024-06-20 04:15:05 PDT
Committed 280197@main (847b2a717cfb): <https://commits.webkit.org/280197@main> Reviewed commits have been landed. Closing PR #29811 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.