Bug 281375
| Summary: | [Skia] Crash in WebCore::FontCache::lastResortFallbackFont | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Nils K <nilskemail+webkit> |
| Component: | WPE WebKit | Assignee: | Carlos Garcia Campos <cgarcia> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bugs-noreply, cgarcia, mcatanzaro, webkit-bug-importer |
| Priority: | P2 | ||
| Version: | Other | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Nils K
Testing WPE WebKit 2.46.1 on one machine only led the process (cog) crashing instantly. This worked without problems under 2.44.
Before the crash there is "Fontconfig error: Cannot load default config file: No such file: (null)" logged, but this was also happening on previous versions without any problem.
I will also not that the systems use an immutable/hermetic /usr partition and the rest of the filesystem (most importantly /etc) is empty apart from a few symlinks.
I am not sure how Skia loads font but that could have something to do with it?
Backtrace:
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007fb0d35c46d3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2 0x00007fb0d356bc4e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007fb0d3553902 in __GI_abort () at abort.c:79
#4 0x00007fb0d427355f in WTFCrashWithInfo(int, char const*, char const*, int) () from /lib64/libWPEWebKit-2.0.so.1
#5 0x00007fb0d7e830f5 in WebCore::FontCache::lastResortFallbackFont(WebCore::FontDescription const&) () from /lib64/libWPEWebKit-2.0.so.1
#6 0x00007fb0d7d62259 in WebCore::FontCascadeFonts::realizeFallbackRangesAt(WebCore::FontCascadeDescription const&, unsigned int) () from /lib64/libWPEWebKit-2.0.so.1
#7 0x00007fb0d70c4cac in WebCore::FontCascadeFonts::primaryFont(WebCore::FontCascadeDescription const&) () from /lib64/libWPEWebKit-2.0.so.1
#8 0x00007fb0d83267a7 in WebCore::Style::Resolver::Resolver(WebCore::Document&, WebCore::Style::Resolver::ScopeType) () from /lib64/libWPEWebKit-2.0.so.1
#9 0x00007fb0d832da46 in WebCore::Style::Scope::createDocumentResolver() () from /lib64/libWPEWebKit-2.0.so.1
#10 0x00007fb0d832d2ae in WebCore::Style::Scope::resolver() () from /lib64/libWPEWebKit-2.0.so.1
#11 0x00007fb0d8343ff7 in WebCore::Style::TreeResolver::resolve() () from /lib64/libWPEWebKit-2.0.so.1
#12 0x00007fb0d732c9f2 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) () from /lib64/libWPEWebKit-2.0.so.1
#13 0x00007fb0d732d68f in WebCore::Document::updateStyleIfNeeded() () from /lib64/libWPEWebKit-2.0.so.1
#14 0x00007fb0d7351a1b in WebCore::Document::finishedParsing() () from /lib64/libWPEWebKit-2.0.so.1
#15 0x00007fb0d77c1cbe in WebCore::HTMLConstructionSite::finishedParsing() () from /lib64/libWPEWebKit-2.0.so.1
#16 0x00007fb0d77c8f37 in WebCore::HTMLDocumentParser::prepareToStopParsing() () from /lib64/libWPEWebKit-2.0.so.1
#17 0x00007fb0d77cb8d8 in WebCore::HTMLDocumentParser::finish() () from /lib64/libWPEWebKit-2.0.so.1
#18 0x00007fb0d79b03b1 in WebCore::DocumentWriter::end() () from /lib64/libWPEWebKit-2.0.so.1
#19 0x00007fb0d79af5d3 in WebCore::DocumentLoader::finishedLoading() () from /lib64/libWPEWebKit-2.0.so.1
#20 0x00007fb0d79ba170 in WebCore::DocumentLoader::maybeLoadEmpty() () from /lib64/libWPEWebKit-2.0.so.1
#21 0x00007fb0d79bade9 in WebCore::DocumentLoader::startLoadingMainResource() () from /lib64/libWPEWebKit-2.0.so.1
#22 0x00007fb0d79d68cd in WebCore::FrameLoader::init() () from /lib64/libWPEWebKit-2.0.so.1
#23 0x00007fb0d49f9534 in WebKit::WebFrame::initWithCoreMainFrame(WebKit::WebPage&, WebCore::Frame&) () from /lib64/libWPEWebKit-2.0.so.1
#24 0x00007fb0d49c2161 in WebKit::WebPage::WebPage(WTF::ObjectIdentifierGeneric<WebCore::PageIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long>, unsigned long, (WTF::SupportsObjectIdentifierNullState)1>, WebKit::WebPageCreationParameters&&) () from /lib64/libWPEWebKit-2.0.so.1
#25 0x00007fb0d49bffb3 in WebKit::WebPage::create(WTF::ObjectIdentifierGeneric<WebCore::PageIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long>, unsigned long, (WTF::SupportsObjectIdentifierNullState)1>, WebKit::WebPageCreationParameters&&) () from /lib64/libWPEWebKit-2.0.so.1
#26 0x00007fb0d48af2e4 in WebKit::WebProcess::createWebPage(WTF::ObjectIdentifierGeneric<WebCore::PageIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long>, unsigned long, (WTF::SupportsObjectIdentifierNullState)1>, WebKit::WebPageCreationParameters&&) () from /lib64/libWPEWebKit-2.0.so.1
#27 0x00007fb0d43b8050 in WebKit::WebProcess::didReceiveWebProcessMessage(IPC::Connection&, IPC::Decoder&) () from /lib64/libWPEWebKit-2.0.so.1
#28 0x00007fb0d467bf6d in IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) () from /lib64/libWPEWebKit-2.0.so.1
#29 0x00007fb0d467f9a8 in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_1, void>::call() () from /lib64/libWPEWebKit-2.0.so.1
#30 0x00007fb0d5f2b3ab in WTF::RunLoop::performWork() () from /lib64/libWPEWebKit-2.0.so.1
#31 0x00007fb0d5fc119d in WTF::RunLoop::RunLoop()::$_0::__invoke(void*) () from /lib64/libWPEWebKit-2.0.so.1
#32 0x00007fb0d5fc0321 in WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*) () from /lib64/libWPEWebKit-2.0.so.1
#33 0x00007fb0d3defe8c in g_main_dispatch (context=0x15ec9a80) at ../glib/gmain.c:3344
#34 g_main_context_dispatch_unlocked (context=0x15ec9a80) at ../glib/gmain.c:4152
#35 0x00007fb0d3e51c98 in g_main_context_iterate_unlocked.isra.0 (context=0x15ec9a80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4217
#36 0x00007fb0d3df5f37 in g_main_loop_run (loop=0x15ec9bd0) at ../glib/gmain.c:4419
#37 0x00007fb0d5fc091d in WTF::RunLoop::run() () from /lib64/libWPEWebKit-2.0.so.1
#38 0x00007fb0d4a18106 in WebKit::WebProcessMain(int, char**) () from /lib64/libWPEWebKit-2.0.so.1
#39 0x00007fb0d3555088 in __libc_start_call_main (main=main@entry=0x2017f0 <main>, argc=argc@entry=4, argv=argv@entry=0x7ffe785793e8) at ../sysdeps/nptl/libc_start_call_main.h:58
#40 0x00007fb0d355514b in __libc_start_main_impl (main=0x2017f0 <main>, argc=4, argv=0x7ffe785793e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe785793d8)
at ../csu/libc-start.c:360
#41 0x0000000000201725 in _start ()
Sadly, gdb reports "No symbol table info available." for the symbols from libWPEWebKit-2.0.so.1. I will see later if I can get more details out of there.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Catanzaro
You don't need additional debuginfo for this. The last resort fallback font is just "serif" but fontconfig wasn't able to provide a match even for that, so you've no hope. This is not a WebKit bug; it's either a font configuration issue or else possibly a Fontconfig bug.
Nils K
(In reply to Michael Catanzaro from comment #1)
> You don't need additional debuginfo for this. The last resort fallback font
> is just "serif" but fontconfig wasn't able to provide a match even for that,
> so you've no hope. This is not a WebKit bug; it's either a font
> configuration issue or else possibly a Fontconfig bug.
Fontconfig is able to find a match for serif.
Running "fc-match serif" warns about a missing fontconfig file but successfully returns: 'NotoSans[wght].ttf: "Noto Sans" "Regular"'
This also worked in WebKit 2.44 with the same fontconfig version (2.15.0). Maybe it has something to do with it being a variable width font?
Or is there something else appended to the pattern used when searching fonts? On another machine with more fonts "fc-match sans-serif" also returns NotoSans but WebKit instead selects Nimbus Roman which fontconfig ranks lower.
Carlos Garcia Campos
I think the problem is that Skia is always doing strong matching, which is needed for CSS fallbacks, but not for the last resort fallback font. We could try not passing a family name. Another possibility is what Adrián suggested some time ago, adding a font to the library as a GREsource and returning it always as last resort, ensuring we always have a font even if the system doesn't have any font installed (unlikely, but still).
Nils K
(In reply to Carlos Garcia Campos from comment #3)
> I think the problem is that Skia is always doing strong matching, which is
> needed for CSS fallbacks, but not for the last resort fallback font. We
> could try not passing a family name. Another possibility is what Adrián
> suggested some time ago, adding a font to the library as a GREsource and
> returning it always as last resort, ensuring we always have a font even if
> the system doesn't have any font installed (unlikely, but still).
It is possible to check this strong matching from the commandline (or a short C program)?
Carlos Garcia Campos
Pull request: https://github.com/WebKit/WebKit/pull/35514
EWS
Committed 285505@main (f30738ce1fc8): <https://commits.webkit.org/285505@main>
Reviewed commits have been landed. Closing PR #35514 and removing active labels.
Nils K
I just tested 2.46.2 and can confirm that the crash no longer occurs, thanks!