Here's a random crash I encountered using WebKitGTK 2.41.1 (262320@main). It looks just like bug #225677. #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007feef92911f3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007feef923f00e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007feef92287fc in __GI_abort () at abort.c:79 #4 0x00007feef9ceb4af in WTFCrashWithInfo(int, char const*, char const*, int) () at WTF/Headers/wtf/Assertions.h:758 #5 0x00007feefb3bd6d1 in WebCore::Document::updateLayout() (this=0x7feee1109c00) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/Document.cpp:2311 #6 0x00007feefb3bea18 in WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) (this=0x7feee1109c00, runPostLayoutTasks=WebCore::Document::RunPostLayoutTasks::Asynchronously) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/Document.cpp:2341 #7 0x00007feefb568aa5 in WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) (passedPosition=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/editing/VisiblePosition.cpp:553 #8 0x00007feefb5689c7 in WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::Affinity) (this=0x2, position=..., affinity=(unknown: 0x6)) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/editing/VisiblePosition.cpp:59 #9 0x00007feefb518440 in WebCore::VisibleSelection::visibleStart() const (this=0x7feee939c0f8) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/editing/VisibleSelection.h:75 #10 WebCore::FrameSelection::recomputeCaretRect() (this=0x7feee939c0c0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/editing/FrameSelection.cpp:1796 #11 0x00007feefb513116 in WebCore::FrameSelection::updateAppearance() (this=0x7feee939c0c0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/editing/FrameSelection.cpp:2231 #12 0x00007feefb512ded in WebCore::FrameSelection::updateAndRevealSelection(WebCore::AXTextStateChangeIntent const&, WebCore::ScrollBehavior, WebCore::RevealExtentOption, WebCore::ForceCenterScrollOption) (this=0x2, intent=..., scrollBehavior=(WebCore::ScrollBehavior::Smooth | unknown: 0x4), revealExtent=(unknown: 0x84), forceCenterScroll=WebCore::DoNotForceCenterScroll) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/editing/FrameSelection.cpp:523 #13 0x00007feefba3c422 in WebCore::LocalFrameView::performPostLayoutTasks() (this=0x7fee66073610) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:3802 #14 0x00007feefba4662f in WebCore::LocalFrameViewLayoutContext::runAsynchronousTasks() (this=0x7fee66073740) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:316 #15 WebCore::LocalFrameViewLayoutContext::runOrScheduleAsynchronousTasks() (this=0x7fee66073740) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:302 #16 0x00007feefba46332 in WebCore::LocalFrameViewLayoutContext::performLayout() (this=0x7fee66073740) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:278 #17 0x00007feefba2b30d in WebCore::LocalFrameViewLayoutContext::layout() (this=0x2) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameViewLayoutContext.cpp:172 #18 0x00007feefbf63aa7 in WebCore::RenderWidget::updateWidgetPosition() (this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/rendering/RenderWidget.cpp:382 #19 0x00007feefba39b8f in WebCore::LocalFrameView::updateWidgetPositions() (this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:5988 #20 0x00007feefba392d6 in WebCore::LocalFrameView::updateLayerPositionsAfterScrolling() (this=0x2) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:2973 #21 0x00007feefbb38c89 in WebCore::ScrollView::completeUpdatesAfterScrollTo(WebCore::IntSize const&) (this=0x7fee6605c740, scrollDelta=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ScrollView.cpp:514 #22 WebCore::ScrollView::scrollTo(WebCore::IntPoint const&) (this=0x7fee6605c740, newPosition=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ScrollView.cpp:509 #23 0x00007feefba3e291 in WebCore::LocalFrameView::scrollTo(WebCore::IntPoint const&) (this=0x7fee6605c740, newPosition=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:4251 --Type <RET> for more, q to quit, c to continue without paging--c #24 0x00007feefbb387f4 in WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) (this=0x7fee6605c740, offset=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ScrollView.cpp:442 #25 0x00007feefbb3e18f in WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) (this=0x7fee6605c780, position=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ScrollableArea.cpp:201 #26 0x00007feefbb3e05b in WebCore::ScrollableArea::notifyScrollPositionChanged(WebCore::IntPoint const&) (this=0x2, position=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ScrollableArea.cpp:193 #27 0x00007feefbadcc8b in WebCore::AsyncScrollingCoordinator::reconcileScrollingState(WebCore::LocalFrameView&, WebCore::FloatPoint const&, std::variant<std::optional<WebCore::FloatPoint>, std::optional<WebCore::FloatRect> > const&, WebCore::ScrollType, WebCore::ViewportRectStability, WebCore::ScrollingLayerPositionAction) (this=0x7feee910d780, frameView=..., scrollPosition=..., layoutViewportOriginOrOverrideRect=<optimized out>, scrollType=WebCore::ScrollType::Programmatic, viewportRectStability=WebCore::ViewportRectStability::Stable, scrollingLayerPositionAction=WebCore::ScrollingLayerPositionAction::Set) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp:631 #28 0x00007feefbadc9a2 in WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll(unsigned long, WebCore::FloatPoint const&, std::optional<WebCore::FloatPoint>, WebCore::ScrollingLayerPositionAction, WebCore::ScrollType) (this=0x7feee910d780, scrollingNodeID=5, scrollPosition=..., layoutViewportOrigin=<error reading variable: That operation is not available on integers of more than 8 bytes.>, scrollingLayerPositionAction=WebCore::ScrollingLayerPositionAction::Set, scrollType=WebCore::ScrollType::Programmatic) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp:591 #29 0x00007feefbadb9dc in WebCore::AsyncScrollingCoordinator::applyScrollUpdate(WebCore::ScrollUpdate&&, WebCore::ScrollType) (this=0x7feee910d780, update=..., scrollType=WebCore::ScrollType::Programmatic) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp:471 #30 WebCore::AsyncScrollingCoordinator::requestScrollPositionUpdate(WebCore::ScrollableArea&, WebCore::IntPoint const&, WebCore::ScrollType, WebCore::ScrollClamping) (this=0x7feee910d780, scrollableArea=<optimized out>, scrollPosition=..., scrollType=WebCore::ScrollType::Programmatic, clamping=WebCore::ScrollClamping::Clamped) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/scrolling/AsyncScrollingCoordinator.cpp:328 #31 0x00007feefba3a20e in WebCore::LocalFrameView::requestScrollPositionUpdate(WebCore::IntPoint const&, WebCore::ScrollType, WebCore::ScrollClamping) (this=<optimized out>, position=..., scrollType=WebCore::ScrollType::Programmatic, clamping=WebCore::ScrollClamping::Clamped) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:3088 #32 0x00007feefbb3915e in WebCore::ScrollView::setScrollPosition(WebCore::IntPoint const&, WebCore::ScrollPositionChangeOptions const&) (this=0x7fee6605c740, scrollPosition=..., options=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ScrollView.cpp:542 #33 0x00007feefba2b6a6 in WebCore::LocalFrameView::setScrollPosition(WebCore::IntPoint const&, WebCore::ScrollPositionChangeOptions const&) (this=0x7fee6605c740, scrollPosition=..., options=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:2459 #34 0x00007feefba38a63 in WebCore::LocalFrameView::scrollRectToVisibleInTopLevelView(WebCore::LayoutRect const&, bool, WebCore::ScrollRectToVisibleOptions const&) (this=0x7fee6605c740, absoluteRect=..., insideFixed=false, options=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:2756 #35 0x00007feefba37fbf in WebCore::LocalFrameView::scrollRectToVisible(WebCore::LayoutRect const&, WebCore::RenderObject const&, bool, WebCore::ScrollRectToVisibleOptions const&) (absoluteRect=..., renderer=..., insideFixed=false, options=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:2651 #36 0x00007feefba38441 in WebCore::LocalFrameView::scrollRectToVisibleInChildView(WebCore::LayoutRect const&, bool, WebCore::ScrollRectToVisibleOptions const&, WebCore::HTMLFrameOwnerElement const*) (this=0x7fee66073610, absoluteRect=..., insideFixed=false, options=..., ownerElement=0x7fee6606ade0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:2704 #37 0x00007feefba37faa in WebCore::LocalFrameView::scrollRectToVisible(WebCore::LayoutRect const&, WebCore::RenderObject const&, bool, WebCore::ScrollRectToVisibleOptions const&) (absoluteRect=<optimized out>, renderer=..., insideFixed=false, options=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/page/LocalFrameView.cpp:2649 #38 0x00007feefb406c03 in WebCore::Element::scrollIntoView(std::optional<std::variant<bool, WebCore::ScrollIntoViewOptions> >&&) (this=0x7fee1232c930, arg=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/Element.cpp:1108 #39 0x00007feefa7792be in WebCore::jsElementPrototypeFunction_scrollIntoViewBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*)::{lambda()#1}::operator()() const (this=<optimized out>) at WebCore/DerivedSources/JSElement.cpp:4092 #40 WebCore::toJS<WebCore::IDLUndefined, WebCore::jsElementPrototypeFunction_scrollIntoViewBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*)::{lambda()#1}>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsElementPrototypeFunction_scrollIntoViewBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*)::{lambda()#1}&&) (lexicalGlobalObject=<optimized out>, throwScope=<optimized out>, valueOrFunctor=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/bindings/js/JSDOMConvertBase.h:165 #41 WebCore::jsElementPrototypeFunction_scrollIntoViewBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSElement*) (lexicalGlobalObject=<optimized out>, callFrame=<optimized out>, castedThis=<optimized out>) at WebCore/DerivedSources/JSElement.cpp:4092 #42 WebCore::IDLOperation<WebCore::JSElement>::call<&WebCore::jsElementPrototypeFunction_scrollIntoViewBody, (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (lexicalGlobalObject=<optimized out>, callFrame=<optimized out>, operationName=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/bindings/js/JSDOMOperation.h:63 #43 WebCore::jsElementPrototypeFunction_scrollIntoView(JSC::JSGlobalObject*, JSC::CallFrame*) (lexicalGlobalObject=<optimized out>, callFrame=<optimized out>) at WebCore/DerivedSources/JSElement.cpp:4097 #44 0x00007fee940081b8 in () #45 0x00007ffceb6df420 in () #46 0x00007feef79a5b55 in op_call_slow_return_location () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1 #47 0x0000000000000000 in () I'll attach a full backtrace.