RESOLVED FIXED 258831
[GTK] Crash in GraphicsContextGLGBM::allocateDrawBufferObject 
https://bugs.webkit.org/show_bug.cgi?id=258831
Summary [GTK] Crash in GraphicsContextGLGBM::allocateDrawBufferObject
Gaurav Juvekar
Reported 2023-07-03 16:25:02 PDT
Archlinux with webkit2gtk-4.1 2.40.3-1 During Google's OAUTH flow on any app (evolution / gnome online accounts), webkit2gtk segfaults. Process 53211 (WebKitWebProces) of user 1001 dumped core. Stack trace of thread 2: #0 0x00007f45810ec5f4 gbm_bo_get_stride_for_plane (libgbm.so.1 + 0x95f4) #1 0x00007f45870e252f n/a (libwebkit2gtk-4.1.so.0 + 0x20e252f) #2 0x00007f45870e28e3 n/a (libwebkit2gtk-4.1.so.0 + 0x20e28e3) #3 0x00007f45870fe874 n/a (libwebkit2gtk-4.1.so.0 + 0x20fe874) #4 0x00007f4585c9d294 n/a (libwebkit2gtk-4.1.so.0 + 0xc9d294) #5 0x00007f4586ce7ef9 n/a (libwebkit2gtk-4.1.so.0 + 0x1ce7ef9) #6 0x00007f4586be2ce3 n/a (libwebkit2gtk-4.1.so.0 + 0x1be2ce3) #7 0x00007f4586bfda1b n/a (libwebkit2gtk-4.1.so.0 + 0x1bfda1b) #8 0x00007f458610430c n/a (libwebkit2gtk-4.1.so.0 + 0x110430c) #9 0x00007f4514008038 n/a (n/a + 0x0) #10 0x00007f45142be9e5 n/a (n/a + 0x0) #11 0x00007f451430c21f n/a (n/a + 0x0) #12 0x00007f45142b6c38 n/a (n/a + 0x0) #13 0x00007f4514296920 n/a (n/a + 0x0) #14 0x00007f4514318179 n/a (n/a + 0x0) #15 0x00007f4514314771 n/a (n/a + 0x0) #16 0x00007f4514127255 n/a (n/a + 0x0) #17 0x00007f4514305c13 n/a (n/a + 0x0) #18 0x00007f458359206b n/a (libjavascriptcoregtk-4.1.so.0 + 0x19206b) #19 0x00007f458359206b n/a (libjavascriptcoregtk-4.1.so.0 + 0x19206b) #20 0x00007f458359206b n/a (libjavascriptcoregtk-4.1.so.0 + 0x19206b) #21 0x00007f451433c24d n/a (n/a + 0x0) #22 0x00007f4583592aeb n/a (libjavascriptcoregtk-4.1.so.0 + 0x192aeb) #23 0x00007f4514175c53 n/a (n/a + 0x0) #24 0x00007f4583574c56 n/a (libjavascriptcoregtk-4.1.so.0 + 0x174c56) #25 0x00007f45847389a7 n/a (libjavascriptcoregtk-4.1.so.0 + 0x13389a7) #26 0x00007f458412fe81 _ZN3JSC14runJSMicrotaskEPNS_14JSGlobalObjectEN3WTF16ObjectIdentifierINS_23MicrotaskIdentifierTypeEEENS_7JSValueES6_S6_S6_S6_ (libjavascriptcoregtk-4.1.so.0 + 0xd2fe81) #27 0x00007f4584130048 n/a (libjavascriptcoregtk-4.1.so.0 + 0xd30048) #28 0x00007f458681ffde n/a (libwebkit2gtk-4.1.so.0 + 0x181ffde) #29 0x00007f4586aac0c6 n/a (libwebkit2gtk-4.1.so.0 + 0x1aac0c6) #30 0x00007f4586823c7d n/a (libwebkit2gtk-4.1.so.0 + 0x1823c7d) #31 0x00007f4586abff7d n/a (libwebkit2gtk-4.1.so.0 + 0x1abff7d) #32 0x00007f4586ac0dd1 n/a (libwebkit2gtk-4.1.so.0 + 0x1ac0dd1) #33 0x00007f4586ad0aa9 n/a (libwebkit2gtk-4.1.so.0 + 0x1ad0aa9) #34 0x00007f4586ad34e9 n/a (libwebkit2gtk-4.1.so.0 + 0x1ad34e9) #35 0x00007f4585c86b47 n/a (libwebkit2gtk-4.1.so.0 + 0xc86b47) #36 0x00007f458799e657 n/a (libwebkit2gtk-4.1.so.0 + 0x299e657) #37 0x00007f458576bfaf n/a (libwebkit2gtk-4.1.so.0 + 0x76bfaf) #38 0x00007f4585919fb6 n/a (libwebkit2gtk-4.1.so.0 + 0x919fb6) #39 0x00007f4585adaefa n/a (libwebkit2gtk-4.1.so.0 + 0xadaefa) #40 0x00007f45859338a5 n/a (libwebkit2gtk-4.1.so.0 + 0x9338a5) #41 0x00007f4585934bb3 n/a (libwebkit2gtk-4.1.so.0 + 0x934bb3) #42 0x00007f4584513f02 n/a (libjavascriptcoregtk-4.1.so.0 + 0x1113f02) #43 0x00007f4584527ad6 n/a (libjavascriptcoregtk-4.1.so.0 + 0x1127ad6) #44 0x00007f458138f981 g_main_context_dispatch (libglib-2.0.so.0 + 0x5a981) #45 0x00007f45813ecb39 n/a (libglib-2.0.so.0 + 0xb7b39) #46 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #47 0x00007f45845147f2 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.1.so.0 + 0x11147f2) #48 0x00007f4585ca6530 _ZN6WebKit14WebProcessMainEiPPc (libwebkit2gtk-4.1.so.0 + 0xca6530) #49 0x00007f4584e39850 n/a (libc.so.6 + 0x23850) #50 0x00007f4584e3990a __libc_start_main (libc.so.6 + 0x2390a) #51 0x0000555bd8fab055 n/a (WebKitWebProcess + 0x1055) Stack trace of thread 4: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138d032 g_main_context_iteration (libglib-2.0.so.0 + 0x58032) #3 0x00007f458138d082 n/a (libglib-2.0.so.0 + 0x58082) #4 0x00007f45813c1cc5 n/a (libglib-2.0.so.0 + 0x8ccc5) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 5: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #3 0x00007f45815f128c n/a (libgio-2.0.so.0 + 0x11028c) #4 0x00007f45813c1cc5 n/a (libglib-2.0.so.0 + 0x8ccc5) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 6: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f4584579914 n/a (libjavascriptcoregtk-4.1.so.0 + 0x1179914) #3 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #4 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 3: #0 0x00007f4584f192ed syscall (libc.so.6 + 0x1032ed) #1 0x00007f45813e4b85 g_cond_wait (libglib-2.0.so.0 + 0xafb85) #2 0x00007f458135a094 n/a (libglib-2.0.so.0 + 0x25094) #3 0x00007f45813c424e n/a (libglib-2.0.so.0 + 0x8f24e) #4 0x00007f45813c1cc5 n/a (libglib-2.0.so.0 + 0x8ccc5) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 8: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #3 0x00007f45845147f2 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.1.so.0 + 0x11147f2) #4 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 9: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #3 0x00007f45845147f2 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.1.so.0 + 0x11147f2) #4 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 7: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #3 0x00007f45845147f2 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.1.so.0 + 0x11147f2) #4 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 25: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 12: #0 0x00007f4584f192ed syscall (libc.so.6 + 0x1032ed) #1 0x00007f45813e53a3 g_cond_wait_until (libglib-2.0.so.0 + 0xb03a3) #2 0x00007f458135a065 n/a (libglib-2.0.so.0 + 0x25065) #3 0x00007f458135a1c7 g_async_queue_timeout_pop (libglib-2.0.so.0 + 0x251c7) #4 0x00007f45813c4b3e n/a (libglib-2.0.so.0 + 0x8fb3e) #5 0x00007f45813c1cc5 n/a (libglib-2.0.so.0 + 0x8ccc5) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 24: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 17: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 15: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 21: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 23: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 10: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #3 0x00007f45845147f2 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.1.so.0 + 0x11147f2) #4 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 20: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 19: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 14: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #3 0x00007f45845147f2 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.1.so.0 + 0x11147f2) #4 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 16: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 22: #0 0x00007f4584e99f0e n/a (libc.so.6 + 0x83f0e) #1 0x00007f4584e9cab5 pthread_cond_timedwait (libc.so.6 + 0x86ab5) #2 0x00007f458452811e _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.1.so.0 + 0x112811e) #3 0x00007f45844bada5 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.1.so.0 + 0x10bada5) #4 0x00007f45844bdb42 n/a (libjavascriptcoregtk-4.1.so.0 + 0x10bdb42) #5 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #6 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #7 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 13: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #3 0x00007f45845147f2 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.1.so.0 + 0x11147f2) #4 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) Stack trace of thread 18: #0 0x00007f4584f13c0f __poll (libc.so.6 + 0xfdc0f) #1 0x00007f45813eca9f n/a (libglib-2.0.so.0 + 0xb7a9f) #2 0x00007f458138ef3f g_main_loop_run (libglib-2.0.so.0 + 0x59f3f) #3 0x00007f45845147f2 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.1.so.0 + 0x11147f2) #4 0x00007f45845164dd n/a (libjavascriptcoregtk-4.1.so.0 + 0x11164dd) #5 0x00007f4584e9d44b n/a (libc.so.6 + 0x8744b) #6 0x00007f4584f20d64 __clone (libc.so.6 + 0x10ad64) ELF object binary architecture: AMD x86-64
Attachments
core file (12.74 MB, application/octet-stream)
2023-07-05 10:05 PDT, Gaurav Juvekar 		no flags
Details
gdb (bt full; c).txt (37.01 KB, text/plain)
2023-08-18 06:21 PDT, Kdwk 		no flags
Details
system information when the bug is not triggered. (13.54 KB, text/plain)
2023-08-21 06:19 PDT, JonW 		no flags
Details
System information when the bug is triggered. Amd is prime (nvidia should not be accessed) (13.73 KB, text/plain)
2023-08-21 06:22 PDT, JonW 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2023-07-03 20:20:40 PDT
Hi, please attach a proper backtrace taken with gdb and with all necessary debuginfo installed. Instructions: https://blogs.gnome.org/mcatanzaro/2021/09/18/creating-quality-backtraces-for-crash-reports/
Gaurav Juvekar
Comment 2 2023-07-05 09:59:38 PDT
(gdb) l 189 * \sa gbm_bo_get_stride() 190 */ 191 GBM_EXPORT uint32_t 192 gbm_bo_get_stride_for_plane(struct gbm_bo *bo, int plane) 193 { 194 return bo->gbm->v0.bo_get_stride(bo, plane); 195 } 196 197 /** Get the format of the buffer object 198 * (gdb) bt full #0 gbm_bo_get_stride_for_plane () at ../mesa-23.1.3/src/gbm/main/gbm.c:194 #1 0x00007f3f2fee252f in WebCore::GBMBufferSwapchain::getBuffer(WebCore::GBMBufferSwapchain::BufferDescription const&) () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/platform/graphics/gbm/GBMBufferSwapchain.cpp:122 #2 0x00007f3f2fee28e3 in WebCore::GraphicsContextGLGBM::allocateDrawBufferObject() () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/platform/graphics/gbm/GraphicsContextGLGBM.cpp:294 #3 0x00007f3f2fefe874 in WebCore::GraphicsContextGLGBM::reshapeDisplayBufferBacking() () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/platform/graphics/gbm/GraphicsContextGLGBM.cpp:275 #4 0x00007f3f2ea9d294 in WebCore::GraphicsContextGLANGLE::reshapeFBOs(WebCore::IntSize const&) () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:268 #5 WebCore::GraphicsContextGLANGLE::reshape(int, int) () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:636 #6 0x00007f3f2fae7ef9 in WebCore::WebGLRenderingContextBase::initializeNewContext() () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:748 #7 0x00007f3f2f9e2ce3 in WebCore::WebGLRenderingContext::create(WebCore::CanvasBase&, WTF::Ref<WebCore::GraphicsContextGL, WTF::RawPtrTraits<WebCore::GraphicsContextGL> >&&, WebCore::GraphicsContextGLAttributes) () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/html/canvas/WebGLRenderingContext.cpp:107 #8 WebCore::WebGLRenderingContextBase::create(WebCore::CanvasBase&, WebCore::GraphicsContextGLAttributes&, WebCore::GraphicsContextGLWebGLVersion) () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:565 #9 WebCore::HTMLCanvasElement::createContextWebGL(WebCore::GraphicsContextGLWebGLVersion, WebCore::GraphicsContextGLAttributes&&) () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/html/HTMLCanvasElement.cpp:443 #10 0x00007f3f2f9fda1b in WebCore::HTMLCanvasElement::getContext(JSC::JSGlobalObject&, WTF::String const&, WTF::FixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0> >&&) () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/html/HTMLCanvasElement.cpp:293 #11 0x00007f3f2ef0430c in jsHTMLCanvasElementPrototypeFunction_getContextBody () at /usr/src/debug/webkit2gtk-4.1/build/WebCore/DerivedSources/JSHTMLCanvasElement.cpp:320 #12 call<WebCore::jsHTMLCanvasElementPrototypeFunction_getContextBody> () at /usr/src/debug/webkit2gtk-4.1/webkitgtk-2.40.3/Source/WebCore/bindings/js/JSDOMOperation.h:63 #13 jsHTMLCanvasElementPrototypeFunction_getContext() () at /usr/src/debug/webkit2gtk-4.1/build/WebCore/DerivedSources/JSHTMLCanvasElement.cpp:325 #14 0x00007f3ec4008038 in () #15 0x00007ffe04f4c6d0 in () #16 0x00007f3ec4358fed in () #17 0x0000000000000000 in () (gdb)
Gaurav Juvekar
Comment 3 2023-07-05 10:05:57 PDT
Created attachment 466935 [details] core file
Michael Catanzaro
Comment 4 2023-07-05 11:08:11 PDT
The core file is useless to anybody except you, so no need to attach that. That backtrace is exactly what we needed though, thanks. This looks like bug #255398, which is supposed to be fixed on main by https://commits.webkit.org/264648@main and on 2.40 by https://github.com/WebKit/WebKit/commit/93d7cfcb112d5dfbeea0a53de13880342883c40b. Unfortunately, that fix is already present in 2.40.3, so it must not be fixed after all.
Michael Catanzaro
Comment 5 2023-08-17 08:25:42 PDT
*** Bug 260343 has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 6 2023-08-18 06:16:39 PDT
*** Bug 259859 has been marked as a duplicate of this bug. ***
Kdwk
Comment 7 2023-08-18 06:21:26 PDT
Created attachment 467323 [details] gdb (bt full; c).txt I'm hitting it in all sorts of different places, including Google log in, Reddit front page and Proton Mail log in. I can observe this in both 2.40 (default settings) and 2.41 (with DMABUF turned off)
Carlos Garcia Campos
Comment 8 2023-08-18 07:40:36 PDT
Pull request: https://github.com/WebKit/WebKit/pull/16835
EWS
Comment 9 2023-08-18 11:54:58 PDT
Committed 267048@main (c46b14b21386): <https://commits.webkit.org/267048@main> Reviewed commits have been landed. Closing PR #16835 and removing active labels.
JonW
Comment 10 2023-08-19 07:12:48 PDT
I've done some additional testing. My system is a laptop with nvidia optimus. The original bug reporting was with nvidia as the prime and amd as modesetting (using the amdgpu driver). I also tested it both as reverse prime and on-demand (where you set __NV_PRIME_RENDER_OFFLOAD=1 __GLX_VENDOR_LIBRARY_NAME=nvidia before the command). It should be noted that no matter what I do I can't get X to allow the display over amd as prime (laptop screen) and the nvidia as the other display. It sees the display in xfce, but refuses to activate it. As its not the way I use the laptop; I gave up trying to get it to work. With on demand and amd prime the issue persists. The bug is the same, and the location is the same. Obviously the stuff the webkitgtk reports changes. I am curious however about a couple of points: The crash text on the terminal is: src/nv_gbm.c:100: GBM-DRV error (nv_gbm_bo_create): DRM_IOCTL_NVIDIA_GEM_ALLOC_NVKMS_MEMORY failed (ret=-1) but within coredumpctl gdb I get the following (which others also get): #0 gbm_bo_get_stride_for_plane (bo=0x0, plane=0) at ../src/gbm/main/gbm.c:194 Download failed: Invalid argument. Continuing without source file ./build/../src/gbm/main/gbm.c. 194 ../src/gbm/main/gbm.c: No such file or directory. [Current thread is 1 (Thread 0x7f0610350540 (LWP 2))] (gdb) bt full #0 gbm_bo_get_stride_for_plane (bo=0x0, plane=0) at ../src/gbm/main/gbm.c:194 It seems strange that one message is about line 100 and the other is about line 194; why is that? The other question I have is why does it seem to load all the other debug symbols (it actually mentions downloading to cache and to press <ENT> or c to stop paging...) but doesn't download the source/debug for gbm.c. I notice the backtrace by Gaurav Juvekar allows him to list the gbm source but my system doesn't. I guess I will have to wait for the fix to make it through to debian (but I have no idea how to tell; well apart from the bug not triggering at some random point in the future), but is there a simple way to get the latest version and just replace the buggy version even if just a temp fix (say a copy of the latest libwebkit2gtk-4...so to replace the current one, or a soft link pointing to the latest version, or something else)? If it is possible how would I go about getting it, and how would I get it to report the now added error message so I can report back its details if that would help narrow down the issue as the problem doesn't seem global to all users; so I'm happy to be a guinea pig as I can consistently trip the bug. Jon.
Carlos Garcia Campos
Comment 11 2023-08-19 07:30:56 PDT
(In reply to JonW from comment #10) > I've done some additional testing. My system is a laptop with nvidia > optimus. The original bug reporting was with nvidia as the prime and amd as > modesetting (using the amdgpu driver). I also tested it both as reverse > prime and on-demand (where you set __NV_PRIME_RENDER_OFFLOAD=1 > __GLX_VENDOR_LIBRARY_NAME=nvidia before the command). Thank you very much!. So, you can force a render node to be used by WebKit using the env var WEBKIT_WEB_RENDER_DEVICE_FILE passing the render node device, for example WEBKIT_WEB_RENDER_DEVICE_FILE=/dev/dri/renderD128 > It should be noted that no matter what I do I can't get X to allow the > display over amd as prime (laptop screen) and the nvidia as the other > display. It sees the display in xfce, but refuses to activate it. As its not > the way I use the laptop; I gave up trying to get it to work. > > With on demand and amd prime the issue persists. The bug is the same, and > the location is the same. Obviously the stuff the webkitgtk reports changes. > > I am curious however about a couple of points: > > The crash text on the terminal is: src/nv_gbm.c:100: GBM-DRV error > (nv_gbm_bo_create): DRM_IOCTL_NVIDIA_GEM_ALLOC_NVKMS_MEMORY failed (ret=-1) Yes, because what fails in nvidia is gbm_bo_create, similar to bug #259644 in the end. I think it could fail because nvidia doesn't like the format or the usage flags. My guess is that, since we don't pass any usage flags, it assumes scanout and that's why it dens up trying to allocate KMS dumb buffers and fails with permissions denied because are not DRM master. We can try to pass GBM_BO_USE_RENDERING and see if that's helps. > but within coredumpctl gdb I get the following (which others also get): > > #0 gbm_bo_get_stride_for_plane (bo=0x0, plane=0) at > ../src/gbm/main/gbm.c:194 > Download failed: Invalid argument. Continuing without source file > ./build/../src/gbm/main/gbm.c. > 194 ../src/gbm/main/gbm.c: No such file or directory. > [Current thread is 1 (Thread 0x7f0610350540 (LWP 2))] > (gdb) bt full > #0 gbm_bo_get_stride_for_plane (bo=0x0, plane=0) at > ../src/gbm/main/gbm.c:194 > > It seems strange that one message is about line 100 and the other is about > line 194; why is that? Because gbm_bo_create fails, but doesn't crash it just returns NULL, and we don't handle it, so we try to use the created buffer to get is stride, so we pass NULL buffer to gbm_bo_get_stride() and that's what crashes. > The other question I have is why does it seem to load all the other debug > symbols (it actually mentions downloading to cache and to press <ENT> or c > to stop paging...) but doesn't download the source/debug for gbm.c. I notice > the backtrace by Gaurav Juvekar allows him to list the gbm source but my > system doesn't. No idea. > I guess I will have to wait for the fix to make it through to debian (but I > have no idea how to tell; well apart from the bug not triggering at some > random point in the future), but is there a simple way to get the latest > version and just replace the buggy version even if just a temp fix (say a > copy of the latest libwebkit2gtk-4...so to replace the current one, or a > soft link pointing to the latest version, or something else)? If it is > possible how would I go about getting it, and how would I get it to report > the now added error message so I can report back its details if that would > help narrow down the issue as the problem doesn't seem global to all users; > so I'm happy to be a guinea pig as I can consistently trip the bug. The patch will fix the crash, but the rendering will probably be broken anyway. > Jon.
JonW
Comment 12 2023-08-21 06:17:31 PDT
(In reply to Carlos Garcia Campos from comment #11) > (In reply to JonW from comment #10) Thank you for your response. Sorry it took a while to reply but its schools holidays and I have my granddaughter here which means very little time to do my own things. I shall do some more testing tomorrow when the little one is back with her parents but wanted to post an update. I just want to clarify a point. When I used the amd "reverse prime" the nvidia should only have been used as a dumb memory block that the amd writes to which it then passes on to the display. The error however was still raised from within the nvidia. The "amd" is the on-processor graphics driver; not a unique card. Likewise with the on-demand; if the envs are not set then the nvidia should not have been part of the equation. Yet even without setting the envs the error is still raised from within the nvidia driver. > > Thank you very much!. So, you can force a render node to be used by WebKit > using the env var WEBKIT_WEB_RENDER_DEVICE_FILE passing the render node > device, for example WEBKIT_WEB_RENDER_DEVICE_FILE=/dev/dri/renderD128 I shall test trying to force the render device tomorrow when time permits; but thanks for pointing out those envs. As a matter of interest, is there somewhere all those settings are listed or is it a case of having to read the source and/or knowledge gained over time as a developer working on this specific bit of code? > > The crash text on the terminal is: src/nv_gbm.c:100: GBM-DRV error > > (nv_gbm_bo_create): DRM_IOCTL_NVIDIA_GEM_ALLOC_NVKMS_MEMORY failed (ret=-1) > > Yes, because what fails in nvidia is gbm_bo_create, similar to bug #259644 > in the end. I think it could fail because nvidia doesn't like the format or > the usage flags. My guess is that, since we don't pass any usage flags, it > assumes scanout and that's why it dens up trying to allocate KMS dumb > buffers and fails with permissions denied because are not DRM master. We can > try to pass GBM_BO_USE_RENDERING and see if that's helps. I understand now, I think. The first error is a report of some kind; a bit like sticking printf's all over the place... the actual error that crashes the program is the one that caused the crashdump file to be generated and that is where the error is reported to be in that crashdump. > The patch will fix the crash, but the rendering will probably be broken > anyway. Oh, ok :-) I did some further testing yesterday and have found a way to work around the issue (I can stop the bug from being triggered); the embedded web page works as it always did before this bug and the account gets created and the password stuff is saved in the keyring as it should be. With the error always being triggered in the nvidia even when the nvidia shouldn't, in theory, have been used I wondered if it was somehow picking up the nvidia driver even when it wasn't active but was loaded. 1) I removed the X11 conf stuff so that X11 was fully automatic (defaults to amd with "on-demand" for nvidia which requires the envs to be set otherwise it should use the amd.) 2) At the grub boot I passed: "module_blocklist=nvidia, nvidia-current, nvidia_drm, nvidia_modeset, nvidia_uvm" to make sure the nvidia wasn't loaded. 3) Once the laptop was up I checked the "lsmod | grep nvid" and the modules were not loaded at this point I could add the account with no issues (pressing next gave the moving line, then it asked for the password, then it saved everything and downloaded the emails). 4) I then removed the keyring'ed stuff, removed the account from evolution, set the nvidia as prime in an X11 conf file, and rebooted the pc as normal. 5) Tried to add the gmail account and triggered the bug. I used the same commands to list system information (including starting evolution from the command line) that I used in my original bug report and will attach that to this report as it may help narrow down why this error is being triggered by nvidia code when the optimus software setup (amd reverse prime or amd with nvidia on-demand without setting the nvidia envs) shouldn't be directing anything to the nvidia (assuming I have understood how optimus works correctly). Jon.
JonW
Comment 13 2023-08-21 06:19:20 PDT
Created attachment 467363 [details] system information when the bug is not triggered.
JonW
Comment 14 2023-08-21 06:22:45 PDT
Created attachment 467364 [details] System information when the bug is triggered. Amd is prime (nvidia should not be accessed)
Carlos Garcia Campos
Comment 15 2023-09-08 00:44:40 PDT
*** Bug 261321 has been marked as a duplicate of this bug. ***
Michael Catanzaro
Comment 16 2023-09-17 12:08:39 PDT
*** Bug 253638 has been marked as a duplicate of this bug. ***
JonW
Comment 17 2023-09-21 10:18:51 PDT
(In reply to Michael Catanzaro from comment #16) > *** Bug 253638 has been marked as a duplicate of this bug. *** I've been trying to compile the fix (add GBM_BO_USE_RENDERING in GBMBufferSwapchain.cpp) to test that out... but I've just noticed today that debian (testing) has released an update that includes that change in the source code and can confirm that the issue has been resolved (either by that change or something else). I would have got back sooner, but I ended up down a very long rabbit hole of stuff I've never done before. I initially started out trying to use debuild and quilt and could compile the packages but as soon as I copied the resulting binaries it complained that calls to non-existent things were happening (I think it was something about missing function; it was a while ago now) and then I read that source compatibility and binary compatibility are not necessarily the same thing and that the linker is the thing that does that bit of magic and there are things called GCC signatures and.... I then tried to use pbuilder in a VM that kept bombing out due to lack of memory and had my laptop crying at the 100% cpu usage and 100degC heat (and honestly even with 6 cores/12 threads the build times sucked being hours long) as I figured I'd see if I could build the packages on top of the built packages. I then tried to create a build environment on my PC that I rarely have powered up due to its high electric use (16 core threadripper) and while I eventually managed to compile mesa/webkit2gtk/evolution from the source as soon as I tried to build webkit2gtk with the compiled mesa build debs the build failed... and at that point (which was today) I finally gave up. (I'd probably be continuing a bit longer had the fix not just landed.) Honestly its been a month of trying to see if your patch worked... and while I've learnt a lot it sucks that I couldn't get over the wire and build a build on a build and test the patch. (My idea was to build the call stack bottom to top so that I could debug the call and see the error, if the patch hadn't fixed it, right down in the weeds... again all stuff that is new to me in the few months prior that I've been playing around on a pi-pico and C.) Honestly I don't know how you guys do it when a tiny change can end up needing hours of compiling... and then I think of how all this used to be done on systems that are much less powerful than today where builds might have taken all night or possibly longer! Ouch! Anyways. Thank you for all that you do. You guys rule.
Note You need to log in before you can comment on or make changes to this bug.