RESOLVED DUPLICATE of bug 304204304144
[GTK] Crash in WebKit::FenceMonitor::addFileDescriptor 
https://bugs.webkit.org/show_bug.cgi?id=304144
Summary [GTK] Crash in WebKit::FenceMonitor::addFileDescriptor
Michael Catanzaro
Reported 2025-12-14 08:42:34 PST
Created attachment 477724 [details] Full backtrace Using Epiphany Tech Preview with WebKitGTK 2.51.3, I caught a UI process crash on the release assert here: void FenceMonitor::addFileDescriptor(UnixFileDescriptor&& fd) { RELEASE_ASSERT(!m_fd); Perhaps FenceMonitor::addFileDescriptor has improperly been called more than once by AcceleratedBackingStore::frame? (Or perhaps we just have memory corruption.) (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f4d4b14e5e3 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:89 #2 0x00007f4d4b0f43be in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f4d4b0db8ed in __GI_abort () at abort.c:77 #4 0x00007f4d45d1d23f in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:985 #5 0x00007f4d4659537e in WebKit::FenceMonitor::addFileDescriptor (this=<optimized out>, fd=<optimized out>) at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/glib/FenceMonitor.cpp:104 #6 0x00007f4d45ef4b6d in IPC::callMemberFunction<WebKit::AcceleratedBackingStore, WebKit::AcceleratedBackingStore, void (unsigned long, WTF::Vector<WebCore::IntRect, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::UnixFileDescriptor&&), std::tuple<unsigned long, WTF::Vector<WebCore::IntRect, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::UnixFileDescriptor> >(WebKit::AcceleratedBackingStore*, void (WebKit::AcceleratedBackingStore::*)(unsigned long, WTF::Vector<WebCore::IntRect, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::UnixFileDescriptor&&), std::tuple<unsigned long, WTF::Vector<WebCore::IntRect, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::UnixFileDescriptor>&&)::{lambda((auto:1&&)...)#1}::operator()<unsigned long, WTF::Vector<WebCore::IntRect, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WTF::UnixFileDescriptor>(unsigned long&&, WTF::Vector<WebCore::IntRect, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::UnixFileDescriptor&&) const (args=@0x7ffc99f34e70: 3, args=..., args=..., this=<optimized out>) at /usr/lib/debug/source/sdk/webkitgtk-6.0.bst/Source/WebKit/Platform/IPC/HandleMessage.h:137
Attachments
Full backtrace (17.67 KB, text/plain)
2025-12-14 08:42 PST, Michael Catanzaro 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2025-12-15 01:08:10 PST
I think we are probably sending a frame message before the previous one is ready somehow. I guess you don't have a reproducer.
Carlos Garcia Campos
Comment 2 2025-12-19 00:37:09 PST
I think this is the same problem as #304204, feel free to reopen if the problem is still there for you. *** This bug has been marked as a duplicate of bug 304204 ***
Note You need to log in before you can comment on or make changes to this bug.