RESOLVED DUPLICATE of bug 309296310973
[GTK] [2.52.1] Crash in CoordinatedImageBackingStore::hasOneRef() 
https://bugs.webkit.org/show_bug.cgi?id=310973
Summary [GTK] [2.52.1] Crash in CoordinatedImageBackingStore::hasOneRef()
Alberto Garcia
Reported 2026-03-28 04:26:03 PDT
I got this with Epiphany while browsing the frontpage of elpais.com using WebKitGTK 2.52.1 in Debian trixie. This is easy to reproduce: Core was generated by `/usr/lib/x86_64-linux-gnu/webkitgtk-6.0/WebKitWebProcess 5 49'. Program terminated with signal SIGSEGV, Segmentation fault. #0 load () at /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/atomic_base.h:501 501 return __atomic_load_n(&_M_i, int(__m)); [Current thread is 1 (Thread 0x7f478f72bc40 (LWP 556628))] (gdb) bt #0 load () at /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/atomic_base.h:501 #1 operator unsigned int () at /usr/lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/atomic_base.h:361 #2 hasOneRef () at ./build-gtk4/WTF/Headers/wtf/ThreadSafeRefCounted.h:47 #3 operator()<WTF::KeyValuePair<unsigned long, WTF::Ref<WebCore::CoordinatedImageBackingStore, WTF::RawPtrTraits<WebCore::CoordinatedImageBackingStore>, WTF::DefaultRefDerefTraits<WebCore::CoordinatedImageBackingStore> > > > () at ./Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:241 #4 removeIf<(lambda at ./Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:240:35)> () at ./build-gtk4/WTF/Headers/wtf/HashTable.h:1178 #5 removeIf<(lambda at ./Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:240:35)> () at ./build-gtk4/WTF/Headers/wtf/HashMap.h:564 #6 updateRendering () at ./Source/WebKit/WebProcess/WebPage/CoordinatedGraphics/LayerTreeHost.cpp:240 #7 0x00007f4798d18ef6 in operator() () at ./Source/WTF/wtf/Function.h:103 #8 notify () at ./Source/WTF/wtf/glib/ActivityObserver.h:78 #9 notifyActivity () at ./build-gtk4/./Source/WTF/wtf/glib/RunLoopGLib.cpp:293 #10 0x00007f4798d18c3c in runGLibMainLoopIteration () at ./build-gtk4/./Source/WTF/wtf/glib/RunLoopGLib.cpp:180 #11 0x00007f4798d19065 in runGLibMainLoop () at ./build-gtk4/./Source/WTF/wtf/glib/RunLoopGLib.cpp:200 #12 run () at ./build-gtk4/./Source/WTF/wtf/glib/RunLoopGLib.cpp:213 #13 0x00007f479bac1872 in run () at ./Source/WebKit/Shared/AuxiliaryProcessMain.h:77 #14 AuxiliaryProcessMain<WebKit::WebProcessMainGtk> () at ./Source/WebKit/Shared/AuxiliaryProcessMain.h:103 #15 0x00007f4794635ca8 in __libc_start_call_main (main=main@entry=0x559a408df140 <main>, argc=argc@entry=3, argv=argv@entry=0x7ffd92ccf088) at ../sysdeps/nptl/libc_start_call_main.h:58 #16 0x00007f4794635d65 in __libc_start_main_impl (main=0x559a408df140 <main>, argc=3, argv=0x7ffd92ccf088, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd92ccf078) at ../csu/libc-start.c:360 #17 0x0000559a408df071 in _start ()
Attachments
Add attachment proposed patch, testcase, etc.
Claudio Saavedra
Comment 1 2026-03-28 04:58:26 PDT
*** This bug has been marked as a duplicate of bug 309296 ***
Note You need to log in before you can comment on or make changes to this bug.