Bug#1005810: epiphany-browser: crash on session_tab_free at ../src/ephy-session.c:605
Andres Gomez
tanty at andresgomez.org
Tue Feb 15 14:29:52 GMT 2022
Package: epiphany-browser
Version: 3.38.2-1+deb11u1
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
After upgrading to libwebkit2gtk-4.0-37 2.34.4 in buster, epiphany
started to crash often, early and without any clear pre-condition.
After moving to bullseye, the situation remains with: libwebkit2gtk-
4.0-37:amd64 2.34.4-1~deb11u1.
coredumpctl shows many similar cores. This is the repeating BT:
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7fa5430f9700 (LWP 277148))]
(gdb) bt
#0 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007fa65b23e537 in __GI_abort () at abort.c:79
#2 0x00007fa657bafd7f in CRASH_WITH_INFO(...) () at WTF/Headers/wtf/Assertions.h:750
#3 WebKit::FrameState::~FrameState() () at ../Source/WebKit/Shared/SessionState.h:88
#4 0x00007fa657f82803 in WebKit::PageState::~PageState() () at ../Source/WebKit/Shared/SessionState.h:126
#5 WebKit::BackForwardListItemState::~BackForwardListItemState() () at ../Source/WebKit/Shared/SessionState.h:136
#6 WTF::VectorDestructor<true, WebKit::BackForwardListItemState>::destruct(WebKit::BackForwardListItemState*, WebKit::BackForwardListItemState*) () at WTF/Headers/wtf/Vector.h:69
#7 WTF::VectorTypeOperations<WebKit::BackForwardListItemState>::destruct(WebKit::BackForwardListItemState*, WebKit::BackForwardListItemState*) () at WTF/Headers/wtf/Vector.h:245
#8 WTF::Vector<WebKit::BackForwardListItemState, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::~Vector() () at WTF/Headers/wtf/Vector.h:689
#9 WebKit::BackForwardListState::~BackForwardListState() () at ../Source/WebKit/Shared/SessionState.h:149
#10 WebKit::SessionState::~SessionState() () at ../Source/WebKit/Shared/SessionState.h:157
#11 _WebKitWebViewSessionState::~_WebKitWebViewSessionState() () at ../Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:30
#12 webkit_web_view_session_state_unref() () at ../Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:480
#13 0x00007fa65c17d92b in session_tab_free (tab=0x55f184ada7a0) at ../src/ephy-session.c:605
#14 0x00007fa65b5db988 in g_list_foreach (list=<optimized out>, list at entry=0x55f18b738aa0 = {...}, func=0x7fa65c17d900 <session_tab_free>, user_data=user_data at entry=0x0) at ../../../glib/glist.c:1090
#15 0x00007fa65b5db9ab in g_list_free_full (list=0x55f18b738aa0 = {...}, free_func=<optimized out>) at ../../../glib/glist.c:244
#16 0x00007fa65c17df4d in session_window_free (session_window=0x55f1847ea6b0) at ../src/ephy-session.c:649
#17 0x00007fa65b5db988 in g_list_foreach (list=<optimized out>, list at entry=0x7fa64800bb20 = {...}, func=0x7fa65c17df30 <session_window_free>, user_data=user_data at entry=0x0) at ../../../glib/glist.c:1090
#18 0x00007fa65b5db9ab in g_list_free_full (list=0x7fa64800bb20 = {...}, free_func=<optimized out>) at ../../../glib/glist.c:244
#19 0x00007fa65c17df14 in save_data_free (data=0x55f18ae297e0) at ../src/ephy-session.c:686
#20 0x00007fa65b7c860e in g_task_finalize (object=0x55f18a7af700 [GTask]) at ../../../gio/gtask.c:659
#21 0x00007fa65b6d611e in g_object_unref (_object=<optimized out>) at ../../../gobject/gobject.c:3503
#22 g_object_unref (_object=0x55f18a7af700) at ../../../gobject/gobject.c:3395
#23 0x00007fa65b7c905e in g_task_thread_pool_thread (thread_data=0x55f18a7af700, pool_data=<optimized out>) at ../../../gio/gtask.c:1420
#24 0x00007fa65b6099a4 in g_thread_pool_thread_proxy (data=<optimized out>) at ../../../glib/gthreadpool.c:354
#25 0x00007fa65b6090bd in g_thread_proxy (data=0x55f18b9024c0) at ../../../glib/gthread.c:820
#26 0x00007fa6552edea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
#27 0x00007fa65b316def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
After talking with the main WebKitGtk developer and maintainer, he
pointed that the cause of the crash actually laid in epiphany-browser
and, specifically, the reason for the crash had been already addressed
upstream in the following issue:
https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/954
Please, consider backporting the fix and making a new security release
of the package.
Thanks!
-- System Information:
Debian Release: 11.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.10.0-11-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages epiphany-browser depends on:
ii dbus-user-session [default-dbus-session-bus] 1.12.20-2
ii dbus-x11 [dbus-session-bus] 1.12.20-2
ii epiphany-browser-data 3.38.2-1+deb11u1
ii gsettings-desktop-schemas 3.38.0-2
ii iso-codes 4.6.0-1
ii libatk1.0-0 2.36.0-2
ii libc6 2.31-13+deb11u2
ii libcairo2 1.16.0-5
ii libdazzle-1.0-0 3.38.0-1
ii libgcr-base-3-1 3.38.1-2
ii libgcr-ui-3-1 3.38.1-2
ii libgdk-pixbuf-2.0-0 2.42.2+dfsg-1
ii libglib2.0-0 2.66.8-1
ii libgmp10 2:6.2.1+dfsg-1+deb11u1
ii libgtk-3-0 3.24.24-4
ii libhandy-1-0 1.0.3-2
ii libhogweed6 3.7.3-1
ii libjavascriptcoregtk-4.0-18 2.34.4-1~deb11u1
ii libjson-glib-1.0-0 1.6.2-1
ii libnettle8 3.7.3-1
ii libpango-1.0-0 1.46.2-3
ii libsecret-1-0 0.20.4-2
ii libsoup2.4-1 2.72.0-2
ii libsqlite3-0 3.34.1-3
ii libwebkit2gtk-4.0-37 2.34.4-1~deb11u1
ii libxml2 2.9.10+dfsg-6.7
Versions of packages epiphany-browser recommends:
ii ca-certificates 20210119
ii evince 3.38.2-1
ii yelp 3.38.3-1
epiphany-browser suggests no packages.
-- no debconf information
--
Br,
Andres
More information about the pkg-gnome-maintainers
mailing list