Bug 2400463 - [abrt] epiphany-runtime: WTFCrashWithInfo(): epiphany killed by SIGABRT
Summary: [abrt] epiphany-runtime: WTFCrashWithInfo(): epiphany killed by SIGABRT
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: epiphany
Version: 42
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Michael Catanzaro
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:2aef62cb41cb624b51370873422...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-09-30 14:13 UTC by Leandro Paz
Modified: 2025-09-30 17:54 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2025-09-30 17:54:09 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
File: proc_pid_status (1.48 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: maps (3.97 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: limits (1.29 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: environ (1.73 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: open_fds (18.66 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: mountinfo (3.49 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: os_info (726 bytes, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: cpuinfo (3.37 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: core_backtrace (104.19 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
File: backtrace (123.56 KB, text/plain)
2025-09-30 14:13 UTC, Leandro Paz 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
WebKit Project 299882 0 None None None 2025-09-30 17:54:09 UTC

Description Leandro Paz 2025-09-30 14:13:40 UTC 
Description of problem:
It crashed when I changed the default search engine from duckduckGo to Google and tried to search from the URL bar

Version-Release number of selected component:
epiphany-runtime-1:48.5-1.fc42

Additional info:
reporter:       libreport-2.17.15
type:           CCpp
reason:         epiphany killed by SIGABRT
journald_cursor: s=340560ff638e466786d4bdb6f606e584;i=45f954;b=abdf83060b3d4f9fa6673588e36f714d;m=106095d0f;t=63ff0d4fa2c80;x=2da6c539f2e0de89
executable:     /usr/bin/epiphany
cmdline:        /usr/bin/epiphany
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/dbus-:1.2-org.gnome.Software
rootdir:        /
uid:            1000
kernel:         6.16.8-200.fc42.x86_64
package:        epiphany-runtime-1:48.5-1.fc42
runlevel:       N 5
dso_list:       /usr/bin/epiphany epiphany-runtime-1:48.5-1.fc42.x86_64 (Fedora Project) 1756089958
backtrace_rating: 4
crash_function: WTFCrashWithInfo
comment:        It crashed when I changed the default search engine from duckduckGo to Google and tried to search from the URL bar

Truncated backtrace:
Thread no. 1 (2 frames)
 #4 WTFCrashWithInfo at WTF/Headers/wtf/Assertions.h:972
 #5 WebKit::FenceMonitor::addFileDescriptor at /usr/src/debug/webkitgtk-2.50.0-1.fc42.x86_64/Source/WebKit/UIProcess/glib/FenceMonitor.cpp:104
Comment 1 Leandro Paz 2025-09-30 14:13:44 UTC 
Created attachment 2108106 [details]
File: proc_pid_status
Comment 2 Leandro Paz 2025-09-30 14:13:46 UTC 
Created attachment 2108107 [details]
File: maps
Comment 3 Leandro Paz 2025-09-30 14:13:47 UTC 
Created attachment 2108108 [details]
File: limits
Comment 4 Leandro Paz 2025-09-30 14:13:49 UTC 
Created attachment 2108109 [details]
File: environ
Comment 5 Leandro Paz 2025-09-30 14:13:50 UTC 
Created attachment 2108110 [details]
File: open_fds
Comment 6 Leandro Paz 2025-09-30 14:13:52 UTC 
Created attachment 2108111 [details]
File: mountinfo
Comment 7 Leandro Paz 2025-09-30 14:13:53 UTC 
Created attachment 2108112 [details]
File: os_info
Comment 8 Leandro Paz 2025-09-30 14:13:55 UTC 
Created attachment 2108113 [details]
File: cpuinfo
Comment 9 Leandro Paz 2025-09-30 14:13:56 UTC 
Created attachment 2108114 [details]
File: core_backtrace
Comment 10 Leandro Paz 2025-09-30 14:13:58 UTC 
Created attachment 2108115 [details]
File: backtrace
Comment 11 Michael Catanzaro 2025-09-30 15:03:09 UTC 
There are two bugs here:

 * AcceleratedBackingStore::frame passed an invalid WTF::UnixFileDescriptor to FenceMonitor::addFileDescriptor. Why is the fd invalid?
 * This is an IPC interface; the fd is sent from the web process to the UI process, and it's expected that the message may be malicious and invalid. The UI process should message check it and kill the web process if the message is invalid. It shouldn't be possible for anything the web process does to crash the UI process.

I will forward this to upstream WebKit Bugzilla.
Note You need to log in before you can comment on or make changes to this bug.