When a Wacom tablet is connected, GdkSurface crashes Epiphany when changing the video autoplay combobox setting from its website permissions popover using a mouse
Steps to reproduce
With either Epiphany 47.2 (from Fedora 41's repositories) or Epiphany TP (from the GNOME Nightly flatpak repos), with GTK 4.16.5 or 4.17.7, you can instantly crash the app by:
- Visiting https://cnn.com (notice there is always an autoplaying video in the top-right corner, underneath the Google account sign-in overlay thingy)
- Clicking the padlock icon in Epiphany's addressbar, and trying to change the value of this autoplay setting:
Current behavior
Thread 1 "epiphany" received signal SIGTRAP, Trace/breakpoint trap.
_g_log_abort (breakpoint=<optimized out>) at ../glib/gmessages.c:426
426 G_BREAKPOINT ();
(gdb) bt
#0 _g_log_abort (breakpoint=<optimized out>) at ../glib/gmessages.c:426
#1 g_logv (log_domain=0x7ffff7c4f7d0 "GLib-GObject", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fffffffcf80)
at ../glib/gmessages.c:1273
#2 0x00007ffff7b032e3 in g_log
(log_domain=log_domain@entry=0x7ffff7c4f7d0 "GLib-GObject", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, format=format@entry=0x7ffff7c57e78 "invalid (NULL) pointer instance") at ../glib/gmessages.c:1315
#3 0x00007ffff7c3c52a in g_type_check_instance (type_instance=<optimized out>) at ../gobject/gtype.c:4271
#4 0x00007ffff7c33299 in signal_emit_valist_unlocked
(instance=instance@entry=0x0, signal_id=signal_id@entry=380, detail=detail@entry=0, var_args=var_args@entry=0x7fffffffd2b0) at ../gobject/gsignal.c:3286
#5 0x00007ffff7c34671 in g_signal_emit_valist (instance=0x0, signal_id=380, detail=0, var_args=var_args@entry=0x7fffffffd2b0) at ../gobject/gsignal.c:3262
#6 0x00007ffff7c34733 in g_signal_emit (instance=instance@entry=0x0, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3582
#7 0x00007ffff74b6635 in gdk_surface_handle_event.isra.0 (event=event@entry=0x555556ce6e00 [GdkPadEvent]) at ../gdk/gdksurface.c:3083
#8 0x00007ffff737569c in _gdk_event_emit (event=0x555556ce6e00 [GdkPadEvent]) at ../gdk/gdkevents.c:491
#9 gdk_event_source_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../gdk/broadway/gdkeventsource.c:377
#10 0x00007ffff7afd28c in g_main_dispatch (context=0x5555555cdae0) at ../glib/gmain.c:3357
#11 g_main_context_dispatch_unlocked (context=0x5555555cdae0) at ../glib/gmain.c:4208
#12 0x00007ffff7b5d7b8 in g_main_context_iterate_unlocked.isra.0
(context=context@entry=0x5555555cdae0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4273
#13 0x00007ffff7afe783 in g_main_context_iteration (context=context@entry=0x5555555cdae0, may_block=may_block@entry=1) at ../glib/gmain.c:4338
#14 0x00007ffff7d1cdcd in g_application_run (application=0x5555555e75c0 [EphyShell], argc=<optimized out>, argv=0x7fffffffd7d8) at ../gio/gapplication.c:2715
#15 0x0000555555555fe8 in main (argc=<optimized out>, argv=<optimized out>) at ../src/ephy-main.c:445Click to expand: full backtrace
(gdb) bt full
#0 _g_log_abort (breakpoint=<optimized out>) at ../glib/gmessages.c:426
debugger_present = 1
debugger_present = <optimized out>
#1 g_logv (log_domain=0x7ffff7c4f7d0 "GLib-GObject", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=args@entry=0x7fffffffcf80)
at ../glib/gmessages.c:1273
domain = 0x0
data = <optimized out>
depth = <optimized out>
log_func = <optimized out>
domain_fatal_mask = <optimized out>
masquerade_fatal = <optimized out>
test_level = <optimized out>
was_fatal = <optimized out>
was_recursion = <optimized out>
buffer = {<optimized out> <repeats 1025 times>}
msg_alloc = 0x0
msg = 0x7ffff7c57e78 "invalid (NULL) pointer instance"
i = 3
size = <optimized out>
#2 0x00007ffff7b032e3 in g_log
(log_domain=log_domain@entry=0x7ffff7c4f7d0 "GLib-GObject", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, format=format@entry=0x7ffff7c57e78 "invalid (NULL) pointer instance") at ../glib/gmessages.c:1315
args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffffffd060, reg_save_area = 0x7fffffffcfa0}}
#3 0x00007ffff7c3c52a in g_type_check_instance (type_instance=<optimized out>) at ../gobject/gtype.c:4271
#4 0x00007ffff7c33299 in signal_emit_valist_unlocked
(instance=instance@entry=0x0, signal_id=signal_id@entry=380, detail=detail@entry=0, var_args=var_args@entry=0x7fffffffd2b0) at ../gobject/gsignal.c:3286
_g_boolean_var_102 = <optimized out>
instance_and_params = <optimized out>
param_values = <optimized out>
node = <optimized out>
i = <optimized out>
node_copy = {signal_id = <optimized out>, itype = <optimized out>, name = <optimized out>, destroyed = <optimized out>, flags = <optimized out>, n_params = <optimized out>, single_va_closure_is_valid = <optimized out>, single_va_closure_is_after = <optimized out>, param_types = <optimized out>, return_type = <optimized out>, class_closure_bsa = <optimized out>, accumulator = <optimized out>, c_marshaller = <optimized out>, va_marshaller = <optimized out>, emission_hooks = <optimized out>, single_va_closure = <optimized out>}
#5 0x00007ffff7c34671 in g_signal_emit_valist (instance=0x0, signal_id=380, detail=0, var_args=var_args@entry=0x7fffffffd2b0) at ../gobject/gsignal.c:3262
#6 0x00007ffff7c34733 in g_signal_emit (instance=instance@entry=0x0, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3582
var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fffffffd390, reg_save_area = 0x7fffffffd2d0}}
#7 0x00007ffff74b6635 in gdk_surface_handle_event.isra.0 (event=event@entry=0x555556ce6e00 [GdkPadEvent]) at ../gdk/gdksurface.c:3083
surface = 0x0
begin_time = 725355506081360
handled = 0
#8 0x00007ffff737569c in _gdk_event_emit (event=0x555556ce6e00 [GdkPadEvent]) at ../gdk/gdkevents.c:491
#9 gdk_event_source_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at ../gdk/broadway/gdkeventsource.c:377
display = <optimized out>
event = 0x555556ce6e00 [GdkPadEvent]
#10 0x00007ffff7afd28c in g_main_dispatch (context=0x5555555cdae0) at ../glib/gmain.c:3357
dispatch = 0x7ffff73824c0 <gdk_wayland_event_source_dispatch.lto_priv>
prev_source = 0x0
begin_time_nsec = 725355506077544
was_in_call = 0
user_data = 0x0
callback = 0x0
cb_funcs = 0x0
cb_data = 0x0
need_destroy = <optimized out>
source = 0x555555661d90
current = 0x5555555b14f0
i = 0
#11 g_main_context_dispatch_unlocked (context=0x5555555cdae0) at ../glib/gmain.c:4208
#12 0x00007ffff7b5d7b8 in g_main_context_iterate_unlocked.isra.0
(context=context@entry=0x5555555cdae0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4273
max_priority = 0
timeout_usec = 0
some_ready = 1
nfds = <optimized out>
allocated_nfds = <optimized out>
fds = 0x555556b36f00
begin_time_nsec = 725355506019501
#13 0x00007ffff7afe783 in g_main_context_iteration (context=context@entry=0x5555555cdae0, may_block=may_block@entry=1) at ../glib/gmain.c:4338
retval = <optimized out>
#14 0x00007ffff7d1cdcd in g_application_run (application=0x5555555e75c0 [EphyShell], argc=<optimized out>, argv=0x7fffffffd7d8) at ../gio/gapplication.c:2715
arguments = 0x5555558f2120
status = 0
context = 0x5555555cdae0
acquired_context = <optimized out>
#15 0x0000555555555fe8 in main (argc=<optimized out>, argv=<optimized out>) at ../src/ephy-main.c:445
option_context = <optimized out>
option_group = <optimized out>
error = 0x0
arbitrary_url = <optimized out>
ctx = <optimized out>
mode = EPHY_EMBED_SHELL_MODE_BROWSER
status = <optimized out>
flags = <optimized out>
desktop_info = <optimized out>Version information
- Which version of GTK you are using: GTK 4.16.5 or 4.17.7 (depending on Epiphany version)
- What operating system and version: Fedora 41
- What windowing system: Wayland
- What graphics driver / mesa version: Open source AMD radeonsi graphics from Mesa 25.0
c.c. @mcatanzaro who suggested I file it in GTK, as there are no mentions of Epiphany nor WebKitGTK anywhere in the stack trace.
Edited by Jeff Fortin