Crash when evaluate_javascript() is called in early stage. #62
Description
Calling evaluate_javascript() very early after starting page loading in the Live2DHandler causes a crash inside WebKitGTK.
It seems to happen when evaluate_javascript() is invoked before the WebView is fully initialized or before the page is fully loaded, but the exact internal cause is not fully confirmed yet.
If the evaluate_javascript() function call is paused (for example with pdb), the crash does not occur and the JavaScript executes correctly.
Steps to Reproduce
- Launch the application normally.
flatpak run moe.nyarchlinux.assistant - During initialization, the Live2DHandler creates a WebKitWebView, starts loading a web page, and immediately calls evaluate_javascript().
- The program receives SIGABRT and crashes automatically during startup without requiring any manual user interaction.
Backtrace
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007ffff769ae23 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78 #2 0x00007ffff764208e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007ffff7629882 in __GI_abort () at abort.c:79 #4 0x00007fff9432fc6f in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:931 #5 0x00007fff949de205 in WebKit::WebProcessPool::pageEndUsingWebsiteDataStore (this=0x7fff88034130, page=..., dataStore=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebProcessPool.cpp:1323 #6 0x00007fff949eb0fc in WebKit::WebProcessProxy::removeWebPage (this=0x7fff8a000600, webPage=..., endsUsingDataStore=WebKit::WebProcessProxy::EndsUsingDataStore::Yes) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebProcessProxy.cpp:909 #7 0x00007fff94966105 in WebKit::WebPageProxy::launchProcess (this=0x7fff8a000c00, site=..., reason=WebKit::WebPageProxy::ProcessLaunchReason::InitialProcess) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:1317 #8 0x00007fff94972815 in WebKit::WebPageProxy::launchInitialProcessIfNecessary (this=0x7fff8a000c00) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:6157 #9 0x00007fff9497cae6 in WebKit::WebPageProxy::runJavaScriptInFrameInScriptWorld (this=0xe, parameters=..., frameID=std::optional [no contained value], world=..., callbackFunction=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/WebPageProxy.cpp:6168 #10 0x00007fff94a7058a in webkitWebViewRunJavaScriptWithParams (webView=webView@entry=0x555556e0dfd0 [WebKitWebView], params=..., worldName=worldName@entry=0x0, returnType=RunJavascriptReturnType::JSCValue, task=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4180 #11 0x00007fff94a7085f in webkitWebViewEvaluateJavascriptInternal (returnType=RunJavascriptReturnType::JSCValue, callback=0x7ffff6eace88, userData=0x7fffa4004e90, webView=<optimized out>, script=<optimized out>, length=<optimized out>, worldName=<optimized out>, sourceURI=<optimized out>, cancellable=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4239 #12 webkit_web_view_evaluate_javascript (webView=0x555556e0dfd0 [WebKitWebView], script=<optimized out>, length=<optimized out>, worldName=0x0, sourceURI=0x0, cancellable=0x0, callback=0x7ffff6eace88, userData=0x7fffa4004e90) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:4312 #13 0x00007ffff6f89056 in ffi_call_unix64 () at ../src/x86/unix64.S:104 #14 0x00007ffff6f87e0e in ffi_call_int (cif=cif@entry=0x7fffa40051d0, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:676 #15 0x00007ffff6f8864e in ffi_call (cif=cif@entry=0x7fffa40051d0, fn=<optimized out>, rvalue=rvalue@entry=0x7fffafffeae8, avalue=<optimized out>) at ../src/x86/ffi64.c:713 #16 0x00007ffff71de245 in pygi_invoke_c_callable (function_cache=<optimized out>, state=<optimized out>, py_args=<optimized out>, py_nargsf=<optimized out>, py_kwnames=<optimized out>) at ../gi/pygi-invoke.c:710 #17 0x00007ffff71e0774 in pygi_function_cache_invoke (function_cache=<optimized out>, py_args=<optimized out>, py_nargsf=<optimized out>, py_kwnames=<optimized out>) at ../gi/pygi-cache.c:951 #18 0x00007ffff796e8bc in _PyObject_VectorcallTstate (tstate=0x7fff24008940, callable=0x7fffc56f5b90, args=0x7fffe03ab2f0, nargsf=9223372036854775811, kwnames=0x7fffe1f95690) at ../Include/internal/pycore_call.h:92 #19 PyObject_Vectorcall (callable=callable@entry=0x7fffc56f5b90, args=args@entry=0x7fffe03ab2f0, nargsf=9223372036854775811, kwnames=kwnames@entry=0x7fffe1f95690) at ../Objects/call.c:325 #20 0x00007ffff7b6fdec in _PyEval_EvalFrameDefault (tstate=<optimized out>, frame=0x7fffe03ab280, throwflag=<optimized out>) at Python/bytecodes.c:2715 #21 0x00007ffff7b5496a in _PyObject_VectorcallTstate (tstate=0x7fff24008940, callable=0x7ffff73b6340, args=0x7fffafffee08, nargsf=1, kwnames=0x0) at ../Include/internal/pycore_call.h:92 #22 method_vectorcall (method=<optimized out>, args=0x7ffff7e8b708 <_PyRuntime+75624>, nargsf=0, kwnames=0x0) at ../Objects/classobject.c:69 #23 0x00007ffff7aa151b in thread_run (boot_raw=0x7fff24007f20) at ../Modules/_threadmodule.c:1114 #24 0x00007ffff791458c in pythread_wrapper (arg=<optimized out>) at ../Python/thread_pthread.h:237 #25 0x00007ffff7698ce1 in start_thread (arg=<optimized out>) at pthread_create.c:447 #26 0x00007ffff771d7d4 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
Additional Context
- When using pdb to stop execution before the evaluate_javascript() call, the crash does not occur.
- Adding a delay before calling evaluate_javascript() prevents the crash completely.
- A possible fix would be to track the WebView’s load state and only evaluate JavaScript after the page is loaded.
Environment
- Flatpak 1.16.0
- Python 3.12.9
- Runtime: org.gnome.Platform/x86_64/48
- OS: Arch Linux