RESOLVED INVALID 154889
[GTK] Plugin process crash in WebKit::releaseNPObject 
https://bugs.webkit.org/show_bug.cgi?id=154889
Summary [GTK] Plugin process crash in WebKit::releaseNPObject
Michael Catanzaro
Reported 2016-03-01 16:19:54 PST
Another crash with the GNOME Shell browser plugin, again version 3.18.3. Again, full backtrace is downstream. Description of problem: i've launched epiphany from gnome tweak tool's gnome's extensions' website link then browsed it for a while then closed tab and exited Version-Release number of selected component: webkitgtk4-2.10.4-1.fc23 Additional info: reporter: libreport-2.6.3 backtrace_rating: 4 cmdline: /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess 32 /usr/lib64/mozilla/plugins/libgnome-shell-browser-plugin.so crash_function: WebKit::releaseNPObject executable: /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess global_pid: 9090 kernel: 4.2.6-301.fc23.x86_64 runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 WebKit::releaseNPObject at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeUtilities.cpp:124 #1 NPP_Destroy at browser-plugin.c:1020 #2 WebKit::NetscapePlugin::destroy at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp:738 #3 WebKit::Plugin::destroyPlugin at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/WebProcess/Plugins/Plugin.cpp:101 #4 WebKit::PluginControllerProxy::destroy at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/PluginProcess/PluginControllerProxy.cpp:158 #5 WebKit::WebProcessConnection::destroyPluginControllerProxy at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:84 #6 WebKit::WebProcessConnection::didClose at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:177 #7 std::function<void ()>::operator()() const at /usr/include/c++/5.1.1/functional:2271 #8 WTF::RunLoop::performWork at /usr/src/debug/webkitgtk-2.10.4/Source/WTF/wtf/RunLoop.cpp:104 #9 std::function<void ()>::operator()() const at /usr/include/c++/5.1.1/functional:2271
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2016-03-01 16:39:56 PST
I missed that our crash server thinks this might have been fixed in 2.10.7, last report is 2016-01-30. I'm a bit skeptical due to the small sample size, but let's consider this fixed until proven otherwise.
Michael Catanzaro
Comment 2 2016-03-02 03:53:17 PST
Just kidding, our crash server got confused and split the reports. I have 338 reports of this in February alone, under a slightly different backtrace.
Michael Catanzaro
Comment 3 2016-07-25 07:43:06 PDT
1327 reports of this in Fedora so far, first occurrence is last November. (Spread over so long, it's not as many as it seems.) I think it's probably a regression from our recent GNOME shell browser plugin changes.
Carlos Garcia Campos
Comment 4 2016-10-28 06:20:43 PDT
This is a bug in the plugin, see the meta bug.
Note You need to log in before you can comment on or make changes to this bug.