Bug 154889 - [GTK] Plugin process crash in WebKit::releaseNPObject
Summary: [GTK] Plugin process crash in WebKit::releaseNPObject
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: Other
Hardware: PC Linux
: P2 Critical
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 154891
  Show dependency treegraph
 
Reported: 2016-03-01 16:19 PST by Michael Catanzaro
Modified: 2016-10-28 06:20 PDT (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2016-03-01 16:19:54 PST 
Another crash with the GNOME Shell browser plugin, again version 3.18.3. Again, full backtrace is downstream.

Description of problem:
i've launched epiphany from gnome tweak tool's gnome's extensions' website link then browsed it for a while then closed tab and exited

Version-Release number of selected component:
webkitgtk4-2.10.4-1.fc23

Additional info:
reporter:       libreport-2.6.3
backtrace_rating: 4
cmdline:        /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess 32 /usr/lib64/mozilla/plugins/libgnome-shell-browser-plugin.so
crash_function: WebKit::releaseNPObject
executable:     /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess
global_pid:     9090
kernel:         4.2.6-301.fc23.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 WebKit::releaseNPObject at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeUtilities.cpp:124
 #1 NPP_Destroy at browser-plugin.c:1020
 #2 WebKit::NetscapePlugin::destroy at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp:738
 #3 WebKit::Plugin::destroyPlugin at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/WebProcess/Plugins/Plugin.cpp:101
 #4 WebKit::PluginControllerProxy::destroy at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/PluginProcess/PluginControllerProxy.cpp:158
 #5 WebKit::WebProcessConnection::destroyPluginControllerProxy at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:84
 #6 WebKit::WebProcessConnection::didClose at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:177
 #7 std::function<void ()>::operator()() const at /usr/include/c++/5.1.1/functional:2271
 #8 WTF::RunLoop::performWork at /usr/src/debug/webkitgtk-2.10.4/Source/WTF/wtf/RunLoop.cpp:104
 #9 std::function<void ()>::operator()() const at /usr/include/c++/5.1.1/functional:2271
Comment 1 Michael Catanzaro 2016-03-01 16:39:56 PST 
I missed that our crash server thinks this might have been fixed in 2.10.7, last report is 2016-01-30. I'm a bit skeptical due to the small sample size, but let's consider this fixed until proven otherwise.
Comment 2 Michael Catanzaro 2016-03-02 03:53:17 PST 
Just kidding, our crash server got confused and split the reports. I have 338 reports of this in February alone, under a slightly different backtrace.
Comment 3 Michael Catanzaro 2016-07-25 07:43:06 PDT 
1327 reports of this in Fedora so far, first occurrence is last November. (Spread over so long, it's not as many as it seems.) I think it's probably a regression from our recent GNOME shell browser plugin changes.
Comment 4 Carlos Garcia Campos 2016-10-28 06:20:43 PDT 
This is a bug in the plugin, see the meta bug.