Bug 1318824

Summary: [abrt] webkitgtk4: WebCore::RenderObject::RenderObjectBitfields::isInline(): WebKitWebProcess killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Matteo Settenvini <matteo>
Component: webkitgtk4Assignee: Tomas Popela <tpopela>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: klember, mcatanzaro+wrong-account-do-not-cc, tpopela
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/4f4d993d2da27c5341bed901d0555de2dd7699ee
Whiteboard: abrt_hash:2de5c6b2ac1fd7b6d1f5ca19066ccba432f80de7;VARIANT_ID=workstation;
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-06 15:59:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: mountinfo
none
File: namespaces
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Matteo Settenvini 2016-03-17 23:15:56 UTC 
Description of problem:
Trying to visit wikipedia always crashes Epiphany. E.g. https://en.wikipedia.org/wiki/Gotham_(TV_series)

Version-Release number of selected component:
webkitgtk4-2.11.91-1.fc24

Additional info:
reporter:       libreport-2.6.4
backtrace_rating: 4
cmdline:        /usr/libexec/webkit2gtk-4.0/WebKitWebProcess 25
crash_function: WebCore::RenderObject::RenderObjectBitfields::isInline
executable:     /usr/libexec/webkit2gtk-4.0/WebKitWebProcess
global_pid:     3088
kernel:         4.5.0-0.rc7.git0.2.fc24.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 WebCore::RenderObject::RenderObjectBitfields::isInline at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.h:978
 #1 WebCore::RenderObject::isInline at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.h:497
 #2 WebCore::isNonRenderBlockInline at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderElement.cpp:1618
 #3 WebCore::RenderElement::containingBlockForObjectInFlow at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderElement.cpp:1624
 #4 WebCore::RenderObject::containingBlock at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.cpp:713
 #5 WebCore::hasFixedPosInNamedFlowContainingBlock at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.cpp:531
 #6 WebCore::RenderObject::containerForRepaint at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.cpp:879
 #7 WebCore::RenderLayer::updateLayerPositions at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderLayer.cpp:504
 #12 WebCore::RenderLayer::updateLayerPositionsAfterLayout at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderLayer.cpp:465
 #13 WebCore::FrameView::layout at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/page/FrameView.cpp:1447
Comment 1 Matteo Settenvini 2016-03-17 23:16:04 UTC 
Created attachment 1137585 [details]
File: backtrace
Comment 2 Matteo Settenvini 2016-03-17 23:16:05 UTC 
Created attachment 1137586 [details]
File: cgroup
Comment 3 Matteo Settenvini 2016-03-17 23:16:07 UTC 
Created attachment 1137587 [details]
File: core_backtrace
Comment 4 Matteo Settenvini 2016-03-17 23:16:09 UTC 
Created attachment 1137589 [details]
File: dso_list
Comment 5 Matteo Settenvini 2016-03-17 23:16:10 UTC 
Created attachment 1137590 [details]
File: environ
Comment 6 Matteo Settenvini 2016-03-17 23:16:12 UTC 
Created attachment 1137591 [details]
File: exploitable
Comment 7 Matteo Settenvini 2016-03-17 23:16:14 UTC 
Created attachment 1137592 [details]
File: limits
Comment 8 Matteo Settenvini 2016-03-17 23:16:18 UTC 
Created attachment 1137593 [details]
File: maps
Comment 9 Matteo Settenvini 2016-03-17 23:16:20 UTC 
Created attachment 1137594 [details]
File: mountinfo
Comment 10 Matteo Settenvini 2016-03-17 23:16:21 UTC 
Created attachment 1137595 [details]
File: namespaces
Comment 11 Matteo Settenvini 2016-03-17 23:16:23 UTC 
Created attachment 1137596 [details]
File: open_fds
Comment 12 Matteo Settenvini 2016-03-17 23:16:26 UTC 
Created attachment 1137597 [details]
File: proc_pid_status
Comment 13 Matteo Settenvini 2016-03-17 23:16:28 UTC 
Created attachment 1137598 [details]
File: var_log_messages
Comment 14 Michael Catanzaro 2016-03-18 00:10:29 UTC 
Should be fixed in 2.11.92, please complain if you find otherwise.

*** This bug has been marked as a duplicate of bug 1314658 ***
Comment 15 Matteo Settenvini 2016-03-29 21:48:58 UTC 
I am still seeing this as of webkitgtk4-2.12.0.1.fc24.x86_64.
https://retrace.fedoraproject.org/faf/reports/1026688/

Happens for instance when opening gmail.com, and trying to quickly do some different operations such as creating a mail filter, while the hangouts extension loads, on slow hardware.

The page from bug 1314658 loads fine though, as do some other pages such as the Wikipedia link in comment 1. I suppose there is some kind of corner case which is harder to catch; hence removing the duplicate.
Comment 16 Michael Catanzaro 2016-03-31 19:48:52 UTC 
(In reply to Matteo Settenvini from comment #15)
> I am still seeing this as of webkitgtk4-2.12.0.1.fc24.x86_64.
> https://retrace.fedoraproject.org/faf/reports/1026688/

FYI the retrace server has marked two different crashers that end in the same frame as duplicates. The original one is fixed in 2.11.92, the other should be fixed in 2.12.1. Let's leave this bug open as a reminder to check the retrace server again after 2.12.1 is released.
Comment 17 Michael Catanzaro 2016-04-06 15:59:31 UTC 
(In reply to Michael Catanzaro from comment #16)
> (In reply to Matteo Settenvini from comment #15)
> > I am still seeing this as of webkitgtk4-2.12.0.1.fc24.x86_64.
> > https://retrace.fedoraproject.org/faf/reports/1026688/
> 
> FYI the retrace server has marked two different crashers that end in the
> same frame as duplicates. The original one is fixed in 2.11.92, the other
> should be fixed in 2.12.1. Let's leave this bug open as a reminder to check
> the retrace server again after 2.12.1 is released.

I'm backporting a fix for the other crash for 2.12.0 in F24 now.

Since this crash should already be fixed (you're just getting pointed to this bug because the backtraces are quite similar), I'm going to mark this as a duplicate again.

*** This bug has been marked as a duplicate of bug 1314658 ***