1318824 – [abrt] webkitgtk4: WebCore::RenderObject::RenderObjectBitfields::isInline(): WebKitWebProcess killed by SIGSEGV

Bug 1318824 - [abrt] webkitgtk4: WebCore::RenderObject::RenderObjectBitfields::isInline(): WebKitWebProcess killed by SIGSEGV

Summary: [abrt] webkitgtk4: WebCore::RenderObject::RenderObjectBitfields::isInline(): ...

Keywords:
Status:	CLOSED DUPLICATE of bug 1314658
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	webkitgtk4
Sub Component:
Version:	24
Hardware:	x86_64
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Tomas Popela
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	https://retrace.fedoraproject.org/faf...
Whiteboard:	abrt_hash:2de5c6b2ac1fd7b6d1f5ca19066...
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-03-17 23:15 UTC by Matteo Settenvini
Modified:	2016-04-06 15:59 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-04-06 15:59:31 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
File: backtrace (66.94 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: cgroup (242 bytes, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: core_backtrace (10.72 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: dso_list (15.89 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: environ (1.83 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: exploitable (93 bytes, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: limits (1.29 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: maps (78.13 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: mountinfo (3.63 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: namespaces (85 bytes, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: open_fds (2.43 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: proc_pid_status (1.11 KB, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
File: var_log_messages (28 bytes, text/plain) 2016-03-17 23:16 UTC, Matteo Settenvini	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Matteo Settenvini 2016-03-17 23:15:56 UTC

Description of problem:
Trying to visit wikipedia always crashes Epiphany. E.g. https://en.wikipedia.org/wiki/Gotham_(TV_series)

Version-Release number of selected component:
webkitgtk4-2.11.91-1.fc24

Additional info:
reporter:       libreport-2.6.4
backtrace_rating: 4
cmdline:        /usr/libexec/webkit2gtk-4.0/WebKitWebProcess 25
crash_function: WebCore::RenderObject::RenderObjectBitfields::isInline
executable:     /usr/libexec/webkit2gtk-4.0/WebKitWebProcess
global_pid:     3088
kernel:         4.5.0-0.rc7.git0.2.fc24.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 WebCore::RenderObject::RenderObjectBitfields::isInline at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.h:978
 #1 WebCore::RenderObject::isInline at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.h:497
 #2 WebCore::isNonRenderBlockInline at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderElement.cpp:1618
 #3 WebCore::RenderElement::containingBlockForObjectInFlow at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderElement.cpp:1624
 #4 WebCore::RenderObject::containingBlock at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.cpp:713
 #5 WebCore::hasFixedPosInNamedFlowContainingBlock at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.cpp:531
 #6 WebCore::RenderObject::containerForRepaint at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderObject.cpp:879
 #7 WebCore::RenderLayer::updateLayerPositions at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderLayer.cpp:504
 #12 WebCore::RenderLayer::updateLayerPositionsAfterLayout at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/rendering/RenderLayer.cpp:465
 #13 WebCore::FrameView::layout at /usr/src/debug/webkitgtk-2.11.91/Source/WebCore/page/FrameView.cpp:1447

Comment 1 Matteo Settenvini 2016-03-17 23:16:04 UTC

Created attachment 1137585 [details]
File: backtrace

Comment 2 Matteo Settenvini 2016-03-17 23:16:05 UTC

Created attachment 1137586 [details]
File: cgroup

Comment 3 Matteo Settenvini 2016-03-17 23:16:07 UTC

Created attachment 1137587 [details]
File: core_backtrace

Comment 4 Matteo Settenvini 2016-03-17 23:16:09 UTC

Created attachment 1137589 [details]
File: dso_list

Comment 5 Matteo Settenvini 2016-03-17 23:16:10 UTC

Created attachment 1137590 [details]
File: environ

Comment 6 Matteo Settenvini 2016-03-17 23:16:12 UTC

Created attachment 1137591 [details]
File: exploitable

Comment 7 Matteo Settenvini 2016-03-17 23:16:14 UTC

Created attachment 1137592 [details]
File: limits

Comment 8 Matteo Settenvini 2016-03-17 23:16:18 UTC

Created attachment 1137593 [details]
File: maps

Comment 9 Matteo Settenvini 2016-03-17 23:16:20 UTC

Created attachment 1137594 [details]
File: mountinfo

Comment 10 Matteo Settenvini 2016-03-17 23:16:21 UTC

Created attachment 1137595 [details]
File: namespaces

Comment 11 Matteo Settenvini 2016-03-17 23:16:23 UTC

Created attachment 1137596 [details]
File: open_fds

Comment 12 Matteo Settenvini 2016-03-17 23:16:26 UTC

Created attachment 1137597 [details]
File: proc_pid_status

Comment 13 Matteo Settenvini 2016-03-17 23:16:28 UTC

Created attachment 1137598 [details]
File: var_log_messages

Comment 14 Michael Catanzaro 2016-03-18 00:10:29 UTC

Should be fixed in 2.11.92, please complain if you find otherwise.

*** This bug has been marked as a duplicate of bug 1314658 ***

Comment 15 Matteo Settenvini 2016-03-29 21:48:58 UTC

I am still seeing this as of webkitgtk4-2.12.0.1.fc24.x86_64.
https://retrace.fedoraproject.org/faf/reports/1026688/

Happens for instance when opening gmail.com, and trying to quickly do some different operations such as creating a mail filter, while the hangouts extension loads, on slow hardware.

The page from bug 1314658 loads fine though, as do some other pages such as the Wikipedia link in comment 1. I suppose there is some kind of corner case which is harder to catch; hence removing the duplicate.

Comment 16 Michael Catanzaro 2016-03-31 19:48:52 UTC

(In reply to Matteo Settenvini from comment #15)
> I am still seeing this as of webkitgtk4-2.12.0.1.fc24.x86_64.
> https://retrace.fedoraproject.org/faf/reports/1026688/

FYI the retrace server has marked two different crashers that end in the same frame as duplicates. The original one is fixed in 2.11.92, the other should be fixed in 2.12.1. Let's leave this bug open as a reminder to check the retrace server again after 2.12.1 is released.

Comment 17 Michael Catanzaro 2016-04-06 15:59:31 UTC

(In reply to Michael Catanzaro from comment #16)
> (In reply to Matteo Settenvini from comment #15)
> > I am still seeing this as of webkitgtk4-2.12.0.1.fc24.x86_64.
> > https://retrace.fedoraproject.org/faf/reports/1026688/
> 
> FYI the retrace server has marked two different crashers that end in the
> same frame as duplicates. The original one is fixed in 2.11.92, the other
> should be fixed in 2.12.1. Let's leave this bug open as a reminder to check
> the retrace server again after 2.12.1 is released.

I'm backporting a fix for the other crash for 2.12.0 in F24 now.

Since this crash should already be fixed (you're just getting pointed to this bug because the backtraces are quite similar), I'm going to mark this as a duplicate again.

*** This bug has been marked as a duplicate of bug 1314658 ***

Note You need to log in before you can comment on or make changes to this bug.