[Webkit-unassigned] [Bug 154884] [GTK] Plugin process crash in WebKit::NetscapePlugin::destroy

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 2 14:40:47 PDT 2016 

https://bugs.webkit.org/show_bug.cgi?id=154884

Michael Catanzaro <mcatanzaro at igalia.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |UNCONFIRMED
         Resolution|FIXED                       |---
     Ever confirmed|1                           |0

--- Comment #2 from Michael Catanzaro <mcatanzaro at igalia.com> ---
Just got a report of this with 2.14.1. Here are some updated line numbers:

Thread 1 (Thread 0x7f763971bac0 (LWP 30532)):
#0  0x00007f76304c427d in g_type_check_instance (type_instance=type_instance at entry=0x31) at gtype.c:4137
#1  0x00007f76304b0209 in g_signal_handler_disconnect (instance=0x31, handler_id=0) at gsignal.c:2621
        _g_boolean_var_ = <optimized out>
        handler = <optimized out>
        __func__ = "g_signal_handler_disconnect"
#2  0x00007f76129fa155 in NPP_Destroy () at /usr/lib64/mozilla/plugins/libgnome-shell-browser-plugin.so
#3  0x00007f7637572ef3 in WebKit::NetscapePlugin::destroy() (this=0x7f7621fd8000) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp:731
#4  0x00007f763754fe9a in WebKit::Plugin::destroyPlugin() (this=this at entry=0x7f7621fd8000) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/WebProcess/Plugins/Plugin.cpp:101
#5  0x00007f76373ecc6e in WebKit::PluginControllerProxy::destroy() (this=0x55a63e058490) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/PluginProcess/PluginControllerProxy.cpp:158
#6  0x00007f76373f0b88 in WebKit::WebProcessConnection::destroyPluginControllerProxy(WebKit::PluginControllerProxy*) (this=<optimized out>, pluginController=<optimized out>) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:83
#7  0x00007f76373f116c in WebKit::WebProcessConnection::destroyPlugin(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>) (this=0x7f7621ff40a0, pluginInstanceID=1, asynchronousCreationIncomplete=<optimized out>, reply=...) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:200
        activityAssertion = {m_activity = @0x7f76395c6630}
#8  0x00007f76376d4087 in IPC::handleMessageDelayed<Messages::WebProcessConnection::DestroyPlugin, WebKit::WebProcessConnection, void (WebKit::WebProcessConnection::*)(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>)>(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&, WebKit::WebProcessConnection*, void (WebKit::WebProcessConnection::*)(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>)) (args=<unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.14.8.debug, CU 0xe8945ff, DIE 0xe8b941d>, delayedReply=..., function=<optimized out>, object=0x7f7621ff40a0) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/Platform/IPC/HandleMessage.h:41
        arguments = std::tuple containing = {[1] = 1, [2] = false}
        delayedReply = {static isRefPtr = <optimized out>, m_ptr = 0x0}
#9  0x00007f76376d4087 in IPC::handleMessageDelayed<Messages::WebProcessConnection::DestroyPlugin, WebKit::WebProcessConnection, void (WebKit::WebProcessConnection::*)(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>)>(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&, WebKit::WebProcessConnection*, void (WebKit::WebProcessConnection::*)(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>)) (function=<optimized out>, object=0x7f7621ff40a0, delayedReply=..., args=<unknown type in /var/cache/abrt-di/usr/lib/debug/usr/lib64/libwebkit2gtk-4.0.so.37.14.8.debug, CU 0xe8945ff, DIE 0xe8b941d>) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/Platform/IPC/HandleMessage.h:47
        arguments = std::tuple containing = {[1] = 1, [2] = false}
        delayedReply = {static isRefPtr = <optimized out>, m_ptr = 0x0}
#10 0x00007f76376d4087 in IPC::handleMessageDelayed<Messages::WebProcessConnection::DestroyPlugin, WebKit::WebProcessConnection, void (WebKit::WebProcessConnection::*)(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>)>(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&, WebKit::WebProcessConnection*, void (WebKit::WebProcessConnection::*)(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>)) (connection=..., decoder=..., replyEncoder=std::unique_ptr<IPC::Encoder> containing 0x0, object=object at entry=0x7f7621ff40a0, function=(void (WebKit::WebProcessConnection::*)(WebKit::WebProcessConnection * const, unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>)) 0x7f76373f1040 <WebKit::WebProcessConnection::destroyPlugin(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::Del
        arguments = std::tuple containing = {[1] = 1, [2] = false}
        delayedReply = {static isRefPtr = <optimized out>, m_ptr = 0x0}
#11 0x00007f76376d3a38 in WebKit::WebProcessConnection::didReceiveSyncWebProcessConnectionMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (this=0x7f7621ff40a0, connection=..., decoder=..., replyEncoder=std::unique_ptr<IPC::Encoder> containing 0x0) at /usr/src/debug/webkitgtk-2.14.1/x86_64-redhat-linux-gnu/DerivedSources/WebKit2/WebProcessConnectionMessageReceiver.cpp:105
#12 0x00007f76373f0985 in WebKit::WebProcessConnection::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (this=0x7f7621ff40a0, connection=..., decoder=..., replyEncoder=...) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:150
        currentConnectionChange = {m_scopedVariable = @0x7f76395c66c8, m_originalValue = 0x0}
        protector = <optimized out>
#13 0x00007f76373e703b in IPC::Connection::dispatchSyncMessage(IPC::Decoder&) (this=0x7f7621ff3168, decoder=...) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/Platform/IPC/Connection.cpp:789
        syncRequestID = 12
        replyEncoder = std::unique_ptr<IPC::Encoder> containing 0x0
#14 0x00007f76373e712d in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7f7621ff3168, message=std::unique_ptr<IPC::Decoder> containing 0x7f7621fc9160) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/Platform/IPC/Connection.cpp:856
        oldDidReceiveInvalidMessage = false
#15 0x00007f76373e73be in IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) (this=this at entry=0x7f76395c63e0 <IPC::Connection::SyncMessageState::singleton()::syncMessageState>, allowedConnection=allowedConnection at entry=0x7f7621ff3168) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/Platform/IPC/Connection.cpp:164
        i = 0
        messagesToDispatchWhileWaitingForSyncReply = {<WTF::VectorBuffer<IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage, 0ul>> = {<WTF::VectorBufferBase<IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage>> = {m_buffer = 0x7f7621fdab00, m_capacity = <optimized out>, m_size = 1}, <No data fields>}, <No data fields>}
        messagesToPutBack = {<WTF::VectorBuffer<IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage, 0ul>> = {<WTF::VectorBufferBase<IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}
#16 0x00007f76373e7657 in IPC::Connection::SyncMessageState::dispatchMessageAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) (this=0x7f76395c63e0 <IPC::Connection::SyncMessageState::singleton()::syncMessageState>, connection=...) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/Platform/IPC/Connection.cpp:183
#17 0x00007f7636aa390d in WTF::RunLoop::performWork() (this=<synthetic pointer>) at /usr/src/debug/webkitgtk-2.14.1/Source/WTF/wtf/Function.h:50
        function = {m_callableWrapper = std::unique_ptr<WTF::Function<void()>::CallableWrapperBase> containing 0x7f7621fdb150}
        functionsHandled = 1
        functionsToHandle = <optimized out>
#18 0x00007f7636aa390d in WTF::RunLoop::performWork() (this=0x7f7621ff7000) at /usr/src/debug/webkitgtk-2.14.1/Source/WTF/wtf/RunLoop.cpp:122
        function = {m_callableWrapper = std::unique_ptr<WTF::Function<void()>::CallableWrapperBase> containing 0x7f7621fdb150}
        functionsHandled = 1
        functionsToHandle = <optimized out>
#19 0x00007f7636aca2e9 in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) (__closure=0x0, userData=<optimized out>) at /usr/src/debug/webkitgtk-2.14.1/Source/WTF/wtf/glib/RunLoopGLib.cpp:66
#20 0x00007f7636aca2e9 in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at /usr/src/debug/webkitgtk-2.14.1/Source/WTF/wtf/glib/RunLoopGLib.cpp:68
#21 0x00007f76301c96ba in g_main_context_dispatch (context=0x55a63db63d20) at gmain.c:3154
        dispatch = 0x7f7636aca300 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x7f7621ff7000
        callback = 0x7f7636aca2e0 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)>
        cb_funcs = 0x7f763048d280 <g_source_callback_funcs>
        cb_data = 0x55a63de65dc0
        need_destroy = <optimized out>
        source = 0x55a63e230c20
        current = 0x55a63daf6890
        i = 0
#22 0x00007f76301c96ba in g_main_context_dispatch (context=context at entry=0x55a63db63d20) at gmain.c:3769
#23 0x00007f76301c9a70 in g_main_context_iterate (context=0x55a63db63d20, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3840
        max_priority = 2147483647
        timeout = -1
        some_ready = 1
        nfds = 4
        allocated_nfds = 4
        fds = <optimized out>
#24 0x00007f76301c9d92 in g_main_loop_run (loop=0x55a63e230c00) at gmain.c:4034
        __func__ = "g_main_loop_run"
#25 0x00007f7636acaba0 in WTF::RunLoop::run() () at /usr/src/debug/webkitgtk-2.14.1/Source/WTF/wtf/glib/RunLoopGLib.cpp:94
        runLoop = @0x7f7621ff7000: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = {<std::__atomic_base<int>> = {static _S_alignment = 4, _M_i = 1}, <No data fields>}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7f7636c89ba0 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {m_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002", '\000' <repeats 21 times>, __align = 0}}, m_functionQueue = {m_start = 13, m_end = 13, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {m_buffer = 0x7f7621fef100, m_capacity = 16, m_size = 0}, <No data fields>}}, m_mainContext = {m_ptr = 0x55a63db63d20}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0ul>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {m_buffer = 0x7f7621ffa180, m_capacity
        nestedMainLoop = <optimized out>
#26 0x00007f763761e29c in WebKit::ChildProcessMain<WebKit::PluginProcess, WebKit::PluginProcessMain>(int, char**) (argc=<optimized out>, argv=0x7fff1f34f6c8) at /usr/src/debug/webkitgtk-2.14.1/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
        childMain = {<WebKit::ChildProcessMainBase> = {_vptr.ChildProcessMainBase = 0x7f763942b840 <vtable for WebKit::PluginProcessMain+16>, m_parameters = {uiProcessName = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, clientIdentifier = {m_impl = {static isRefPtr = <optimized out>, m_ptr = 0x0}}, connectionIdentifier = 38, extraInitializationData = {m_impl = {static m_maxLoad = 2, static m_minLoad = 6, m_table = 0x7f7621ffa200, m_tableSize = 8, m_tableSizeMask = 7, m_keyCount = 1, m_deletedCount = 0}}}}, <No data fields>}
#27 0x00007f762b338731 in __libc_start_main (main=0x55a63d4ebbf0 <main(int, char**)>, argc=3, argv=0x7fff1f34f6c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff1f34f6b8) at ../csu/libc-start.c:289
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 4348833101302671825, 94172481502208, 140733716952768, 0, 0, 7559411127939705297, 7636420861578783185}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fff1f34f6e8, 0x7f7639805128}, data = {prev = 0x0, cleanup = 0x0, canceltype = 523564776}}}
        not_first_call = <optimized out>
#28 0x000055a63d4ebc29 in _start ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20161102/035b1269/attachment-0001.html>

More information about the webkit-unassigned mailing list