GNOME Bugzilla – Bug 609753
Somewhat reproducible SIGSEV in WebCore::AXObjectCache::AXCheckedStateChanged
Last modified: 2014-03-16 15:28:55 UTC
Go to this page http://www.google.com/support/youtube/bin/answer.py?hl=en&answer=174122 Look for the text "Was this information helpful to you". Press the radio button named "yes". This causes a crash. (It was reproducable 4 out of 5 attempts on my machine (debian sid). niels@langager:~ $ dpkg -l | grep epiphany | grep ii ii epiphany-browser 2.29.6-1 Intuitive GNOME web browser ii epiphany-browser-data 2.29.6-1 Data files for the GNOME web browser ii epiphany-browser-dbg 2.29.6-1 Debugging symbols for the GNOME web browser ii epiphany-extensions 2.29.6-2 Extensions for Epiphany web browser niels@langager:~ $ dpkg -l | grep libwebkit | grep ii ii libwebkit-1.0-2 1.1.21-1 Web content engine library for Gtk+ ii libwebkit-1.0-2-dbg 1.1.21-1 Web content engine library for Gtk+ - Debugging symbols ii libwebkit-1.0-common 1.1.21-1 Web content engine library for Gtk+ - data files ii libwebkit-dev 1.1.21-1 Web content engine library for Gtk+ - Development files niels@langager:~ $ gdb epiphany-browser warning: Not importing directory 'os': missing __init__.py GNU gdb (GDB) 7.0-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /usr/bin/epiphany-browser...Reading symbols from /usr/lib/debug/usr/bin/epiphany-browser...done. (no debugging symbols found)...done. (gdb) r [Thread debugging using libthread_db enabled] [New Thread 0xb394db70 (LWP 12564)] [New Thread 0xb304cb70 (LWP 12565)] [New Thread 0xb284bb70 (LWP 12566)] [Thread 0xb284bb70 (LWP 12566) exited] [New Thread 0xb284bb70 (LWP 12567)] [Thread 0xb284bb70 (LWP 12567) exited] [New Thread 0xb284bb70 (LWP 12711)] [New Thread 0xb14d9b70 (LWP 12712)] [New Thread 0xb0cd8b70 (LWP 12713)] [New Thread 0xb04d7b70 (LWP 12714)] ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Submit:mapParams=[object Object] ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:this.panels_=[object Object],[object Object] ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:panel=home ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:panel=submit ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:backgroundImageUrl=http://www.google.com/reviews/polls/v2/contest/image?id=67c7e7688131d1355babf2c81065b2f15a9bd4f9 ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:backgroundImageUrl=http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=300&container=open&gadget=http%3A%2F%2Fwww.google.com%2Freviews%2Fpolls%2Fv2%2Fcontest%2Fuser%2Fyoutubehelp%2Fgadgetad.xml/http://www.google.com/reviews/polls/v2/contest/image?id=67c7e7688131d1355babf2c81065b2f15a9bd4f9 ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:index=0 divName=home ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:index=1 divName=submit ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Templater:TOP:<table> <tr> ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Templater:CELL: <td align="center" width="110" height="80"> <input onclick="ytcp.submit.setSelected('{vid.ytId}');" type="radio" name="userVid" id="rad_{i}" value="{vid.ytId}" /> <img onclick="ytcp.submit.embedVideoIndex({i})" title="{vid.title}" width="70" height="55" src="http://i.ytimg.com/vi/{vid.ytId}/default.jpg" /> <br /> <a href="#" title="{vid.title}" onclick="ytcp.submit.embedVideoIndex({i})" style="font-size:10px; font-weight:bold; vertical-align:middle;" > {vid.title} </a> </td> ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Templater:BREAK: </tr> <tr> ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Templater:BOTTOM1: <tr> <td colspan="3" width="330" align="center" class="winnersLink1"> ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Templater:SCROLL: <a href="#" onclick="ytcp.submit.scroll({scrollDir})" class="winnersLink1"> {scrollText} </a> ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Templater:BOTTOM2: </td> </tr> <tr> <td colspan="3" width="330" align="center" class="winnersLink1"> </td> </tr> </table> ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:setSelectedTabByName(): home ** Message: console message: http://www-open-opensocial.googleusercontent.com/gadgets/proxy/refresh=3600&container=open&gadget=http://www.google.com/reviews/polls/v2/contest/user/youtubehelp/gadgetad.xml/http://www.google.com/reviews/polls/v2/contest/js/gadgetjs.js @10: Contest:setSelectedTab(): 0 [Thread 0xb14d9b70 (LWP 12712) exited] [Thread 0xb04d7b70 (LWP 12714) exited] [Thread 0xb284bb70 (LWP 12711) exited] ** (epiphany:12560): DEBUG: NP_Initialize ** (epiphany:12560): DEBUG: NP_Initialize succeeded ** (epiphany:12560): DEBUG: NP_Initialize ** (epiphany:12560): DEBUG: NP_Initialize succeeded [Thread 0xb0cd8b70 (LWP 12713) exited] ** (epiphany:12560): DEBUG: NP_Initialize ** (epiphany:12560): DEBUG: NP_Initialize succeeded ** (epiphany:12560): DEBUG: NP_Initialize ** (epiphany:12560): DEBUG: NP_Initialize succeeded ** (epiphany:12560): DEBUG: NP_Initialize ** (epiphany:12560): DEBUG: NP_Initialize succeeded [New Thread 0xb0cd8b70 (LWP 12715)] [Thread 0xb0cd8b70 (LWP 12715) exited] [New Thread 0xb0cd8b70 (LWP 12716)] Program received signal SIGSEGV, Segmentation fault. WebCore::AccessibilityRenderObject::isChecked (this=0xb164c9a0) at ../WebCore/accessibility/AccessibilityRenderObject.cpp:365 365 ../WebCore/accessibility/AccessibilityRenderObject.cpp: No such file or directory. in ../WebCore/accessibility/AccessibilityRenderObject.cpp Current language: auto The current source language is "auto; currently c++". (gdb) bt
+ Trace 220551
I try and I try and I can't reproduce in epiphany 2.29.90.1 and webkit 1.1.21-1.
I get the same errors with epiphany 2.29.90.1 and webkit 1.1.21-1. I tried the following, but it didn't work. mv ~/.gnome2/epiphany ~/.gnome2/epiphany.bak Anyway it looks like something is messed up up with my system. If you cannot reproduce this, then there is probably no point in spending extra time. I think I will stop here. Niels But as a final remark I also get a similar reproducible error, when I try to log in to bugzilla.gnome.org using the bar on the top of the page. The bugzilla error is also reproducible, but the stack trace looks different. Nevertheless I thought that they might be the same. Therefore I attach it here. The bugzilla crash comes from trying to log in using the menubar on to the top of the following web-page: https://bugzilla.gnome.org/show_bug.cgi?id=609753 Here is the stack trace from bugzilla.gnome.org: (gdb) bt
+ Trace 220585
(In reply to comment #2) > Anyway it looks like something is messed up up with my system. If you cannot > reproduce this, then there is probably no point in spending extra time. I think > I will stop here. So, I think what's 'messed up' with your system is likely that you have accessibility turned on. The crash seems to occur in code that might only be executed when a11y is on. > But as a final remark I also get a similar reproducible error, when I try to > log in to bugzilla.gnome.org using the bar on the top of the page. The bugzilla > error is also reproducible, but the stack trace looks different. Nevertheless I > thought that they might be the same. Therefore I attach it here. Not the same issue. Fixed by 0239346f27870ace37d8819cd7f934c34d83a01c, thanks for reporting!
Thank you for solving my problem. Now I can disable (and enable) the bug by running the command gnome-at-properties When I enable the check box named "enable assistive technologies" then the problem occurs. Niels By the way "gnome-at-properties" gave the following errors when I entered the menu named "keyboard preferences". I am not sure if they are relevant to this bug: niels@langager:~ $ gnome-at-properties (gnome-keyboard-properties:4175): GLib-GObject-CRITICAL **: g_param_spec_flags: assertion `G_TYPE_IS_FLAGS (flags_type)' failed (gnome-keyboard-properties:4175): GLib-GObject-CRITICAL **: g_object_class_install_property: assertion `G_IS_PARAM_SPEC (pspec)' failed
*** Bug 611083 has been marked as a duplicate of this bug. ***
Hi, this crash has been reported with an older version of Epiphany and Webkit; recent versions of Epiphany are much more reliable. Please check if this still occurs with Epiphany 3.12 or newer and reopen if that is the case. Thanks!