Bug 1585064

Summary: [abrt] webkit2gtk3: WebKit::CoordinatedBackingStoreTile::setBackBuffer(): WebKitWebProcess killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Ryan Farmer <rfarmer84>
Component: webkit2gtk3Assignee: Tomas Popela <tpopela>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 28CC: mcatanzaro+wrong-account-do-not-cc, tcfxfzoi, tpopela
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/d9c82f44ce82b97e3359586ed381076aa55e2573
Whiteboard: abrt_hash:7c98b15c6d429175fadcb2b56a2735dc5448c861;VARIANT_ID=workstation;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-02 01:04:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: cpuinfo
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: mountinfo
none
File: open_fds
none
File: proc_pid_status
none
Backtrace from Chase website tab crash. none

Description Ryan Farmer 2018-06-01 08:41:56 UTC 
Description of problem:
Opened a new tab and went to news.google.com.

Version-Release number of selected component:
webkit2gtk3-2.20.2-1.fc28

Additional info:
reporter:       libreport-2.9.5
backtrace_rating: 4
cmdline:        /usr/libexec/webkit2gtk-4.0/WebKitWebProcess 20 20
crash_function: WebKit::CoordinatedBackingStoreTile::setBackBuffer
dso_list:       /usr/libexec/webkit2gtk-4.0/WebKitWebProcess webkit2gtk3-2.20.2-1.fc28.x86_64 (Fedora Project) 1527579441
executable:     /usr/libexec/webkit2gtk-4.0/WebKitWebProcess
journald_cursor: s=bd177fc2519f430089736339a9cde97d;i=132d6;b=c54c5810972f43908950c3fb9c902232;m=4001b3d4c;t=56d906bf46878;x=17c86b7f317afba6
kernel:         4.16.13-300.fc28.x86_64
rootdir:        /
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #0 WebKit::CoordinatedBackingStoreTile::setBackBuffer at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedBackingStore.cpp:58
 #1 WebKit::CoordinatedBackingStore::updateTile at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedBackingStore.cpp:84
 #2 WebKit::CoordinatedGraphicsScene::updateTilesIfNeeded at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/x86_64-redhat-linux-gnu/DerivedSources/ForwardingHeaders/wtf/ThreadSafeRefCounted.h:42
 #3 WebKit::CoordinatedGraphicsScene::setLayerState at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:292
 #4 WebKit::CoordinatedGraphicsScene::commitSceneState at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:556
 #5 WebKit::CoordinatedGraphicsScene::applyStateChanges at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp:91
 #6 WebKit::ThreadedCompositor::renderLayerTree at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WebKit/Shared/CoordinatedGraphics/threadedcompositor/ThreadedCompositor.cpp:259
 #7 WTF::RunLoop::TimerBase::<lambda(gpointer)>::operator() at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WTF/wtf/glib/RunLoopGLib.cpp:170
 #8 WTF::RunLoop::TimerBase::<lambda(gpointer)>::_FUN(gpointer) at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WTF/wtf/glib/RunLoopGLib.cpp:176
 #13 WTF::RunLoop::run at /usr/src/debug/webkit2gtk3-2.20.2-1.fc28.x86_64/Source/WTF/wtf/glib/RunLoopGLib.cpp:96
Comment 1 Ryan Farmer 2018-06-01 08:42:02 UTC 
Created attachment 1446568 [details]
File: backtrace
Comment 2 Ryan Farmer 2018-06-01 08:42:05 UTC 
Created attachment 1446569 [details]
File: cgroup
Comment 3 Ryan Farmer 2018-06-01 08:42:22 UTC 
Created attachment 1446570 [details]
File: core_backtrace
Comment 4 Ryan Farmer 2018-06-01 08:42:24 UTC 
Created attachment 1446571 [details]
File: cpuinfo
Comment 5 Ryan Farmer 2018-06-01 08:42:26 UTC 
Created attachment 1446572 [details]
File: environ
Comment 6 Ryan Farmer 2018-06-01 08:42:28 UTC 
Created attachment 1446573 [details]
File: exploitable
Comment 7 Ryan Farmer 2018-06-01 08:42:30 UTC 
Created attachment 1446574 [details]
File: limits
Comment 8 Ryan Farmer 2018-06-01 08:42:47 UTC 
Created attachment 1446575 [details]
File: maps
Comment 9 Ryan Farmer 2018-06-01 08:42:51 UTC 
Created attachment 1446576 [details]
File: mountinfo
Comment 10 Ryan Farmer 2018-06-01 08:42:58 UTC 
Created attachment 1446577 [details]
File: open_fds
Comment 11 Ryan Farmer 2018-06-01 08:43:04 UTC 
Created attachment 1446578 [details]
File: proc_pid_status
Comment 12 Ryan Farmer 2018-06-01 20:05:16 UTC 
I got a similar crash while trying to load Chase Bank's website in Epiphany this morning.

ABRT won't let me report it, but I'm going to tack it on here as "backtracechase.txt".
Comment 13 Ryan Farmer 2018-06-01 20:06:24 UTC 
Created attachment 1446793 [details]
Backtrace from Chase website tab crash.

Backtrace from similar-looking crash on Chase website.
Comment 14 Michael Catanzaro 2018-06-01 20:12:19 UTC 
They are the same crash, yes.

Since you have a WebKit Bugzilla account already, can you report it upstream, please? I copy the full backtrace (attachment 1446568 [details]) and submit it as an attachment on WebKit Bugzilla. And I copy the truncated backtrace from comment #0 into my description of the problem.

Here's a random example of such a generic crash report: https://bugs.webkit.org/show_bug.cgi?id=184548
Comment 15 Ryan Farmer 2018-06-01 20:21:52 UTC 
Hi,

I copied it over there as this:

https://bugs.webkit.org/show_bug.cgi?id=186206

Is that good?
Comment 16 Michael Catanzaro 2018-06-02 01:04:08 UTC 
Yes, thanks!