This seems to be in JSC. It crashes in 2.2.3 but works fine in 2.3.2.
A couple of backtraces. This is GtkLauncher with webkitgtk 2.2.2: #0 0x00007f2f2b823354 in ?? () #1 0x00007f2f2803f970 in ?? () #2 0x0000000000000009 in ?? () #3 0x00007f2f00000001 in ?? () #4 0x00007f2f201aa710 in ?? () #5 0x00007f2f2b81ffa0 in ?? () #6 0x00007f2f81f41249 in JSC::Heap::didAllocate (this=0x7f2f28302280, bytes=140733271593200) at ../Source/JavaScriptCore/heap/Heap.cpp:893 #7 0x00007f2f2b7fe8e0 in ?? () #8 0x00007f2f70276d08 in ?? () #9 0x00007f2f283022d8 in ?? () #10 0x0000000000000000 in ?? () This is epiphany 3.10 and webkitgtk-2.1.92: #0 0x00007f00fc024374 in ?? () #1 0x00007f014002f970 in ?? () #2 0x0000000000000009 in ?? () #3 0x00007f0000000001 in ?? () #4 0x00007f00f85b0710 in ?? () #5 0x00007f00fc020fc1 in ?? () #6 0x00007f0151558d2e in JSC::ProgramExecutable::initializeGlobalProperties(JSC::VM&, JSC::ExecState*, JSC::JSScope*) () from /home/berto/devel/gnome/lib64/libjavascriptcoregtk-3.0.so.0 #7 0x00007f015143eb63 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () from /home/berto/devel/gnome/lib64/libjavascriptcoregtk-3.0.so.0 #8 0x00007f0151546598 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () from /home/berto/devel/gnome/lib64/libjavascriptcoregtk-3.0.so.0 #9 0x00007f014f75c73b in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #10 0x00007f014f75cd12 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #11 0x00007f014f92420a in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #12 0x00007f014f9280f8 in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #13 0x00007f014fad218f in WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #14 0x00007f014fad2a5d in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #15 0x00007f014fabc87e in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #16 0x00007f014fabc942 in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #17 0x00007f014fabeec7 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #18 0x00007f014fabf1d2 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25 #19 0x00007f014fabf2d8 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) () from /home/berto/devel/gnome/lib64/libwebkit2gtk-3.0.so.25
Created attachment 223699 [details] Patch I bisected this, looks like backporting r155480 (which depends on r155466) solves the problem. I tested this patch with WebKitGTK+ 2.2.4
Created attachment 223701 [details] Patch Somehow the previous patch was compressed, hopefully this one is fine.
Merged in stable branch as r164281 and r164282. Thanks