Bug 93964

Created attachment 121457 [details]
BT from gdb

I'm using WebKitGtk+ with my own JHBuild setting:
https://github.com/tanty/jhbuild-epiphany/tree/master

Epiphany 3.18.0, WebKit 2.10.6, cairo-1.14.2 and pixman-0.32.6

I'm running Epiphany with the dconf key:

"process-model" = "shared-secondary-process"

The compilation was done with CMake args:

'-DPORT=GTK -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS_RELEASE="-O0 -g1 -DNDEBUG -DG_DISABLE_CAST_CHECKS" -DCMAKE_CXX_FLAGS_RELEASE="-O0 -g1 -DNDEBUG -DG_DISABLE_CAST_CHECKS"'

When visiting several pages, eventually, WebKitWebProcess crashes.

This bug is not reproducible in a predictable way that I'm aware of.

Short backtrace:

#0  sse2_blt (src_bits=<optimized out>, dst_bits=<optimized out>, src_stride=<optimized out>, dst_stride=<optimized out>, src_bpp=<optimized out>, src_x=<optimized out>, src_y=0, dest_x=0, dest_y=0, width=640, height=<optimized out>, dst_bpp=<optimized out>, imp=<optimized out>) at pixman-sse2.c:4765
#1  0x00007fffe910d883 in _pixman_implementation_blt (imp=0x40f5b0, src_bits=0x7ffe95600000, dst_bits=0x7fff64670000, src_stride=640, dst_stride=640, src_bpp=32, dst_bpp=32, src_x=0, src_y=0, dest_x=0, dest_y=0, width=640, height=640) at pixman-implementation.c:250
#2  0x00007fffe90bf82e in pixman_blt (src_bits=<optimized out>, dst_bits=<optimized out>, src_stride=<optimized out>, dst_stride=<optimized out>, src_bpp=<optimized out>, dst_bpp=<optimized out>, src_x=0, src_y=0, dest_x=0, dest_y=0, width=640, height=640) at pixman.c:748
#3  0x00007ffff0e9e6aa in draw_image_boxes (_dst=0x2cd4e60, image=0x2be23e0, boxes=<optimized out>, dx=0, dy=0) at cairo-image-compositor.c:108
#4  0x00007ffff0eda91e in upload_boxes (compositor=<optimized out>, compositor=<optimized out>, boxes=<optimized out>, extents=<optimized out>) at cairo-spans-compositor.c:514
#5  composite_aligned_boxes (boxes=<optimized out>, extents=<optimized out>, compositor=<optimized out>) at cairo-spans-compositor.c:630
#6  clip_and_composite_boxes (compositor=0x7ffff1195900 <spans>, extents=0x7fffffff9fd0, boxes=0x7fffffff9d40) at cairo-spans-compositor.c:882
#7  0x00007ffff0eda9de in clip_and_composite_boxes (compositor=0x7ffff1195900 <spans>, extents=0x7fffffff9fd0, boxes=0x7fffffff9d40) at cairo-spans-compositor.c:901
#8  0x00007ffff0edaaf9 in _cairo_spans_compositor_paint (_compositor=0x7ffff1195900 <spans>, extents=0x7fffffff9fd0) at cairo-spans-compositor.c:983
#9  0x00007ffff0e92d29 in _cairo_compositor_paint (compositor=0x7ffff1195900 <spans>, surface=0x2cd4e60, op=<optimized out>, source=<optimized out>, clip=<optimized out>) at cairo-compositor.c:65
#10 0x00007ffff0eddd71 in _cairo_surface_paint (surface=0x2cd4e60, op=CAIRO_OPERATOR_SOURCE, source=0x7fffffffa320, clip=0x4f4690) at cairo-surface.c:2117
#11 0x00007ffff0e9baf0 in _cairo_gstate_fill (gstate=0x2be2570, path=0x33833e8) at cairo-gstate.c:1312
#12 0x00007ffff0e94a39 in _cairo_default_context_fill (abstract_cr=0x3383080) at cairo-default-context.c:1055
#13 0x00007ffff0e8d945 in cairo_fill (cr=0x7ffe95600000) at cairo.c:2205
#14 0x00007ffff6071072 in drawPatternToCairoContext () at /opt/gnome-os/tanty/epiphany/checkout/webkitgtk-2.10.6/Source/WebCore/platform/graphics/cairo/PlatformContextCairo.cpp:155
...

Full backtrace attached.