Bug 165045

Two reports (very few) of this crash with WebKitGTK+ 2.14.1: Truncated backtrace: Thread no. 0 (10 frames) #0 JSC::StructureIDTable::get(unsigned int) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/StructureIDTable.h:86 #1 JSC::JSCell::structure(JSC::VM&) const at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/JSCellInlines.h:107 #2 JSC::JSCell::classInfo() const at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/JSCellInlines.h:245 #3 JSC::isJSFinalObject(JSC::JSCell*) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/JSObject.h:1097 #4 JSC::isJSFinalObject(JSC::JSValue) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/runtime/JSObject.h:1102 #5 JSC::SlotVisitor::visitChildren(JSC::JSCell const*) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/heap/SlotVisitor.cpp:308 #6 JSC::SlotVisitor::drain() at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/heap/SlotVisitor.cpp:354 #7 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/heap/SlotVisitor.cpp:423 #8 JSC::Heap::<lambda()>::operator() at /usr/src/debug/webkitgtk-2.14.1/Source/JavaScriptCore/heap/Heap.cpp:451 #9 WTF::SharedTaskFunctor<void(), JSC::Heap::markRoots(double, void*, void*, __jmp_buf_tag (&)[1])::<lambda()> >::run(void) at /usr/src/debug/webkitgtk-2.14.1/Source/WTF/wtf/SharedTask.h:90 In the downstream bug (See Also) attached to comment #1 there is a full backtrace with stack variables, register dump, and assembler dump at the crash site.