Play a video like this one: https://www.facebook.com/photo.php?v=10152179935133691 During playback move the position back and forth by clicking quickly on different parts of the progress bar (NOTE: click, don't drag). Repeat the process a few times, and the web process will crash: 1 0x7fd7c277b497 /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x17) [0x7fd7c277b497] 2 0x7fd7c2549e6b /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZNK3JSC6JSCell11methodTableEv+0x4b) [0x7fd7c2549e6b] 3 0x7fd7c2548698 /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x38b698) [0x7fd7c2548698] 4 0x7fd7c254a83e /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-3.0.so.0(virtualForWithFunction+0x5e) [0x7fd7c254a83e] 5 0x7fd7c2548713 /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x38b713) [0x7fd7c2548713] 6 0x7fd76b1b8ca3 [0x7fd76b1b8ca3] I reproduced this with webkitgtk 2.4.3 using the MiniBrowser. The master branch seems to work fine.
This is a regression introduced by this commit: http://trac.webkit.org/changeset/160688 It was also fixed in master with the jsCStack branch merge (r163027).
Committed <http://trac.webkit.org/changeset/170794>