***NOTE:  Checking the ChangeLog just now, I see this is apparently a dup of 225795, which I am not authorized to access.

Due to the fact I cannot view 225795, search does not find it, so I want to enter a **publicly visible** bug to document it for anyone else who experiences this issue.

It is not at all clear to me why a regression would be marked restricted access in the bug database.  I spent a couple days tracking this down; hiding bugs like this is not helpful.

Based on the ChangeLog, I surmise the issue has been resolved, but due to lack of access to 225795, I don't know for sure.  I'm building now to find out.

Here are my findings:

Since r277425, when I click on a link in a page after browser back, I get an Oops in epiphany.

Steps to reproduce:
    1) open https://zookeeper.stanford.edu/
    2) click on any link in the page
    3) back
    4) click on another link in page.  Oops.

WebKitWebProcess segfaults with this backtrace:

Thread 17 received signal SIGSEGV, Segmentation fault.
0x00007fff4a7a3710 in WebCore::FrameTree::parent() const ()
   from /usr/lib/64/libwebkit2gtk-4.0.so.37
(gdb) bt
#0  0x00007fff4a7a3710 in WebCore::FrameTree::parent() const ()
    at /usr/lib/64/libwebkit2gtk-4.0.so.37
#1  0x00007fff4a24d939 in WebCore::FrameSelection::selectFrameElementInParentIfFullySelected() () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#2  0x00007fff4a24e305 in WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance(WebCore::VisibleSelection const&, WTF::OptionSet<WebCore::FrameSelection::SetSelectionOption>, WebCore::FrameSelection::CursorAlignOnScroll, WebCore::TextGranularity) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#3  0x00007fff4a24e6e8 in WebCore::FrameSelection::willBeRemovedFromFrame() ()
    at /usr/lib/64/libwebkit2gtk-4.0.so.37
#4  0x00007fff4a11729d in WebCore::Document::willBeRemovedFromFrame() ()
    at /usr/lib/64/libwebkit2gtk-4.0.so.37
#5  0x00007fff4a2f3c5c in WebCore::CachedFrame::destroy() ()
    at /usr/lib/64/libwebkit2gtk-4.0.so.37
#6  0x00007fff4a2f3d1e in WebCore::CachedPage::~CachedPage() ()
    at /usr/lib/64/libwebkit2gtk-4.0.so.37
#7  0x00007fff4a2f516f in WebCore::BackForwardCache::prune(WebCore::PruningReason) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#8  0x00007fff4a2f5adb in WebCore::BackForwardCache::addIfCacheable(WebCore::HistoryItem&, WebCore::Page*) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#9  0x00007fff4a68c0a1 in WebCore::FrameLoader::commitProvisionalLoad() ()
    at /usr/lib/64/libwebkit2gtk-4.0.so.37
#10 0x00007fff4a657ea0 in WebCore::DocumentLoader::commitLoad(char const*, int)
--Type <RET> for more, q to quit, c to continue without paging--c
    () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#11 0x00007fff4a714fe1 in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) [clone .part.0] () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#12 0x00007fff4a715424 in WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) [clone .part.0] () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#13 0x00007fff4a6cf857 in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::RawPtrTraits<WebCore::SharedBuffer>, WTF::DefaultRefDerefTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#14 0x00007fff4a6cf9bb in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#15 0x00007fff48d6928d in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::ArrayReference<unsigned char, 18446744073709551615ul> const&, long)) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#16 0x00007fff48d68fd4 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#17 0x00007fff48f08275 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#18 0x00007fff48f0996d in IPC::Connection::dispatchOneIncomingMessage() () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#19 0x00007fff460c1ab4 in WTF::RunLoop::performWork() () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
#20 0x00007fff4612f8f9 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
#21 0x00007fff46130469 in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
#22 0x00007fff4637e2b0 in g_main_context_dispatch () at /usr/lib/64/libglib-2.0.so.0
#23 0x00007fff4637e638 in g_main_context_iterate.constprop () at /usr/lib/64/libglib-2.0.so.0
#24 0x00007fff4637e923 in g_main_loop_run () at /usr/lib/64/libglib-2.0.so.0
#25 0x00007fff461305a0 in WTF::RunLoop::run() () at /usr/lib/64/libjavascriptcoregtk-4.0.so.18
#26 0x00007fff49340622 in WebKit::WebProcessMain(int, char**) () at /usr/lib/64/libwebkit2gtk-4.0.so.37
#27 0x0000000000400d9c in _start ()