As I filed on Ubuntu's bug reporter at https://bugs.launchpad.net/ubuntu/+source/webkit/+bug/660914 I'm seeing a crash in webkit's PAC processor: #0 0x03d7e95f in JSGarbageCollect () from /usr/lib/libwebkit-1.0.so.2 #1 0x0319fe97 in ctxs_free (self=0xaf997f20) at pacrunner_webkit.c:124 #2 0x031a0377 in _run (self=0xaf97b2b8, pac=0xaf97d390, url=0xa6006488) at pacrunner_webkit.c:199 #3 0x00d32b52 in px_proxy_factory_get_proxies (self=0x9cb7f08, url=0xa604fec8 "http://post.audioscrobbler.com/np_1.2") at proxy.c:401 #4 0x00803db2 in ?? () from /usr/lib/libsoup-gnome-2.4.so.1 #5 0x00804199 in ?? () from /usr/lib/libsoup-gnome-2.4.so.1 #6 0x00fef3d4 in g_thread_pool_thread_proxy (data=0x8984378) at /build/buildd/glib2.0-2.26.0/glib/gthreadpool.c:319 #7 0x00fed48f in g_thread_create_proxy (data=0xa2ceb70) at /build/buildd/glib2.0-2.26.0/glib/gthread.c:1897 #8 0x00778cc9 in start_thread (arg=0xa71ccb70) at pthread_create.c:304 #9 0x02e386ae in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 This is from rhythmbox, presumably trying to parse the PAC to figure out which proxy to use to post to last.fm's audioscrobbler. Happy to supply any more information necessary.
A crash in JSGarbageCollect itself means that an invalid context pointer was passed to it. So, this is almost certain to be a bug in the caller. Some common errors are: - passing a deallocated context; - not using locking with multiple threads (only contexts from distinct context groups can be used concurrently).