My quick look at this issue is that LayerTreeRenderer::purgeGLResources is called immediately in the UI process before CoordinatedLayerTreeHost::purgeBackingStores had the time to complete in the WebProcess. So any message sent from the WebProcess in-between might access resources that, at this point, the web process thought valid but that the UI process already cleared. I didn't investigate very deep so this might be wrong, but a way that seemed worth trying to fix this was to make sure that LayerTreeRenderer::purgeGLResources is only called once the web process confirmed that id destroyed the resource through some didPurgeBackingStores message.

(In reply to comment #0) > It shows that the m_rootLayer in LayerTreeRenderer is invalid, when called from LayerTreeRenderer::purgeGLResources. Other places contain explicit checks for the validity, so maybe the check is just missing there? Humm thinking more about it, your explanation is probably a lot better. If there is no root layer yet, then there is nothing to purge anyway.

This is apparently fixed in WebKit upstream by 18ac4c73a22b42cf2783dee9dfa285fe149f7821: Coordinated Graphics: Remove redundant behaviors in LayerTreeRenderer. https://bugs.webkit.org/show_bug.cgi?id=107084 Can someone backport that into QtWebKit stable?

(In reply to comment #3) > Can someone backport that into QtWebKit stable? I tried to cherry-pick it but I'm not sure that this fix can safely be applied since some stuff changed lately. It would probably be better for 5.0.x to just apply the check before the removeAllChildren call like you proposed. I'll have a bit of time for it later. You can do a branch-only fix in the qtwebkit module if you need it before.

I created a simple commit for the stable branch: https://codereview.qt-project.org/#change,46641 Please review - thanks!