Steps to reproduce: 1) Build the QML MiniBrowser from trunk against Qt 5.0 2) Launch the QML MiniBrowser and point it to http://juju.ubuntu.com/survey 3) Scroll down to the section that reads "Rank which of the following are…" 4) Click on the first dropdown widget 5) From the item selector that pops up, select any option At this point, the item selector is correctly hidden, but then the web process crashes ("WARNING: The web process experienced a crash on 'http://www.surveymonkey.com/s/ubuntu-juju'."). This page has some event handlers that are invoked when the selected option changes (RankingQuestion.RankChange(event)), and the crash happens when running those handlers are executed.
This is the backtrace I get when I attach to the web process before triggering the crash: #0 WebKit::WebPage::hidePopupMenu (this=0xae716a00) at WebProcess/WebPage/qt/WebPageQt.cpp:439 #1 0xb5de33ca in callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)()> (function=<optimized out>, object=0xae716a00) at Platform/CoreIPC/HandleMessage.h:15 #2 handleMessage<Messages::WebPage::HidePopupMenu, WebKit::WebPage, void (WebKit::WebPage::*)()> (function=<optimized out>, object=0xae716a00, decoder=...) at Platform/CoreIPC/HandleMessage.h:322 #3 WebKit::WebPage::didReceiveWebPageMessage (this=0xae716a00, decoder=...) at generated/WebPageMessageReceiver.cpp:476 #4 0xb5d976f6 in WebKit::WebPage::didReceiveMessage (this=0xae716a00, connection=0xae705dc0, messageID=..., decoder=...) at WebProcess/WebPage/WebPage.cpp:2922 #5 0xb5c5d365 in CoreIPC::MessageReceiverMap::dispatchMessage (this=0x88dcca4, connection=0xae705dc0, messageID=..., decoder=...) at Platform/CoreIPC/MessageReceiverMap.cpp:86 #6 0xb5da08d9 in WebKit::WebProcess::didReceiveMessage (this=0x88dcc70, connection=0xae705dc0, messageID=..., decoder=...) at WebProcess/WebProcess.cpp:681 #7 0xb5c5a440 in dispatchMessage (decoder=..., messageID=..., this=0xae705dc0) at Platform/CoreIPC/Connection.cpp:663 #8 CoreIPC::Connection::dispatchMessage (this=this@entry=0xae705dc0, message=...) at Platform/CoreIPC/Connection.cpp:686 #9 0xb5c5a559 in CoreIPC::Connection::dispatchOneMessage (this=0xae705dc0) at Platform/CoreIPC/Connection.cpp:712 #10 0xb5c5971f in operator() (c=<optimized out>, this=0xab12bed8) at ../WTF/wtf/Functional.h:173 #11 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() ( this=0xab12bed0) at ../WTF/wtf/Functional.h:405 #12 0xb61e7106 in operator() (this=<synthetic pointer>) at ../WTF/wtf/Functional.h:613 #13 WebCore::RunLoop::performWork (this=0xae703780) at platform/RunLoop.cpp:87 #14 0xb62a3e16 in performWork (this=<optimized out>) at platform/qt/RunLoopQt.cpp:48 #15 qt_static_metacall (_id=0, _o=0x88dafc8, _c=<optimized out>, _a=<optimized out>) at .moc/release-shared/RunLoopQt.moc:68 #16 WebCore::RunLoop::TimerObject::qt_static_metacall (_o=0x88dafc8, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xadd033c8) at .moc/release-shared/RunLoopQt.moc:63 #17 0xb52917d3 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #18 0xb52948db in QObject::event(QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #19 0xb556370c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Widgets.so.5 #20 0xb556713b in QApplication::notify(QObject*, QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Widgets.so.5 #21 0xb526b74e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #22 0xb526d673 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #23 0xb526dd3c in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #24 0xb52b9434 in ?? () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #25 0xb392f9e3 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0 #26 0xb392fd80 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 #27 0xb392fe61 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0 #28 0xb52b95af in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #29 0xafc77d36 in ?? () from /usr/lib/i386-linux-gnu/qt5/plugins/platforms/libqxcb.so #30 0xb5269fd6 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #31 0xb526a48c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #32 0xb526dde2 in QCoreApplication::exec() () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #33 0xb62a3e87 in WebCore::RunLoop::run () at platform/qt/RunLoopQt.cpp:69 #34 0xb5da8545 in WebKit::WebProcessMainQt (app=0x8867058) at WebProcess/qt/WebProcessMainQt.cpp:195 #35 0x080488b8 in main (argc=2, argv=0xbfed8394) at qt/MainQt.cpp:100
Here is where the crash is happening: void WebPage::hidePopupMenu() { if (!m_activePopupMenu) return; m_activePopupMenu->client()->popupDidHide(); m_activePopupMenu = 0; } m_activePopupMenu->client() returns m_activePopupMenu->m_popupClient, which in this case is null. It looks like the popup client is destroyed too early: (gdb) p this->m_activePopupMenu.m_ptr->m_popupClient $6 = (WebCore::PopupMenuClient *) 0x0
=== Bulk closing of Qt bugs === If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary. If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines.