This is the backtrace I get when I attach to the web process before triggering the crash: #0 WebKit::WebPage::hidePopupMenu (this=0xae716a00) at WebProcess/WebPage/qt/WebPageQt.cpp:439 #1 0xb5de33ca in callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)()> (function=<optimized out>, object=0xae716a00) at Platform/CoreIPC/HandleMessage.h:15 #2 handleMessage<Messages::WebPage::HidePopupMenu, WebKit::WebPage, void (WebKit::WebPage::*)()> (function=<optimized out>, object=0xae716a00, decoder=...) at Platform/CoreIPC/HandleMessage.h:322 #3 WebKit::WebPage::didReceiveWebPageMessage (this=0xae716a00, decoder=...) at generated/WebPageMessageReceiver.cpp:476 #4 0xb5d976f6 in WebKit::WebPage::didReceiveMessage (this=0xae716a00, connection=0xae705dc0, messageID=..., decoder=...) at WebProcess/WebPage/WebPage.cpp:2922 #5 0xb5c5d365 in CoreIPC::MessageReceiverMap::dispatchMessage (this=0x88dcca4, connection=0xae705dc0, messageID=..., decoder=...) at Platform/CoreIPC/MessageReceiverMap.cpp:86 #6 0xb5da08d9 in WebKit::WebProcess::didReceiveMessage (this=0x88dcc70, connection=0xae705dc0, messageID=..., decoder=...) at WebProcess/WebProcess.cpp:681 #7 0xb5c5a440 in dispatchMessage (decoder=..., messageID=..., this=0xae705dc0) at Platform/CoreIPC/Connection.cpp:663 #8 CoreIPC::Connection::dispatchMessage (this=this@entry=0xae705dc0, message=...) at Platform/CoreIPC/Connection.cpp:686 #9 0xb5c5a559 in CoreIPC::Connection::dispatchOneMessage (this=0xae705dc0) at Platform/CoreIPC/Connection.cpp:712 #10 0xb5c5971f in operator() (c=<optimized out>, this=0xab12bed8) at ../WTF/wtf/Functional.h:173 #11 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() ( this=0xab12bed0) at ../WTF/wtf/Functional.h:405 #12 0xb61e7106 in operator() (this=<synthetic pointer>) at ../WTF/wtf/Functional.h:613 #13 WebCore::RunLoop::performWork (this=0xae703780) at platform/RunLoop.cpp:87 #14 0xb62a3e16 in performWork (this=<optimized out>) at platform/qt/RunLoopQt.cpp:48 #15 qt_static_metacall (_id=0, _o=0x88dafc8, _c=<optimized out>, _a=<optimized out>) at .moc/release-shared/RunLoopQt.moc:68 #16 WebCore::RunLoop::TimerObject::qt_static_metacall (_o=0x88dafc8, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xadd033c8) at .moc/release-shared/RunLoopQt.moc:63 #17 0xb52917d3 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #18 0xb52948db in QObject::event(QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #19 0xb556370c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Widgets.so.5 #20 0xb556713b in QApplication::notify(QObject*, QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Widgets.so.5 #21 0xb526b74e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #22 0xb526d673 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #23 0xb526dd3c in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #24 0xb52b9434 in ?? () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #25 0xb392f9e3 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0 #26 0xb392fd80 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 #27 0xb392fe61 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0 #28 0xb52b95af in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #29 0xafc77d36 in ?? () from /usr/lib/i386-linux-gnu/qt5/plugins/platforms/libqxcb.so #30 0xb5269fd6 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #31 0xb526a48c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #32 0xb526dde2 in QCoreApplication::exec() () from /usr/lib/i386-linux-gnu/libQt5Core.so.5 #33 0xb62a3e87 in WebCore::RunLoop::run () at platform/qt/RunLoopQt.cpp:69 #34 0xb5da8545 in WebKit::WebProcessMainQt (app=0x8867058) at WebProcess/qt/WebProcessMainQt.cpp:195 #35 0x080488b8 in main (argc=2, argv=0xbfed8394) at qt/MainQt.cpp:100

Here is where the crash is happening: void WebPage::hidePopupMenu() { if (!m_activePopupMenu) return; m_activePopupMenu->client()->popupDidHide(); m_activePopupMenu = 0; } m_activePopupMenu->client() returns m_activePopupMenu->m_popupClient, which in this case is null. It looks like the popup client is destroyed too early: (gdb) p this->m_activePopupMenu.m_ptr->m_popupClient $6 = (WebCore::PopupMenuClient *) 0x0

=== Bulk closing of Qt bugs === If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary. If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines.