100% reproducible on http://www.philly.com. Load this page: http://www.philly.com/philly/food/Pizzagate-target-Philly-favorites-Pizza-Brain-and-Little-Babys-.html Then close it. It will crash. I added some debug in StorageManager.cpp: createLocalStorageMap: this=0x7f5afcfee3c0 storageMapID=1 storageNamespaceID=1 addListener: this=0x7f5aa7ba9150 storageMapID=1 createSessionStorageMap: this=0x7f5afcfee3c0 storageMapID=2 storageNamespaceID=3 addListener: this=0x7f5aa7ba9230 storageMapID=2 createTransientLocalStorageMap: this=0x7f5afcfee3c0 storageMapID=3 storageNamespaceID=1 addListener: this=0x7f5aa7ba93f0 storageMapID=3 createSessionStorageMap: this=0x7f5afcfee3c0 storageMapID=4 storageNamespaceID=3 addListener: this=0x7f5aa7ba94d0 storageMapID=4 createTransientLocalStorageMap: this=0x7f5afcfee3c0 storageMapID=5 storageNamespaceID=1 addListener: this=0x7f5aa7ba94d0 storageMapID=5 processDidCloseConnection: this=0x7f5afcfee3c0 operator(): this=0x7f5afcfee3c0 removing listener... removeListener: this=0x7f5aa7ba93f0 storageMapID=3 operator(): this=0x7f5afcfee3c0 removing listener... removeListener: this=0x7f5aa7ba9150 storageMapID=1 operator(): this=0x7f5afcfee3c0 removing listener... removeListener: this=0x7f5aa7ba94d0 storageMapID=5 operator(): this=0x7f5afcfee3c0 removing listener... removeListener: this=0x7f5aa7ba9230 storageMapID=2 ~StorageArea: this=0x7f5aa7ba9150 empty=1 ~StorageArea: this=0x7f5aa7ba9230 empty=1 ~StorageArea: this=0x7f5aa7ba94d0 empty=0 ASSERTION FAILED: m_eventListeners.isEmpty() ../../Source/WebKit2/UIProcess/Storage/StorageManager.cpp(180) : WebKit::StorageManager::StorageArea::~StorageArea() So the problem is the listener for the second session storage map (storageMapID=4) is not being removed.

(Not likely to be GTK-specific.)

(In reply to comment #1) > So the problem is the listener for the second session storage map > (storageMapID=4) is not being removed. It's session storage for https://www.instagram.com.