See downstream for full stack trace. #0 0x005457a3 in g_type_check_instance_cast (type_instance=0xfffffffe, iface_type=80) at gtype.c:3969 #1 0x42489475 in WebCore::MainFrameScrollbarGtk::detachAdjustment (this=0xad9131b0) at WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:79 #2 0x4249543b in WebCore::ScrollView::setHorizontalAdjustment (this=0xa8bc7a00, hadj=0x0, resetValues=true) at WebCore/platform/gtk/ScrollViewGtk.cpp:92 #3 0x42495705 in WebCore::ScrollView::setGtkAdjustments (this=0xa8bc7a00, hadj=0x0, vadj=0x0, resetValues=true) at WebCore/platform/gtk/ScrollViewGtk.cpp:161 #4 0x424c7ecd in WebKit::FrameLoaderClient::savePlatformDataToCachedFrame (this=0xa8ba50d0, cachedFrame=0xadd4ed20) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:1270 #5 0x41f1012e in WebCore::CachedFrame::CachedFrame (this=0xadd4ed20, frame=0xa8ba0c00) at WebCore/history/CachedFrame.cpp:144 #6 0x41f1017c in create (this=0xadd4e780, frame=0xaa23c200) at WebCore/history/CachedFrame.h:73 #7 WebCore::CachedFrame::CachedFrame (this=0xadd4e780, frame=0xaa23c200) at WebCore/history/CachedFrame.cpp:148 #8 0x41f10502 in create (this=0xb6fa9260, page=0xad19df20) at WebCore/history/CachedFrame.h:73 On branch releases/WebKitGTK/webkit-1.4, if a ScrollView that previously did not have a parent acquires a parent, ScrollView::setHorizontalAdjustment()/ScrollView::setVerticalAdjustment() expect m_horizontalScrollbar/m_verticalScrollbar to be a MainFrameScrollbarGtk when it is actually a Scrollbar. Result is heap UMR or similar. Proposed fix is to remove the scrollbars when a ScrollView that previously did not have a parent acquires a parent; patch to follow. Trunk does not have this issue as the dangerous casts are absent.