It seems the bug is come from somewhere from QML and/or V8:

$ gdb WebKitBuild/Debug/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Debug/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView...done.
(gdb) run
Starting program: /home/oszi/WebKit/WebKitBuild/Debug/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffe613d700 (LWP 10442)]
[New Thread 0x7ffff7ff8700 (LWP 10443)]
[New Thread 0x7fffe5b1c700 (LWP 10444)]
[New Thread 0x7fffe591b700 (LWP 10445)]
********* Start testing of qmltests *********
Config: Using QTest library 5.0.0, Qt 5.0.0
PASS   : qmltests::WebViewApplicationSchemes::initTestCase()
[New Thread 0x7fffe571a700 (LWP 10446)]
[New Thread 0x7fffe5519700 (LWP 10448)]
PASS   : qmltests::WebViewApplicationSchemes::test_applicationScheme()
PASS   : qmltests::WebViewApplicationSchemes::test_charsets()
PASS   : qmltests::WebViewApplicationSchemes::test_multipleSchemes()
PASS   : qmltests::WebViewApplicationSchemes::test_multipleUrlsForScheme()
PASS   : qmltests::WebViewApplicationSchemes::cleanupTestCase()
[New Thread 0x7fffe4ccb700 (LWP 10457)]
[New Thread 0x7fffe4674700 (LWP 10459)]
PASS   : qmltests::WebViewColorChooser::initTestCase()
PASS   : qmltests::WebViewColorChooser::test_accept()
PASS   : qmltests::WebViewColorChooser::test_currentValue()
PASS   : qmltests::WebViewColorChooser::test_reject()
PASS   : qmltests::WebViewColorChooser::cleanupTestCase()
[New Thread 0x7fff9fe96700 (LWP 10476)]

Program received signal SIGBUS, Bus error.
0x00007ffff29c8e41 in QQmlPropertyCache::findProperty(QStringHash<QPair<int, QQmlPropertyData*> >::ConstIterator, QQmlVMEMetaObject const*, QQmlContextData*) const () from /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtQml.so.5
(gdb) bt
#0  0x00007ffff29c8e41 in QQmlPropertyCache::findProperty(QStringHash<QPair<int, QQmlPropertyData*> >::ConstIterator, QQmlVMEMetaObject const*, QQmlContextData*) const () from /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtQml.so.5
#1  0x00007ffff2a5e07e in QV8QObjectWrapper::GetProperty(QV8Engine*, QObject*, v8::Handle<v8::Value>*, QHashedV8String const&, QQmlContextData*, QV8QObjectWrapper::RevisionMode) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtQml.so.5
#2  0x00007ffff2a5f032 in QV8QObjectWrapper::Getter(v8::Local<v8::String>, v8::AccessorInfo const&) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtQml.so.5
#3  0x00007fffea5b8fb0 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtV8.so.5
#4  0x00007fffea5b964e in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtV8.so.5
#5  0x00007fffea61dbcd in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtV8.so.5
#6  0x00007fffea621805 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-beta1/lib/libQtV8.so.5
#7  0x00000651a660618e in ?? ()
#8  0x00000651a66060e1 in ?? ()
#9  0x00000651a66060e1 in ?? ()
#10 0x00007fffffffb4d0 in ?? ()
#11 0x00007fffffffb530 in ?? ()
#12 0x00000651a6649695 in ?? ()
#13 0x000012d92af89ed9 in ?? ()
#14 0x000012d92af89cf1 in ?? ()
#15 0x000012d92af87121 in ?? ()
#16 0x0000397ff2504121 in ?? ()
#17 0x0000397ff2504121 in ?? ()
#18 0x000012d92af87121 in ?? ()
#19 0x000012d92af870e9 in ?? ()
#20 0x00007fffffffb560 in ?? ()
#21 0x00000651a6649e45 in ?? ()
#22 0x000012d92af89d21 in ?? ()
#23 0x000012d92af89e59 in ?? ()
#24 0x000012d92af89e59 in ?? ()
#25 0x000012d92af89e21 in ?? ()
#26 0x00007fffffffb598 in ?? ()
#27 0x00000651a66249e7 in ?? ()
#28 0x0000397ff2556f81 in ?? ()
#29 0x000012d92af89e59 in ?? ()
#30 0x00000651a6624921 in ?? ()
#31 0x0000000600000000 in ?? ()
#32 0x0000000000000000 in ?? ()

The bug is valid in release and debug mode too. These tests crash 
always in release mode , but not always / intermittently in debug mode.

I can reproduce this

Backtrace of tst_qmltests_WebView with a debug build of Qt5 beta:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff3046010 in QQmlGuardedContextData::operator QQmlContextData* (this=0x900000058) at qml/qqmlcontext_p.h:243
243         inline operator QQmlContextData*() const { return m_contextData; }
(gdb) bt
#0  0x00007ffff3046010 in QQmlGuardedContextData::operator QQmlContextData* (this=0x900000058) at qml/qqmlcontext_p.h:243
#1  0x00007ffff30f8dec in QQmlPropertyCache::findProperty (this=0x7fffd8013a60, it=..., vmemo=0x900000000, context=0x4db3f0) at qml/qqmlpropertycache.cpp:947
#2  0x00007ffff30f8c98 in QQmlPropertyCache::findProperty (this=0x7fffd8013a60, it=..., object=0x4da760, context=0x4db3f0) at qml/qqmlpropertycache.cpp:912
#3  0x00007ffff30fbed2 in QQmlPropertyCache::property<QHashedV8String> (this=0x7fffd8013a60, key=..., object=0x4da760, context=0x4db3f0) at qml/qqmlpropertycache_p.h:284
#4  0x00007ffff319f85e in QV8QObjectWrapper::GetProperty (engine=0x464e90, object=0x4da760, objectHandle=0x7fffffffa570, property=..., context=0x4db3f0, revisionMode=QV8QObjectWrapper::IgnoreRevision) at qml/v8/qv8qobjectwrapper.cpp:529
#5  0x00007ffff31a1535 in QV8QObjectWrapper::Getter (property=..., info=...) at qml/v8/qv8qobjectwrapper.cpp:766
#6  0x00007fffeb0aada8 in v8::internal::JSObject::GetPropertyWithInterceptor (this=0x27e25af708b9, receiver=0x27e25af708b9, name=0x27e25af70a69, attributes=0x7fffffffa8ec) at ../3rdparty/v8/src/objects.cc:10096
#7  0x00007fffeb0893f6 in v8::internal::Object::GetProperty (this=0x27e25af708b9, receiver=0x27e25af708b9, result=0x7fffffffa870, name=0x27e25af70a69, attributes=0x7fffffffa8ec) at ../3rdparty/v8/src/objects.cc:633
#8  0x00007fffeb087125 in v8::internal::Object::GetPropertyWithReceiver (this=0x27e25af708b9, receiver=0x27e25af708b9, name=0x27e25af70a69, attributes=0x7fffffffa8ec) at ../3rdparty/v8/src/objects.cc:161
#9  0x00007fffeaef518e in v8::internal::Object::GetProperty (this=0x27e25af708b9, key=0x27e25af70a69) at ../3rdparty/v8/src/objects-inl.h:865
#10 0x00007fffeb1197d4 in v8::internal::Runtime::GetObjectProperty (isolate=0x413070, object=..., key=...) at ../3rdparty/v8/src/runtime.cc:4258
#11 0x00007fffeb026253 in v8::internal::KeyedLoadIC::Load (this=0x7fffffffab70, state=v8::internal::UNINITIALIZED, object=..., key=..., force_generic_stub=false) at ../3rdparty/v8/src/ic.cc:1215
#12 0x00007fffeb029a20 in v8::internal::KeyedLoadIC_Miss (args=..., isolate=0x413070) at ../3rdparty/v8/src/ic.cc:2011
#13 0x00001a8f7d90618e in ?? ()
#14 0x00001a8f7d9060e1 in ?? ()

(In reply to comment #4)
> Backtrace of tst_qmltests_WebView with a debug build of Qt5 beta:
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff3046010 in QQmlGuardedContextData::operator QQmlContextData* (this=0x900000058) at qml/qqmlcontext_p.h:243
> 243         inline operator QQmlContextData*() const { return m_contextData; }
> (gdb) bt
> #0  0x00007ffff3046010 in QQmlGuardedContextData::operator QQmlContextData* (this=0x900000058) at qml/qqmlcontext_p.h:243
> #1  0x00007ffff30f8dec in QQmlPropertyCache::findProperty (this=0x7fffd8013a60, it=..., vmemo=0x900000000, context=0x4db3f0) at qml/qqmlpropertycache.cpp:947


0x900000000 is a suspicious address for a pointer :)

I've noticed that this test doesn't crash in release mode all the time. I'm almost sure this crash is caused by a QtDeclarative bug. It seems the problem isn't in the WebView and it's not related to the WebKit. I suppose that the crash is happening in the Qt Quick Test framework.

The problem occurs when the declarative tries to look up the lastResultChanged property in the QML property cache (QQmlPropertyCache::findProperty). The function findProperty iterates through QQmlVMEMetaObject chain in a loop to find a meta-object which holds a particular context (see src/qml/qml/qqmlpropertycache.cpp:946). It seems this meta-object chain is messed up in some cases because the function parentVMEMetaObject returns a wrong pointer instead of nil.

I think this bug should be reported to the QtDeclarative developers.

Could you report this bug as soon as possible, please? Because of this bug,
we have poor test coverage for Qt WK2 API tests, and impossible to catch
new regressions.

now: 25 passed, 10 failed, 0 skipped, 2 crashed
before Qt 5 beta: 171 passed, 1 failed, 0 skipped, 0 crashed

(In reply to comment #7)
> Could you report this bug as soon as possible, please?

done.
https://bugreports.qt-project.org/browse/QTBUG-27334

Jocelyn rocks and fixed it upstream. Closing this bug as it turns out there's no change needed in WebKit. This will make it into the next Qt 5 release thankfully :)

(In reply to comment #9)
> Jocelyn rocks and fixed it upstream. Closing this bug as it turns out there's no change needed in WebKit. This will make it into the next Qt 5 release thankfully :)

Reopen, because the bug is still valid with Jocelyn's fix. I tried it with
Qt5:008fb07a0f735a1416e6594737505becc671de39 which contains the fix in
qtdeclarative module: 5bd0e08063fcacba0c2b63528712968c7d74e7f9 (QTBUG-27334)

$ WebKitBuild/Release/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView
********* Start testing of qmltests *********
Config: Using QTest library 5.0.0, Qt 5.0.0
PASS   : qmltests::WebViewApplicationSchemes::initTestCase()
PASS   : qmltests::WebViewApplicationSchemes::test_applicationScheme()
PASS   : qmltests::WebViewApplicationSchemes::test_charsets()
PASS   : qmltests::WebViewApplicationSchemes::test_multipleSchemes()
PASS   : qmltests::WebViewApplicationSchemes::test_multipleUrlsForScheme()
PASS   : qmltests::WebViewApplicationSchemes::cleanupTestCase()
PASS   : qmltests::WebViewColorChooser::initTestCase()
PASS   : qmltests::WebViewColorChooser::test_accept()
PASS   : qmltests::WebViewColorChooser::test_currentValue()
PASS   : qmltests::WebViewColorChooser::test_reject()
PASS   : qmltests::WebViewColorChooser::cleanupTestCase()
PASS   : qmltests::DevicePixelRatio::initTestCase()
PASS   : qmltests::DevicePixelRatio::test_devicePixelRatio()
PASS   : qmltests::DevicePixelRatio::test_devicePixelRatioMediaQuery()
PASS   : qmltests::DevicePixelRatio::cleanupTestCase()
PASS   : qmltests::DoubleTapToZoom::initTestCase()
PASS   : qmltests::DoubleTapToZoom::test_basic()
PASS   : qmltests::DoubleTapToZoom::cleanupTestCase()
PASS   : qmltests::WebViewDownload::initTestCase()
PASS   : qmltests::WebViewDownload::test_downloadRequest()
PASS   : qmltests::WebViewDownload::test_expectedLength()
PASS   : qmltests::WebViewDownload::test_succeeded()
PASS   : qmltests::WebViewDownload::cleanupTestCase()
PASS   : qmltests::JavaScriptEvaluation::initTestCase()
Segmentation fault

Maybe it is another bug, I don't know ....

GDB backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff77d0257 in WebKit::QtDownloadManager::downloadCreatedDestination(WebKit::DownloadProxy*, QString const&) ()
   from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
(gdb) bt
#0  0x00007ffff77d0257 in WebKit::QtDownloadManager::downloadCreatedDestination(WebKit::DownloadProxy*, QString const&) ()
   from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#1  0x00007ffff77d02e2 in WebKit::QtDownloadManager::didCreateDestination(OpaqueWKContext const*, OpaqueWKDownload const*, OpaqueWKString const*, void const*) () from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#2  0x00007ffff76ccd47 in WebKit::WebDownloadClient::didCreateDestination(WebKit::WebContext*, WebKit::DownloadProxy*, WTF::String const&) ()
   from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#3  0x00007ffff77e92b3 in void CoreIPC::handleMessage<Messages::DownloadProxy::DidCreateDestination, WebKit::DownloadProxy, void (WebKit::DownloadProxy::*)(WTF::String const&)>(CoreIPC::ArgumentDecoder*, WebKit::DownloadProxy*, void (WebKit::DownloadProxy::*)(WTF::String const&)) ()
   from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#4  0x00007ffff77ea5ef in WebKit::DownloadProxy::didReceiveDownloadProxyMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) ()
   from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#5  0x00007ffff76c5937 in WebKit::WebContext::didReceiveMessage(WebKit::WebProcessProxy*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) ()
   from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#6  0x00007ffff76ba24b in WebKit::WebConnectionToWebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) ()
   from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#7  0x00007ffff763e59b in CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) ()
   from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#8  0x00007ffff763e6f6 in CoreIPC::Connection::dispatchOneMessage() () from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebKit2.so.1
#9  0x00007ffff614b1e1 in WebCore::RunLoop::performWork() () from /home/oszi/WebKit/WebKitBuild/Release/lib/libWebCore.so.1
#10 0x00007fffec9a8cfe in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#11 0x00007fffec983f45 in QCoreApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#12 0x00007fffec984204 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#13 0x00007fffec988ff9 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#14 0x00007fffec9d0433 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#15 0x00007ffff01716f2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#16 0x00007ffff0175568 in ?? () from /lib/libglib-2.0.so.0
#17 0x00007ffff017571c in g_main_context_iteration () from /lib/libglib-2.0.so.0
#18 0x00007fffec9cff0b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#19 0x00007fffec98415d in QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>, int) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#20 0x00007fffed9261c1 in QuickTestResult::wait(int) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQuickTest.so.5
#21 0x00007fffed92b50f in QuickTestResult::qt_metacall(QMetaObject::Call, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQuickTest.so.5
#22 0x00007fffeefbebbc in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQml.so.5
#23 0x00007fffeefc010e in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQml.so.5
#24 0x00007fffeefc0c9e in QV8QObjectWrapper::Invoke(v8::Arguments const&) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQml.so.5
#25 0x00007fffea2af9d7 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtV8.so.5
#26 0x00001f692880618e in ?? ()
#27 0x00007fffffffcb38 in ?? ()
#28 0x00001f69288060e1 in ?? ()
#29 0x00007fffffffcab0 in ?? ()
#30 0x00007fffffffcb30 in ?? ()
#31 0x00001f692882ad7f in ?? ()
#32 0x00000f0019957dc1 in ?? ()
#33 0x00003d2cb2fd8609 in ?? ()
#34 0x0000000100000000 in ?? ()
#35 0x00000f0019904121 in ?? ()
#36 0x0000001c00000000 in ?? ()
#37 0x00003d2cb2fd8541 in ?? ()
#38 0x00000f0019957251 in ?? ()
#39 0x00000f0019957dc1 in ?? ()
#40 0x00003d2cb2fd8609 in ?? ()
#41 0x00003d2cb2fd85c1 in ?? ()
#42 0x00003d2cb2fd8571 in ?? ()
#43 0x00007fffffffcb60 in ?? ()
#44 0x00001f69288098ce in ?? ()
#45 0x00003d2cb2fd8541 in ?? ()
#46 0x0000000100000000 in ?? ()
#47 0x00003d2cb2fd85c1 in ?? ()
#48 0x0000000800000000 in ?? ()
#49 0x00007fffffffcba8 in ?? ()
#50 0x00001f692884175e in ?? ()
#51 0x0000003200000000 in ?? ()
#52 0x00003d2cb2fd8541 in ?? ()
#53 0x00003d2cb2fd84c9 in ?? ()
#54 0x0000138800000000 in ?? ()
#55 0x0000000000000000 in ?? ()

and a debug GDB backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff74c28c6 in QMapData<unsigned long, QWebDownloadItem*>::root (this=0x8) at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtCore/qmap.h:200
200         Node *root() const { return static_cast<Node *>(header.left); }
(gdb) bt
#0  0x00007ffff74c28c6 in QMapData<unsigned long, QWebDownloadItem*>::root (this=0x8) at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtCore/qmap.h:200
#1  0x00007ffff74c26ca in QMapData<unsigned long, QWebDownloadItem*>::findNode (this=0x8, akey=@0x7fffffffb740)
    at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtCore/qmap.h:291
#2  0x00007ffff74c256a in QMap<unsigned long, QWebDownloadItem*>::value (this=0x7fff94022410, akey=@0x7fffffffb740, adefaultValue=@0x7fffffffb738)
    at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtCore/qmap.h:586
#3  0x00007ffff74c1e97 in WebKit::QtDownloadManager::downloadCreatedDestination (this=0x7fff94022410, download=0x7fff9c02f960, path=...)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/qt/QtDownloadManager.cpp:73
#4  0x00007ffff74c230e in WebKit::QtDownloadManager::didCreateDestination (download=0x7fff9c02f960, path=0x7fff9c099f60, clientInfo=0x7fff94022410)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/qt/QtDownloadManager.cpp:127
#5  0x00007ffff72e3d09 in WebKit::WebDownloadClient::didCreateDestination (this=0x7fff94010278, webContext=0x7fff9400ff60, downloadProxy=0x7fff9c02f960,
    path=...) at /home/oszi/WebKit/Source/WebKit2/UIProcess/WebDownloadClient.cpp:91
#6  0x00007ffff727f281 in WebKit::DownloadProxy::didCreateDestination (this=0x7fff9c02f960, path=...)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/Downloads/DownloadProxy.cpp:147
#7  0x00007ffff74e98cb in CoreIPC::callMemberFunction<WebKit::DownloadProxy, void (WebKit::DownloadProxy::*)(WTF::String const&), WTF::String> (args=...,
    object=0x7fff9c02f960, function=0x7ffff727f238 <WebKit::DownloadProxy::didCreateDestination(WTF::String const&)>)
    at /home/oszi/WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:19
#8  0x00007ffff74e920f in CoreIPC::handleMessage<Messages::DownloadProxy::DidCreateDestination, WebKit::DownloadProxy, void (WebKit::DownloadProxy::*)(WTF::String const&)> (argumentDecoder=0xd8b760, object=0x7fff9c02f960, function=0x7ffff727f238 <WebKit::DownloadProxy::didCreateDestination(WTF::String const&)>)
    at /home/oszi/WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:302
#9  0x00007ffff74e8c19 in WebKit::DownloadProxy::didReceiveDownloadProxyMessage (this=0x7fff9c02f960, messageID=..., arguments=0xd8b760)
    at generated/DownloadProxyMessageReceiver.cpp:60
#10 0x00007ffff72cc470 in WebKit::WebContext::didReceiveMessage (this=0x7fff9400ff60, process=0x7fff94576aa0, messageID=..., arguments=0xd8b760)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/WebContext.cpp:722
#11 0x00007ffff73453db in WebKit::WebProcessProxy::didReceiveMessage (this=0x7fff94576aa0, connection=0x7fff940233a0, messageID=..., arguments=0xd8b760)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/WebProcessProxy.cpp:405
#12 0x00007ffff72c2416 in WebKit::WebConnectionToWebProcess::didReceiveMessage (this=0x7fff94021000, connection=0x7fff940233a0, messageID=...,
    arguments=0xd8b760) at /home/oszi/WebKit/Source/WebKit2/UIProcess/WebConnectionToWebProcess.cpp:92
#13 0x00007ffff71cef47 in CoreIPC::Connection::dispatchMessage (this=0x7fff940233a0, message=...)
    at /home/oszi/WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:691
#14 0x00007ffff71cf129 in CoreIPC::Connection::dispatchOneMessage (this=0x7fff940233a0)
    at /home/oszi/WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:717
#15 0x00007ffff71d977f in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0xb23fe0, c=0x7fff940233a0)
    at /home/oszi/WebKit/Source/WTF/wtf/Functional.h:174
#16 0x00007ffff71d9488 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void ()(CoreIPC::Connection*)>::operator()() (
    this=0xb23fd0) at /home/oszi/WebKit/Source/WTF/wtf/Functional.h:406
#17 0x00007ffff7274ffc in WTF::Function<void ()()>::operator()() const (this=0x7fffffffbcd0) at /home/oszi/WebKit/Source/WTF/wtf/Functional.h:614
#18 0x00007ffff485e163 in WebCore::RunLoop::performWork (this=0x706400) at /home/oszi/WebKit/Source/WebCore/platform/RunLoop.cpp:87
#19 0x00007ffff4bda782 in WebCore::RunLoop::TimerObject::performWork (this=0x7064e0) at /home/oszi/WebKit/Source/WebCore/platform/qt/RunLoopQt.cpp:48
#20 0x00007ffff4bdb595 in WebCore::RunLoop::TimerObject::qt_static_metacall (_o=0x7064e0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x61d5e0)
    at ./RunLoopQt.moc:69
#21 0x00007fffe92adcfe in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#22 0x00007fffe9288f45 in QCoreApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#23 0x00007fffe9289204 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#24 0x00007fffe928dff9 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#25 0x00007fffe92d5433 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#26 0x00007fffeca766f2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#27 0x00007fffeca7a568 in ?? () from /lib/libglib-2.0.so.0
#28 0x00007fffeca7a71c in g_main_context_iteration () from /lib/libglib-2.0.so.0
#29 0x00007fffe92d4f0b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#30 0x00007fffe928915d in QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>, int) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtCore.so.5
#31 0x00007fffea22b1c1 in QuickTestResult::wait(int) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQuickTest.so.5
#32 0x00007fffea23050f in QuickTestResult::qt_metacall(QMetaObject::Call, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQuickTest.so.5
#33 0x00007fffeb8c3bbc in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQml.so.5
#34 0x00007fffeb8c510e in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQml.so.5
#35 0x00007fffeb8c5c9e in QV8QObjectWrapper::Invoke(v8::Arguments const&) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtQml.so.5
#36 0x00007fffe6b049d7 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/lib/libQtV8.so.5
#37 0x00002ef512c0618e in ?? ()
#38 0x00007fffffffcc78 in ?? ()
---Type <return> to continue, or q <return> to quit---
#39 0x00002ef512c060e1 in ?? ()
#40 0x00007fffffffcbf0 in ?? ()
#41 0x00007fffffffcc70 in ?? ()
#42 0x00002ef512c2ad7f in ?? ()
#43 0x00000acb21757dc1 in ?? ()
#44 0x0000389272fd9e11 in ?? ()
#45 0x0000000100000000 in ?? ()
#46 0x00000acb21704121 in ?? ()
#47 0x0000001c00000000 in ?? ()
#48 0x0000389272fd9d49 in ?? ()
#49 0x00000acb21757251 in ?? ()
#50 0x00000acb21757dc1 in ?? ()
#51 0x0000389272fd9e11 in ?? ()
#52 0x0000389272fd9dc9 in ?? ()
#53 0x0000389272fd9d79 in ?? ()
#54 0x00007fffffffcca0 in ?? ()
#55 0x00002ef512c098ce in ?? ()
#56 0x0000389272fd9d49 in ?? ()
#57 0x0000000100000000 in ?? ()
#58 0x0000389272fd9dc9 in ?? ()
#59 0x0000000800000000 in ?? ()
#60 0x00007fffffffcce8 in ?? ()
#61 0x00002ef512c4175e in ?? ()
#62 0x0000003200000000 in ?? ()
#63 0x0000389272fd9d49 in ?? ()
#64 0x0000389272fd9cd1 in ?? ()
#65 0x0000138800000000 in ?? ()
#66 0x0000000000000000 in ?? ()

valid on Qt5: d3a55bf0aa240a26cedd2e8415f81849d6d65fc1 (Jocelyn's fix introduced with this hash)

bbandix told me that on Qt5:e4d841490b91b87a07f8b46768ac2b87d87ab3fe + fix cherry picked he can't see this crash.

I'll continue bisecting tomorrow.

(In reply to comment #13)
> valid on Qt5: d3a55bf0aa240a26cedd2e8415f81849d6d65fc1 (Jocelyn's fix introduced with this hash)
> 
> bbandix told me that on Qt5:e4d841490b91b87a07f8b46768ac2b87d87ab3fe + fix cherry picked he can't see this crash.
> 
> I'll continue bisecting tomorrow.

I tried Qt5:e4d841490b91b87a07f8b46768ac2b87d87ab3fe + fix cherry picked, and
Qt5-beta1 + fix cherry picked and the crash was still valid on both of them.

Here is the gdb backtrace with trunk developer-build Qt5 (508072fb031ffb6beea94c77d41b29bfedf3874f):

$ gdb WebKitBuild/Debug/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Debug/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView...done.
(gdb) run
Starting program: /home/oszi/WebKit/WebKitBuild/Debug/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffe1af7700 (LWP 31587)]
[New Thread 0x7ffff7ff7700 (LWP 31588)]
[New Thread 0x7fffa11c3700 (LWP 31589)]
[New Thread 0x7fffa10c2700 (LWP 31590)]
********* Start testing of qmltests *********
Config: Using QTest library 5.0.0, Qt 5.0.0
PASS   : qmltests::WebViewApplicationSchemes::initTestCase()
[New Thread 0x7fffa0fc1700 (LWP 31591)]
[New Thread 0x7fffa0ec0700 (LWP 31593)]
PASS   : qmltests::WebViewApplicationSchemes::test_applicationScheme()
PASS   : qmltests::WebViewApplicationSchemes::test_charsets()
PASS   : qmltests::WebViewApplicationSchemes::test_multipleSchemes()
PASS   : qmltests::WebViewApplicationSchemes::test_multipleUrlsForScheme()
PASS   : qmltests::WebViewApplicationSchemes::cleanupTestCase()
[New Thread 0x7fffa074d700 (LWP 31601)]
[New Thread 0x7fffa01f6700 (LWP 31604)]
PASS   : qmltests::WebViewColorChooser::initTestCase()
PASS   : qmltests::WebViewColorChooser::test_accept()
PASS   : qmltests::WebViewColorChooser::test_currentValue()
PASS   : qmltests::WebViewColorChooser::test_reject()
PASS   : qmltests::WebViewColorChooser::cleanupTestCase()
[New Thread 0x7fff9ba3b700 (LWP 31620)]
PASS   : qmltests::DevicePixelRatio::initTestCase()
[New Thread 0x7fff9b93a700 (LWP 31622)]
[New Thread 0x7fff9b839700 (LWP 31627)]
[Thread 0x7fff9b839700 (LWP 31627) exited]
PASS   : qmltests::DevicePixelRatio::test_devicePixelRatio()
[New Thread 0x7fff9b839700 (LWP 31628)]
[Thread 0x7fff9b839700 (LWP 31628) exited]
PASS   : qmltests::DevicePixelRatio::test_devicePixelRatioMediaQuery()
PASS   : qmltests::DevicePixelRatio::cleanupTestCase()
[New Thread 0x7fff9b839700 (LWP 31629)]
[New Thread 0x7fff9bb75700 (LWP 31631)]
PASS   : qmltests::DoubleTapToZoom::initTestCase()
[New Thread 0x7fff9b738700 (LWP 31637)]
[Thread 0x7fff9b738700 (LWP 31637) exited]
[New Thread 0x7fff9b738700 (LWP 31640)]
[Thread 0x7fff9b738700 (LWP 31640) exited]
PASS   : qmltests::DoubleTapToZoom::test_basic()
PASS   : qmltests::DoubleTapToZoom::cleanupTestCase()
[New Thread 0x7fff9b738700 (LWP 31641)]
[New Thread 0x7fff9b637700 (LWP 31643)]
PASS   : qmltests::WebViewDownload::initTestCase()
PASS   : qmltests::WebViewDownload::test_downloadRequest()
PASS   : qmltests::WebViewDownload::test_expectedLength()
PASS   : qmltests::WebViewDownload::test_succeeded()
PASS   : qmltests::WebViewDownload::cleanupTestCase()
[New Thread 0x7fff9b536700 (LWP 31663)]
PASS   : qmltests::JavaScriptEvaluation::initTestCase()

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff74c2a3e in QMapData<unsigned long, QWebDownloadItem*>::root (this=0x0) at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtCore/qmap.h:200
200         Node *root() const { return static_cast<Node *>(header.left); }
(gdb) bt
#0  0x00007ffff74c2a3e in QMapData<unsigned long, QWebDownloadItem*>::root (this=0x0) at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtCore/qmap.h:200
#1  0x00007ffff74c2842 in QMapData<unsigned long, QWebDownloadItem*>::findNode (this=0x0, akey=@0x7fffffffaf20)
    at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtCore/qmap.h:291
#2  0x00007ffff74c26e2 in QMap<unsigned long, QWebDownloadItem*>::value (this=0x785f00, akey=@0x7fffffffaf20, adefaultValue=@0x7fffffffaf18)
    at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtCore/qmap.h:586
#3  0x00007ffff74c200f in WebKit::QtDownloadManager::downloadCreatedDestination (this=0x785f00, download=0xd065a0, path=...)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/qt/QtDownloadManager.cpp:73
#4  0x00007ffff74c2486 in WebKit::QtDownloadManager::didCreateDestination (download=0xd065a0, path=0xc19100, clientInfo=0x785f00)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/qt/QtDownloadManager.cpp:127
#5  0x00007ffff72e3c59 in WebKit::WebDownloadClient::didCreateDestination (this=0x77b0b8, webContext=0x77ada0, downloadProxy=0xd065a0, path=...)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/WebDownloadClient.cpp:91
#6  0x00007ffff727f1d1 in WebKit::DownloadProxy::didCreateDestination (this=0xd065a0, path=...)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/Downloads/DownloadProxy.cpp:147
#7  0x00007ffff74e9a43 in CoreIPC::callMemberFunction<WebKit::DownloadProxy, void (WebKit::DownloadProxy::*)(WTF::String const&), WTF::String> (args=...,
    object=0xd065a0, function=0x7ffff727f188 <WebKit::DownloadProxy::didCreateDestination(WTF::String const&)>)
    at /home/oszi/WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:19
#8  0x00007ffff74e9387 in CoreIPC::handleMessage<Messages::DownloadProxy::DidCreateDestination, WebKit::DownloadProxy, void (WebKit::DownloadProxy::*)(WTF::String const&)> (argumentDecoder=0x7fff9c001030, object=0xd065a0, function=0x7ffff727f188 <WebKit::DownloadProxy::didCreateDestination(WTF::String const&)>)
    at /home/oszi/WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:302
#9  0x00007ffff74e8d91 in WebKit::DownloadProxy::didReceiveDownloadProxyMessage (this=0xd065a0, messageID=..., arguments=0x7fff9c001030)
    at generated/DownloadProxyMessageReceiver.cpp:60
#10 0x00007ffff72cc3c0 in WebKit::WebContext::didReceiveMessage (this=0x77ada0, process=0x79cf30, messageID=..., arguments=0x7fff9c001030)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/WebContext.cpp:722
#11 0x00007ffff7345493 in WebKit::WebProcessProxy::didReceiveMessage (this=0x79cf30, connection=0x77efc0, messageID=..., arguments=0x7fff9c001030)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/WebProcessProxy.cpp:405
#12 0x00007ffff72c2366 in WebKit::WebConnectionToWebProcess::didReceiveMessage (this=0x772930, connection=0x77efc0, messageID=..., arguments=0x7fff9c001030)
    at /home/oszi/WebKit/Source/WebKit2/UIProcess/WebConnectionToWebProcess.cpp:92
#13 0x00007ffff71cee97 in CoreIPC::Connection::dispatchMessage (this=0x77efc0, message=...)
    at /home/oszi/WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:691
#14 0x00007ffff71cf079 in CoreIPC::Connection::dispatchOneMessage (this=0x77efc0) at /home/oszi/WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:717
#15 0x00007ffff71d96cf in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x7fff9c00f3e0, c=0x77efc0)
    at /home/oszi/WebKit/Source/WTF/wtf/Functional.h:174
#16 0x00007ffff71d93d8 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void ()(CoreIPC::Connection*)>::operator()() (
    this=0x7fff9c00f3d0) at /home/oszi/WebKit/Source/WTF/wtf/Functional.h:406
#17 0x00007ffff7274f4c in WTF::Function<void ()()>::operator()() const (this=0x7fffffffb4b0) at /home/oszi/WebKit/Source/WTF/wtf/Functional.h:614
#18 0x00007ffff4856d0b in WebCore::RunLoop::performWork (this=0x6b6ae0) at /home/oszi/WebKit/Source/WebCore/platform/RunLoop.cpp:87
#19 0x00007ffff4bd382e in WebCore::RunLoop::TimerObject::performWork (this=0x6b6bc0) at /home/oszi/WebKit/Source/WebCore/platform/qt/RunLoopQt.cpp:48
#20 0x00007ffff4bd4641 in WebCore::RunLoop::TimerObject::qt_static_metacall (_o=0x6b6bc0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7fff9c002d70)
    at ./RunLoopQt.moc:69
#21 0x00007fffe90b1fb2 in QMetaCallEvent::placeMetaCall (this=0x7fff9c002310, object=0x6b6bc0) at kernel/qobject.cpp:479
#22 0x00007fffe90b3f82 in QObject::event (this=0x6b6bc0, e=0x7fff9c002310) at kernel/qobject.cpp:1070
#23 0x00007fffe9075e50 in QCoreApplicationPrivate::notify_helper (this=0x61d180, receiver=0x6b6bc0, event=0x7fff9c002310) at kernel/qcoreapplication.cpp:840
#24 0x00007fffe9075b44 in QCoreApplication::notify (this=0x7fffffffe270, receiver=0x6b6bc0, event=0x7fff9c002310) at kernel/qcoreapplication.cpp:785
#25 0x00007fffe96294f2 in QGuiApplication::notify (this=0x7fffffffe270, object=0x6b6bc0, event=0x7fff9c002310) at kernel/qguiapplication.cpp:1080
---Type <return> to continue, or q <return> to quit---
#26 0x00007fffe9075a48 in QCoreApplication::notifyInternal (this=0x7fffffffe270, receiver=0x6b6bc0, event=0x7fff9c002310) at kernel/qcoreapplication.cpp:723
#27 0x00007fffe9079aa3 in QCoreApplication::sendEvent (receiver=0x6b6bc0, event=0x7fff9c002310) at kernel/qcoreapplication.h:207
#28 0x00007fffe9076d42 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x61d280) at kernel/qcoreapplication.cpp:1324
#29 0x00007fffe90766f9 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1184
#30 0x00007fffe90ef327 in postEventSourceDispatch (s=0x62a680) at kernel/qeventdispatcher_glib.cpp:278
#31 0x00007fffec9ce6f2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#32 0x00007fffec9d2568 in ?? () from /lib/libglib-2.0.so.0
#33 0x00007fffec9d271c in g_main_context_iteration () from /lib/libglib-2.0.so.0
#34 0x00007fffe90f051f in QEventDispatcherGlib::processEvents (this=0x61f610, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#35 0x00007fffe9075f43 in QCoreApplication::processEvents (flags=..., maxtime=50) at kernel/qcoreapplication.cpp:921
#36 0x00007fffea2974be in qWait (ms=50) at /usr/local/Trolltech/Qt5/Qt-5.0.0-r37/include/QtTest/qtestsystem.h:66
#37 0x00007fffea298efd in QuickTestResult::wait (this=0xc1be70, ms=50) at quicktestresult.cpp:570
#38 0x00007fffea29d1d8 in QuickTestResult::qt_static_metacall (_o=0xc1be70, _c=QMetaObject::InvokeMetaMethod, _id=23, _a=0x7fffffffbff0)
    at .moc/debug-shared/moc_quicktestresult_p.cpp:288
#39 0x00007fffea29d736 in QuickTestResult::qt_metacall (this=0xc1be70, _c=QMetaObject::InvokeMetaMethod, _id=23, _a=0x7fffffffbff0)
    at .moc/debug-shared/moc_quicktestresult_p.cpp:397
#40 0x00007fffe907eeb3 in QMetaObject::metacall (object=0xc1be70, cl=QMetaObject::InvokeMetaMethod, idx=28, argv=0x7fffffffbff0)
    at kernel/qmetaobject.cpp:307
#41 0x00007fffeb8bd90a in CallMethod (object=0xc1be70, index=28, returnType=43, argCount=1, argTypes=0x6ac294, engine=0x654d90, callArgs=...)
    at qml/v8/qv8qobjectwrapper.cpp:1590
#42 0x00007fffeb8be58d in CallPrecise (object=0xc1be70, data=..., engine=0x654d90, callArgs=...) at qml/v8/qv8qobjectwrapper.cpp:1837
#43 0x00007fffeb8bf564 in QV8QObjectWrapper::Invoke (args=...) at qml/v8/qv8qobjectwrapper.cpp:2055
#44 0x00007fffe664d94a in HandleApiCallHelper<false> (args=..., isolate=0x60f070) at ../3rdparty/v8/src/builtins.cc:1120
#45 0x00007fffe6648976 in Builtin_Impl_HandleApiCall (args=..., isolate=0x60f070) at ../3rdparty/v8/src/builtins.cc:1137
#46 0x00007fffe6648947 in Builtin_HandleApiCall (args=..., isolate=0x60f070) at ../3rdparty/v8/src/builtins.cc:1136
#47 0x000021209f60618e in ?? ()
#48 0x00007fff00000006 in ?? ()
#49 0x000021209f6060e1 in ?? ()
#50 0x00007fffffffc7a0 in ?? ()
#51 0x00007fffffffc820 in ?? ()
#52 0x000021209f62af5f in ?? ()
#53 0x0000037a7d157dc1 in ?? ()
#54 0x00001883b6fd8079 in ?? ()
#55 0x0000000100000000 in ?? ()
#56 0x0000037a7d104121 in ?? ()
#57 0x0000001c00000000 in ?? ()
#58 0x00001883b6fd7fc1 in ?? ()
#59 0x0000037a7d157251 in ?? ()
#60 0x0000037a7d157dc1 in ?? ()
#61 0x00001883b6fd8079 in ?? ()
#62 0x00001883b6fd8031 in ?? ()
#63 0x00001883b6fd7fe1 in ?? ()
#64 0x00007fffffffc850 in ?? ()
#65 0x000021209f6098ee in ?? ()
#66 0x00001883b6fd7fc1 in ?? ()
#67 0x0000000100000000 in ?? ()
#68 0x00001883b6fd8031 in ?? ()
#69 0x0000000800000000 in ?? ()
#70 0x00007fffffffc898 in ?? ()
#71 0x000021209f64195e in ?? ()
#72 0x0000003200000000 in ?? ()
#73 0x00001883b6fd7fc1 in ?? ()
#74 0x00001883b6fd7f59 in ?? ()
#75 0x0000138800000000 in ?? ()
#76 0x0000000000000000 in ?? ()
(gdb)

(In reply to comment #14)
> (In reply to comment #13)
> > valid on Qt5: d3a55bf0aa240a26cedd2e8415f81849d6d65fc1 (Jocelyn's fix introduced with this hash)
> > 
> > bbandix told me that on Qt5:e4d841490b91b87a07f8b46768ac2b87d87ab3fe + fix cherry picked he can't see this crash.
> > 
> > I'll continue bisecting tomorrow.
> 
> I tried Qt5:e4d841490b91b87a07f8b46768ac2b87d87ab3fe + fix cherry picked, and
> Qt5-beta1 + fix cherry picked and the crash was still valid on both of them.
> 

I can not reproduce this on my machine, neither with running all the tests nor just running QML tests, could this be something environment-dependent?

Maybe yes ... But you can easily reproduce it on Debian Squeeze and Ubuntu 11.10 32/64 bit too with the following command: (with trunk Qt5 hash)

$ WebKitBuild/Release/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView

(In reply to comment #16)
> Maybe yes ... But you can easily reproduce it on Debian Squeeze and Ubuntu 11.10 32/64 bit too with the following command: (with trunk Qt5 hash)
> 
> $ WebKitBuild/Release/Source/WebKit2/UIProcess/API/qt/tests/qmltests/tst_qmltests_WebView

We had this kind of issue with downloads before if the order of the messages from the web process was altered because of a deadlock in sync messages between the processes.

I have no idea how that could happen in this case though.

Resolving again, it was a different bug.
The downlaod test crash should be fixed with bug #100224.

*** This bug has been marked as a duplicate of bug 100224 ***

Ah, it is different bug. In this case, it isn't dup, simple resolved/fixed.