The problem is in RedirectedXCompositeWindow implementation. Every WebView creates a RedirectedXCompositeWindow of size 1,1. At the end of the constructor resize and resizeLater function are called:

resize(size);
resizeLater(); // Force update of the usable area.

resize always schedules a resizeLater call because m_usableSize is uninitialized (0, 0) and is always smaller than size (1, 1). The first resizeLater, called right after resize() resets the m_pendingResizeSourceId. If the window is destroyed before the second resizeLater is called (called from the main loop), the destructor won't remove the source, because it has been reset by the first resizeLater and after the objects is freed, the second resizeLater will be called by the main loop with an already freed RedirectedXCompositeWindow. This happens often in unit tests where web view are created and destroyed quickly. 
Instead of calling resizeLater from the constructor to initialize m_usableSize, we could just initialize it to the given size.