[Webkit-unassigned] [Bug 48682] New: Chromium: seg fault when testing fast/frames/iframe-reparenting.html when run after iframe-reparenting-new-page.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 29 14:37:45 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=48682

           Summary: Chromium: seg fault when testing
                    fast/frames/iframe-reparenting.html when run after
                    iframe-reparenting-new-page.html
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Tools / Tests
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jennb at chromium.org


I've only seen this crash on the chromium platform. Crashes consistently for me on Linux (Lucid) and occasionally for me on Mac (Snow Leopard).  Did not try on Windows. 

The test fast/frames/iframe-reparenting.html runs fine on its own, but seg faults when testing all fast/frames. I've narrowed the repro case down to making it fail by only running 2 layout tests:

  new-run-webkit-tests --chromium --use-drt --verbose --no-show-results fast/frames/iframe-reparenting-new-page.html fast/frames/iframe-reparenting.html

2010-10-29 14:31:29,847 dump_render_tree_thread.py:106  DEBUG Stacktrace for /work/WebKit/LayoutTests/fast/frames/iframe-reparenting.html:
[8574:8574:1284969651047:ERROR:WebKit/chromium/base/process_util_posix.cc(105)] Received signal 11
    StackTrace::StackTrace() [0x86e060]
    base::(anonymous namespace)::StackDumpSignalHandler() [0x89f0c1]
    0x7fac40bb3af0
    WebCore::Page::group() [0x468736]
    WebCore::V8Proxy::didLeaveScriptContext() [0xdc8ab4]
    WebCore::V8Proxy::callFunction() [0xdc8629]
    WebCore::ScheduledAction::execute() [0xd994f3]
    WebCore::ScheduledAction::execute() [0xd9933e]
    WebCore::DOMTimer::fired() [0x10cc370]
    WebCore::ThreadTimers::sharedTimerFiredInternal() [0xd0705c]
    WebCore::ThreadTimers::sharedTimerFired() [0xd06f8f]
    webkit_glue::WebKitClientImpl::DoTimeout() [0x17ba32e]
    DispatchToMethod<>() [0x17ba751]
    base::BaseTimer<>::TimerTask::Run() [0x17ba6a6]
    MessageLoop::RunTask() [0x87fb5e]
    MessageLoop::DeferOrRunPendingTask() [0x87fc42]
    MessageLoop::DoDelayedWork() [0x8803c5]
    base::MessagePumpForUI::HandleDispatch() [0x8d065b]
    (anonymous namespace)::WorkSourceDispatch() [0x8cfa53]
    0x7fac438898c2
    0x7fac4388d748
    0x7fac4388d8fc
    base::MessagePumpForUI::RunOnce() [0x8d03d7]
    base::MessagePumpForUI::RunWithDispatcher() [0x8d0270]
    base::MessagePumpForUI::Run() [0x8d0ad2]
    MessageLoop::RunInternal() [0x87f29e]
    MessageLoop::RunHandler() [0x87f13c]
    MessageLoop::Run() [0x87f0cd]
    webkit_support::RunMessageLoop() [0x584c91]
    TestShell::waitTestFinished() [0x454fb9]
    TestShell::runFileTest() [0x44e5b1]
    runTest() [0x429685]
    main [0x429ff2]
    0x7fac40b9ec4d
    0x418c59

breakpoint in V8Proxy::didLeaveScriptContext shows m_frame has a refcount of -1 and its m_page is an invalid pointer.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list