35085 – plugins/iframe-shims.html crashing on GTK Debug bots

RESOLVED INVALID Bug 35085

plugins/iframe-shims.html crashing on GTK Debug bots

https://bugs.webkit.org/show_bug.cgi?id=35085

Summary plugins/iframe-shims.html crashing on GTK Debug bots

Philippe Normand

Reported 2010-02-18 03:16:09 PST

To reproduce the crash: ulimit -c unlimited WebKitTools/Scripts/run-webkit-tests --gtk --debug plugins/geturl-replace-query.html plugins/iframe-shims.html and inspect the core file. Crash won't happen if the test is executed alone. If it is executed after plugins/geturl-replace-query.html the crash happens... Program terminated with signal 11, Segmentation fault. #0 0xf6c4f70b in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >, WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>, WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*> >::checkKey<_NPP*, WTF::IdentityHashTranslator<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PtrHash<_NPP*> > > (this=0x8fc7050, key=@0x9015acc) at ../../JavaScriptCore/wtf/HashTable.h:464 464 ASSERT(!HashTranslator::equal(KeyTraits::emptyValue(), key)); (gdb) bt #0 0xf6c4f70b in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >, WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>, WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*> >::checkKey<_NPP*, WTF::IdentityHashTranslator<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PtrHash<_NPP*> > > (this=0x8fc7050, key=@0x9015acc) at ../../JavaScriptCore/wtf/HashTable.h:464 #1 0xf6c4eb54 in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >, WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>, WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*> >::lookup<_NPP*, WTF::IdentityHashTranslator<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PtrHash<_NPP*> > > (this=0x8fc7050, key=@0x9015acc) at ../../JavaScriptCore/wtf/HashTable.h:478 #2 0xf6c4ec5f in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >, WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>, WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*> >::find<_NPP*, WTF::IdentityHashTranslator<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PtrHash<_NPP*> > > (this=0x8fc7050, key=@0x9015acc) at ../../JavaScriptCore/wtf/HashTable.h:775 #3 0xf6c4dc3a in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>, WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >, WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>, WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*> >::find (this=0x8fc7050, key=@0x9015acc) at ../../JavaScriptCore/wtf/HashTable.h:325 #4 0xf6c4cbe8 in WTF::HashMap<_NPP*, WebCore::PluginView*, WTF::PtrHash<_NPP*>, WTF::HashTraits<_NPP*>, WTF::HashTraits<WebCore::PluginView*> >::find (this=0x8fc7050, key=@0x9015acc) at ../../JavaScriptCore/wtf/HashMap.h:193 #5 0xf6c4be03 in WTF::HashMap<_NPP*, WebCore::PluginView*, WTF::PtrHash<_NPP*>, WTF::HashTraits<_NPP*>, WTF::HashTraits<WebCore::PluginView*> >::remove (this=0x8fc7050, key=@0x9015acc) at ../../JavaScriptCore/wtf/HashMap.h:293 #6 0xf6c46d29 in ~PluginView (this=0x9015948, __in_chrg=<value optimized out>) at ../../WebCore/plugins/PluginView.cpp:282 #7 0xf693458f in WTF::RefCounted<WebCore::Widget>::deref (this=0x901594c) at ../../JavaScriptCore/wtf/RefCounted.h:109 #8 0xf6c4c963 in WTF::derefIfNotNull<WebCore::PluginView> (ptr=0x9015948) at ../../JavaScriptCore/wtf/PassRefPtr.h:53 #9 0xf6c4bcab in ~RefPtr (this=0xffbe4368, __in_chrg=<value optimized out>) at ../../JavaScriptCore/wtf/RefPtr.h:54 #10 0xf6f8f911 in WebKit::FrameLoaderClient::createPlugin (this=0x8f1c310, pluginSize=..., element=0x9012478, url=..., paramNames=..., paramValues=..., mimeType=..., loadManually=false) at ../../WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:464 #11 0xf6af22c2 in WebCore::FrameLoader::loadPlugin (this=0x8f3242c, renderer=0x9011774, url=..., mimeType=..., paramNames=..., paramValues=..., useFallback=false) at ../../WebCore/loader/FrameLoader.cpp:1378 #12 0xf6af1bfb in WebCore::FrameLoader::requestObject (this=0x8f3242c, renderer=0x9011774, url=..., frameName=..., mimeType=..., paramNames=..., paramValues=...) at ../../WebCore/loader/FrameLoader.cpp:1285 #13 0xf6cc1b8d in WebCore::RenderEmbeddedObject::updateWidget (this=0x9011774, onlyCreateNonNetscapePlugins=true) at ../../WebCore/rendering/RenderEmbeddedObject.cpp:304 #14 0xf6a23285 in WebCore::HTMLEmbedElement::updateWidget (this=0x9012478) at ../../WebCore/html/HTMLEmbedElement.cpp:182 #15 0xf6a5b4ce in WebCore::HTMLPlugInElement::updateWidgetCallback (n=0x9012478) at ../../WebCore/html/HTMLPlugInElement.cpp:183 #16 0xf68ce91b in WebCore::ContainerNode::dispatchPostAttachCallbacks () at ../../WebCore/dom/ContainerNode.cpp:574 #17 0xf68ce7be in WebCore::ContainerNode::resumePostAttachCallbacks (this=0x9012478) at ../../WebCore/dom/ContainerNode.cpp:546 #18 0xf690d17c in WebCore::Element::attach (this=0x9012478) at ../../WebCore/dom/Element.cpp:794 #19 0xf6a23123 in WebCore::HTMLEmbedElement::attach (this=0x9012478) at ../../WebCore/html/HTMLEmbedElement.cpp:166 #20 0xf69237de in WebCore::Node::lazyAttach (this=0x9012478) at ../../WebCore/dom/Node.cpp:808 #21 0xf68ce484 in WebCore::ContainerNode::appendChild (this=0x900ede8, newChild=..., ec=@0xffbe487c, shouldLazyAttach=true) at ../../WebCore/dom/ContainerNode.cpp:490 #22 0xf67b16f1 in WebCore::JSNode::appendChild (this=0xf3fcf8c0, exec=0xf29ff208, args=...) at ../../WebCore/bindings/js/JSNodeCustom.cpp:104 #23 0xf71c3936 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0xf29ff208, thisValue=..., args=...) at DerivedSources/JSNode.cpp:460 #24 0xf403516e in ?? () #25 0xf7068255 in JSC::JITCode::execute (this=0x90099e8, registerFile=0x8f4d77c, callFrame=0xf29ff050, globalData=0x8f4b830, exception=0x8f4c2f4) at ../../JavaScriptCore/jit/JITCode.h:79 #26 0xf705a67a in JSC::Interpreter::execute (this=0x8f4d770, functionExecutable=0x90099d8, ---Type <return> to continue, or q <return> to quit--- callFrame=0x8f275f4, function=0xf3fcf300, thisObj=0xf3fc0000, args=..., scopeChain=0x9008c88, exception=0x8f4c2f4) at ../../JavaScriptCore/interpreter/Interpreter.cpp:686 #27 0xf7120d97 in JSC::JSFunction::call (this=0xf3fcf300, exec=0x8f275f4, thisValue=..., args=...) at ../../JavaScriptCore/runtime/JSFunction.cpp:122 #28 0xf7103596 in JSC::call (exec=0x8f275f4, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../JavaScriptCore/runtime/CallData.cpp:39 #29 0xf679e2e4 in WebCore::JSEventListener::handleEvent (this=0x9003a40, scriptExecutionContext=0x8ffc448, event=0x900dce0) at ../../WebCore/bindings/js/JSEventListener.cpp:115 #30 0xf6914e8d in WebCore::EventTarget::fireEventListeners (this=0x8fad910, event=0x900dce0) at ../../WebCore/dom/EventTarget.cpp:297 #31 0xf6b3a1c8 in WebCore::DOMWindow::dispatchEvent (this=0x8fad910, prpEvent=..., prpTarget=...) at ../../WebCore/page/DOMWindow.cpp:1368 #32 0xf6b39e66 in WebCore::DOMWindow::dispatchLoadEvent (this=0x8fad910) at ../../WebCore/page/DOMWindow.cpp:1322 #33 0xf68e0c66 in WebCore::Document::dispatchWindowLoadEvent (this=0x8ffc418) at ../../WebCore/dom/Document.cpp:2982 #34 0xf68dcae2 in WebCore::Document::implicitClose (this=0x8ffc418) at ../../WebCore/dom/Document.cpp:1811 #35 0xf6af126c in WebCore::FrameLoader::checkCallImplicitClose (this=0x8f3242c) at ../../WebCore/loader/FrameLoader.cpp:1184 #36 0xf6af1051 in WebCore::FrameLoader::checkCompleted (this=0x8f3242c) at ../../WebCore/loader/FrameLoader.cpp:1132 #37 0xf6af0dfd in WebCore::FrameLoader::finishedParsing (this=0x8f3242c) at ../../WebCore/loader/FrameLoader.cpp:1071 #38 0xf68e57ca in WebCore::Document::finishedParsing (this=0x8ffc418) at ../../WebCore/dom/Document.cpp:4177 #39 0xf6a57e4a in WebCore::HTMLParser::finished (this=0x90039f8) at ../../WebCore/html/HTMLParser.cpp:1662 #40 0xf6a71cea in WebCore::HTMLTokenizer::end (this=0x9002fd8) at ../../WebCore/html/HTMLTokenizer.cpp:1878 #41 0xf6a720da in WebCore::HTMLTokenizer::finish (this=0x9002fd8) at ../../WebCore/html/HTMLTokenizer.cpp:1918 #42 0xf68dd146 in WebCore::Document::finishParsing (this=0x8ffc418) at ../../WebCore/dom/Document.cpp:1959 #43 0xf6af06c0 in WebCore::FrameLoader::endIfNotLoadingMainResource (this=0x8f3242c) at ../../WebCore/loader/FrameLoader.cpp:974 #44 0xf6af061b in WebCore::FrameLoader::end (this=0x8f3242c) at ../../WebCore/loader/FrameLoader.cpp:959 #45 0xf6ada382 in WebCore::DocumentLoader::finishedLoading (this=0x8ff0828) at ../../WebCore/loader/DocumentLoader.cpp:268 #46 0xf6af87a4 in WebCore::FrameLoader::finishedLoading (this=0x8f3242c) at ../../WebCore/loader/FrameLoader.cpp:2754 #47 0xf6b097be in WebCore::MainResourceLoader::didFinishLoading (this=0x8ff5b48) at ../../WebCore/loader/MainResourceLoader.cpp:424 #48 0xf6b14a0e in WebCore::ResourceLoader::didFinishLoading (this=0x8ff5b48) at ../../WebCore/loader/ResourceLoader.cpp:403 #49 0xf6f73dc8 in closeCallback (source=0x8f12950, res=0x8ff7c18) at ../../WebCore/platform/network/soup/ResourceHandleSoup.cpp:727 #50 0xf4dcdb65 in async_ready_close_callback_wrapper (source_object=0x8f12950, res=0x8ff7c18, user_data=0x0) at /build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/gio/ginputstream.c:485 #51 0xf4ddc059 in IA__g_simple_async_result_complete (simple=0x8ff7c18) at /build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/gio/gsimpleasyncresult.c:588 #52 0xf4ddc36e in complete_in_idle_cb_for_thread (_data=0x8f56038) at /build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/gio/gsimpleasyncresult.c:650 #53 0xf4cd0db1 in g_idle_dispatch (source=0x8feb130, callback=0xbbadbeef, user_data=0x8f56038) at /build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:4065 #54 0xf4cd2b38 in g_main_dispatch (context=0x8ed8318) at /build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:1960 #55 IA__g_main_context_dispatch (context=0x8ed8318) at /build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:2513 #56 0xf4cd63d0 in g_main_context_iterate (context=0x8ed8318, block=<value optimized out>, dispatch=1, self=0x8eb7218) at /build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:2591 #57 0xf4cd683f in IA__g_main_loop_run (loop=0x8fa7098) at /build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:2799 #58 0xf50f1149 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #59 0x080572b0 in runTest (testPathOrURL=...) at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:503 #60 0x08058352 in main (argc=2, argv=0xffbe5ca4) at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:864

Attachments
Add attachment proposed patch, testcase, etc.

Philippe Normand

Comment 1 2010-02-18 03:29:40 PST

fast/loader/loadInProgress.html is also affected by the same bug I think. The same ASSERTION error is printed on stderr.

Martin Robinson

Comment 2 2015-05-07 18:06:50 PDT

The test seems to be gone now.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS OS X 10.5

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2010-02-18 03:16 PST

Modified

2015-05-07 18:06 PDT History

CC List

2 users Show

URL

Keywords

Depends on

Blocks