gdb backtrace for this crash: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56403ca in WebCore::TimerBase::setNextFireTime (this=0x64d570, newTime=0) at ../../../../Source/WebCore/platform/Timer.cpp:317 317 ASSERT(m_thread == currentThread()); (gdb) bt #0 0x00007ffff56403ca in WebCore::TimerBase::setNextFireTime (this=0x64d570, newTime=0) at ../../../../Source/WebCore/platform/Timer.cpp:317 #1 0x00007ffff563f0fd in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x5177b0) at ../../../../Source/WebCore/platform/ThreadTimers.cpp:112 #2 0x00007ffff563f04b in WebCore::ThreadTimers::sharedTimerFired () at ../../../../Source/WebCore/platform/ThreadTimers.cpp:93 #3 0x00007ffff58b8a5e in WebCore::SharedTimerQt::timerEvent (this=0x508940, ev=0x7fffffffde00) at ../../../../Source/WebCore/platform/qt/SharedTimerQt.cpp:113 #4 0x00007ffff2abace9 in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtCore.so.4 #5 0x00007ffff30150dc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtGui.so.4 #6 0x00007ffff301a9dd in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtGui.so.4 #7 0x00007ffff2aa88bc in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtCore.so.4 #8 0x00007ffff2adcc7e in ?? () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtCore.so.4 #9 0x00007ffff2ad9bcd in ?? () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtCore.so.4 #10 0x00007ffff08ac6f2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #11 0x00007ffff08b0568 in ?? () from /lib/libglib-2.0.so.0 #12 0x00007ffff08b071c in g_main_context_iteration () from /lib/libglib-2.0.so.0 #13 0x00007ffff2ad98b3 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtCore.so.4 #14 0x00007ffff30c186e in ?? () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtGui.so.4 #15 0x00007ffff2aa7472 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtCore.so.4 #16 0x00007ffff2aa78e4 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtCore.so.4 #17 0x00007ffff2aad4e9 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt-4.8.0-rc1/lib/libQtCore.so.4 #18 0x00000000004360b4 in main (argc=2, argv=0x7fffffffe428) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/main.cpp:252

It is P1/critical bug, because it is an assertion.

Are you sure about the backtrace? It's strange. Result on the x86_64 debug bot: http://build.webkit.sed.hu/results/x86-64%20Linux%20Qt%20Debug/r100442%20(18888)/http/tests/misc/onload-remove-iframe-crash-2-crash-log.txt pure virtual method called terminate called without an active exception

Yes, I'm sure. I created it manually.

(In reply to comment #4) > Yes, I'm sure. I created it manually. Yuck, that crash looks to me like a Timer isn't properly getting cancelled. I didn't think any timers were changed in my patch, though. Let me know how I can help.

Passes successfully for me with trunk. Can you retest it on the bots?

It runs on the bots without any crash long time ago.