Bug 48896

Created attachment 72786 [details] Null check obj

Comment on attachment 72786 [details] Null check obj Clearing flags on attachment: 72786 Committed r71208: <http://trac.webkit.org/changeset/71208>

All reviewed patches have been landed. Closing bug.

fast/events/remove-event-listener.html started crashing on chromium win/linux/mac between r71198 and r71213 with the following stack trace: [23234:23234:1304399625227:ERROR:process_util_posix.cc(105)] Received signal 11 base::debug::StackTrace::StackTrace() [0x8111a79] base::(anonymous namespace)::StackDumpSignalHandler() [0x80fe039] 0x4001c420 WebCore::AXObjectCache::notificationPostTimerFired() [0x86de224] WebCore::Timer<>::fired() [0x86dc4f5] WebCore::ThreadTimers::sharedTimerFiredInternal() [0x86ca0b4] WebCore::ThreadTimers::sharedTimerFired() [0x86ca161] MessageLoop::RunTask() [0x80f072b] MessageLoop::DeferOrRunPendingTask() [0x80f097c] MessageLoop::DoWork() [0x80f0b8a] base::MessagePumpForUI::RunWithDispatcher() [0x810b7fc] base::MessagePumpForUI::Run() [0x810b782] MessageLoop::RunInternal() [0x80f10e5] MessageLoop::Run() [0x80f11d8] TestShell::WaitTestFinished() [0x8061416] TestShell::RunFileTest() [0x8061734] main [0x805a9d4] 0x40a97450 0x8058841 looks related to your patch. can you please take a look? there's an entry for this test in chromium/src/webkit/tools/layout_tests/test_expectations.txt. once this test is no longer crashing, please remove that entry too.

Looking at the latest builds: http://build.chromium.org/p/chromium/builders/Webkit%20Win/builds/1143/steps/webkit_tests/logs/stdio http://build.chromium.org/p/chromium/builders/Webkit%20Mac10.5/builds/573/steps/webkit_tests/logs/stdio http://build.chromium.org/p/chromium/builders/Webkit%20Linux/builds/1242/steps/webkit_tests/logs/stdio fast/events/remove-event-listener.html is passing on windows and linux but failing on mac with error that looks unrelated. 2010-11-04 16:09:41,819 dump_render_tree_thread.py:107 DEBUG Stacktrace for /b/build/slave/Webkit_Mac10_5/build/src/third_party/WebKit/LayoutTests/fast/events/remove-event-listener.html: [80036:267:1379177625481995:ERROR:/b/build/slave/webkit-mac-rel/build/src/base/process_util_posix.cc(105)] Received signal 10 0 TestShell 0x000a1bb1 _mh_execute_header + 658353 1 TestShell 0x000c2439 _mh_execute_header + 791609 2 libSystem.B.dylib 0x911c32bb _sigtramp + 43 3 ??? 0xffffffff 0x0 + 4294967295 4 TestShell 0x00d588c2 _mh_execute_header + 13990082 5 TestShell 0x00d5a46b _mh_execute_header + 13997163 6 TestShell 0x00d48ffe _mh_execute_header + 13926398 7 TestShell 0x00d490a2 _mh_execute_header + 13926562 8 TestShell 0x000b0c5c _mh_execute_header + 719964 9 TestShell 0x000b0e8e _mh_execute_header + 720526 10 TestShell 0x000b0ff7 _mh_execute_header + 720887 11 TestShell 0x000dbe94 _mh_execute_header + 896660 12 CoreFoundation 0x91ce83c5 CFRunLoopRunSpecific + 3141 13 CoreFoundation 0x91ce8aa8 CFRunLoopRunInMode + 88 14 HIToolbox 0x97a6a2ac BlockUntilNextEventMatchingListInMode + 989 15 HIToolbox 0x97a6a0c5 BlockUntilNextEventMatchingListInMode + 502 16 HIToolbox 0x97a69f39 BlockUntilNextEventMatchingListInMode + 106 17 AppKit 0x96b916d5 _DPSNextEvent + 657 18 AppKit 0x96b90f88 _NSUpdateMenuRefWithChangedMenuItem + 2250 19 AppKit 0x96b89f9f _NSSetViewMultiClipDrawingHelper + 4866 20 TestShell 0x000dbb5d _mh_execute_header + 895837 21 TestShell 0x000db02a _mh_execute_header + 892970 22 TestShell 0x000b186f _mh_execute_header + 723055 23 TestShell 0x000b19f4 _mh_execute_header + 723444 24 TestShell 0x00030c0d _mh_execute_header + 195597 25 TestShell 0x00032086 _mh_execute_header + 200838 26 TestShell 0x0000bc9e _mh_execute_header + 44190 27 TestShell 0x00009f2a _mh_execute_header + 36650

Roland said he couldn't reproduce the failure either, but most probably you need to run multiple tests for that failure to show up. I'm not sure how to reproduce it, but the stack trace reported on the Linux bot when this test started crashing seems to point to your patch.

Is it still failing somewhere that accessibility code stack trace? I see this test passing on Linux.

http://test-results.appspot.com/dashboards/flakiness_dashboard.html#showExpectations=true&tests=fast%2Fevents%2Fremove-event-listener.html the test seems to no longer crash on linux. however, it still crashes on mac, in process_util_posix.cc(105), the same location where the test crashed on linux once (the rest of the stack trace from the mac bot looks unhelpful). and there might be a way to resolve those symbols in the windows stack trace.

Able to repro on windows debug with: >run_webkit_tests.bat --debug fast/events Backtrace: WebCore::AXObjectCache::postPlatformNotification [0x10079972+130] (c:\chromium2\src\third_party\webkit\webcore\accessibility\chromium\axobjectcachechromium.cpp:55) WebCore::AXObjectCache::notificationPostTimerFired [0x0FD962A7+279] (c:\chromium2\src\third_party\webkit\webcore\accessibility\axobjectcache.cpp:416) WebCore::Timer<WebCore::AXObjectCache>::fired [0x0FD96F73+35] (c:\chromium2\src\third_party\webkit\webcore\platform\timer.h:98) WebCore::ThreadTimers::sharedTimerFiredInternal [0x104C4CD9+217] (c:\chromium2\src\third_party\webkit\webcore\platform\threadtimers.cpp:112) WebCore::ThreadTimers::sharedTimerFired [0x104C4BF6+22] (c:\chromium2\src\third_party\webkit\webcore\platform\threadtimers.cpp:91) webkit_glue::WebKitClientImpl::DoTimeout [0x01143DAB+43] (c:\chromium2\src\webkit\glue\webkitclient_impl.h:68) DispatchToMethod<webkit_glue::WebKitClientImpl,void (__thiscall webkit_glue::WebKitClientImpl::*)(void)> [0x01145B3C+12] (c:\chromium2\src\base\tuple.h:537) base::BaseTimer<webkit_glue::WebKitClientImpl,0>::TimerTask::Run [0x01145094+84] (c:\chromium2\src\base\timer.h:160) MessageLoop::RunTask [0x016F77E9+361] (c:\chromium2\src\base\message_loop.cc:417) MessageLoop::DeferOrRunPendingTask [0x016F7935+53] (c:\chromium2\src\base\message_loop.cc:429) MessageLoop::DoWork [0x016F7EFC+236] (c:\chromium2\src\base\message_loop.cc:533) base::MessagePumpForUI::DoRunLoop [0x0178E364+84] (c:\chromium2\src\base\message_pump_win.cc:200) base::MessagePumpWin::RunWithDispatcher [0x0178D9E2+130] (c:\chromium2\src\base\message_pump_win.cc:49) base::MessagePumpWin::Run [0x0178DD8C+28] (c:\chromium2\src\base\message_pump_win.h:80) MessageLoop::RunInternal [0x016F6C2D+349] (c:\chromium2\src\base\message_loop.cc:265) MessageLoop::RunHandler [0x016F699E+46] (c:\chromium2\src\base\message_loop.cc:238) MessageLoop::Run [0x016F6840+96] (c:\chromium2\src\base\message_loop.cc:216) TestShell::WaitTestFinished [0x0187E653+675] (c:\chromium2\src\webkit\tools\test_shell\test_shell_win.cc:490) TestShell::RunFileTest [0x0187D515+1333] (c:\chromium2\src\webkit\tools\test_shell\test_shell_win.cc:292) main [0x010F31E2+6930] (c:\chromium2\src\webkit\tools\test_shell\test_shell_main.cc:411) __tmainCRTStartup [0x018D54C8+424] (f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c:586) mainCRTStartup [0x018D530F+15] (f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c:403) BaseThreadInitThunk [0x76B43667+18] RtlInitializeExceptionChain [0x779F9E12+99] RtlInitializeExceptionChain [0x779F9DE5+54] static_cast<AccessibilityScrollbar*>(obj)->scrollbar() is returning garbage. Investigating...

Created attachment 73027 [details] Keep a referene to the scrollbar in accessibility scrollbar.

Chris, can you please review this patch? I'm not familiar with this code.

Comment on attachment 73027 [details] Keep a referene to the scrollbar in accessibility scrollbar. View in context: https://bugs.webkit.org/attachment.cgi?id=73027&action=review Otherwise looks ok. > WebCore/ChangeLog:5 > + Keep a referene to the scrollbar in accessibility scrollbar. spelling

Created attachment 73098 [details] Keep a reference to the scrollbar in accessibility scrollbar.

Comment on attachment 73098 [details] Keep a reference to the scrollbar in accessibility scrollbar. r=me

Comment on attachment 73098 [details] Keep a reference to the scrollbar in accessibility scrollbar. Clearing flags on attachment: 73098 Committed r71445: <http://trac.webkit.org/changeset/71445>

All reviewed patches have been landed. Closing bug.