Bug 108200 - [GTK] fast/css/relative-positioned-block-crash.html is intermittently crashing
Summary: [GTK] fast/css/relative-positioned-block-crash.html is intermittently crashing
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Joanmarie Diggs
URL:
Keywords: Gtk, LayoutTestFailure
Depends on:
Blocks: 98347
  Show dependency treegraph
 
Reported: 2013-01-29 08:44 PST by Zan Dobersek
Modified: 2013-01-31 16:38 PST (History)
6 users (show)

See Also:

Attachments
Patch (3.65 KB, patch)
2013-01-31 15:34 PST, Joanmarie Diggs 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Zan Dobersek 2013-01-29 08:44:46 PST 
Here's the dashboard data:
http://test-results.appspot.com/dashboards/flakiness_dashboard.html#group=%40ToT%20-%20webkit.org&showAllRuns=true&tests=fast%2Fcss%2Frelative-positioned-block-crash.html

Here's the commit range in which the crash occurred for the first time:
http://trac.webkit.org/log/?verbose=on&rev=140440&stop_rev=140259

The crash log:
Crash log for DumpRenderTree (pid 21595):

...
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/Programs/DumpR'.
Program terminated with signal 11, Segmentation fault.
#0  0x00002ad34ffdea15 in WebCore::Position::Position (this=0x7fff71188070, anchorNode=..., anchorType=WebCore::Position::PositionIsBeforeAnchor) at ../../Source/WebCore/dom/Position.cpp:108
108	    ASSERT(!m_anchorNode || !m_anchorNode->isPseudoElement());

...

Thread 1 (Thread 0x2ad35e30e6c0 (LWP 21595)):
#0  0x00002ad34ffdea15 in WebCore::Position::Position (this=0x7fff71188070, anchorNode=..., anchorType=WebCore::Position::PositionIsBeforeAnchor) at ../../Source/WebCore/dom/Position.cpp:108
#1  0x00002ad34fbe9cea in WebCore::positionBeforeNode (anchorNode=0x1313a2d0) at ../../Source/WebCore/dom/Position.h:266
#2  0x00002ad3510868e6 in objectFocusedAndCaretOffsetUnignored (referenceObject=0x133921c0, offset=@0x7fff7118817c: -1) at ../../Source/WebCore/accessibility/atk/WebKitAccessibleWrapperAtk.cpp:1106
#3  0x00002ad3510870ae in WebCore::FrameSelection::notifyAccessibilityForSelectionChange (this=0x20a0a30) at ../../Source/WebCore/editing/gtk/FrameSelectionGtk.cpp:96
#4  0x00002ad350082588 in WebCore::FrameSelection::setSelection (this=0x20a0a30, newSelection=..., options=6, align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:325
#5  0x00002ad3500894b2 in WebCore::FrameSelection::selectAll (this=0x20a0a30) at ../../Source/WebCore/editing/FrameSelection.cpp:1631
#6  0x00002ad350069755 in WebCore::executeSelectAll (frame=0x20a0400) at ../../Source/WebCore/editing/EditorCommand.cpp:1006
#7  0x00002ad35006b18a in WebCore::Editor::Command::execute (this=0x7fff71188500, parameter="(null)", triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1704
#8  0x00002ad34ff0e02c in WebCore::Document::execCommand (this=0x131d4190, commandName="selectall", userInterface=false, value="(null)") at ../../Source/WebCore/dom/Document.cpp:4157
#9  0x00002ad3509fad28 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x2ad3a42200e8) at DerivedSources/WebCore/JSDocument.cpp:2603
#10 0x00002ad35e5380e5 in ?? ()
#11 0x00007fff711886b0 in ?? ()
#12 0x00002ad34ef14418 in llint_op_call () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0
#13 0x00002ad3a4220060 in ?? ()
#14 0x00000000020c0230 in ?? ()
#15 0x00007fff71188670 in ?? ()
#16 0x00002ad34eeb8ce7 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at ../../Source/JavaScriptCore/interpreter/JSStackInlines.h:213
#17 0x00002ad34eeb7a54 in JSC::JITCode::execute (this=0x2ad3a46209c0, stack=0x20c0230, callFrame=0x2ad3a4220060, globalData=0x2726cd0) at ../../Source/JavaScriptCore/jit/JITCode.h:135
#18 0x00002ad34eeb5211 in JSC::Interpreter::executeCall (this=0x20c0220, callFrame=0x2ad3a48ae388, function=0x2ad3a486edc0, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:1055
#19 0x00002ad34ef99bf1 in JSC::call (exec=0x2ad3a48ae388, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/runtime/CallData.cpp:40
#20 0x00002ad34fc41f89 in WebCore::JSMainThreadExecState::call (exec=0x2ad3a48ae388, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/WebCore/bindings/js/JSMainThreadExecState.h:56
#21 0x00002ad34fc70c73 in WebCore::JSEventListener::handleEvent (this=0x11f09010, scriptExecutionContext=0x131d4230, event=0x120f8bf0) at ../../Source/WebCore/bindings/js/JSEventListener.cpp:130
#22 0x00002ad34ff9bf90 in WebCore::EventTarget::fireEventListeners (this=0xd65a860, event=0x120f8bf0, d=0xd65a950, entry=WTF::Vector of length 1, capacity 1 = {...}) at ../../Source/WebCore/dom/EventTarget.cpp:256
#23 0x00002ad34ff9bc1b in WebCore::EventTarget::fireEventListeners (this=0xd65a860, event=0x120f8bf0) at ../../Source/WebCore/dom/EventTarget.cpp:203
#24 0x00002ad3504e31ae in WebCore::DOMWindow::dispatchEvent (this=0xd65a860, prpEvent=..., prpTarget=...) at ../../Source/WebCore/page/DOMWindow.cpp:1695
#25 0x00002ad3504e2f34 in WebCore::DOMWindow::dispatchLoadEvent (this=0xd65a860) at ../../Source/WebCore/page/DOMWindow.cpp:1669
#26 0x00002ad34ff0c487 in WebCore::Document::dispatchWindowLoadEvent (this=0x131d4190) at ../../Source/WebCore/dom/Document.cpp:3642
#27 0x00002ad34ff078d1 in WebCore::Document::implicitClose (this=0x131d4190) at ../../Source/WebCore/dom/Document.cpp:2399
#28 0x00002ad3504320cb in WebCore::FrameLoader::checkCallImplicitClose (this=0x20a0480) at ../../Source/WebCore/loader/FrameLoader.cpp:835
#29 0x00002ad350431e49 in WebCore::FrameLoader::checkCompleted (this=0x20a0480) at ../../Source/WebCore/loader/FrameLoader.cpp:778
#30 0x00002ad350431b9d in WebCore::FrameLoader::finishedParsing (this=0x20a0480) at ../../Source/WebCore/loader/FrameLoader.cpp:711
#31 0x00002ad34ff0f021 in WebCore::Document::finishedParsing (this=0x131d4190) at ../../Source/WebCore/dom/Document.cpp:4401
#32 0x00002ad3502075cf in WebCore::HTMLConstructionSite::finishedParsing (this=0x132542a0) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:337
#33 0x00002ad35023c822 in WebCore::HTMLTreeBuilder::finished (this=0x13254280) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2882
#34 0x00002ad35020e622 in WebCore::HTMLDocumentParser::end (this=0x1326e090) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:550
#35 0x00002ad35020e729 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x1326e090) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:559
#36 0x00002ad35020d605 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x1326e090) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:182
#37 0x00002ad35020e76e in WebCore::HTMLDocumentParser::attemptToEnd (this=0x1326e090) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:571
#38 0x00002ad35020e827 in WebCore::HTMLDocumentParser::finish (this=0x1326e090) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:609
#39 0x00002ad35042a265 in WebCore::DocumentWriter::end (this=0x1328a538) at ../../Source/WebCore/loader/DocumentWriter.cpp:244
#40 0x00002ad3504190d0 in WebCore::DocumentLoader::finishedLoading (this=0x1328a490) at ../../Source/WebCore/loader/DocumentLoader.cpp:295
#41 0x00002ad35046d61a in WebCore::MainResourceLoader::didFinishLoading (this=0x13290fb0, finishTime=0) at ../../Source/WebCore/loader/MainResourceLoader.cpp:543
#42 0x00002ad35046d795 in WebCore::MainResourceLoader::notifyFinished (this=0x13290fb0, resource=0x12fab4f0) at ../../Source/WebCore/loader/MainResourceLoader.cpp:553
#43 0x00002ad3503f54b0 in WebCore::CachedResource::checkNotify (this=0x12fab4f0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:336
#44 0x00002ad3503f550a in WebCore::CachedResource::data (this=0x12fab4f0, allDataReceived=true) at ../../Source/WebCore/loader/cache/CachedResource.cpp:345
#45 0x00002ad3503f2b58 in WebCore::CachedRawResource::data (this=0x12fab4f0, data=..., allDataReceived=true) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:72
#46 0x00002ad350484f66 in WebCore::SubresourceLoader::didFinishLoading (this=0x130eb1f0, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:278
#47 0x00002ad35047a869 in WebCore::ResourceLoader::didFinishLoading (this=0x130eb1f0, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:457
#48 0x00002ad350e909ab in WebCore::readCallback (asyncResult=0xd882590, data=0x1316bd60) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1367
#49 0x00002ad354ac8e5f in async_ready_callback_wrapper () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#50 0x00002ad354ae37ea in g_simple_async_result_complete () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#51 0x00002ad354ae39b2 in complete_in_idle_cb_for_thread () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#52 0x00002ad354caafd1 in g_idle_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#53 0x00002ad354ca8903 in g_main_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#54 0x00002ad354ca94b3 in g_main_context_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#55 0x00002ad354ca96a3 in g_main_context_iterate () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#56 0x00002ad354ca9ad3 in g_main_loop_run () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#57 0x00002ad353e9be22 in gtk_main () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgtk-3.so.0
#58 0x000000000049b862 in runTest (inputLine=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:770
#59 0x000000000049af18 in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:553
#60 0x000000000049e246 in main (argc=2, argv=0x7fff71189fa8) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1512
Comment 1 Joanmarie Diggs 2013-01-30 04:58:58 PST 
This appears to be the same intermittent crash as fast/css-generated-content/block-and-box-hit-testing.html.

(both of which I have yet to make crash, but I'm still trying)
Comment 2 Joanmarie Diggs 2013-01-31 15:26:55 PST 
Seems the winner is the addition of assertions as part of the fix for bug 104462.

In terms of real-world use cases and AT users, so far I've only been able to reproduce this issue if I click with the mouse on an empty area in a render block. Going with the unignored parent's node seems like a reasonable thing to do  (and pass along to ATs) under these circumstances.
Comment 3 Joanmarie Diggs 2013-01-31 15:34:05 PST 
Created attachment 185881 [details]
Patch
Comment 4 WebKit Review Bot 2013-01-31 16:38:55 PST 
Comment on attachment 185881 [details]
Patch

Clearing flags on attachment: 185881

Committed r141503: <http://trac.webkit.org/changeset/141503>
Comment 5 WebKit Review Bot 2013-01-31 16:38:59 PST 
All reviewed patches have been landed.  Closing bug.