RESOLVED DUPLICATE of bug 120416 120667
REGRESSION(r154697): Crashes in 5 accessibility tests on the GTK port 
https://bugs.webkit.org/show_bug.cgi?id=120667
Summary REGRESSION(r154697): Crashes in 5 accessibility tests on the GTK port
Zan Dobersek
Reported 2013-09-04 01:38:22 PDT
The following 5 tests started crashing with r154697: accessibility/multiselect-list-reports-active-option.html accessibility/notification-listeners.html accessibility/menu-list-sends-change-notification.html accessibility/aria-invalid.html accessibility/aria-checkbox-sends-notification.html http://webkit-test-results.appspot.com/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=accessibility%2Fmultiselect-list-reports-active-option.html%2Caccessibility%2Fnotification-listeners.html%2Caccessibility%2Fmenu-list-sends-change-notification.html%2Caccessibility%2Faria-invalid.html%2Caccessibility%2Faria-checkbox-sends-notification.html Appears to be a problem with reference counting. The crash log with the backtrace of the crashing thread: Crash log for DumpRenderTree (pid 17420): ... [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Debug/Programs/D'. Program terminated with signal 11, Segmentation fault. #0 0x00007f80b708dec9 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; ... Thread 1 (Thread 0x7f80a6ac1900 (LWP 17420)): #0 0x00007f80b708dec9 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:342 #1 0x00000000004a14b1 in WTF::RefCountedBase::ref (this=0x26968b0) at ../../Source/WTF/wtf/RefCounted.h:59 #2 0x00000000004ad6e1 in WTF::refIfNotNull<AccessibilityNotificationHandler> (ptr=0x26968b0) at ../../Source/WTF/wtf/PassRefPtr.h:46 #3 0x00000000004ad4e7 in WTF::RefPtr<AccessibilityNotificationHandler>::RefPtr (this=0x7fffcaff4450, ptr=0x26968b0) at ../../Source/WTF/wtf/RefPtr.h:43 #4 0x00000000004ad1a0 in WTF::RefPtr<AccessibilityNotificationHandler>::operator= (this=0x25e1688, optr=0x26968b0) at ../../Source/WTF/wtf/RefPtr.h:126 #5 0x00000000004ac370 in AccessibilityUIElement::addNotificationListener (this=0x25e1680, functionCallback=0x7f805eb7db70) at ../../Tools/DumpRenderTree/atk/AccessibilityUIElementAtk.cpp:1038 #6 0x0000000000499742 in addNotificationListenerCallback (context=0x7f805f3ff0b8, function=0x7f805eb3fb90, thisObject=0x7f805eb3fc50, argumentCount=1, arguments=0x7fffcaff4520, exception=0x7fffcaff45b8) at ../../Tools/DumpRenderTree/AccessibilityUIElement.cpp:1010 #7 0x00007f80b6c28921 in JSC::APICallbackFunction::call<JSC::JSCallbackFunction> (exec=0x7f805f3ff0b8) at ../../Source/JavaScriptCore/API/APICallbackFunction.h:59 #8 0x00007f80b6ee3fd2 in JSC::LLInt::handleHostCall (execCallee=0x7f805f3ff0b8, pc=0x2609240, callee=..., kind=JSC::CodeForCall) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:949 #9 0x00007f80b6ee7454 in JSC::LLInt::setUpCall (execCallee=0x7f805f3ff0b8, pc=0x2609240, kind=JSC::CodeForCall, calleeAsValue=..., callLinkInfo=0x1f2ede0) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:993 #10 0x00007f80b6ee78f6 in JSC::LLInt::genericCall (exec=0x7f805f3ff058, pc=0x2609240, kind=JSC::CodeForCall) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1054 #11 0x00007f80b6ee43b2 in JSC::LLInt::llint_slow_path_call (exec=0x7f805f3ff058, pc=0x2609240) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1060 #12 0x00007f80b72bd35d in llint_op_call () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0 #13 0x00007fffcaff4900 in ?? () #14 0x00007f80b6e998e9 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at ../../Source/JavaScriptCore/interpreter/JSStackInlines.h:212 #15 0x00007f80b6eab60e in JSC::JITCode::execute (this=0x25eba90, stack=0x259ffe8, callFrame=0x7f805f3ff058, vm=0x2590590) at ../../Source/JavaScriptCore/jit/JITCode.cpp:46 #16 0x00007f80b6e95c7d in JSC::Interpreter::executeCall (this=0x259ffd0, callFrame=0x7f806401f9e0, function=0x7f805eb7dc30, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:924 #17 0x00007f80b6f6f2b8 in JSC::call (exec=0x7f806401f9e0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/JavaScriptCore/runtime/CallData.cpp:39 #18 0x00007f80b2a1518b in WebCore::JSMainThreadExecState::call (exec=0x7f806401f9e0, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../Source/WebCore/bindings/js/JSMainThreadExecState.h:53 #19 0x00007f80b2a7e003 in WebCore::ScheduledAction::executeFunctionInContext (this=0x1e22ac0, globalObject=0x7f806401f970, thisValue=..., context=0x2631140) at ../../Source/WebCore/bindings/js/ScheduledAction.cpp:111 #20 0x00007f80b2a7e1e3 in WebCore::ScheduledAction::execute (this=0x1e22ac0, document=0x2631090) at ../../Source/WebCore/bindings/js/ScheduledAction.cpp:132 #21 0x00007f80b2a7dde9 in WebCore::ScheduledAction::execute (this=0x1e22ac0, context=0x2631140) at ../../Source/WebCore/bindings/js/ScheduledAction.cpp:80 #22 0x00007f80b31fca3e in WebCore::DOMTimer::fired (this=0x25c6240) at ../../Source/WebCore/page/DOMTimer.cpp:141 #23 0x00007f80b297fb03 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x1f2c550) at ../../Source/WebCore/platform/ThreadTimers.cpp:129 #24 0x00007f80b297f9f3 in WebCore::ThreadTimers::sharedTimerFired () at ../../Source/WebCore/platform/ThreadTimers.cpp:105 #25 0x00007f80b299c397 in WebCore::timeout_cb () at ../../Source/WebCore/platform/gtk/SharedTimerGtk.cpp:49 #26 0x00007f80b15f0ce7 in g_timeout_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #27 0x00007f80b15eefb1 in g_main_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #28 0x00007f80b15efd08 in g_main_context_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #29 0x00007f80b15efefa in g_main_context_iterate () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #30 0x00007f80b15f0323 in g_main_loop_run () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0 #31 0x00007f80b1f19fcf in gtk_main () from /home/slave/webkitgtk/gtk-linux-64-debug-wk1/build/WebKitBuild/Dependencies/Root/lib64/libgtk-3.so.0 #32 0x00000000004b0b01 in runTest (inputLine=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:792 #33 0x00000000004b01d0 in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:575 #34 0x00000000004b351b in main (argc=2, argv=0x7fffcaff59b8) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1531
Attachments
Add attachment proposed patch, testcase, etc.
Simon Pena
Comment 1 2013-09-04 01:44:16 PDT
I think this is bug #120416 (although the title here is a bit easier to follow). Maybe we can close this one as a duplicate and rename the other one?
Mario Sanchez Prada
Comment 2 2013-09-04 02:42:24 PDT
(In reply to comment #1) > I think this is bug #120416 (although the title here is a bit easier to follow). Maybe we can close this one as a duplicate and rename the other one? It's definitely the same bug, so I agree with the duplication thing. About changing the name of the other one, I personally thing it's actually more descriptive as it is now, since it mentions what the problem is and the fact that in only crashes on debug. *** This bug has been marked as a duplicate of bug 120416 ***
Note You need to log in before you can comment on or make changes to this bug.