RESOLVED FIXED 187391
Flaky crash under WebCore::AXObjectCache::stopCachingComputedObjectAttributes() 
https://bugs.webkit.org/show_bug.cgi?id=187391
Summary Flaky crash under WebCore::AXObjectCache::stopCachingComputedObjectAttributes()
Dawei Fenton (:realdawei)
Reported 2018-07-06 09:30:48 PDT
accessibility/Mac/attachment-element-replacement-character.html is a flaky crash on High Sierra Debug WK2 (Tests) probable cause: unknown..the crash log itself does blame a different but related test (accessibility/Mac/async-increment-decrement-action.html). Investigating. Sample Crash log https://build.webkit.org/results/Apple%20High%20Sierra%20Debug%20WK2%20(Tests)/r233577%20(3998)/accessibility/mac/attachment-element-replacement-character-crash-log.txt Process: com.apple.WebKit.WebContent.Development [53843] Path: /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Identifier: com.apple.WebKit.WebContent Version: 606+ (606.1.24+) Code Type: X86-64 (Native) Parent Process: ??? [1] User ID: 501 Date/Time: 2018-07-06 05:38:45.888 -0700 OS Version: Mac OS X 10.13.4 (17E199) Report Version: 12 Anonymous UUID: A96E1A44-9057-EED1-633D-EE144C76419C Time Awake Since Boot: 7900000 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000000000e0 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] VM Regions Near 0xe0: --> __TEXT 00000001017d3000-00000001017d5000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development Application Specific Information: CRASHING TEST: accessibility/mac/async-increment-decrement-action.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001c97c08ba WebCore::AXObjectCache::stopCachingComputedObjectAttributes() + 74 (AXObjectCache.cpp:1575) 1 com.apple.WebCore 0x00000001c97c09db WebCore::AXObjectCache::postNotification(WebCore::Node*, WebCore::AXObjectCache::AXNotification, WebCore::PostTarget, WebCore::PostType) + 59 (AXObjectCache.cpp:971) 2 com.apple.WebCore 0x00000001c980e1f0 WebCore::AccessibilityNodeObject::changeValueByStep(bool) + 272 (AccessibilityNodeObject.cpp:1099) 3 com.apple.WebCore 0x00000001c980e09a WebCore::AccessibilityNodeObject::alterSliderValue(bool) + 122 (AccessibilityNodeObject.cpp:1068) 4 com.apple.WebCore 0x00000001c980e288 WebCore::AccessibilityNodeObject::increment() + 136 (AccessibilityNodeObject.cpp:1078) 5 com.apple.WebCore 0x00000001cb5d6732 -[WebAccessibilityObjectWrapper _accessibilityPerformIncrementAction] + 178 (WebAccessibilityObjectWrapperMac.mm:3518) 6 com.apple.WebCore 0x00000001cb5d6616 __68-[WebAccessibilityObjectWrapper accessibilityPerformIncrementAction]_block_invoke + 38 (WebAccessibilityObjectWrapperMac.mm:3506) 7 libdispatch.dylib 0x00007fff6cb5a64a _dispatch_call_block_and_release + 12 8 libdispatch.dylib 0x00007fff6cb52e08 _dispatch_client_callout + 8 9 libdispatch.dylib 0x00007fff6cb5e3e5 _dispatch_main_queue_callback_4CF + 1148 10 com.apple.CoreFoundation 0x00007fff44825ea9 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__ + 9 11 com.apple.CoreFoundation 0x00007fff447e86ba __CFRunLoopRun + 2586 12 com.apple.CoreFoundation 0x00007fff447e7a07 CFRunLoopRunSpecific + 487 13 com.apple.HIToolbox 0x00007fff43ac5d96 RunCurrentEventLoopInMode + 286 14 com.apple.HIToolbox 0x00007fff43ac5b06 ReceiveNextEventCommon + 613 15 com.apple.HIToolbox 0x00007fff43ac5884 _BlockUntilNextEventMatchingListInModeWithFilter + 64 16 com.apple.AppKit 0x00007fff41d78a73 _DPSNextEvent + 2085 17 com.apple.AppKit 0x00007fff4250ee34 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 18 com.apple.AppKit 0x00007fff41d6d885 -[NSApplication run] + 764 19 com.apple.AppKit 0x00007fff41d3ca72 NSApplicationMain + 804 20 libxpc.dylib 0x00007fff6cee6f57 _xpc_objc_main + 580 21 libxpc.dylib 0x00007fff6cee5baa xpc_main + 417 22 com.apple.WebKit.WebContent 0x00000001017d40ab main + 1195 23 libdyld.dylib 0x00007fff6cb8c015 start + 1
Attachments
Patch (9.43 KB, patch)
2019-04-24 14:56 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (9.43 KB, patch)
2019-04-24 15:06 PDT, Andres Gonzalez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2018-07-06 09:43:20 PDT
<rdar://problem/40681396>
Shawn Roberts
Comment 2 2019-04-01 13:44:39 PDT
Test recently started showing up on bots as a crash in Mac Release as well. Probable cause: Local testing found that running accessibility/mac/attachment-element-replacement-character.html by itself produces no failures. However, testing accessibility/Mac/async-increment-decrement-action.html by itself will cause a crash roughly 5 times out of 500 iterations. Also when I run accessibility/Mac/async-increment-decrement-action.html followed by accessibility/mac/attachment-element-replacement-character.html , the async-increment test will crash, and blame the attach-element test. Local crashes match crash logs seen here, as well as on the bots. I tested with newest revisions, it also crashes with https://trac.webkit.org/changeset/230782/webkit when the accessibility/Mac/async-increment-decrement-action.html test was created Also crashes with https://trac.webkit.org/changeset/230855/webkit when the test was modified. Reproduced with : run-webkit-tests accessibility/Mac/async-increment-decrement-action.html accessibility/Mac/attachment-element-replacement-character.html --iterations 15 --debug - causes on average 4 in 15 crashes rwt --root t230781 accessibility/Mac/async-increment-decrement-action.html accessibility/Mac/attachment-element-replacement-character.html --iterations 5 - causes on average 2 in 5 crashes run-webkit-tests accessibility/mac/async-increment-decrement-action.html --iterations 500 -f - causes on average 7 in 500 crashes Skipping test locally will cause crashes to stop.
Shawn Roberts
Comment 3 2019-04-01 13:48:15 PDT
Skipping test in https://trac.webkit.org/changeset/243710/webkit while waiting for a fix.
Shawn Roberts
Comment 4 2019-04-08 14:30:50 PDT
Had a type in original expectation change. Redid in https://trac.webkit.org/changeset/244045/webkit
Andres Gonzalez
Comment 5 2019-04-24 14:56:35 PDT
Created attachment 368181 [details] Patch
chris fleizach
Comment 6 2019-04-24 14:58:41 PDT
Comment on attachment 368181 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368181&action=review > Source/WebCore/ChangeLog:7 > + CHeck for null return value of AccessibilityObject::axObjectCache. CHeck -> Check
Andres Gonzalez
Comment 7 2019-04-24 15:06:58 PDT
Created attachment 368185 [details] Patch
Andres Gonzalez
Comment 8 2019-04-24 15:11:49 PDT
(In reply to chris fleizach from comment #6) > Comment on attachment 368181 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=368181&action=review > > > Source/WebCore/ChangeLog:7 > > + CHeck for null return value of AccessibilityObject::axObjectCache. > > CHeck -> Check Fixed, and fixed grammar.
WebKit Commit Bot
Comment 9 2019-04-24 17:49:14 PDT
Comment on attachment 368185 [details] Patch Clearing flags on attachment: 368185 Committed r244631: <https://trac.webkit.org/changeset/244631>
WebKit Commit Bot
Comment 10 2019-04-24 17:49:16 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.