209467 – REGRESSION(r258871): [GTK] test bot exiting early due to too many crashes

Bug 209467 - REGRESSION(r258871): [GTK] test bot exiting early due to too many crashes

Summary: REGRESSION(r258871): [GTK] test bot exiting early due to too many crashes

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Diego Pino

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-03-24 02:09 PDT by Diego Pino
Modified:	2020-03-24 10:54 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Patch (2.30 KB, patch) 2020-03-24 09:27 PDT, Diego Pino	darin: review+	Details \| Formatted Diff \| Diff
Patch (2.31 KB, patch) 2020-03-24 09:29 PDT, Diego Pino	darin: review+	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Diego Pino 2020-03-24 02:09:45 PDT

GTK test bot is exiting early due to too many crashes after r258871. See (https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20(Tests)?numbuilds=50):

Build #13070 (r258870-r258875): https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Tests%29/builds/13070 Too many crashes.
Build #13069 (r258866-r258869): https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Tests%29/builds/13069 OK

I bisected r258870-r258875, and already in r258871 the following tests are crashing:

Regressions: Unexpected crashes (3)
  accessibility/aria-invalid.html [ Crash ]
  accessibility/aria-labelledby-on-input.html [ Crash ]
  accessibility/aria-labelledby-overrides-label.html [ Crash ]

r258870 corresponds to https://trac.webkit.org/changeset/258870/webkit.

Comment 1 Diego Pino 2020-03-24 08:07:49 PDT

Dump:

https://build.webkit.org/results/GTK%20Linux%2064-bit%20Release%20(Tests)/r258908%20(13076)/accessibility/aria-labelledby-on-input-crash-log.txt

Comment 2 Diego Pino 2020-03-24 08:08:24 PDT

Thread 1 (Thread 0x7f55ff57b9c0 (LWP 78041)):
#0  0x00007f560ac657ac in _ZN7WebCore11SimpleRangeC2ERKNS_5RangeE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007f560a1bc868 in _ZNK6WebKit7WebPage19platformEditorStateERN7WebCore5FrameERNS_11EditorStateENS0_25IncludePostLayoutDataHintE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f560a196f11 in _ZNK6WebKit7WebPage11editorStateENS0_25IncludePostLayoutDataHintE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f560a19ab60 in _ZN6WebKit7WebPage21sendEditorStateUpdateEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f560a1bd306 in _ZN6WebKit30DrawingAreaCoordinatedGraphics7displayERNS_10UpdateInfoE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f560a1bdde7 in _ZN6WebKit30DrawingAreaCoordinatedGraphics7displayEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f560a1bdff1 in _ZN6WebKit30DrawingAreaCoordinatedGraphics12forceRepaintEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f55a2aa6c52 in _ZN3WTR18InjectedBundlePage4dumpEv () from /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so
#8  0x00007f560a04221f in _ZN6WebKit30InjectedBundlePageLoaderClient21didFinishLoadForFrameERNS_7WebPageERNS_8WebFrameERN3WTF6RefPtrIN3API6ObjectENS5_13DumbPtrTraitsIS8_EEEE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007f560a171f3a in _ZN6WebKit20WebFrameLoaderClient21dispatchDidFinishLoadEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007f560b001936 in _ZN7WebCore11FrameLoader29checkLoadCompleteForThisFrameEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007f560b001a53 in _ZN7WebCore11FrameLoader17checkLoadCompleteEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007f560afda990 in _ZN7WebCore14DocumentLoader15finishedLoadingEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007f560b055974 in _ZN7WebCore14CachedResource11checkNotifyEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007f560b05c6dc in _ZN7WebCore17CachedRawResource13finishLoadingEPNS_12SharedBufferE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#15 0x00007f560b03c333 in _ZN7WebCore17SubresourceLoader16didFinishLoadingERKNS_18NetworkLoadMetricsE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#16 0x00007f560a117442 in _ZN6WebKit17WebResourceLoader21didFinishResourceLoadERKN7WebCore18NetworkLoadMetricsE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#17 0x00007f5609cb629e in _ZN3IPC13handleMessageIN8Messages17WebResourceLoader21DidFinishResourceLoadEN6WebKit17WebResourceLoaderEMS5_FvRKN7WebCore18NetworkLoadMetricsEEEEvRNS_7DecoderEPT0_T1_ () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007f5609cb4c07 in _ZN6WebKit17WebResourceLoader34didReceiveWebResourceLoaderMessageERN3IPC10ConnectionERNS1_7DecoderE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007f560a103b3f in _ZN6WebKit24NetworkProcessConnection17didReceiveMessageERN3IPC10ConnectionERNS1_7DecoderE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f5609dc9418 in _ZN3IPC10Connection15dispatchMessageERNS_7DecoderE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f5609dca735 in _ZN3IPC10Connection15dispatchMessageESt10unique_ptrINS_7DecoderESt14default_deleteIS2_EE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007f5609dcae4b in _ZN3IPC10Connection26dispatchOneIncomingMessageEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007f560794178d in _ZN3WTF7RunLoop11performWorkEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#24 0x00007f560799f369 in _ZZN3WTF7RunLoopC4EvENUlPvE_4_FUNES1_ () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#25 0x00007f560272b6b8 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182
#26 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847
#27 0x00007f560272ba78 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920
#28 0x00007f560272bd62 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116
#29 0x00007f560799fe80 in _ZN3WTF7RunLoop3runEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#30 0x00007f560a1ca14d in _ZN6WebKit20AuxiliaryProcessMainINS_10WebProcessENS_17WebProcessMainGtkEEEiiPPc () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#31 0x00007f56010e409b in __libc_start_main (main=0x5559a964dc00 <main>, argc=4, argv=0x7ffcdf62bcd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcdf62bcc8) at ../csu/libc-start.c:308
#32 0x00005559a964dc7a in _start ()

Comment 3 Diego Pino 2020-03-24 08:10:46 PDT

Sorry for the noise, here is backtrace unmangled:

Thread 1 (Thread 0x7f55ff57b9c0 (LWP 78041)):
#0  0x00007f560ac657ac in WebCore::SimpleRange::SimpleRange(WebCore::Range const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#1  0x00007f560a1bc868 in WebKit::WebPage::platformEditorState(WebCore::Frame&, WebKit::EditorState&, WebKit::WebPage::IncludePostLayoutDataHint) const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f560a196f11 in WebKit::WebPage::editorState(WebKit::WebPage::IncludePostLayoutDataHint) const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f560a19ab60 in WebKit::WebPage::sendEditorStateUpdate() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f560a1bd306 in WebKit::DrawingAreaCoordinatedGraphics::display(WebKit::UpdateInfo&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007f560a1bdde7 in WebKit::DrawingAreaCoordinatedGraphics::display() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007f560a1bdff1 in WebKit::DrawingAreaCoordinatedGraphics::forceRepaint() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f55a2aa6c52 in WTR::InjectedBundlePage::dump() () from /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so
#8  0x00007f560a04221f in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage&, WebKit::WebFrame&, WTF::RefPtr<API::Object, WTF::DumbPtrTraits<API::Object> >&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007f560a171f3a in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007f560b001936 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007f560b001a53 in WebCore::FrameLoader::checkLoadComplete() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007f560afda990 in WebCore::DocumentLoader::finishedLoading() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007f560b055974 in WebCore::CachedResource::checkNotify() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007f560b05c6dc in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#15 0x00007f560b03c333 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#16 0x00007f560a117442 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#17 0x00007f5609cb629e in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007f5609cb4c07 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007f560a103b3f in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f5609dc9418 in IPC::Connection::dispatchMessage(IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f5609dca735 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007f5609dcae4b in IPC::Connection::dispatchOneIncomingMessage() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007f560794178d in WTF::RunLoop::performWork() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#24 0x00007f560799f369 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#25 0x00007f560272b6b8 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182
#26 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847
#27 0x00007f560272ba78 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920
#28 0x00007f560272bd62 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116
#29 0x00007f560799fe80 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#30 0x00007f560a1ca14d in int WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMainGtk>(int, char**) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#31 0x00007f56010e409b in __libc_start_main (main=0x5559a964dc00 <main>, argc=4, argv=0x7ffcdf62bcd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcdf62bcc8) at ../csu/libc-start.c:308
#32 0x00005559a964dc7a in _start ()

Comment 4 Darin Adler 2020-03-24 09:13:10 PDT

Should be trivial to fix. Presumably the it’s dereferencing a null pointer. I think this code needs checks for null:

    postLayoutData.surroundingContextCursorPosition = characterCount(*makeRange(surroundingStart, selectionStart));
    postLayoutData.surroundingContextSelectionPosition = characterCount(*makeRange(surroundingStart, selection.visibleEnd()));

If surroundingStart, selectionStart, or selection.visibleEnd is null, then we can’t call characterCount. Maybe have it be zero instead. Simplest change is probably this:

    if (surroundingStart.isNull() || selectionStart.isNull())
        postLayoutData.surroundingContextCursorPosition = 0;
    else
        postLayoutData.surroundingContextCursorPosition = characterCount(*makeRange(surroundingStart, selectionStart));

Then something similar for surroundingContextSelectionPosition.

Comment 5 Darin Adler 2020-03-24 09:14:46 PDT

I may not have time to quickly fix this myself, so someone could give this a try if they have a GTK system to test on, or could roll out my patch (sad if necessary; lack of a GTK test bot in EWS, I guess).

The issues are in code in WebPageGLib.cpp.

Comment 6 Diego Pino 2020-03-24 09:16:22 PDT

Thanks, I can give it a try.

Comment 7 Diego Pino 2020-03-24 09:27:53 PDT

Created attachment 394371 [details]
Patch

Comment 8 Diego Pino 2020-03-24 09:29:46 PDT

Created attachment 394372 [details]
Patch

Comment 9 Darin Adler 2020-03-24 09:30:06 PDT

Comment on attachment 394371 [details]
Patch

Looks good as a speculative fix. Even better if it’s proven to work on GTK!

Comment 10 Darin Adler 2020-03-24 09:30:53 PDT

If this works, would be nice to return later and make the code more elegant, but for now this seems great.

Comment 11 Diego Pino 2020-03-24 09:33:35 PDT

Yep, it works on GTK. I also run those 3 tests that were previously crashing and they're all passing now.

Comment 12 Diego Pino 2020-03-24 10:53:45 PDT

Committed r258918: <https://trac.webkit.org/changeset/258918>

Comment 13 Radar WebKit Bug Importer 2020-03-24 10:54:16 PDT

<rdar://problem/60831727>