RESOLVED FIXED 209467
REGRESSION(r258871): [GTK] test bot exiting early due to too many crashes 
https://bugs.webkit.org/show_bug.cgi?id=209467
Summary REGRESSION(r258871): [GTK] test bot exiting early due to too many crashes
Diego Pino
Reported 2020-03-24 02:09:45 PDT
GTK test bot is exiting early due to too many crashes after r258871. See (https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20(Tests)?numbuilds=50): Build #13070 (r258870-r258875): https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Tests%29/builds/13070 Too many crashes. Build #13069 (r258866-r258869): https://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release%20%28Tests%29/builds/13069 OK I bisected r258870-r258875, and already in r258871 the following tests are crashing: Regressions: Unexpected crashes (3) accessibility/aria-invalid.html [ Crash ] accessibility/aria-labelledby-on-input.html [ Crash ] accessibility/aria-labelledby-overrides-label.html [ Crash ] r258870 corresponds to https://trac.webkit.org/changeset/258870/webkit.
Attachments
Patch (2.30 KB, patch)
2020-03-24 09:27 PDT, Diego Pino 		darin: review+
DetailsFormatted DiffDiff
Patch (2.31 KB, patch)
2020-03-24 09:29 PDT, Diego Pino 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Diego Pino
Comment 2 2020-03-24 08:08:24 PDT
Thread 1 (Thread 0x7f55ff57b9c0 (LWP 78041)): #0 0x00007f560ac657ac in _ZN7WebCore11SimpleRangeC2ERKNS_5RangeE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007f560a1bc868 in _ZNK6WebKit7WebPage19platformEditorStateERN7WebCore5FrameERNS_11EditorStateENS0_25IncludePostLayoutDataHintE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007f560a196f11 in _ZNK6WebKit7WebPage11editorStateENS0_25IncludePostLayoutDataHintE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007f560a19ab60 in _ZN6WebKit7WebPage21sendEditorStateUpdateEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007f560a1bd306 in _ZN6WebKit30DrawingAreaCoordinatedGraphics7displayERNS_10UpdateInfoE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007f560a1bdde7 in _ZN6WebKit30DrawingAreaCoordinatedGraphics7displayEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007f560a1bdff1 in _ZN6WebKit30DrawingAreaCoordinatedGraphics12forceRepaintEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007f55a2aa6c52 in _ZN3WTR18InjectedBundlePage4dumpEv () from /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so #8 0x00007f560a04221f in _ZN6WebKit30InjectedBundlePageLoaderClient21didFinishLoadForFrameERNS_7WebPageERNS_8WebFrameERN3WTF6RefPtrIN3API6ObjectENS5_13DumbPtrTraitsIS8_EEEE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007f560a171f3a in _ZN6WebKit20WebFrameLoaderClient21dispatchDidFinishLoadEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007f560b001936 in _ZN7WebCore11FrameLoader29checkLoadCompleteForThisFrameEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #11 0x00007f560b001a53 in _ZN7WebCore11FrameLoader17checkLoadCompleteEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #12 0x00007f560afda990 in _ZN7WebCore14DocumentLoader15finishedLoadingEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #13 0x00007f560b055974 in _ZN7WebCore14CachedResource11checkNotifyEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #14 0x00007f560b05c6dc in _ZN7WebCore17CachedRawResource13finishLoadingEPNS_12SharedBufferE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #15 0x00007f560b03c333 in _ZN7WebCore17SubresourceLoader16didFinishLoadingERKNS_18NetworkLoadMetricsE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #16 0x00007f560a117442 in _ZN6WebKit17WebResourceLoader21didFinishResourceLoadERKN7WebCore18NetworkLoadMetricsE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #17 0x00007f5609cb629e in _ZN3IPC13handleMessageIN8Messages17WebResourceLoader21DidFinishResourceLoadEN6WebKit17WebResourceLoaderEMS5_FvRKN7WebCore18NetworkLoadMetricsEEEEvRNS_7DecoderEPT0_T1_ () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #18 0x00007f5609cb4c07 in _ZN6WebKit17WebResourceLoader34didReceiveWebResourceLoaderMessageERN3IPC10ConnectionERNS1_7DecoderE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #19 0x00007f560a103b3f in _ZN6WebKit24NetworkProcessConnection17didReceiveMessageERN3IPC10ConnectionERNS1_7DecoderE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #20 0x00007f5609dc9418 in _ZN3IPC10Connection15dispatchMessageERNS_7DecoderE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #21 0x00007f5609dca735 in _ZN3IPC10Connection15dispatchMessageESt10unique_ptrINS_7DecoderESt14default_deleteIS2_EE () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #22 0x00007f5609dcae4b in _ZN3IPC10Connection26dispatchOneIncomingMessageEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #23 0x00007f560794178d in _ZN3WTF7RunLoop11performWorkEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #24 0x00007f560799f369 in _ZZN3WTF7RunLoopC4EvENUlPvE_4_FUNES1_ () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #25 0x00007f560272b6b8 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182 #26 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847 #27 0x00007f560272ba78 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920 #28 0x00007f560272bd62 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116 #29 0x00007f560799fe80 in _ZN3WTF7RunLoop3runEv () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #30 0x00007f560a1ca14d in _ZN6WebKit20AuxiliaryProcessMainINS_10WebProcessENS_17WebProcessMainGtkEEEiiPPc () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #31 0x00007f56010e409b in __libc_start_main (main=0x5559a964dc00 <main>, argc=4, argv=0x7ffcdf62bcd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcdf62bcc8) at ../csu/libc-start.c:308 #32 0x00005559a964dc7a in _start ()
Diego Pino
Comment 3 2020-03-24 08:10:46 PDT
Sorry for the noise, here is backtrace unmangled: Thread 1 (Thread 0x7f55ff57b9c0 (LWP 78041)): #0 0x00007f560ac657ac in WebCore::SimpleRange::SimpleRange(WebCore::Range const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007f560a1bc868 in WebKit::WebPage::platformEditorState(WebCore::Frame&, WebKit::EditorState&, WebKit::WebPage::IncludePostLayoutDataHint) const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007f560a196f11 in WebKit::WebPage::editorState(WebKit::WebPage::IncludePostLayoutDataHint) const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007f560a19ab60 in WebKit::WebPage::sendEditorStateUpdate() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007f560a1bd306 in WebKit::DrawingAreaCoordinatedGraphics::display(WebKit::UpdateInfo&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007f560a1bdde7 in WebKit::DrawingAreaCoordinatedGraphics::display() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007f560a1bdff1 in WebKit::DrawingAreaCoordinatedGraphics::forceRepaint() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007f55a2aa6c52 in WTR::InjectedBundlePage::dump() () from /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so #8 0x00007f560a04221f in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage&, WebKit::WebFrame&, WTF::RefPtr<API::Object, WTF::DumbPtrTraits<API::Object> >&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007f560a171f3a in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007f560b001936 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #11 0x00007f560b001a53 in WebCore::FrameLoader::checkLoadComplete() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #12 0x00007f560afda990 in WebCore::DocumentLoader::finishedLoading() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #13 0x00007f560b055974 in WebCore::CachedResource::checkNotify() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #14 0x00007f560b05c6dc in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #15 0x00007f560b03c333 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #16 0x00007f560a117442 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #17 0x00007f5609cb629e in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #18 0x00007f5609cb4c07 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #19 0x00007f560a103b3f in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #20 0x00007f5609dc9418 in IPC::Connection::dispatchMessage(IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #21 0x00007f5609dca735 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #22 0x00007f5609dcae4b in IPC::Connection::dispatchOneIncomingMessage() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #23 0x00007f560794178d in WTF::RunLoop::performWork() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #24 0x00007f560799f369 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #25 0x00007f560272b6b8 in g_main_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3182 #26 g_main_context_dispatch () at ../../Source/glib-2.58.1/glib/gmain.c:3847 #27 0x00007f560272ba78 in g_main_context_iterate () at ../../Source/glib-2.58.1/glib/gmain.c:3920 #28 0x00007f560272bd62 in g_main_loop_run () at ../../Source/glib-2.58.1/glib/gmain.c:4116 #29 0x00007f560799fe80 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #30 0x00007f560a1ca14d in int WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMainGtk>(int, char**) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #31 0x00007f56010e409b in __libc_start_main (main=0x5559a964dc00 <main>, argc=4, argv=0x7ffcdf62bcd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcdf62bcc8) at ../csu/libc-start.c:308 #32 0x00005559a964dc7a in _start ()
Darin Adler
Comment 4 2020-03-24 09:13:10 PDT
Should be trivial to fix. Presumably the it’s dereferencing a null pointer. I think this code needs checks for null: postLayoutData.surroundingContextCursorPosition = characterCount(*makeRange(surroundingStart, selectionStart)); postLayoutData.surroundingContextSelectionPosition = characterCount(*makeRange(surroundingStart, selection.visibleEnd())); If surroundingStart, selectionStart, or selection.visibleEnd is null, then we can’t call characterCount. Maybe have it be zero instead. Simplest change is probably this: if (surroundingStart.isNull() || selectionStart.isNull()) postLayoutData.surroundingContextCursorPosition = 0; else postLayoutData.surroundingContextCursorPosition = characterCount(*makeRange(surroundingStart, selectionStart)); Then something similar for surroundingContextSelectionPosition.
Darin Adler
Comment 5 2020-03-24 09:14:46 PDT
I may not have time to quickly fix this myself, so someone could give this a try if they have a GTK system to test on, or could roll out my patch (sad if necessary; lack of a GTK test bot in EWS, I guess). The issues are in code in WebPageGLib.cpp.
Diego Pino
Comment 6 2020-03-24 09:16:22 PDT
Thanks, I can give it a try.
Diego Pino
Comment 7 2020-03-24 09:27:53 PDT
Created attachment 394371 [details] Patch
Diego Pino
Comment 8 2020-03-24 09:29:46 PDT
Created attachment 394372 [details] Patch
Darin Adler
Comment 9 2020-03-24 09:30:06 PDT
Comment on attachment 394371 [details] Patch Looks good as a speculative fix. Even better if it’s proven to work on GTK!
Darin Adler
Comment 10 2020-03-24 09:30:53 PDT
If this works, would be nice to return later and make the code more elegant, but for now this seems great.
Diego Pino
Comment 11 2020-03-24 09:33:35 PDT
Yep, it works on GTK. I also run those 3 tests that were previously crashing and they're all passing now.
Diego Pino
Comment 12 2020-03-24 10:53:45 PDT
Committed r258918: <https://trac.webkit.org/changeset/258918>
Radar WebKit Bug Importer
Comment 13 2020-03-24 10:54:16 PDT
<rdar://problem/60831727>
Note You need to log in before you can comment on or make changes to this bug.