RESOLVED FIXED 48896
Keep a reference to the scrollbar in accessibility scrollbar. 
https://bugs.webkit.org/show_bug.cgi?id=48896
Summary Keep a reference to the scrollbar in accessibility scrollbar.
Chris Guillory
Reported 2010-11-02 19:47:32 PDT
Chromium canaries are observing crashes on the following tests: Regressions: Unexpected DumpRenderTree crashes : (3) fast/dom/cssTarget-crash.html = CRASH fast/events/node-event-anchor-lock.html = CRASH fast/loader/repeat-same-document-navigation.html = CRASH Caused by change http://trac.webkit.org/changeset/71198.
Attachments
Null check obj (1.46 KB, patch)
2010-11-02 20:18 PDT, Chris Guillory 		no flags
DetailsFormatted DiffDiff
Keep a referene to the scrollbar in accessibility scrollbar. (1.42 KB, patch)
2010-11-04 18:40 PDT, Chris Guillory 		cfleizach: review-
DetailsFormatted DiffDiff
Keep a reference to the scrollbar in accessibility scrollbar. (1.42 KB, patch)
2010-11-05 12:02 PDT, Chris Guillory 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Chris Guillory
Comment 1 2010-11-02 20:18:44 PDT
Created attachment 72786 [details] Null check obj
Roland Steiner
Comment 2 2010-11-02 20:47:01 PDT
Comment on attachment 72786 [details] Null check obj Clearing flags on attachment: 72786 Committed r71208: <http://trac.webkit.org/changeset/71208>
Roland Steiner
Comment 3 2010-11-02 20:47:08 PDT
All reviewed patches have been landed. Closing bug.
Dumitru Daniliuc
Comment 4 2010-11-04 16:02:44 PDT
fast/events/remove-event-listener.html started crashing on chromium win/linux/mac between r71198 and r71213 with the following stack trace: [23234:23234:1304399625227:ERROR:process_util_posix.cc(105)] Received signal 11 base::debug::StackTrace::StackTrace() [0x8111a79] base::(anonymous namespace)::StackDumpSignalHandler() [0x80fe039] 0x4001c420 WebCore::AXObjectCache::notificationPostTimerFired() [0x86de224] WebCore::Timer<>::fired() [0x86dc4f5] WebCore::ThreadTimers::sharedTimerFiredInternal() [0x86ca0b4] WebCore::ThreadTimers::sharedTimerFired() [0x86ca161] MessageLoop::RunTask() [0x80f072b] MessageLoop::DeferOrRunPendingTask() [0x80f097c] MessageLoop::DoWork() [0x80f0b8a] base::MessagePumpForUI::RunWithDispatcher() [0x810b7fc] base::MessagePumpForUI::Run() [0x810b782] MessageLoop::RunInternal() [0x80f10e5] MessageLoop::Run() [0x80f11d8] TestShell::WaitTestFinished() [0x8061416] TestShell::RunFileTest() [0x8061734] main [0x805a9d4] 0x40a97450 0x8058841 looks related to your patch. can you please take a look? there's an entry for this test in chromium/src/webkit/tools/layout_tests/test_expectations.txt. once this test is no longer crashing, please remove that entry too.
Chris Guillory
Comment 5 2010-11-04 16:40:21 PDT
Looking at the latest builds: http://build.chromium.org/p/chromium/builders/Webkit%20Win/builds/1143/steps/webkit_tests/logs/stdio http://build.chromium.org/p/chromium/builders/Webkit%20Mac10.5/builds/573/steps/webkit_tests/logs/stdio http://build.chromium.org/p/chromium/builders/Webkit%20Linux/builds/1242/steps/webkit_tests/logs/stdio fast/events/remove-event-listener.html is passing on windows and linux but failing on mac with error that looks unrelated. 2010-11-04 16:09:41,819 dump_render_tree_thread.py:107 DEBUG Stacktrace for /b/build/slave/Webkit_Mac10_5/build/src/third_party/WebKit/LayoutTests/fast/events/remove-event-listener.html: [80036:267:1379177625481995:ERROR:/b/build/slave/webkit-mac-rel/build/src/base/process_util_posix.cc(105)] Received signal 10 0 TestShell 0x000a1bb1 _mh_execute_header + 658353 1 TestShell 0x000c2439 _mh_execute_header + 791609 2 libSystem.B.dylib 0x911c32bb _sigtramp + 43 3 ??? 0xffffffff 0x0 + 4294967295 4 TestShell 0x00d588c2 _mh_execute_header + 13990082 5 TestShell 0x00d5a46b _mh_execute_header + 13997163 6 TestShell 0x00d48ffe _mh_execute_header + 13926398 7 TestShell 0x00d490a2 _mh_execute_header + 13926562 8 TestShell 0x000b0c5c _mh_execute_header + 719964 9 TestShell 0x000b0e8e _mh_execute_header + 720526 10 TestShell 0x000b0ff7 _mh_execute_header + 720887 11 TestShell 0x000dbe94 _mh_execute_header + 896660 12 CoreFoundation 0x91ce83c5 CFRunLoopRunSpecific + 3141 13 CoreFoundation 0x91ce8aa8 CFRunLoopRunInMode + 88 14 HIToolbox 0x97a6a2ac BlockUntilNextEventMatchingListInMode + 989 15 HIToolbox 0x97a6a0c5 BlockUntilNextEventMatchingListInMode + 502 16 HIToolbox 0x97a69f39 BlockUntilNextEventMatchingListInMode + 106 17 AppKit 0x96b916d5 _DPSNextEvent + 657 18 AppKit 0x96b90f88 _NSUpdateMenuRefWithChangedMenuItem + 2250 19 AppKit 0x96b89f9f _NSSetViewMultiClipDrawingHelper + 4866 20 TestShell 0x000dbb5d _mh_execute_header + 895837 21 TestShell 0x000db02a _mh_execute_header + 892970 22 TestShell 0x000b186f _mh_execute_header + 723055 23 TestShell 0x000b19f4 _mh_execute_header + 723444 24 TestShell 0x00030c0d _mh_execute_header + 195597 25 TestShell 0x00032086 _mh_execute_header + 200838 26 TestShell 0x0000bc9e _mh_execute_header + 44190 27 TestShell 0x00009f2a _mh_execute_header + 36650
Dumitru Daniliuc
Comment 6 2010-11-04 16:51:03 PDT
Roland said he couldn't reproduce the failure either, but most probably you need to run multiple tests for that failure to show up. I'm not sure how to reproduce it, but the stack trace reported on the Linux bot when this test started crashing seems to point to your patch.
Chris Guillory
Comment 7 2010-11-04 16:57:05 PDT
Is it still failing somewhere that accessibility code stack trace? I see this test passing on Linux.
Dumitru Daniliuc
Comment 8 2010-11-04 17:01:57 PDT
http://test-results.appspot.com/dashboards/flakiness_dashboard.html#showExpectations=true&tests=fast%2Fevents%2Fremove-event-listener.html the test seems to no longer crash on linux. however, it still crashes on mac, in process_util_posix.cc(105), the same location where the test crashed on linux once (the rest of the stack trace from the mac bot looks unhelpful). and there might be a way to resolve those symbols in the windows stack trace.
Chris Guillory
Comment 9 2010-11-04 17:52:19 PDT
Able to repro on windows debug with: >run_webkit_tests.bat --debug fast/events Backtrace: WebCore::AXObjectCache::postPlatformNotification [0x10079972+130] (c:\chromium2\src\third_party\webkit\webcore\accessibility\chromium\axobjectcachechromium.cpp:55) WebCore::AXObjectCache::notificationPostTimerFired [0x0FD962A7+279] (c:\chromium2\src\third_party\webkit\webcore\accessibility\axobjectcache.cpp:416) WebCore::Timer<WebCore::AXObjectCache>::fired [0x0FD96F73+35] (c:\chromium2\src\third_party\webkit\webcore\platform\timer.h:98) WebCore::ThreadTimers::sharedTimerFiredInternal [0x104C4CD9+217] (c:\chromium2\src\third_party\webkit\webcore\platform\threadtimers.cpp:112) WebCore::ThreadTimers::sharedTimerFired [0x104C4BF6+22] (c:\chromium2\src\third_party\webkit\webcore\platform\threadtimers.cpp:91) webkit_glue::WebKitClientImpl::DoTimeout [0x01143DAB+43] (c:\chromium2\src\webkit\glue\webkitclient_impl.h:68) DispatchToMethod<webkit_glue::WebKitClientImpl,void (__thiscall webkit_glue::WebKitClientImpl::*)(void)> [0x01145B3C+12] (c:\chromium2\src\base\tuple.h:537) base::BaseTimer<webkit_glue::WebKitClientImpl,0>::TimerTask::Run [0x01145094+84] (c:\chromium2\src\base\timer.h:160) MessageLoop::RunTask [0x016F77E9+361] (c:\chromium2\src\base\message_loop.cc:417) MessageLoop::DeferOrRunPendingTask [0x016F7935+53] (c:\chromium2\src\base\message_loop.cc:429) MessageLoop::DoWork [0x016F7EFC+236] (c:\chromium2\src\base\message_loop.cc:533) base::MessagePumpForUI::DoRunLoop [0x0178E364+84] (c:\chromium2\src\base\message_pump_win.cc:200) base::MessagePumpWin::RunWithDispatcher [0x0178D9E2+130] (c:\chromium2\src\base\message_pump_win.cc:49) base::MessagePumpWin::Run [0x0178DD8C+28] (c:\chromium2\src\base\message_pump_win.h:80) MessageLoop::RunInternal [0x016F6C2D+349] (c:\chromium2\src\base\message_loop.cc:265) MessageLoop::RunHandler [0x016F699E+46] (c:\chromium2\src\base\message_loop.cc:238) MessageLoop::Run [0x016F6840+96] (c:\chromium2\src\base\message_loop.cc:216) TestShell::WaitTestFinished [0x0187E653+675] (c:\chromium2\src\webkit\tools\test_shell\test_shell_win.cc:490) TestShell::RunFileTest [0x0187D515+1333] (c:\chromium2\src\webkit\tools\test_shell\test_shell_win.cc:292) main [0x010F31E2+6930] (c:\chromium2\src\webkit\tools\test_shell\test_shell_main.cc:411) __tmainCRTStartup [0x018D54C8+424] (f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c:586) mainCRTStartup [0x018D530F+15] (f:\dd\vctools\crt_bld\self_x86\crt\src\crtexe.c:403) BaseThreadInitThunk [0x76B43667+18] RtlInitializeExceptionChain [0x779F9E12+99] RtlInitializeExceptionChain [0x779F9DE5+54] static_cast<AccessibilityScrollbar*>(obj)->scrollbar() is returning garbage. Investigating...
Chris Guillory
Comment 10 2010-11-04 18:40:43 PDT
Created attachment 73027 [details] Keep a referene to the scrollbar in accessibility scrollbar.
Dumitru Daniliuc
Comment 11 2010-11-04 19:59:56 PDT
Chris, can you please review this patch? I'm not familiar with this code.
chris fleizach
Comment 12 2010-11-05 01:26:11 PDT
Comment on attachment 73027 [details] Keep a referene to the scrollbar in accessibility scrollbar. View in context: https://bugs.webkit.org/attachment.cgi?id=73027&action=review Otherwise looks ok. > WebCore/ChangeLog:5 > + Keep a referene to the scrollbar in accessibility scrollbar. spelling
Chris Guillory
Comment 13 2010-11-05 12:02:07 PDT
Created attachment 73098 [details] Keep a reference to the scrollbar in accessibility scrollbar.
chris fleizach
Comment 14 2010-11-05 12:02:41 PDT
Comment on attachment 73098 [details] Keep a reference to the scrollbar in accessibility scrollbar. r=me
WebKit Commit Bot
Comment 15 2010-11-05 12:55:36 PDT
Comment on attachment 73098 [details] Keep a reference to the scrollbar in accessibility scrollbar. Clearing flags on attachment: 73098 Committed r71445: <http://trac.webkit.org/changeset/71445>
WebKit Commit Bot
Comment 16 2010-11-05 12:55:42 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.