180173 2017-11-29 15:54:25 -0800 ServiceWorker WebProcess sometimes crashes in JSVMClientData::~JSVMClientData() 2017-11-29 22:14:28 -0800 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 180168 1 cdumez cdumez achristensen beidson commit-queue ggaren mark.lam ryanhaddad webkit-bug-importer youennf oldest_to_newest 1376081 0 cdumez 2017-11-29 15:54:25 -0800 ServiceWorker WebProcess sometimes crashes in JSVMClientData::~JSVMClientData() when running the layout tests: Thread 7 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x00000001ec0adfc4 WTFCrash + 36 (Assertions.cpp:270) 1 com.apple.WebCore 0x00000001de3984e1 WebCore::JSVMClientData::~JSVMClientData() + 289 (WebCoreJSClientData.cpp:56) 2 com.apple.WebCore 0x00000001de398715 WebCore::JSVMClientData::~JSVMClientData() + 21 (WebCoreJSClientData.cpp:59) 3 com.apple.WebCore 0x00000001de398739 WebCore::JSVMClientData::~JSVMClientData() + 25 (WebCoreJSClientData.cpp:53) 4 com.apple.JavaScriptCore 0x00000001ebe486f4 JSC::VM::~VM() + 1268 (VM.cpp:430) 5 com.apple.JavaScriptCore 0x00000001ebe4a7d5 JSC::VM::~VM() + 21 (VM.cpp:439) 6 com.apple.JavaScriptCore 0x00000001eace5297 WTF::ThreadSafeRefCounted<JSC::VM>::deref() const + 71 (ThreadSafeRefCounted.h:71) 7 com.apple.JavaScriptCore 0x00000001eb8d19c1 void WTF::derefIfNotNull<JSC::VM>(JSC::VM*) + 49 (RefPtr.h:46) 8 com.apple.JavaScriptCore 0x00000001eb8c20fb WTF::RefPtr<JSC::VM>::operator=(std::nullptr_t) + 91 (RefPtr.h:152) 9 com.apple.JavaScriptCore 0x00000001ebcbc0ea JSC::JSLockHolder::~JSLockHolder() + 58 (JSLock.cpp:76) 10 com.apple.JavaScriptCore 0x00000001ebcbc165 JSC::JSLockHolder::~JSLockHolder() + 21 (JSLock.cpp:78) 11 com.apple.WebCore 0x00000001de399c2a WebCore::WorkerScriptController::~WorkerScriptController() + 442 (WorkerScriptController.cpp:70) 12 com.apple.WebCore 0x00000001de399e35 WebCore::WorkerScriptController::~WorkerScriptController() + 21 (WorkerScriptController.cpp:70) 13 com.apple.WebCore 0x00000001dfca6d42 WebCore::WorkerGlobalScope::clearScript() + 178 (memory:2397) 14 com.apple.WebCore 0x00000001dfca6c86 WebCore::WorkerThread::stop(WTF::Function<void ()>&&)::$_14::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&)::operator()(WebCore::ScriptExecutionContext&) const + 38 (WorkerThread.cpp:295) 15 com.apple.WebCore 0x00000001dfca6c34 WTF::Function<void (WebCore::ScriptExecutionContext&)>::CallableWrapper<WebCore::WorkerThread::stop(WTF::Function<void ()>&&)::$_14::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&)>::call(WebCore::ScriptExecutionContext&) + 52 (Function.h:101) 16 com.apple.WebCore 0x00000001de20d4ce WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const + 158 (Function.h:56) 17 com.apple.WebCore 0x00000001de1fac7d WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) + 29 (ScriptExecutionContext.h:184) 18 com.apple.WebCore 0x00000001dfc96b10 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerGlobalScope*) + 128 (WorkerRunLoop.cpp:259) 19 com.apple.WebCore 0x00000001dfc95ebb WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*) + 395 (WorkerRunLoop.cpp:232) 20 com.apple.WebCore 0x00000001dfc95550 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 112 (WorkerRunLoop.cpp:140) 21 com.apple.WebCore 0x00000001dfc99ce3 WebCore::WorkerThread::runEventLoop() + 51 (WorkerThread.cpp:258) 22 com.apple.WebCore 0x00000001dfccb215 WebCore::ServiceWorkerThread::runEventLoop() + 21 (ServiceWorkerThread.cpp:95) 23 com.apple.WebCore 0x00000001dfc99917 WebCore::WorkerThread::workerThread() + 1719 (WorkerThread.cpp:201) 24 com.apple.WebCore 0x00000001dfca5828 WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_12::operator()() const + 24 (WorkerThread.cpp:145) 25 com.apple.WebCore 0x00000001dfca57e9 WTF::Function<void ()>::CallableWrapper<WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_12>::call() + 25 (Function.h:101) 26 com.apple.JavaScriptCore 0x00000001ec0e744b WTF::Function<void ()>::operator()() const + 139 (Function.h:56) 27 com.apple.JavaScriptCore 0x00000001ec13389f WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 351 (Threading.cpp:129) 28 com.apple.JavaScriptCore 0x00000001ec138f75 WTF::wtfThreadEntryPoint(void*) + 21 (ThreadingPthreads.cpp:223) 29 libsystem_pthread.dylib 0x00007fff600a86c1 _pthread_body + 340 30 libsystem_pthread.dylib 0x00007fff600a856d _pthread_start + 377 31 libsystem_pthread.dylib 0x00007fff600a7c5d thread_start + 13 Not sure what is causing this. The assertion is: ASSERT(m_normalWorld->hasOneRef()); Presumably we are leaking the DOMWrapperWorld somehow? 1376099 1 cdumez 2017-11-29 16:28:27 -0800 I can reproduce like so: Tools/Scripts/run-webkit-tests imported/w3c/web-platform-tests/service-workers/service-worker/ServiceWorkerGlobalScope/registration-attribute.https.html --repeat-each=2 The first run passes but the second one fails. If you check your crashes in Console.app, you'll see a new crash file for the assertion hit. 1376193 2 327948 cdumez 2017-11-29 20:01:21 -0800 Created attachment 327948 Patch 1376208 3 327948 commit-queue 2017-11-29 22:13:44 -0800 Comment on attachment 327948 Patch Clearing flags on attachment: 327948 Committed r225316: <https://trac.webkit.org/changeset/225316> 1376209 4 commit-queue 2017-11-29 22:13:45 -0800 All reviewed patches have been landed. Closing bug. 1376210 5 webkit-bug-importer 2017-11-29 22:14:28 -0800 <rdar://problem/35766174> 327948 2017-11-29 20:01:21 -0800 2017-11-29 22:13:44 -0800 Patch bug-180173-20171129200120.patch text/plain 4105 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjI1MzEzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYjIxOTFlZjc4NTBhNGYw NDhjMzlkOTk0NzYzMzQ5OTljZjg1NGRlZS4uMTBiOTE5NTE0MDdmZWRiYmE1YjVmOGY4YWNiM2Ez OGJlNDgwNzFhOSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI5IEBACisyMDE3LTExLTI5ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgU2VydmljZVdvcmtlciBXZWJQ cm9jZXNzIHNvbWV0aW1lcyBjcmFzaGVzIGluIEpTVk1DbGllbnREYXRhOjp+SlNWTUNsaWVudERh dGEoKQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTgw MTczCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVGhl IGxlYWsgd2FzIGNhdXNlZCBieSBFdmVudExpc3RlbmVycyByZW1haW5pbmcgd2hlbiBkZXN0cm95 aW5nIHRoZSBWTSwgYmVjYXVzZQorICAgICAgICBKU0V2ZW50TGlzdGVuZXIgcmVmcyB0aGUgRE9N V3JhcHBlcldvcmxkLiBUbyBhZGRyZXNzIHRoZSBpc3N1ZSwgd2Ugbm93IGNhbGwKKyAgICAgICAg cmVtb3ZlQWxsRXZlbnRMaXN0ZW5lcnMoKSBpbiB0aGUgc3RvcCgpIG1ldGhvZCBvZiBTZXJ2aWNl V29ya2VyQ29udGFpbmVyLAorICAgICAgICBTZXJ2aWNlV29ya2VyUmVnaXN0cmF0aW9uIGFuZCBT ZXJ2aWNlV29ya2VyLiBUaG9zZSBldmVudCBsaXN0ZW5lcnMgYXJlIG5vCisgICAgICAgIGxvbmdl ciBuZWVkZWQgYWZ0ZXIgQWN0aXZlRE9NT2JqZWN0OjpzdG9wKCkgaXMgY2FsbGVkIHNpbmNlIHRo ZSBzY3JpcHQKKyAgICAgICAgZXhlY3V0aW9uIGNvbnRleHQgaXMgYWJvdXQgdG8gYmUgZGVzdHJv eWVkLgorCisgICAgICAgIFRoaXMgaXMgdGhlIHNhbWUgcGF0dGVybiB1c2VkIGluIElEQkRhdGFi YXNlOjpzdG9wKCksIElEQlJlcXVlc3Q6OnN0b3AoKS4KKworICAgICAgICBObyBuZXcgdGVzdHMs IGFscmVhZHkgY292ZXJlZCBieSBleGlzdGluZyB0ZXN0LgorCisgICAgICAgICogd29ya2Vycy9z ZXJ2aWNlL1NlcnZpY2VXb3JrZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6U2VydmljZVdvcmtl cjo6c3RvcCk6CisgICAgICAgICogd29ya2Vycy9zZXJ2aWNlL1NlcnZpY2VXb3JrZXJDb250YWlu ZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6U2VydmljZVdvcmtlckNvbnRhaW5lcjo6c3RvcCk6 CisgICAgICAgICogd29ya2Vycy9zZXJ2aWNlL1NlcnZpY2VXb3JrZXJDb250YWluZXIuaDoKKyAg ICAgICAgKiB3b3JrZXJzL3NlcnZpY2UvU2VydmljZVdvcmtlclJlZ2lzdHJhdGlvbi5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjpTZXJ2aWNlV29ya2VyUmVnaXN0cmF0aW9uOjpzdG9wKToKKwogMjAx Ny0xMS0yOSAgRXJpYyBDYXJsc29uICA8ZXJpYy5jYXJsc29uQGFwcGxlLmNvbT4KIAogICAgICAg ICBbTWVkaWFTdHJlYW1dIENsZWFuIHVwIGF1ZGlvIGFuZCB2aWRlbyBjYXB0dXJlIGZhY3Rvcmll cwpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvd29ya2Vycy9zZXJ2aWNlL1NlcnZpY2VXb3Jr ZXIuY3BwIGIvU291cmNlL1dlYkNvcmUvd29ya2Vycy9zZXJ2aWNlL1NlcnZpY2VXb3JrZXIuY3Bw CmluZGV4IDEyOTcwZWE4YmMyMjNmMjhiZTQxMTIzMjllNTVkMDJiMWEzNDg5N2EuLmM0NDNmZTg1 YTczNzcxZGFlZGRkYzUyZTgwYzZmZWZiZTE0ZjBmMTkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJD b3JlL3dvcmtlcnMvc2VydmljZS9TZXJ2aWNlV29ya2VyLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29y ZS93b3JrZXJzL3NlcnZpY2UvU2VydmljZVdvcmtlci5jcHAKQEAgLTE0OSw2ICsxNDksNyBAQCBi b29sIFNlcnZpY2VXb3JrZXI6OmNhblN1c3BlbmRGb3JEb2N1bWVudFN1c3BlbnNpb24oKSBjb25z dAogdm9pZCBTZXJ2aWNlV29ya2VyOjpzdG9wKCkKIHsKICAgICBtX2lzU3RvcHBlZCA9IHRydWU7 CisgICAgcmVtb3ZlQWxsRXZlbnRMaXN0ZW5lcnMoKTsKICAgICBzY3JpcHRFeGVjdXRpb25Db250 ZXh0KCktPnVucmVnaXN0ZXJTZXJ2aWNlV29ya2VyKCp0aGlzKTsKICAgICB1cGRhdGVQZW5kaW5n QWN0aXZpdHlGb3JFdmVudERpc3BhdGNoKCk7CiB9CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29y ZS93b3JrZXJzL3NlcnZpY2UvU2VydmljZVdvcmtlckNvbnRhaW5lci5jcHAgYi9Tb3VyY2UvV2Vi Q29yZS93b3JrZXJzL3NlcnZpY2UvU2VydmljZVdvcmtlckNvbnRhaW5lci5jcHAKaW5kZXggNzVl YzY2NDBlNzQzNDY5MjQyZTIzMjMwMGZlZTI0NjdjNjg4YTE1MS4uM2YyOWM2YjAwM2U5NGJmOTUw MGIyODBjYzgwZTI1MTI3MGE5YTdiOSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvd29ya2Vy cy9zZXJ2aWNlL1NlcnZpY2VXb3JrZXJDb250YWluZXIuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3Jl L3dvcmtlcnMvc2VydmljZS9TZXJ2aWNlV29ya2VyQ29udGFpbmVyLmNwcApAQCAtNDQ1LDYgKzQ0 NSwxMiBAQCB2b2lkIFNlcnZpY2VXb3JrZXJDb250YWluZXI6OnNjaGVkdWxlVGFza1RvRmlyZUNv bnRyb2xsZXJDaGFuZ2VFdmVudCgpCiAgICAgfSk7CiB9CiAKK3ZvaWQgU2VydmljZVdvcmtlckNv bnRhaW5lcjo6c3RvcCgpCit7CisgICAgbV9pc1N0b3BwZWQgPSB0cnVlOworICAgIHJlbW92ZUFs bEV2ZW50TGlzdGVuZXJzKCk7Cit9CisKIH0gLy8gbmFtZXNwYWNlIFdlYkNvcmUKIAogI2VuZGlm IC8vIEVOQUJMRShTRVJWSUNFX1dPUktFUikKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3dv cmtlcnMvc2VydmljZS9TZXJ2aWNlV29ya2VyQ29udGFpbmVyLmggYi9Tb3VyY2UvV2ViQ29yZS93 b3JrZXJzL3NlcnZpY2UvU2VydmljZVdvcmtlckNvbnRhaW5lci5oCmluZGV4IGEwYThlNzU5NDI1 ZDkwN2E4ZjU1N2Y2NjgzZDQyNjA5M2FjNTZjZTguLmJiNWRhNjljMjRmMTU3MzY5NGY5ZWZmOTJl NDEzZTAxMWIyMjJjOTggMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3dvcmtlcnMvc2Vydmlj ZS9TZXJ2aWNlV29ya2VyQ29udGFpbmVyLmgKKysrIGIvU291cmNlL1dlYkNvcmUvd29ya2Vycy9z ZXJ2aWNlL1NlcnZpY2VXb3JrZXJDb250YWluZXIuaApAQCAtMTA1LDcgKzEwNSw3IEBAIHByaXZh dGU6CiAgICAgRXZlbnRUYXJnZXRJbnRlcmZhY2UgZXZlbnRUYXJnZXRJbnRlcmZhY2UoKSBjb25z dCBmaW5hbCB7IHJldHVybiBTZXJ2aWNlV29ya2VyQ29udGFpbmVyRXZlbnRUYXJnZXRJbnRlcmZh Y2VUeXBlOyB9CiAgICAgdm9pZCByZWZFdmVudFRhcmdldCgpIGZpbmFsOwogICAgIHZvaWQgZGVy ZWZFdmVudFRhcmdldCgpIGZpbmFsOwotICAgIHZvaWQgc3RvcCgpIGZpbmFsIHsgbV9pc1N0b3Bw ZWQgPSB0cnVlOyB9CisgICAgdm9pZCBzdG9wKCkgZmluYWw7CiAKICAgICBSZWFkeVByb21pc2Ug bV9yZWFkeVByb21pc2U7CiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3dvcmtlcnMvc2Vy dmljZS9TZXJ2aWNlV29ya2VyUmVnaXN0cmF0aW9uLmNwcCBiL1NvdXJjZS9XZWJDb3JlL3dvcmtl cnMvc2VydmljZS9TZXJ2aWNlV29ya2VyUmVnaXN0cmF0aW9uLmNwcAppbmRleCBkMjkyNTkxMDVm OTlkODVkYmQ0MmNkMzhkODc5YWIyMTkyNGUwOWM4Li5iZjBiNDc5ZjcwNjdjNzlhYmMwNDFkY2Jh ZDFlNmZlOTZiNWYyZGRjIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS93b3JrZXJzL3NlcnZp Y2UvU2VydmljZVdvcmtlclJlZ2lzdHJhdGlvbi5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvd29y a2Vycy9zZXJ2aWNlL1NlcnZpY2VXb3JrZXJSZWdpc3RyYXRpb24uY3BwCkBAIC0yMjEsNiArMjIx LDcgQEAgYm9vbCBTZXJ2aWNlV29ya2VyUmVnaXN0cmF0aW9uOjpjYW5TdXNwZW5kRm9yRG9jdW1l bnRTdXNwZW5zaW9uKCkgY29uc3QKIHZvaWQgU2VydmljZVdvcmtlclJlZ2lzdHJhdGlvbjo6c3Rv cCgpCiB7CiAgICAgbV9pc1N0b3BwZWQgPSB0cnVlOworICAgIHJlbW92ZUFsbEV2ZW50TGlzdGVu ZXJzKCk7CiAgICAgdXBkYXRlUGVuZGluZ0FjdGl2aXR5Rm9yRXZlbnREaXNwYXRjaCgpOwogfQog Cg==