Bug 161323

Summary:

[ios-simulator] media/track/media-element-enqueue-event-crash.html crashes in Frame::script under HTMLMediaElement::updateMediaControlsAfterPresentationModeChange

Product:

WebKit

Reporter:

Ryan Haddad <ryanhaddad>

Component:

Media

Assignee:

Nobody <webkit-unassigned>

Status:

REOPENED

Severity:

Normal

CC:

ap, dbates, eric.carlson, jer.noble, jiewen_tan, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=160367

Attachments:

Description	Flags
crash log	none

Ryan Haddad

Reported 2016-08-29 12:58:00 PDT

[ios-simulator] LayoutTest media/track/text-track-cue-is-reachable.html is a flaky crash Full crashlog: https://build.webkit.org/results/Apple%20iOS%209%20Simulator%20Debug%20WK2%20(Tests)/r205131%20(4801)/results.html Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000378 Exception Note: EXC_CORPSE_NOTIFY VM Regions Near 0x378: --> __TEXT 0000000102d4f000-0000000102d51000 [ 8K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit.framework/XPCServices/com.apple.WebKit.WebContent.Development.xpc/com.apple.WebKit.WebContent.Development Application Specific Information: CoreSimulator 209.19 - Device: iPhone 5s WebKit Tester6 - Runtime: iOS 9.3 (13E230) - DeviceType: iPhone 5s CRASHING TEST: media/track/media-element-enqueue-event-crash.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010ceb580b WebCore::Frame::script() + 43 (Frame.h:349) 1 com.apple.WebCore 0x000000010d8b5696 WebCore::HTMLMediaElement::updateMediaControlsAfterPresentationModeChange() + 182 (HTMLMediaElement.cpp:6688) 2 com.apple.WebCore 0x000000010d89fd61 WebCore::HTMLMediaElement::exitFullscreen() + 145 (HTMLMediaElement.cpp:5464) 3 com.apple.WebCore 0x000000010d8b3f8f WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer() + 79 (HTMLMediaElement.cpp:5089) 4 com.apple.WebCore 0x000000010d8b41e6 WebCore::HTMLMediaElement::stop() + 70 (HTMLMediaElement.cpp:5131) 5 com.apple.WebCore 0x000000010d8b428c non-virtual thunk to WebCore::HTMLMediaElement::stop() + 28 (HTMLMediaElement.cpp:5124) 6 com.apple.WebCore 0x000000010eaf7902 WebCore::ScriptExecutionContext::stopActiveDOMObjects() + 290 (ScriptExecutionContext.cpp:298) 7 com.apple.WebCore 0x000000010d345c55 WebCore::Document::stopActiveDOMObjects() + 37 (Document.cpp:2499) 8 com.apple.WebCore 0x000000010d33af4e WebCore::Document::prepareForDestruction() + 286 (Document.cpp:2388) 9 com.apple.WebCore 0x000000010d696cdd WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView>&&) + 189 (Frame.cpp:251) 10 com.apple.WebCore 0x000000010d699f58 WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) + 264 (Frame.cpp:864) 11 com.apple.WebKit 0x000000010371bff2 WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() + 658 (WebFrameLoaderClient.cpp:1324) 12 com.apple.WebCore 0x000000010d6b58ae WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 1278 (FrameLoader.cpp:1982)

Attachments
crash log (122.92 KB, text/plain) 2016-09-15 10:32 PDT, Alexey Proskuryakov	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Ryan Haddad

Comment 1 2016-08-29 12:59:41 PDT

<rdar://problem/27927820>

Radar WebKit Bug Importer

Comment 2 2016-08-29 13:00:04 PDT

<rdar://problem/28061044>

Jiewen Tan

Comment 3 2016-08-29 13:20:15 PDT

Committed r205140: <http://trac.webkit.org/changeset/205140>

Ryan Haddad

Comment 4 2016-08-29 13:24:21 PDT

Reverted r205140 for reason: The changelog entry for this commit is incorrect and misattributed. Committed r205141: <http://trac.webkit.org/changeset/205141>

Alexey Proskuryakov

Comment 5 2016-08-31 16:32:02 PDT

Are we still hitting this crash?

Ryan Haddad

Comment 6 2016-08-31 16:34:30 PDT

Not since yesterday according to the flakiness dashboard: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=media%2Ftrack%2Ftext-track-cue-is-reachable.html

Alexey Proskuryakov

Comment 7 2016-09-15 10:32:07 PDT

Created attachment 288968 [details] crash log

Alexey Proskuryakov

Comment 8 2016-09-15 10:48:33 PDT

This is still happening. Crash logs seem to always have media/track/media-element-enqueue-event-crash.html as the crashing test. This actually looks like a debug build variant of bug 160367. First crash on bots: 2016-07-29 11:19:36.

Alexey Proskuryakov

Comment 9 2016-09-15 11:07:24 PDT

*** Bug 160367 has been marked as a duplicate of this bug. ***

Alexey Proskuryakov

Comment 10 2016-09-15 11:10:09 PDT

This may be because of one of the tests unskipped in <http://trac.webkit.org/r203906>. Since it's making unrelated tests into crash flakily, we should track it down, and skip again. I'll try to do that today.

Alexey Proskuryakov

Comment 11 2016-09-15 11:27:13 PDT

I can easily reproduce with media/track/media-element-enqueue-event-crash.html.

Ryan Haddad

Comment 12 2016-09-15 13:11:15 PDT

Skipped media/track/media-element-enqueue-event-crash.html and media/track/track-remove-crash.html, removed flaky expectation for media/track/text-track-cue-is-reachable.html in http://trac.webkit.org/projects/webkit/changeset/205993

Note You need to log in before you can comment on or make changes to this bug.