Bug 171705

Summary:

REGRESSION: Multiple LayoutTests crashing in WebCore::Document::page() const + 4

Product:

WebKit

Reporter:

Ryan Haddad <ryanhaddad>

Component:

New Bugs

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED DUPLICATE

Severity:

Normal

CC:

sam

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Crashlog	none

Description Ryan Haddad 2017-05-04 18:20:18 PDT

Created attachment 309123 [details]
Crashlog

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x0000000101eaae84 WebCore::Document::page() const + 4 (Document.cpp:1643)
1   com.apple.WebCore             	0x0000000102859eb3 WebCore::Notification::contextDestroyed() + 35 (Notification.cpp:135)
2   com.apple.WebCore             	0x0000000102b04e68 WebCore::ScriptExecutionContext::~ScriptExecutionContext() + 72 (HashTable.h:384)
3   com.apple.WebCore             	0x0000000101ead1d0 WebCore::Document::~Document() + 5776 (Document.cpp:623)
4   com.apple.WebCore             	0x00000001020e5a2e WebCore::HTMLDocument::~HTMLDocument() + 14 (HTMLDocument.cpp:90)
5   com.apple.WebCore             	0x0000000101cf3803 WebCore::ChildNodeList::~ChildNodeList() + 147 (ChildNodeList.cpp:45)
6   com.apple.WebCore             	0x0000000101cf384e WebCore::ChildNodeList::~ChildNodeList() + 14 (ChildNodeList.cpp:43)
7   com.apple.JavaScriptCore      	0x000000010594f094 JSC::JSDestructibleObjectSubspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::MarkedBlock::Handle::SweepMode) + 1492 (JSDestructibleObjectSubspace.cpp:40)
8   com.apple.JavaScriptCore      	0x0000000105a8743c JSC::MarkedBlock::Handle::sweep(JSC::MarkedBlock::Handle::SweepMode) + 252 (MarkedBlock.cpp:432)
9   com.apple.JavaScriptCore      	0x0000000105832300 JSC::IncrementalSweeper::sweepNextBlock() + 128 (IncrementalSweeper.cpp:91)
10  com.apple.JavaScriptCore      	0x0000000105832228 JSC::IncrementalSweeper::doWork() + 40 (IncrementalSweeper.cpp:55)
11  com.apple.JavaScriptCore      	0x000000010575fa1f JSC::JSRunLoopTimer::timerDidFire() + 63 (JSRunLoopTimer.cpp:61)
12  com.apple.CoreFoundation      	0x00007fff7edb1de4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
13  com.apple.CoreFoundation      	0x00007fff7edb1a73 __CFRunLoopDoTimer + 1075
14  com.apple.CoreFoundation      	0x00007fff7edb15ca __CFRunLoopDoTimers + 298
15  com.apple.CoreFoundation      	0x00007fff7eda8fa1 __CFRunLoopRun + 2081
16  com.apple.CoreFoundation      	0x00007fff7eda8524 CFRunLoopRunSpecific + 420
17  com.apple.HIToolbox           	0x00007fff7e308ebc RunCurrentEventLoopInMode + 240
18  com.apple.HIToolbox           	0x00007fff7e308cf1 ReceiveNextEventCommon + 432
19  com.apple.HIToolbox           	0x00007fff7e308b26 _BlockUntilNextEventMatchingListInModeWithFilter + 71
20  com.apple.AppKit              	0x00007fff7c8a3e24 _DPSNextEvent + 1120
21  com.apple.AppKit              	0x00007fff7d01f85e -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796
22  com.apple.AppKit              	0x00007fff7c8987ab -[NSApplication run] + 926
23  com.apple.AppKit              	0x00007fff7c8631de NSApplicationMain + 1237
24  libxpc.dylib                  	0x00007fff94d228c7 _xpc_objc_main + 775
25  libxpc.dylib                  	0x00007fff94d212e4 xpc_main + 494
26  com.apple.WebKit.WebContent   	0x0000000100a8e695 main + 492 (XPCServiceMain.mm:122)
27  libdyld.dylib                 	0x00007fff94ac9235 start + 1

https://build.webkit.org/results/Apple%20Sierra%20Release%20WK2%20(Tests)/r216219%20(1199)/results.html

Comment 1 Ryan Haddad 2017-05-04 18:22:17 PDT

My best guess is that this may be related to https://trac.webkit.org/changeset/216206/webkit

Comment 2 Ryan Haddad 2017-05-04 18:22:34 PDT

(In reply to Ryan Haddad from comment #1)
> My best guess is that this may be related to
> https://trac.webkit.org/changeset/216206/webkit

Remove support for legacy Notifications
https://bugs.webkit.org/show_bug.cgi?id=171487

Comment 3 Ryan Haddad 2017-05-04 18:24:21 PDT

http/tests/notifications/window-show-on-click.html
https://build.webkit.org/results/Apple%20Sierra%20Release%20WK2%20(Tests)/r216219%20(1199)/results.html

Comment 4 Ryan Haddad 2017-05-04 18:25:09 PDT

http/tests/performance/performance-resource-timing-cached-entries.html
https://build.webkit.org/results/Apple%20Sierra%20Release%20WK2%20(Tests)/r216218%20(1198)/results.html

Comment 5 Alexey Proskuryakov 2017-05-04 22:34:36 PDT

So let's roll back ASAP.

*** This bug has been marked as a duplicate of bug 171714 ***

Comment 6 Sam Weinig 2017-05-05 13:06:34 PDT

Any idea why the EWS didn't catch this?

Comment 7 Ryan Haddad 2017-05-05 13:22:48 PDT

(In reply to Sam Weinig from comment #6)
> Any idea why the EWS didn't catch this?

I think it is because the crashes were flaky.