Bug 172823

Summary: webarchive/loading/mainresource-null-mimetype-crash.html / webarchive/loading/missing-data.html are flaky
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Tools / TestsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, buildbot, commit-queue, ggaren, lforschler, rniwa
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews122 for ios-simulator-wk2
none
Patch none

Description Chris Dumez 2017-06-01 10:12:40 PDT 
webarchive/loading/mainresource-null-mimetype-crash.html crashes under WebCoreTestSupport::resetInternalsObject():
Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000040
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

Application Specific Information:
This process is running with libgmalloc.dylib (GuardMalloc) which may have forced the crash due to a memory access error.
 
CRASHING TEST: webarchive/loading/mainresource-null-mimetype-crash.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libWebCoreTestSupport.dylib   	0x0000000190814a4c WebCore::Frame::page() const + 12 (Frame.h:371)
1   libWebCoreTestSupport.dylib   	0x000000019096dd27 WebCoreTestSupport::resetInternalsObject(OpaqueJSContext const*) + 103 (WebCoreTestSupport.cpp:66)
2   com.apple.WebKitTestRunner.InjectedBundle	0x00000001906e51f2 WTR::InjectedBundlePage::resetAfterTest() + 66 (InjectedBundlePage.cpp:432)
3   com.apple.WebKitTestRunner.InjectedBundle	0x00000001906db57c WTR::InjectedBundle::didReceiveMessageToPage(OpaqueWKBundlePage const*, OpaqueWKString const*, void const*) + 1404 (InjectedBundle.cpp:198)
4   com.apple.WebKitTestRunner.InjectedBundle	0x00000001906dafec WTR::InjectedBundle::didReceiveMessageToPage(OpaqueWKBundle const*, OpaqueWKBundlePage const*, OpaqueWKString const*, void const*, void const*) + 60 (InjectedBundle.cpp:85)
5   com.apple.WebKit              	0x000000010d5243d2 WebKit::InjectedBundleClient::didReceiveMessageToPage(WebKit::InjectedBundle*, WebKit::WebPage*, WTF::String const&, API::Object*) + 162 (InjectedBundleClient.cpp:73)
6   com.apple.WebKit              	0x000000010d51e13a WebKit::InjectedBundle::didReceiveMessageToPage(WebKit::WebPage*, WTF::String const&, API::Object*) + 74 (InjectedBundle.cpp:531)
7   com.apple.WebKit              	0x000000010dbf7413 WebKit::WebPage::postInjectedBundleMessage(WTF::String const&, WebKit::UserData const&) + 147 (WebPage.cpp:1859)
8   com.apple.WebKit              	0x000000010dc7f699 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>, 0ul, 1ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 185 (HandleMessage.h:41)
9   com.apple.WebKit              	0x000000010dc7f5d8 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<WTF::String, WebKit::UserData>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&)) + 88 (HandleMessage.h:47)


Reproduced via:
Tools/Scripts/run-webkit-tests webarchive/loading/mainresource-null-mimetype-crash.html --repeat-each 1000 -v --no-retry -gf --child-processes=50 --no-build --no-timeout --debug
Comment 1 Chris Dumez 2017-06-01 10:24:20 PDT 
Created attachment 311719 [details]
Patch
Comment 2 Alexey Proskuryakov 2017-06-01 10:40:52 PDT 
rdar://problem/23641011
Comment 3 Alexey Proskuryakov 2017-06-01 10:44:52 PDT 
Comment on attachment 311719 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=311719&action=review

> Source/WebCore/ChangeLog:8
> +        Do not assume the document's frame and page pointers are non null in WebCoreTestSupport::resetInternalsObject().

Is that actually an expected situation, or is the root cause elsewhere?

I thought that we always needed to reset the state, so returning early would result in misconfigured tetsing down the line.
Comment 4 Alexey Proskuryakov 2017-06-01 10:57:59 PDT 
Note that there are other crashes happening on this test, so I assumed it was a WebCore issue.
Comment 5 Build Bot 2017-06-01 11:53:16 PDT 
Comment on attachment 311719 [details]
Patch

Attachment 311719 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/3854789

New failing tests:
webrtc/peer-connection-audio-mute.html
Comment 6 Build Bot 2017-06-01 11:53:18 PDT 
Created attachment 311738 [details]
Archive of layout-test-results from ews122 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews122  Port: ios-simulator-wk2  Platform: Mac OS X 10.12.5
Comment 7 Chris Dumez 2017-06-01 12:14:46 PDT 
(In reply to Alexey Proskuryakov from comment #4)
> Note that there are other crashes happening on this test, so I assumed it
> was a WebCore issue.

The issue is that this test navigates the main frame. When that happens, a new document is created and associated to the main frame. The old document is then frameless. My bet , since it is flaky, is that we sometimes call resetInternalsObject() on the old document (pre-navigation) and sometimes on the new document (post-navigation).

One thing I think we should do is update the test to na
Comment 8 Chris Dumez 2017-06-01 12:16:19 PDT 
Created attachment 311740 [details]
Patch
Comment 9 Alexey Proskuryakov 2017-06-01 12:43:51 PDT 
Comment on attachment 311740 [details]
Patch

rs=me. Seems reasonable to work around this in tests for now.
Comment 10 Chris Dumez 2017-06-01 13:09:09 PDT 
Comment on attachment 311740 [details]
Patch

Clearing flags on attachment: 311740

Committed r217680: <http://trac.webkit.org/changeset/217680>
Comment 11 Chris Dumez 2017-06-01 13:09:11 PDT 
All reviewed patches have been landed.  Closing bug.