Bug 172823

Summary: webarchive/loading/mainresource-null-mimetype-crash.html / webarchive/loading/missing-data.html are flaky
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: Tools / TestsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, buildbot, commit-queue, ggaren, lforschler, rniwa
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews122 for ios-simulator-wk2
none
Patch none

Chris Dumez
Reported 2017-06-01 10:12:40 PDT
webarchive/loading/mainresource-null-mimetype-crash.html crashes under WebCoreTestSupport::resetInternalsObject(): Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000040 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] Application Specific Information: This process is running with libgmalloc.dylib (GuardMalloc) which may have forced the crash due to a memory access error. CRASHING TEST: webarchive/loading/mainresource-null-mimetype-crash.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libWebCoreTestSupport.dylib 0x0000000190814a4c WebCore::Frame::page() const + 12 (Frame.h:371) 1 libWebCoreTestSupport.dylib 0x000000019096dd27 WebCoreTestSupport::resetInternalsObject(OpaqueJSContext const*) + 103 (WebCoreTestSupport.cpp:66) 2 com.apple.WebKitTestRunner.InjectedBundle 0x00000001906e51f2 WTR::InjectedBundlePage::resetAfterTest() + 66 (InjectedBundlePage.cpp:432) 3 com.apple.WebKitTestRunner.InjectedBundle 0x00000001906db57c WTR::InjectedBundle::didReceiveMessageToPage(OpaqueWKBundlePage const*, OpaqueWKString const*, void const*) + 1404 (InjectedBundle.cpp:198) 4 com.apple.WebKitTestRunner.InjectedBundle 0x00000001906dafec WTR::InjectedBundle::didReceiveMessageToPage(OpaqueWKBundle const*, OpaqueWKBundlePage const*, OpaqueWKString const*, void const*, void const*) + 60 (InjectedBundle.cpp:85) 5 com.apple.WebKit 0x000000010d5243d2 WebKit::InjectedBundleClient::didReceiveMessageToPage(WebKit::InjectedBundle*, WebKit::WebPage*, WTF::String const&, API::Object*) + 162 (InjectedBundleClient.cpp:73) 6 com.apple.WebKit 0x000000010d51e13a WebKit::InjectedBundle::didReceiveMessageToPage(WebKit::WebPage*, WTF::String const&, API::Object*) + 74 (InjectedBundle.cpp:531) 7 com.apple.WebKit 0x000000010dbf7413 WebKit::WebPage::postInjectedBundleMessage(WTF::String const&, WebKit::UserData const&) + 147 (WebPage.cpp:1859) 8 com.apple.WebKit 0x000000010dc7f699 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>, 0ul, 1ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 185 (HandleMessage.h:41) 9 com.apple.WebKit 0x000000010dc7f5d8 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<WTF::String, WebKit::UserData>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&)) + 88 (HandleMessage.h:47) Reproduced via: Tools/Scripts/run-webkit-tests webarchive/loading/mainresource-null-mimetype-crash.html --repeat-each 1000 -v --no-retry -gf --child-processes=50 --no-build --no-timeout --debug
Attachments
Patch (1.81 KB, patch)
2017-06-01 10:24 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews122 for ios-simulator-wk2 (1.08 MB, application/zip)
2017-06-01 11:53 PDT, Build Bot 		no flags
Details
Patch (5.12 KB, patch)
2017-06-01 12:16 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2017-06-01 10:24:20 PDT
Created attachment 311719 [details] Patch
Alexey Proskuryakov
Comment 2 2017-06-01 10:40:52 PDT
rdar://problem/23641011
Alexey Proskuryakov
Comment 3 2017-06-01 10:44:52 PDT
Comment on attachment 311719 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=311719&action=review > Source/WebCore/ChangeLog:8 > + Do not assume the document's frame and page pointers are non null in WebCoreTestSupport::resetInternalsObject(). Is that actually an expected situation, or is the root cause elsewhere? I thought that we always needed to reset the state, so returning early would result in misconfigured tetsing down the line.
Alexey Proskuryakov
Comment 4 2017-06-01 10:57:59 PDT
Note that there are other crashes happening on this test, so I assumed it was a WebCore issue.
Build Bot
Comment 5 2017-06-01 11:53:16 PDT
Comment on attachment 311719 [details] Patch Attachment 311719 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3854789 New failing tests: webrtc/peer-connection-audio-mute.html
Build Bot
Comment 6 2017-06-01 11:53:18 PDT
Created attachment 311738 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.5
Chris Dumez
Comment 7 2017-06-01 12:14:46 PDT
(In reply to Alexey Proskuryakov from comment #4) > Note that there are other crashes happening on this test, so I assumed it > was a WebCore issue. The issue is that this test navigates the main frame. When that happens, a new document is created and associated to the main frame. The old document is then frameless. My bet , since it is flaky, is that we sometimes call resetInternalsObject() on the old document (pre-navigation) and sometimes on the new document (post-navigation). One thing I think we should do is update the test to na
Chris Dumez
Comment 8 2017-06-01 12:16:19 PDT
Created attachment 311740 [details] Patch
Alexey Proskuryakov
Comment 9 2017-06-01 12:43:51 PDT
Comment on attachment 311740 [details] Patch rs=me. Seems reasonable to work around this in tests for now.
Chris Dumez
Comment 10 2017-06-01 13:09:09 PDT
Comment on attachment 311740 [details] Patch Clearing flags on attachment: 311740 Committed r217680: <http://trac.webkit.org/changeset/217680>
Chris Dumez
Comment 11 2017-06-01 13:09:11 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.