Bug 212139

Summary:

[ macOS debug ] REGRESSION: fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html is a flaky crash

Product:

WebKit

Reporter:

Jacob Uphoff <jacob_uphoff>

Component:

New Bugs

Assignee:

zalan <zalan>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

koivisto, webkit-bot-watchers-bugzilla, webkit-bug-importer, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Jacob Uphoff

Reported 2020-05-20 08:13:02 PDT

fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html This test has recently become a flaky crash with an assertion failure on macOS debug wk2. The first crash was seen on r261751. History: https://results.webkit.org/?suite=layout-tests&test=fast%2Flayoutformattingcontext%2Ftable-basic-row-baseline-with-nested-table.html&platform=mac&style=debug Crash: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [93139] VM Regions Near 0xbbadbeef: --> __TEXT 000000010363d000-000000010363e000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/*.Development Application Specific Information: CRASHING TEST: fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000076aa6a0f0 WTFCrash + 16 (Assertions.cpp:303) 1 com.apple.WebCore 0x000000074d5a8ffb WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x0000000750b29730 WTF::Vector<WebCore::LayoutUnit, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> WebCore::Layout::distributeAvailableSpace<WebCore::Layout::RowSpan>(WebCore::Layout::TableGrid const&, WebCore::LayoutUnit, WTF::Function<WebCore::Layout::GridSpace (WebCore::Layout::TableGrid::Slot const&, unsigned long)> const&) + 3248 (TableLayout.cpp:224) 3 com.apple.WebCore 0x0000000750b28920 WebCore::Layout::TableFormattingContext::TableLayout::distributedVerticalSpace(WTF::Optional<WebCore::LayoutUnit>) + 880 (TableLayout.cpp:290) 4 com.apple.WebCore 0x0000000750affbd6 WebCore::Layout::TableFormattingContext::computeAndDistributeExtraSpace(WebCore::LayoutUnit, WTF::Optional<WebCore::LayoutUnit>) + 982 (TableFormattingContext.cpp:406) 5 com.apple.WebCore 0x0000000750aff7be WebCore::Layout::TableFormattingContext::layoutInFlowContent(WebCore::Layout::InvalidationState&, WebCore::Layout::FormattingContext::ConstraintsForInFlowContent const&) + 94 (TableFormattingContext.cpp:58) 6 com.apple.WebCore 0x0000000750a93d49 WebCore::Layout::TableWrapperBlockFormattingContext::layoutTableBox(WebCore::Layout::ContainerBox const&, WebCore::Layout::FormattingContext::ConstraintsForInFlowContent const&) + 329 (TableWrapperBlockFormattingContext.cpp:77) 7 com.apple.WebCore 0x0000000750a93a07 WebCore::Layout::TableWrapperBlockFormattingContext::layoutInFlowContent(WebCore::Layout::InvalidationState&, WebCore::Layout::FormattingContext::ConstraintsForInFlowContent const&) + 183 (TableWrapperBlockFormattingContext.cpp:59) 8 com.apple.WebCore 0x0000000750a89a5b WebCore::Layout::BlockFormattingContext::layoutInFlowContent(WebCore::Layout::InvalidationState&, WebCore::Layout::FormattingContext::ConstraintsForInFlowContent const&) + 1243 (BlockFormattingContext.cpp:131) 9 com.apple.WebCore 0x0000000750a6dbe4 WebCore::Layout::LayoutContext::layoutFormattingContextSubtree(WebCore::Layout::ContainerBox const&, WebCore::Layout::InvalidationState&) + 324 (LayoutContext.cpp:111) 10 com.apple.WebCore 0x0000000750a6d897 WebCore::Layout::LayoutContext::layoutWithPreparedRootGeometry(WebCore::Layout::InvalidationState&) + 151 (LayoutContext.cpp:87) 11 com.apple.WebCore 0x0000000750a6d725 WebCore::Layout::LayoutContext::layout(WebCore::LayoutSize const&, WebCore::Layout::InvalidationState&) + 533 (LayoutContext.cpp:78) 12 com.apple.WebCore 0x0000000750e22073 WebCore::FrameViewLayoutContext::layoutUsingFormattingContext() + 435 (FrameViewLayoutContext.cpp:83) 13 com.apple.WebCore 0x0000000750e23417 WebCore::FrameViewLayoutContext::layout() + 2135 (FrameViewLayoutContext.cpp:256) 14 com.apple.WebCore 0x000000074fffa15f WebCore::Document::implicitClose() + 1023 (Document.cpp:3084) 15 com.apple.WebCore 0x0000000750bb783b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:966) 16 com.apple.WebCore 0x0000000750bb72fa WebCore::FrameLoader::checkCompleted() + 442 (FrameLoader.cpp:908) 17 com.apple.WebCore 0x0000000750bb5555 WebCore::FrameLoader::finishedParsing() + 293 (FrameLoader.cpp:818) 18 com.apple.WebCore 0x000000075000d540 WebCore::Document::finishedParsing() + 624 (Document.cpp:5878) 19 com.apple.WebCore 0x000000075079e5e8 WebCore::HTMLConstructionSite::finishedParsing() + 24 (HTMLConstructionSite.cpp:420) 20 com.apple.WebCore 0x00000007507eeb85 WebCore::HTMLTreeBuilder::finished() + 261 (HTMLTreeBuilder.cpp:2845) 21 com.apple.WebCore 0x00000007507a59a8 WebCore::HTMLDocumentParser::end() + 248 (HTMLDocumentParser.cpp:450) 22 com.apple.WebCore 0x00000007507a3848 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 296 (HTMLDocumentParser.cpp:459) 23 com.apple.WebCore 0x00000007507a3564 WebCore::HTMLDocumentParser::prepareToStopParsing() + 292 (HTMLDocumentParser.cpp:154) 24 com.apple.WebCore 0x00000007507a5a0f WebCore::HTMLDocumentParser::attemptToEnd() + 63 (HTMLDocumentParser.cpp:471) 25 com.apple.WebCore 0x00000007507a5ae4 WebCore::HTMLDocumentParser::finish() + 68 (HTMLDocumentParser.cpp:499) 26 com.apple.WebCore 0x0000000750b4e74a WebCore::DocumentWriter::end() + 394 (DocumentWriter.cpp:288) 27 com.apple.WebCore 0x0000000750b4d734 WebCore::DocumentLoader::finishedLoading() + 516 (DocumentLoader.cpp:453) 28 com.apple.WebCore 0x0000000750b4d129 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&) + 521 (DocumentLoader.cpp:397) 29 com.apple.WebCore 0x0000000750cd3b7a WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&) + 138 (CachedResource.cpp:375) 30 com.apple.WebCore 0x0000000750ccf6c4 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*, WebCore::NetworkLoadMetrics const&) + 68 (CachedResource.cpp:393) 31 com.apple.WebCore 0x0000000750cd0a61 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*, WebCore::NetworkLoadMetrics const&) + 337 (CachedRawResource.cpp:124) 32 com.apple.WebCore 0x0000000750c51c94 WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) + 1668 (SubresourceLoader.cpp:734) 33 com.apple.WebKit 0x00000007415ecd97 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) + 775 34 com.apple.WebKit 0x0000000741be68fa void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) + 154 (HandleMessage.h:42) 35 com.apple.WebKit 0x0000000741be6830 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) + 112 (HandleMessage.h:48) 36 com.apple.WebKit 0x0000000741be408e void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) + 190 (HandleMessage.h:115) 37 com.apple.WebKit 0x0000000741be38d0 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) + 592 (WebResourceLoaderMessageReceiver.cpp:70) 38 com.apple.WebKit 0x00000007415b0f00 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 144 (NetworkProcessConnection.cpp:94) 39 com.apple.WebKit 0x000000074007481f IPC::Connection::dispatchMessage(IPC::Decoder&) + 431 (Connection.cpp:1002) 40 com.apple.WebKit 0x0000000740075160 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 528 (Connection.cpp:1072) 41 com.apple.WebKit 0x00000007400757e3 IPC::Connection::dispatchOneIncomingMessage() + 211 (Connection.cpp:1139) 42 com.apple.WebKit 0x000000074009468b IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7::operator()() + 91 (Connection.cpp:979) 43 com.apple.WebKit 0x00000007400945a9 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7, void>::call() + 25 (Function.h:52) 44 com.apple.JavaScriptCore 0x000000076aa951aa WTF::Function<void ()>::operator()() const + 138 (Function.h:84) 45 com.apple.JavaScriptCore 0x000000076ab0e898 WTF::RunLoop::performWork() + 280 (RunLoop.cpp:120) 46 com.apple.JavaScriptCore 0x000000076ab0ff7e WTF::RunLoop::performWork(void*) + 30 (RunLoopCF.cpp:39) 47 com.apple.CoreFoundation 0x00007fff2c47b683 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 48 com.apple.CoreFoundation 0x00007fff2c47b629 __CFRunLoopDoSource0 + 108 49 com.apple.CoreFoundation 0x00007fff2c45efeb __CFRunLoopDoSources0 + 195 50 com.apple.CoreFoundation 0x00007fff2c45e5b5 __CFRunLoopRun + 1189 51 com.apple.CoreFoundation 0x00007fff2c45debe CFRunLoopRunSpecific + 455 52 com.apple.Foundation 0x00007fff2e6c27df -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280 53 com.apple.Foundation 0x00007fff2e6c26b4 -[NSRunLoop(NSRunLoop) run] + 76 54 libxpc.dylib 0x00007fff585ed077 _xpc_objc_main + 552 55 libxpc.dylib 0x00007fff585ecb79 xpc_main + 433 56 com.apple.WebKit 0x0000000740861d22 WebKit::XPCServiceMain(int, char const**) + 2034 (XPCServiceMain.mm:177) 57 com.apple.WebKit 0x0000000741c8c4cb WKXPCServiceMain + 27 (WKMain.mm:33) 58 com.apple.WebKit.WebContent 0x000000010363de72 main + 34 (AuxiliaryProcessMain.cpp:30) 59 libdyld.dylib 0x00007fff583b43d5 start + 1

Attachments
Patch (3.88 KB, patch) 2020-05-21 06:54 PDT, zalan	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-05-20 08:13:48 PDT

<rdar://problem/63447683>

Jacob Uphoff

Comment 2 2020-05-20 08:14:31 PDT

Reproduced with command: 'run-webkit-tests --iterations 2000 --exit-after-n-failures 1 --exit-after-n-crashes-or-timeouts 1 --debug-rwt-logging --no-retry --force --no-build -f --debug --root /Volumes/Data/tmp/MacDebug fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html' Working on bisecting now.

Jacob Uphoff

Comment 3 2020-05-20 08:48:20 PDT

Looks like the most likely cause was https://trac.webkit.org/changeset/261745/webkit and I was able to bisect it down to this commit as well.

Jacob Uphoff

Comment 4 2020-05-20 10:52:43 PDT

Set this test to skip: https://trac.webkit.org/changeset/261929/webkit

zalan

Comment 5 2020-05-21 06:54:00 PDT

Created attachment 399951 [details] Patch

EWS

Comment 6 2020-05-21 07:28:10 PDT

Committed r261994: <https://trac.webkit.org/changeset/261994> All reviewed patches have been landed. Closing bug and clearing flags on attachment 399951 [details].

Note You need to log in before you can comment on or make changes to this bug.