Bug 214166

Summary: imported/w3c/web-platform-tests/media-source/idlharness.window.html is crashing
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: MediaAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: eric.carlson, jer.noble, peng.liu6, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=214164
https://bugs.webkit.org/show_bug.cgi?id=229924

Chris Dumez
Reported 2020-07-09 16:16:08 PDT
imported/w3c/web-platform-tests/media-source/idlharness.window.html is crashing since import: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000000000b0 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [75134] VM Regions Near 0xb0: --> __TEXT 10ac1f000-10ac23000 [ 16K] r-x/r-x SM=COW /Volumes/*/*.Development Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000077a96d9e7 WTF::RefPtr<WTF::WeakPtrImpl<WTF::EmptyCounter>, WTF::DumbPtrTraits<WTF::WeakPtrImpl<WTF::EmptyCounter> > >::operator bool() const + 0 (RefPtr.h:88) [inlined] 1 com.apple.WebCore 0x000000077a96d9e7 WTF::WeakPtr<WebCore::HTMLMediaElement, WTF::EmptyCounter>::get() const + 0 (WeakPtr.h:95) [inlined] 2 com.apple.WebCore 0x000000077a96d9e7 WebCore::MediaSource::mediaElement() const + 0 (MediaSource.h:100) [inlined] 3 com.apple.WebCore 0x000000077a96d9e7 WebCore::SourceBuffer::audioTracks() + 39 (SourceBuffer.cpp:1054) 4 com.apple.WebCore 0x000000077a5ca870 WebCore::jsSourceBufferAudioTracksGetter(JSC::JSGlobalObject&, WebCore::JSSourceBuffer&, JSC::ThrowScope&) + 92 (JSSourceBuffer.cpp:393) [inlined] 5 com.apple.WebCore 0x000000077a5ca870 long long WebCore::IDLAttribute<WebCore::JSSourceBuffer>::get<&(WebCore::jsSourceBufferAudioTracksGetter(JSC::JSGlobalObject&, WebCore::JSSourceBuffer&, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, char const*) + 92 (JSDOMAttribute.h:69) [inlined] 6 com.apple.WebCore 0x000000077a5ca870 WebCore::jsSourceBufferAudioTracks(JSC::JSGlobalObject*, long long, JSC::PropertyName) + 96 (JSSourceBuffer.cpp:399) 7 com.apple.JavaScriptCore 0x000000078001b5ac JSC::PropertySlot::getValue(JSC::JSGlobalObject*, JSC::PropertyName) const + 70 (PropertySlot.h:415) [inlined] 8 com.apple.JavaScriptCore 0x000000078001b5ac JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) const + 540 (JSCJSValueInlines.h:963) [inlined] 9 com.apple.JavaScriptCore 0x000000078001b5ac JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName) const + 540 (JSCJSValueInlines.h:953) [inlined] 10 com.apple.JavaScriptCore 0x000000078001b5ac JSC::LLInt::getByVal(JSC::VM&, JSC::JSGlobalObject*, JSC::CodeBlock*, JSC::JSValue, JSC::JSValue, JSC::OpGetByVal) + 2731 (LLIntSlowPaths.cpp:1050) [inlined] 11 com.apple.JavaScriptCore 0x000000078001b5ac llint_slow_path_get_by_val + 4396 (LLIntSlowPaths.cpp:1078) 12 com.apple.JavaScriptCore 0x000000077f882441 llint_entry + 41659 (LowLevelInterpreter64.asm:97) 13 ??? 0x000003aa88a9c697 0 + 4030972151447 14 ??? 0x000003aa88b68a6a 0 + 4030972988010 15 ??? 0x000003aa88a93e3d 0 + 4030972116541 16 com.apple.JavaScriptCore 0x000000077f891a39 llint_entry + 104627 (LowLevelInterpreter.asm:1047) 17 com.apple.JavaScriptCore 0x000000077f891a39 llint_entry + 104627 (LowLevelInterpreter.asm:1047) 18 com.apple.JavaScriptCore 0x000000077f891a39 llint_entry + 104627 (LowLevelInterpreter.asm:1047) 19 com.apple.JavaScriptCore 0x000000077f877fcf vmEntryToJavaScript + 200 (LowLevelInterpreter64.asm:296) 20 com.apple.JavaScriptCore 0x000000077ff23b06 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 33 (JITCodeInlines.h:42) [inlined] 21 com.apple.JavaScriptCore 0x000000077ff23b06 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 582 (Interpreter.cpp:909) 22 com.apple.JavaScriptCore 0x000000078022f395 JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*) + 837 (JSBoundFunction.cpp:60) 23 ??? 0x000003aa88b8e797 0 + 4030973142935 24 ??? 0x000003aa88af380a 0 + 4030972508170 25 com.apple.JavaScriptCore 0x000000077f891a39 llint_entry + 104627 (LowLevelInterpreter.asm:1047) 26 com.apple.JavaScriptCore 0x000000077f891ab9 llint_entry + 104755 (LowLevelInterpreter.asm:1047) 27 com.apple.JavaScriptCore 0x000000077f891ab9 llint_entry + 104755 (LowLevelInterpreter.asm:1047) 28 com.apple.JavaScriptCore 0x000000077f877fcf vmEntryToJavaScript + 200 (LowLevelInterpreter64.asm:296) 29 com.apple.JavaScriptCore 0x000000077ff23b06 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 33 (JITCodeInlines.h:42) [inlined] 30 com.apple.JavaScriptCore 0x000000077ff23b06 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 582 (Interpreter.cpp:909) 31 com.apple.JavaScriptCore 0x000000078018a6e4 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 33 (CallData.cpp:57) [inlined] 32 com.apple.JavaScriptCore 0x000000078018a6e4 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 164 (CallData.cpp:78) 33 com.apple.JavaScriptCore 0x00000007802872ef JSC::JSMicrotask::run(JSC::JSGlobalObject*) + 415 (JSMicrotask.cpp:92) 34 com.apple.WebCore 0x000000077abfbfe8 WebCore::JSExecState::runTask(JSC::JSGlobalObject*, JSC::Microtask&) + 46 (JSExecState.h:91) [inlined] 35 com.apple.WebCore 0x000000077abfbfe8 WebCore::JSMicrotaskCallback::call() + 104 (JSMicrotaskCallback.h:46) 36 com.apple.WebCore 0x000000077aeaf466 WebCore::MicrotaskQueue::performMicrotaskCheckpoint() + 134 (Microtasks.cpp:64) 37 com.apple.WebCore 0x000000077abef142 WebCore::JSExecState::didLeaveScriptContext(JSC::JSGlobalObject*) + 30 (JSExecState.cpp:42) [inlined] 38 com.apple.WebCore 0x000000077abef142 WebCore::JSExecState::~JSExecState() + 66 (JSExecState.h:143) 39 com.apple.WebCore 0x000000077abeb479 WebCore::JSExecState::~JSExecState() + 5 (JSExecState.h:132) [inlined] 40 com.apple.WebCore 0x000000077abeb479 WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 95 (JSExecState.h:74) [inlined] 41 com.apple.WebCore 0x000000077abeb479 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1481 (JSEventListener.cpp:179) 42 com.apple.WebCore 0x000000077ae9c8e7 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 391 (EventTarget.cpp:341) 43 com.apple.WebCore 0x000000077ae9aa12 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 530 (EventTarget.cpp:273) 44 com.apple.WebCore 0x000000077ae9c73a WebCore::EventTarget::dispatchEvent(WebCore::Event&) + 138 (EventTarget.cpp:222) 45 com.apple.WebCore 0x000000077aea42c7 WebCore::MainThreadGenericEventQueue::dispatchOneEvent() + 151 (GenericEventQueue.cpp:75) 46 com.apple.WebCore 0x000000077b485107 WTF::Function<void ()>::operator()() const + 9 (Function.h:84) [inlined] 47 com.apple.WebCore 0x000000077b485107 WebCore::TaskDispatcher<WebCore::Timer>::dispatchOneTask() + 119 (GenericTaskQueue.cpp:110) 48 com.apple.WebCore 0x000000077b485075 WebCore::TaskDispatcher<WebCore::Timer>::sharedTimerFired() + 293 (GenericTaskQueue.cpp:85) 49 com.apple.WebCore 0x000000077b4ac716 WebCore::ThreadTimers::sharedTimerFiredInternal() + 198 (ThreadTimers.cpp:127) 50 com.apple.WebCore 0x000000077b4cdf2f WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 (MainThreadSharedTimerCF.cpp:74) 51 com.apple.CoreFoundation 0x00007fff2ac93bae __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 52 com.apple.CoreFoundation 0x00007fff2ac936fc __CFRunLoopDoTimer + 873 53 com.apple.CoreFoundation 0x00007fff2ac932bb __CFRunLoopDoTimers + 285 54 com.apple.CoreFoundation 0x00007fff2ac79efb __CFRunLoopRun + 1947 55 com.apple.CoreFoundation 0x00007fff2ac790ea CFRunLoopRunSpecific + 534 56 com.apple.Foundation 0x00007fff2d62b881 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 57 com.apple.Foundation 0x00007fff2d6b99b4 -[NSRunLoop(NSRunLoop) run] + 76 58 libxpc.dylib 0x00007fff6c952a3b _xpc_objc_main + 825 59 libxpc.dylib 0x00007fff6c9524c3 xpc_main + 437 60 com.apple.WebKit 0x00000007781a1cff WebKit::XPCServiceMain(int, char const**) + 623 (XPCServiceMain.mm:171) 61 libdyld.dylib 0x00007fff6c6c57c1 start + 1
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-07-15 09:54:22 PDT
<rdar://problem/65611122>
Sam Sneddon [:gsnedders]
Comment 2 2024-08-14 09:28:29 PDT
I think the crash was effectively fixed by bug 229924? That said, someone needs to re-garden the test to no longer be SKIP, if we believe it should now run to completion everywhere.
Note You need to log in before you can comment on or make changes to this bug.