Bug 219009

Summary: REGRESSION (r269227?): Flaky crash in WebCore::DOMPromiseProxy seen with imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: New BugsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, beidson, cdumez, ggaren, rniwa, webkit-bot-watchers-bugzilla, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
crash log
none
Patch none

Ryan Haddad
Reported 2020-11-16 16:16:02 PST
Created attachment 414287 [details] crash log imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html is a flaky crash on iOS and macOS bots with the following backtrace: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000003a9e06b9b WebCore::DOMPromiseProxy<WebCore::IDLInterface<WebCore::ServiceWorkerRegistration> >::resolve(WebCore::ServiceWorkerRegistration&) + 27 1 com.apple.WebCore 0x00000003a9e06b40 WTF::Detail::CallableWrapper<auto WebCore::ServiceWorkerContainer::ready()::$_4::operator()<WebCore::ServiceWorkerRegistrationData>(WebCore::ServiceWorkerRegistrationData&&)::'lambda'(), void>::call() + 96 2 com.apple.WebCore 0x00000003a907e211 WebCore::EventLoop::run() + 337 3 com.apple.WebCore 0x00000003a90ff871 WebCore::WindowEventLoop::didReachTimeToRun() + 17 4 com.apple.WebCore 0x00000003a972fbd6 WebCore::ThreadTimers::sharedTimerFiredInternal() + 198 5 com.apple.WebCore 0x00000003a97594af WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 6 com.apple.CoreFoundation 0x0000000105373112 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 7 com.apple.CoreFoundation 0x0000000105372be5 __CFRunLoopDoTimer + 926 8 com.apple.CoreFoundation 0x0000000105372198 __CFRunLoopDoTimers + 265 9 com.apple.CoreFoundation 0x000000010536c826 __CFRunLoopRun + 1949 10 com.apple.CoreFoundation 0x000000010536bb9e CFRunLoopRunSpecific + 567 11 com.apple.Foundation 0x0000000103223e61 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 209 12 com.apple.Foundation 0x0000000103224075 -[NSRunLoop(NSRunLoop) run] + 76 13 libxpc.dylib 0x0000000106d3b506 _xpc_objc_main + 591 14 libxpc.dylib 0x0000000106d3d4aa xpc_main + 143 15 com.apple.WebKit 0x0000000103827867 WebKit::XPCServiceMain(int, char const**) + 111 16 libdyld.dylib 0x0000000106975415 start + 1 https://results.webkit.org/?suite=layout-tests&test=imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html
Attachments
crash log (128.24 KB, text/plain)
2020-11-16 16:16 PST, Ryan Haddad 		no flags
Details
Patch (2.21 KB, patch)
2020-11-18 14:43 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-11-16 16:16:24 PST
<rdar://problem/71464073>
Ryan Haddad
Comment 2 2020-11-16 16:18:00 PST
The first crash I see in the history for the test was with r269228, but that seems unrelated. This landed right before it, though: Promises returned by our DOM API have the caller's global instead of the callee's https://bugs.webkit.org/show_bug.cgi?id=218363 https://trac.webkit.org/changeset/269227/webkit
Chris Dumez
Comment 3 2020-11-18 14:41:53 PST
Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [9577] VM Regions Near 0: --> __TEXT 0000000106a22000-0000000106a23000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/*.Development Application Specific Information: dyld: in dlopen_preflight() Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000007c7b13e6c WTF::Optional<WebCore::ExceptionOr<WTF::Ref<WebCore::ServiceWorkerRegistration, WTF::RawPtrTraits<WebCore::ServiceWorkerRegistration> > > >::initialized() const + 12 (Optional.h:373) 1 com.apple.WebCore 0x00000007c7b13ac5 WTF::Optional<WebCore::ExceptionOr<WTF::Ref<WebCore::ServiceWorkerRegistration, WTF::RawPtrTraits<WebCore::ServiceWorkerRegistration> > > >::operator bool() const + 21 (Optional.h:516) 2 com.apple.WebCore 0x00000007cb4ac2a1 WebCore::DOMPromiseProxy<WebCore::IDLInterface<WebCore::ServiceWorkerRegistration> >::resolve(WebCore::ServiceWorkerRegistration&) + 33 (DOMPromiseProxy.h:158) 3 com.apple.WebCore 0x00000007cb4ac24d auto WebCore::ServiceWorkerContainer::ready()::$_4::operator()<WebCore::ServiceWorkerRegistrationData>(WebCore::ServiceWorkerRegistrationData&&)::'lambda'()::operator()() + 173 (ServiceWorkerContainer.cpp:117) 4 com.apple.WebCore 0x00000007cb4ac109 WTF::Detail::CallableWrapper<auto WebCore::ServiceWorkerContainer::ready()::$_4::operator()<WebCore::ServiceWorkerRegistrationData>(WebCore::ServiceWorkerRegistrationData&&)::'lambda'(), void>::call() + 25 (Function.h:52) 5 com.apple.WebCore 0x00000007c64742ea WTF::Function<void ()>::operator()() const + 138 (Function.h:83) 6 com.apple.WebCore 0x00000007cb4b2769 void WebCore::ActiveDOMObject::queueTaskKeepingObjectAlive<WebCore::ServiceWorkerContainer>(WebCore::ServiceWorkerContainer&, WebCore::TaskSource, WTF::Function<void ()>&&)::'lambda'()::operator()() const + 25 (ActiveDOMObject.h:128) 7 com.apple.WebCore 0x00000007cb4b25c9 WTF::Detail::CallableWrapper<void WebCore::ActiveDOMObject::queueTaskKeepingObjectAlive<WebCore::ServiceWorkerContainer>(WebCore::ServiceWorkerContainer&, WebCore::TaskSource, WTF::Function<void ()>&&)::'lambda'(), void>::call() + 25 (Function.h:52) 8 com.apple.WebCore 0x00000007c64742ea WTF::Function<void ()>::operator()() const + 138 (Function.h:83) 9 com.apple.WebCore 0x00000007c9428c39 WebCore::EventLoopFunctionDispatchTask::execute() + 25 (EventLoop.cpp:159) 10 com.apple.WebCore 0x00000007c941e8ca WebCore::EventLoop::run() + 378 (EventLoop.cpp:124) 11 com.apple.WebCore 0x00000007c95b0cd0 WebCore::WindowEventLoop::didReachTimeToRun() + 48 (WindowEventLoop.cpp:121) 12 com.apple.WebCore 0x00000007c95b5bf1 decltype(*(std::__1::forward<WebCore::WindowEventLoop*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&, void>(void (WebCore::WindowEventLoop::*&&&)(), WebCore::WindowEventLoop*&&&) + 113 (type_traits:4280)
Chris Dumez
Comment 4 2020-11-18 14:43:51 PST
Created attachment 414487 [details] Patch
Geoffrey Garen
Comment 5 2020-11-18 14:46:10 PST
Comment on attachment 414487 [details] Patch r=me
EWS
Comment 6 2020-11-18 15:38:37 PST
Committed r269997: <https://trac.webkit.org/changeset/269997> All reviewed patches have been landed. Closing bug and clearing flags on attachment 414487 [details].
Note You need to log in before you can comment on or make changes to this bug.