Bug 230717

Summary: [Catalina BigSur wk1 Debug ] resize-observer/delete-observers-in-callbacks.html is a flaky crash
Product: WebKit Reporter: Eric Hutchison <ehutchison>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ehutchison, koivisto, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=230245
Attachments:
Description Flags
Crash Log none

Eric Hutchison
Reported 2021-09-23 14:23:56 PDT
Created attachment 439091 [details] Crash Log resize-observer/delete-observers-in-callbacks.html is a flaky crash on BigSur/Catalina wk1 Debug. History: https://results.webkit.org/?suite=layout-tests&test=resize-observer/delete-observers-in-callbacks.html Results: https://ews-build.webkit.org/#/builders/56/builds/15816, https://build.webkit.org/results/Apple-BigSur-Debug-WK1-Tests/r282862%20(4285)/results.html, https://build.webkit.org/results/Apple-BigSur-Debug-WK1-Tests/r282862%20(4285)/results.html Crash Log attached CRASHING TEST: resize-observer/delete-observers-in-callbacks.html Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00000001041d3906 adjustStat + 76 (Heap.cpp:105) [inlined] 1 com.apple.JavaScriptCore 0x00000001041d3906 adjustFreeableMemory + 106 (Heap.cpp:118) [inlined] 2 com.apple.JavaScriptCore 0x00000001041d3906 bmalloc::Heap::decommitLargeRange(std::__1::unique_lock<bmalloc::Mutex>&, bmalloc::LargeRange&, bmalloc::BulkDecommit&) + 486 (Heap.cpp:146) 3 com.apple.JavaScriptCore 0x00000001041d41dc bmalloc::Heap::scavenge(std::__1::unique_lock<bmalloc::Mutex>&, bmalloc::BulkDecommit&, unsigned long&) + 1548 (Heap.cpp:199) 4 com.apple.JavaScriptCore 0x00000001041e457d bmalloc::Scavenger::scavenge() + 205 (Scavenger.cpp:208) 5 com.apple.JavaScriptCore 0x00000001041c7b26 bmalloc::api::scavenge() + 134 (bmalloc.cpp:142) 6 com.apple.JavaScriptCore 0x0000000104096be9 WTF::releaseFastMallocFreeMemory() + 9 (FastMalloc.cpp:638) 7 com.apple.WebCore 0x000000012c55b6c5 WebCore::GCController::garbageCollectNow() + 117 (GCController.cpp:97) 8 com.apple.WebKitLegacy 0x000000010c9d6c3d +[WebCoreStatistics garbageCollectJavaScriptObjects] + 29 (WebCoreStatistics.mm:108) 9 DumpRenderTree 0x000000010297acb3 GCController::collect() const + 35 (GCControllerMac.mm:38) 10 DumpRenderTree 0x000000010297ab76 collectCallback(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 54 (GCController.cpp:39) 11 com.apple.JavaScriptCore 0x0000000104858b9a long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 618 (APICallbackFunction.h:61) 12 com.apple.JavaScriptCore 0x000000010484c53d JSC::callJSCallbackFunction(JSC::JSGlobalObject*, JSC::CallFrame*) + 29 (JSCallbackFunction.cpp:42) 13 ??? 0x000050c874401027 0 + 88821874036775 14 com.apple.JavaScriptCore 0x000000010471e87f llint_entry + 144485 15 com.apple.JavaScriptCore 0x000000010471e92f llint_entry + 144661 16 com.apple.JavaScriptCore 0x00000001046fb120 vmEntryToJavaScript + 289 17 com.apple.JavaScriptCore 0x00000001056e329b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 235 (JITCodeInlines.h:42) 18 com.apple.JavaScriptCore 0x00000001056e3a77 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1847 (Interpreter.cpp:900) 19 com.apple.JavaScriptCore 0x0000000105ad8e3d JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 221 (CallData.cpp:57) 20 com.apple.JavaScriptCore 0x0000000105ad8f1f JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 207 (CallData.cpp:64) 21 com.apple.JavaScriptCore 0x0000000105ad9202 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 130 (CallData.cpp:85) 22 com.apple.WebCore 0x000000012c564d6e WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 110 (JSExecState.h:73) 23 com.apple.WebCore 0x000000012c5649c0 WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject&, JSC::JSObject*, JSC::JSValue, JSC::MarkedArgumentBufferWithSize<8ul>&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&) + 1504 (JSCallbackData.cpp:91) 24 com.apple.WebCore 0x000000012aad367d WebCore::JSCallbackDataWeak::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBufferWithSize<8ul>&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&) + 173 (JSCallbackData.h:113) 25 com.apple.WebCore 0x000000012affacc5 WebCore::JSResizeObserverCallback::handleEvent(WebCore::ResizeObserver&, WTF::Vector<WTF::Ref<WebCore::ResizeObserverEntry, WTF::RawPtrTraits<WebCore::ResizeObserverEntry> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::ResizeObserver&) + 533 (JSResizeObserverCallback.cpp:77) 26 com.apple.WebCore 0x000000012ddc5f45 WebCore::ResizeObserver::deliverObservations() + 965 (ResizeObserver.cpp:145) 27 com.apple.WebCore 0x000000012cccf2ea WebCore::Document::deliverResizeObservations() + 154 (Document.cpp:8111) 28 com.apple.WebCore 0x000000012cccf60a WebCore::Document::updateResizeObservations(WebCore::Page&) + 106 (Document.cpp:8141) 29 com.apple.WebCore 0x000000012dd4a5b0 WebCore::Page::updateRendering()::$_28::operator()(WebCore::Document&) const + 32 (Page.cpp:1592) 30 com.apple.WebCore 0x000000012dd4a543 WTF::Detail::CallableWrapper<WebCore::Page::updateRendering()::$_28, void, WebCore::Document&>::call(WebCore::Document&) + 51 (Function.h:53) 31 com.apple.WebCore 0x000000012cc0e1ca WTF::Function<void (WebCore::Document&)>::operator()(WebCore::Document&) const + 154 (Function.h:82) 32 com.apple.WebCore 0x000000012dcfca7c WebCore::Page::forEachDocument(WTF::Function<void (WebCore::Document&)> const&) const + 220 (Page.cpp:3354) 33 com.apple.WebCore 0x000000012dd0417c WebCore::Page::updateRendering()::$_21::operator()(WebCore::RenderingUpdateStep, WTF::Function<void (WebCore::Document&)> const&) const + 92 (Page.cpp:1557) 34 com.apple.WebCore 0x000000012dd03ddf WebCore::Page::updateRendering() + 927 (Page.cpp:1591) 35 com.apple.WebKitLegacy 0x000000010c96d376 -[WebView(WebPrivate) _updateRendering] + 86 (WebView.mm:1730) 36 com.apple.WebKitLegacy 0x000000010c976e34 -[WebView(WebPrivate) _forceRepaintForTesting] + 36 (WebView.mm:4426) 37 DumpRenderTree 0x0000000102934617 updateDisplay() + 55 (DumpRenderTree.mm:1582) 38 DumpRenderTree 0x0000000102933b63 dump() + 35 (DumpRenderTree.mm:1599) 39 DumpRenderTree 0x00000001029fc991 TestRunner::forceImmediateCompletion() + 65 (TestRunnerMac.mm:290) 40 DumpRenderTree 0x00000001029ebfa6 forceImmediateCompletionCallback(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) + 54 (TestRunner.cpp:1808) 41 com.apple.JavaScriptCore 0x0000000104858b9a long long JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(JSC::JSGlobalObject*, JSC::CallFrame*) + 618 (APICallbackFunction.h:61) 42 com.apple.JavaScriptCore 0x000000010484c53d JSC::callJSCallbackFunction(JSC::JSGlobalObject*, JSC::CallFrame*) + 29 (JSCallbackFunction.cpp:42) 43 ??? 0x000050c874401027 0 + 88821874036775 44 com.apple.JavaScriptCore 0x000000010471e92f llint_entry + 144661 45 com.apple.JavaScriptCore 0x00000001046fb120 vmEntryToJavaScript + 289 46 com.apple.JavaScriptCore 0x00000001056e329b JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 235 (JITCodeInlines.h:42) 47 com.apple.JavaScriptCore 0x00000001056e3a77 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1847 (Interpreter.cpp:900) 48 com.apple.JavaScriptCore 0x0000000105ad8e3d JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 221 (CallData.cpp:57) 49 com.apple.JavaScriptCore 0x0000000105ad8f1f JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 207 (CallData.cpp:64) 50 com.apple.JavaScriptCore 0x0000000105ad9202 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 130 (CallData.cpp:85) 51 com.apple.WebCore 0x000000012c564d6e WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 110 (JSExecState.h:73) 52 com.apple.WebCore 0x000000012c6325e1 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 1009 (ScheduledAction.cpp:121) 53 com.apple.WebCore 0x000000012c632005 WebCore::ScheduledAction::execute(WebCore::Document&) + 277 (ScheduledAction.cpp:141) 54 com.apple.WebCore 0x000000012c631ec3 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) + 67 (ScheduledAction.cpp:86) 55 com.apple.WebCore 0x000000012dbfa947 WebCore::DOMTimer::fired() + 1063 (DOMTimer.cpp:337) 56 com.apple.WebCore 0x000000012df4c624 WebCore::ThreadTimers::sharedTimerFiredInternal() + 644 (ThreadTimers.cpp:127) 57 com.apple.WebCore 0x000000012df52971 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:67) 58 com.apple.WebCore 0x000000012df528fe WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() + 30 (Function.h:53) 59 com.apple.WebCore 0x0000000129ab07f2 WTF::Function<void ()>::operator()() const + 130 (Function.h:82) 60 com.apple.WebCore 0x000000012def95cb WebCore::MainThreadSharedTimer::fired() + 139 (MainThreadSharedTimer.cpp:83) 61 com.apple.WebCore 0x000000012dfe1436 WebCore::timerFired(__CFRunLoopTimer*, void*) + 38 (MainThreadSharedTimerCF.cpp:85) 62 com.apple.CoreFoundation 0x00007fff204ca2b9 0x7fff20430000 + 631481 63 com.apple.CoreFoundation 0x00007fff204c9dad 0x7fff20430000 + 630189 64 com.apple.CoreFoundation 0x00007fff204c990a 0x7fff20430000 + 629002 65 com.apple.CoreFoundation 0x00007fff204b04d3 0x7fff20430000 + 525523 66 com.apple.CoreFoundation 0x00007fff204af64c 0x7fff20430000 + 521804 67 DumpRenderTree 0x00000001029326cb runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 3323 (DumpRenderTree.mm:1963) 68 DumpRenderTree 0x000000010293192a runTestingServerLoop() + 218 (DumpRenderTree.mm:1077) 69 DumpRenderTree 0x0000000102931168 dumpRenderTree(int, char const**) + 616 (DumpRenderTree.mm:1190) 70 DumpRenderTree 0x0000000102933262 DumpRenderTreeMain(int, char const**) + 114 (DumpRenderTree.mm:1301) 71 DumpRenderTree 0x0000000102a1eba2 main + 34 (DumpRenderTreeMain.mm:34) 72 libdyld.dylib 0x00007fff203d3f5d 0x7fff203be000 + 89949
Attachments
Crash Log (160.83 KB, text/plain)
2021-09-23 14:23 PDT, Eric Hutchison 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-09-23 14:25:05 PDT
<rdar://problem/83465437>
Eric Hutchison
Comment 2 2021-09-23 14:56:47 PDT
Updated test expectations at https://trac.webkit.org/changeset/283010/webkit Unable to reproduce locally on BigSur, no access to Catalina for testing.
Eric Hutchison
Comment 3 2021-10-01 10:41:52 PDT
Removed test expectations: https://trac.webkit.org/changeset/283379/webkit
Note You need to log in before you can comment on or make changes to this bug.