webarchive/loading/mainresource-null-mimetype-crash.html crashes under WebCoreTestSupport::resetInternalsObject(): Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000040 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] Application Specific Information: This process is running with libgmalloc.dylib (GuardMalloc) which may have forced the crash due to a memory access error. CRASHING TEST: webarchive/loading/mainresource-null-mimetype-crash.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libWebCoreTestSupport.dylib 0x0000000190814a4c WebCore::Frame::page() const + 12 (Frame.h:371) 1 libWebCoreTestSupport.dylib 0x000000019096dd27 WebCoreTestSupport::resetInternalsObject(OpaqueJSContext const*) + 103 (WebCoreTestSupport.cpp:66) 2 com.apple.WebKitTestRunner.InjectedBundle 0x00000001906e51f2 WTR::InjectedBundlePage::resetAfterTest() + 66 (InjectedBundlePage.cpp:432) 3 com.apple.WebKitTestRunner.InjectedBundle 0x00000001906db57c WTR::InjectedBundle::didReceiveMessageToPage(OpaqueWKBundlePage const*, OpaqueWKString const*, void const*) + 1404 (InjectedBundle.cpp:198) 4 com.apple.WebKitTestRunner.InjectedBundle 0x00000001906dafec WTR::InjectedBundle::didReceiveMessageToPage(OpaqueWKBundle const*, OpaqueWKBundlePage const*, OpaqueWKString const*, void const*, void const*) + 60 (InjectedBundle.cpp:85) 5 com.apple.WebKit 0x000000010d5243d2 WebKit::InjectedBundleClient::didReceiveMessageToPage(WebKit::InjectedBundle*, WebKit::WebPage*, WTF::String const&, API::Object*) + 162 (InjectedBundleClient.cpp:73) 6 com.apple.WebKit 0x000000010d51e13a WebKit::InjectedBundle::didReceiveMessageToPage(WebKit::WebPage*, WTF::String const&, API::Object*) + 74 (InjectedBundle.cpp:531) 7 com.apple.WebKit 0x000000010dbf7413 WebKit::WebPage::postInjectedBundleMessage(WTF::String const&, WebKit::UserData const&) + 147 (WebPage.cpp:1859) 8 com.apple.WebKit 0x000000010dc7f699 void IPC::callMemberFunctionImpl<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>, 0ul, 1ul>(WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 185 (HandleMessage.h:41) 9 com.apple.WebKit 0x000000010dc7f5d8 void IPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&), std::__1::tuple<WTF::String, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<WTF::String, WebKit::UserData>&&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, WebKit::UserData const&)) + 88 (HandleMessage.h:47) Reproduced via: Tools/Scripts/run-webkit-tests webarchive/loading/mainresource-null-mimetype-crash.html --repeat-each 1000 -v --no-retry -gf --child-processes=50 --no-build --no-timeout --debug
Created attachment 311719 [details] Patch
rdar://problem/23641011
Comment on attachment 311719 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=311719&action=review > Source/WebCore/ChangeLog:8 > + Do not assume the document's frame and page pointers are non null in WebCoreTestSupport::resetInternalsObject(). Is that actually an expected situation, or is the root cause elsewhere? I thought that we always needed to reset the state, so returning early would result in misconfigured tetsing down the line.
Note that there are other crashes happening on this test, so I assumed it was a WebCore issue.
Comment on attachment 311719 [details] Patch Attachment 311719 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/3854789 New failing tests: webrtc/peer-connection-audio-mute.html
Created attachment 311738 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.5
(In reply to Alexey Proskuryakov from comment #4) > Note that there are other crashes happening on this test, so I assumed it > was a WebCore issue. The issue is that this test navigates the main frame. When that happens, a new document is created and associated to the main frame. The old document is then frameless. My bet , since it is flaky, is that we sometimes call resetInternalsObject() on the old document (pre-navigation) and sometimes on the new document (post-navigation). One thing I think we should do is update the test to na
Created attachment 311740 [details] Patch
Comment on attachment 311740 [details] Patch rs=me. Seems reasonable to work around this in tests for now.
Comment on attachment 311740 [details] Patch Clearing flags on attachment: 311740 Committed r217680: <http://trac.webkit.org/changeset/217680>
All reviewed patches have been landed. Closing bug.