RESOLVED FIXED Bug 203855
REGRESSION (r251930): Flaky WK1 crash in printing/pseudo-class-outside-page.html 
https://bugs.webkit.org/show_bug.cgi?id=203855
Summary REGRESSION (r251930): Flaky WK1 crash in printing/pseudo-class-outside-page.html
Jonathan Bedard
Reported 2019-11-05 09:33:45 PST
This is a weird one, but looking at our results, we have a flakey OS specific WK1 crash that is also a regression: https://results.webkit.org/?suite=layout-tests&test=printing%2Fpseudo-class-outside-page.html&version_name=Catalina Only reproduces on 19A602. 19B88 doesn't reproduce the crash, so maybe we're OK in practice, but given that this is a crash, someone needs to investigate.
Attachments
Fix the crash (1.58 KB, patch)
2019-11-05 11:22 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2019-11-05 11:15:38 PST
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000108c55938 WebCore::FrameView::forceLayoutForPagination(WebCore::FloatSize const&, WebCore::FloatSize const&, float, WebCore::AdjustViewSizeOrNot) + 24 (FrameView.cpp:4535) 1 com.apple.WebCore 0x0000000108c55690 WebCore::Frame::setPrinting(bool, WebCore::FloatSize const&, WebCore::FloatSize const&, float, WebCore::AdjustViewSizeOrNot) + 272 2 com.apple.WebCore 0x0000000108ca10d5 WebCore::PrintContext::begin(float, float) + 117 (PrintContext.cpp:203) 3 libWebCoreTestSupport.dylib 0x00000001038e2e3c WebCore::jsInternalsPrototypeFunctionSetPrinting(JSC::JSGlobalObject*, JSC::CallFrame*) + 236 4 ??? 0x00004c2e1080116b 0 + 83760729035115 5 com.apple.JavaScriptCore 0x0000000103d2c534 llint_entry + 92295 6 com.apple.JavaScriptCore 0x0000000103d15aff vmEntryToJavaScript + 200 7 com.apple.JavaScriptCore 0x00000001043695df JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) + 11887 (Interpreter.cpp:846) 8 com.apple.JavaScriptCore 0x00000001045f9bb1 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 289 (Completion.cpp:146) 9 com.apple.WebCore 0x000000010851b394 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 84 (JSExecState.h:79) 10 com.apple.WebCore 0x000000010851b1f9 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) + 169 (ScriptController.cpp:134) 11 com.apple.WebCore 0x00000001087e8438 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) + 568 (ScriptElement.cpp:391) 12 com.apple.WebCore 0x00000001087e689c WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1244 (ScriptElement.cpp:268) 13 com.apple.WebCore 0x0000000108a60528 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) + 88 (HTMLScriptRunner.cpp:252) 14 com.apple.WebCore 0x0000000108a60480 WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::DumbPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&) + 48 (HTMLScriptRunner.cpp:142) 15 com.apple.WebCore 0x0000000108a548ad WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 157 (HTMLDocumentParser.cpp:234) 16 com.apple.WebCore 0x0000000108a54c57 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) + 599 (HTMLDocumentParser.cpp:255) 17 com.apple.WebCore 0x0000000108a545b8 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 136 (HTMLDocumentParser.cpp:309) 18 com.apple.WebCore 0x0000000108a55645 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >&&) + 1541 (HTMLDocumentParser.cpp:419) 19 com.apple.WebCore 0x0000000108741172 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) + 114 (RefPtr.h:69) 20 com.apple.WebCore 0x0000000108b651a1 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 657 21 com.apple.WebKitLegacy 0x000000010544bf45 -[WebHTMLRepresentation receivedData:withDataSource:] + 85 (WebHTMLRepresentation.mm:181) 22 com.apple.WebKitLegacy 0x00000001053df1e0 -[WebDataSource(WebInternal) _receivedData:] + 64 (WebDataSource.mm:251) 23 com.apple.WebKitLegacy 0x00000001053d9d91 WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 97 (WebFrameLoaderClient.mm:1014) 24 com.apple.WebCore 0x0000000108b682a4 WebCore::DocumentLoader::commitLoad(char const*, int) + 148 (DocumentLoader.cpp:1005) 25 com.apple.WebCore 0x0000000108b67d11 WebCore::DocumentLoader::continueAfterContentPolicy(WebCore::PolicyAction) + 1313 (DocumentLoader.cpp:978) 26 com.apple.WebCore 0x0000000108b66051 WebCore::DocumentLoader::responseReceived(WebCore::ResourceResponse const&, WTF::CompletionHandler<void ()>&&) + 1841 27 com.apple.WebCore 0x0000000108b6254c WebCore::DocumentLoader::handleSubstituteDataLoadNow() + 364 (DocumentLoader.cpp:475) 28 com.apple.JavaScriptCore 0x0000000103a99f03 WTF::timerFired(__CFRunLoopTimer*, void*) + 35 (RunLoopTimerCF.cpp:53) 29 com.apple.CoreFoundation 0x00007fff31ec75b4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 30 com.apple.CoreFoundation 0x00007fff31ec716e __CFRunLoopDoTimer + 859 31 com.apple.CoreFoundation 0x00007fff31ec6b8e __CFRunLoopDoTimers + 317 32 com.apple.CoreFoundation 0x00007fff31ea793d __CFRunLoopRun + 2213 33 com.apple.CoreFoundation 0x00007fff31ea6e13 CFRunLoopRunSpecific + 499 34 DumpRenderTree 0x000000010379a5f4 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 2675 (DumpRenderTree.mm:2105) 35 DumpRenderTree 0x00000001037997ae dumpRenderTree(int, char const**) + 2813 (DumpRenderTree.mm:1216) 36 DumpRenderTree 0x000000010379b1e1 DumpRenderTreeMain(int, char const**) + 1438 (DumpRenderTree.mm:1450) 37 libdyld.dylib 0x00007fff691a6405 start + 1
Ryosuke Niwa
Comment 2 2019-11-05 11:22:40 PST
Created attachment 382836 [details] Fix the crash
Ryosuke Niwa
Comment 3 2019-11-05 11:23:28 PST
I couldn't reproduce this locally but I know what's going on. This tests removes the frame inside the media query so FrameView is no more by the time we try to update the layout.
Ryosuke Niwa
Comment 4 2019-11-05 13:54:58 PST
Comment on attachment 382836 [details] Fix the crash Clearing flags on attachment: 382836 Committed r252079: <https://trac.webkit.org/changeset/252079>
Ryosuke Niwa
Comment 5 2019-11-05 13:55:00 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 6 2019-11-05 13:55:22 PST
<rdar://problem/56917649>
Ryosuke Niwa
Comment 7 2019-11-05 16:24:02 PST
So far so good. Will wait for a few more builds on "A" builds to be sure...
Ryosuke Niwa
Comment 8 2019-11-05 19:13:14 PST
I'm pretty sure this is fixed now.
Note You need to log in before you can comment on or make changes to this bug.