211086 – REGRESSION: (r260709): [ Mac wk2 Debug ] multiple plugins tests crashing consistently with alert - WebKit::PluginView::performJavaScriptURLRequest(WebKit::PluginView::URLRequest*)

RESOLVED FIXED 211086

REGRESSION: (r260709): [ Mac wk2 Debug ] multiple plugins tests crashing consistently with alert - WebKit::PluginView::performJavaScriptURLRequest(WebKit::PluginView::URLRequest*)

https://bugs.webkit.org/show_bug.cgi?id=211086

Summary REGRESSION: (r260709): [ Mac wk2 Debug ] multiple plugins tests crashing cons...

Jason Lawrence

Reported 2020-04-27 10:10:14 PDT

Created attachment 397696 [details] embed-inside-object-crash-log plugins/embed-inside-object.html plugins/get-javascript-url.html plugins/get-targeted-javascript-url.html plugins/get-url-with-javascript-destroying-plugin.html plugins/get-url-with-javascript-url.html plugins/plugin-remove-subframe.html Description: These tests are crashing consistently on Mac wk2 Debug. The tests appear to have regressed with r260709. History: https://results.webkit.org/?flavor=wk2&style=debug&platform=mac&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&test=plugins%2Fembed-inside-object.html&test=plugins%2Fget-javascript-url.html&test=plugins%2Fget-targeted-javascript-url.html&test=plugins%2Fget-url-with-javascript-destroying-plugin.html&test=plugins%2Fget-url-with-javascript-url.html&test=plugins%2Fplugin-remove-subframe.html Crash log attached: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000139c53a3e WTFCrash + 14 (Assertions.cpp:309) 1 com.apple.WebKit 0x000000010c6ae3bb WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebKit 0x000000010ca53269 WebKit::PluginView::performJavaScriptURLRequest(WebKit::PluginView::URLRequest*) + 137 (PluginView.cpp:1236) 3 com.apple.WebKit 0x000000010ca53087 WebKit::PluginView::performURLRequest(WebKit::PluginView::URLRequest*) + 87 (PluginView.cpp:1172) 4 com.apple.WebKit 0x000000010ca4d35e WebKit::PluginView::pendingURLRequestsTimerFired() + 238 (PluginView.cpp:1163) 5 com.apple.WebKit 0x000000010ca6202b WTF::RunLoop::Timer<WebKit::PluginView>::fired() + 107 (RunLoop.h:171) 6 com.apple.JavaScriptCore 0x0000000139cf99ae WTF::RunLoop::TimerBase::timerFired(__CFRunLoopTimer*, void*) + 46 (RunLoopCF.cpp:92) 7 com.apple.CoreFoundation 0x00007fff35b3a9b9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 8 com.apple.CoreFoundation 0x00007fff35b3a51f __CFRunLoopDoTimer + 859 9 com.apple.CoreFoundation 0x00007fff35b3a007 __CFRunLoopDoTimers + 322 10 com.apple.CoreFoundation 0x00007fff35b1edaa __CFRunLoopRun + 1871 11 com.apple.CoreFoundation 0x00007fff35b1dffe CFRunLoopRunSpecific + 462 12 com.apple.Foundation 0x00007fff381b22a8 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 13 com.apple.Foundation 0x00007fff38264d2f -[NSRunLoop(NSRunLoop) run] + 76 14 libxpc.dylib 0x00007fff6fcb551a _xpc_objc_main.cold.4 + 49 15 libxpc.dylib 0x00007fff6fcb5460 _xpc_objc_main + 559 16 libxpc.dylib 0x00007fff6fcb4f93 xpc_main + 377 17 com.apple.WebKit 0x000000010cf875fb WebKit::XPCServiceMain(int, char const**) + 1499 (XPCServiceMain.mm:172) 18 com.apple.WebKit 0x000000010e35f82b WKXPCServiceMain + 27 (WKMain.mm:33) 19 com.apple.WebKit.WebContent 0x000000010c6a1ec2 main + 34 (AuxiliaryProcessMain.cpp:30) 20 libdyld.dylib 0x00007fff6fa67cc9 start + 1

Attachments
embed-inside-object-crash-log (85.05 KB, text/plain) 2020-04-27 10:10 PDT, Jason Lawrence	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-04-27 10:10:36 PDT

<rdar://problem/62457203>

Jason Lawrence

Comment 2 2020-04-27 10:22:56 PDT

I can reproduce this issue with r260762 and r260709, but I cannot reproduce the issue with r260708. Command: run-webkit-tests --iterations 99 --force -f --debug --exit-after-n-failures 16 plugins/embed-inside-object.html plugins/get-javascript-url.html plugins/get-targeted-javascript-url.html plugins/get-url-with-javascript-destroying-plugin.html plugins/get-url-with-javascript-url.html plugins/plugin-remove-subframe.html r260709/r260709: plugins/embed-inside-object.html [ Crash ] plugins/get-javascript-url.html [ Crash ] plugins/get-targeted-javascript-url.html [ Crash ] plugins/get-url-with-javascript-destroying-plugin.html [ Crash ] plugins/get-url-with-javascript-url.html [ Crash ] plugins/plugin-remove-subframe.html [ Crash ] r260708: All 594 tests ran as expected.

Alexey Proskuryakov

Comment 3 2020-04-28 18:02:01 PDT

*** This bug has been marked as a duplicate of bug 211007 ***

Alexey Proskuryakov

Comment 4 2020-04-28 18:02:48 PDT

Fixed in r260765.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Mac

OS macOS 10.15

Product WebKit

Component Plug-ins

Assignee

Nobody

Reported

2020-04-27 10:10 PDT

Modified

2020-04-28 18:02 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks