211086 – REGRESSION: (r260709): [ Mac wk2 Debug ] multiple plugins tests crashing consistently with alert - WebKit::PluginView::performJavaScriptURLRequest(WebKit::PluginView::URLRequest*)

Bug 211086 - REGRESSION: (r260709): [ Mac wk2 Debug ] multiple plugins tests crashing consistently with alert - WebKit::PluginView::performJavaScriptURLRequest(WebKit::PluginView::URLRequest*)

Summary: REGRESSION: (r260709): [ Mac wk2 Debug ] multiple plugins tests crashing cons...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Plug-ins (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Mac macOS 10.15

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-04-27 10:10 PDT by Jason Lawrence
Modified:	2020-04-28 18:02 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
embed-inside-object-crash-log (85.05 KB, text/plain) 2020-04-27 10:10 PDT, Jason Lawrence	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jason Lawrence 2020-04-27 10:10:14 PDT

Created attachment 397696 [details]
embed-inside-object-crash-log

plugins/embed-inside-object.html		
plugins/get-javascript-url.html		
plugins/get-targeted-javascript-url.html		
plugins/get-url-with-javascript-destroying-plugin.html		
plugins/get-url-with-javascript-url.html		
plugins/plugin-remove-subframe.html

Description:
These tests are crashing consistently on Mac wk2 Debug. The tests appear to have regressed with r260709.
History:
https://results.webkit.org/?flavor=wk2&style=debug&platform=mac&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&suite=layout-tests&test=plugins%2Fembed-inside-object.html&test=plugins%2Fget-javascript-url.html&test=plugins%2Fget-targeted-javascript-url.html&test=plugins%2Fget-url-with-javascript-destroying-plugin.html&test=plugins%2Fget-url-with-javascript-url.html&test=plugins%2Fplugin-remove-subframe.html

Crash log attached: 
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000139c53a3e WTFCrash + 14 (Assertions.cpp:309)
1   com.apple.WebKit              	0x000000010c6ae3bb WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebKit              	0x000000010ca53269 WebKit::PluginView::performJavaScriptURLRequest(WebKit::PluginView::URLRequest*) + 137 (PluginView.cpp:1236)
3   com.apple.WebKit              	0x000000010ca53087 WebKit::PluginView::performURLRequest(WebKit::PluginView::URLRequest*) + 87 (PluginView.cpp:1172)
4   com.apple.WebKit              	0x000000010ca4d35e WebKit::PluginView::pendingURLRequestsTimerFired() + 238 (PluginView.cpp:1163)
5   com.apple.WebKit              	0x000000010ca6202b WTF::RunLoop::Timer<WebKit::PluginView>::fired() + 107 (RunLoop.h:171)
6   com.apple.JavaScriptCore      	0x0000000139cf99ae WTF::RunLoop::TimerBase::timerFired(__CFRunLoopTimer*, void*) + 46 (RunLoopCF.cpp:92)
7   com.apple.CoreFoundation      	0x00007fff35b3a9b9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
8   com.apple.CoreFoundation      	0x00007fff35b3a51f __CFRunLoopDoTimer + 859
9   com.apple.CoreFoundation      	0x00007fff35b3a007 __CFRunLoopDoTimers + 322
10  com.apple.CoreFoundation      	0x00007fff35b1edaa __CFRunLoopRun + 1871
11  com.apple.CoreFoundation      	0x00007fff35b1dffe CFRunLoopRunSpecific + 462
12  com.apple.Foundation          	0x00007fff381b22a8 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
13  com.apple.Foundation          	0x00007fff38264d2f -[NSRunLoop(NSRunLoop) run] + 76
14  libxpc.dylib                  	0x00007fff6fcb551a _xpc_objc_main.cold.4 + 49
15  libxpc.dylib                  	0x00007fff6fcb5460 _xpc_objc_main + 559
16  libxpc.dylib                  	0x00007fff6fcb4f93 xpc_main + 377
17  com.apple.WebKit              	0x000000010cf875fb WebKit::XPCServiceMain(int, char const**) + 1499 (XPCServiceMain.mm:172)
18  com.apple.WebKit              	0x000000010e35f82b WKXPCServiceMain + 27 (WKMain.mm:33)
19  com.apple.WebKit.WebContent   	0x000000010c6a1ec2 main + 34 (AuxiliaryProcessMain.cpp:30)
20  libdyld.dylib                 	0x00007fff6fa67cc9 start + 1

Comment 1 Radar WebKit Bug Importer 2020-04-27 10:10:36 PDT

<rdar://problem/62457203>

Comment 2 Jason Lawrence 2020-04-27 10:22:56 PDT

I can reproduce this issue with r260762 and r260709, but I cannot reproduce the issue with r260708. 

Command:
run-webkit-tests --iterations 99 --force -f --debug --exit-after-n-failures 16 plugins/embed-inside-object.html plugins/get-javascript-url.html plugins/get-targeted-javascript-url.html plugins/get-url-with-javascript-destroying-plugin.html plugins/get-url-with-javascript-url.html plugins/plugin-remove-subframe.html


r260709/r260709:
plugins/embed-inside-object.html [ Crash ]
plugins/get-javascript-url.html [ Crash ]
plugins/get-targeted-javascript-url.html [ Crash ]
plugins/get-url-with-javascript-destroying-plugin.html [ Crash ]
plugins/get-url-with-javascript-url.html [ Crash ]
plugins/plugin-remove-subframe.html [ Crash ]

r260708:
All 594 tests ran as expected.

Comment 3 Alexey Proskuryakov 2020-04-28 18:02:01 PDT


*** This bug has been marked as a duplicate of bug 211007 ***

Comment 4 Alexey Proskuryakov 2020-04-28 18:02:48 PDT

Fixed in r260765.