212139 – [ macOS debug ] REGRESSION: fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html is a flaky crash

Bug 212139 - [ macOS debug ] REGRESSION: fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html is a flaky crash

Summary: [ macOS debug ] REGRESSION: fast/layoutformattingcontext/table-basic-row-base...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	zalan

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-05-20 08:13 PDT by Jacob Uphoff
Modified:	2020-05-21 07:28 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Patch (3.88 KB, patch) 2020-05-21 06:54 PDT, zalan	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jacob Uphoff 2020-05-20 08:13:02 PDT

fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html

This test has recently become a flaky crash with an assertion failure on macOS debug wk2. The first crash was seen on r261751.

History:

https://results.webkit.org/?suite=layout-tests&test=fast%2Flayoutformattingcontext%2Ftable-basic-row-baseline-with-nested-table.html&platform=mac&style=debug

Crash: 

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [93139]

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 000000010363d000-000000010363e000 [    4K] r-x/rwx SM=COW  /Volumes/VOLUME/*/*.Development

Application Specific Information:
CRASHING TEST: fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000076aa6a0f0 WTFCrash + 16 (Assertions.cpp:303)
1   com.apple.WebCore             	0x000000074d5a8ffb WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebCore             	0x0000000750b29730 WTF::Vector<WebCore::LayoutUnit, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> WebCore::Layout::distributeAvailableSpace<WebCore::Layout::RowSpan>(WebCore::Layout::TableGrid const&, WebCore::LayoutUnit, WTF::Function<WebCore::Layout::GridSpace (WebCore::Layout::TableGrid::Slot const&, unsigned long)> const&) + 3248 (TableLayout.cpp:224)
3   com.apple.WebCore             	0x0000000750b28920 WebCore::Layout::TableFormattingContext::TableLayout::distributedVerticalSpace(WTF::Optional<WebCore::LayoutUnit>) + 880 (TableLayout.cpp:290)
4   com.apple.WebCore             	0x0000000750affbd6 WebCore::Layout::TableFormattingContext::computeAndDistributeExtraSpace(WebCore::LayoutUnit, WTF::Optional<WebCore::LayoutUnit>) + 982 (TableFormattingContext.cpp:406)
5   com.apple.WebCore             	0x0000000750aff7be WebCore::Layout::TableFormattingContext::layoutInFlowContent(WebCore::Layout::InvalidationState&, WebCore::Layout::FormattingContext::ConstraintsForInFlowContent const&) + 94 (TableFormattingContext.cpp:58)
6   com.apple.WebCore             	0x0000000750a93d49 WebCore::Layout::TableWrapperBlockFormattingContext::layoutTableBox(WebCore::Layout::ContainerBox const&, WebCore::Layout::FormattingContext::ConstraintsForInFlowContent const&) + 329 (TableWrapperBlockFormattingContext.cpp:77)
7   com.apple.WebCore             	0x0000000750a93a07 WebCore::Layout::TableWrapperBlockFormattingContext::layoutInFlowContent(WebCore::Layout::InvalidationState&, WebCore::Layout::FormattingContext::ConstraintsForInFlowContent const&) + 183 (TableWrapperBlockFormattingContext.cpp:59)
8   com.apple.WebCore             	0x0000000750a89a5b WebCore::Layout::BlockFormattingContext::layoutInFlowContent(WebCore::Layout::InvalidationState&, WebCore::Layout::FormattingContext::ConstraintsForInFlowContent const&) + 1243 (BlockFormattingContext.cpp:131)
9   com.apple.WebCore             	0x0000000750a6dbe4 WebCore::Layout::LayoutContext::layoutFormattingContextSubtree(WebCore::Layout::ContainerBox const&, WebCore::Layout::InvalidationState&) + 324 (LayoutContext.cpp:111)
10  com.apple.WebCore             	0x0000000750a6d897 WebCore::Layout::LayoutContext::layoutWithPreparedRootGeometry(WebCore::Layout::InvalidationState&) + 151 (LayoutContext.cpp:87)
11  com.apple.WebCore             	0x0000000750a6d725 WebCore::Layout::LayoutContext::layout(WebCore::LayoutSize const&, WebCore::Layout::InvalidationState&) + 533 (LayoutContext.cpp:78)
12  com.apple.WebCore             	0x0000000750e22073 WebCore::FrameViewLayoutContext::layoutUsingFormattingContext() + 435 (FrameViewLayoutContext.cpp:83)
13  com.apple.WebCore             	0x0000000750e23417 WebCore::FrameViewLayoutContext::layout() + 2135 (FrameViewLayoutContext.cpp:256)
14  com.apple.WebCore             	0x000000074fffa15f WebCore::Document::implicitClose() + 1023 (Document.cpp:3084)
15  com.apple.WebCore             	0x0000000750bb783b WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:966)
16  com.apple.WebCore             	0x0000000750bb72fa WebCore::FrameLoader::checkCompleted() + 442 (FrameLoader.cpp:908)
17  com.apple.WebCore             	0x0000000750bb5555 WebCore::FrameLoader::finishedParsing() + 293 (FrameLoader.cpp:818)
18  com.apple.WebCore             	0x000000075000d540 WebCore::Document::finishedParsing() + 624 (Document.cpp:5878)
19  com.apple.WebCore             	0x000000075079e5e8 WebCore::HTMLConstructionSite::finishedParsing() + 24 (HTMLConstructionSite.cpp:420)
20  com.apple.WebCore             	0x00000007507eeb85 WebCore::HTMLTreeBuilder::finished() + 261 (HTMLTreeBuilder.cpp:2845)
21  com.apple.WebCore             	0x00000007507a59a8 WebCore::HTMLDocumentParser::end() + 248 (HTMLDocumentParser.cpp:450)
22  com.apple.WebCore             	0x00000007507a3848 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 296 (HTMLDocumentParser.cpp:459)
23  com.apple.WebCore             	0x00000007507a3564 WebCore::HTMLDocumentParser::prepareToStopParsing() + 292 (HTMLDocumentParser.cpp:154)
24  com.apple.WebCore             	0x00000007507a5a0f WebCore::HTMLDocumentParser::attemptToEnd() + 63 (HTMLDocumentParser.cpp:471)
25  com.apple.WebCore             	0x00000007507a5ae4 WebCore::HTMLDocumentParser::finish() + 68 (HTMLDocumentParser.cpp:499)
26  com.apple.WebCore             	0x0000000750b4e74a WebCore::DocumentWriter::end() + 394 (DocumentWriter.cpp:288)
27  com.apple.WebCore             	0x0000000750b4d734 WebCore::DocumentLoader::finishedLoading() + 516 (DocumentLoader.cpp:453)
28  com.apple.WebCore             	0x0000000750b4d129 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&) + 521 (DocumentLoader.cpp:397)
29  com.apple.WebCore             	0x0000000750cd3b7a WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&) + 138 (CachedResource.cpp:375)
30  com.apple.WebCore             	0x0000000750ccf6c4 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*, WebCore::NetworkLoadMetrics const&) + 68 (CachedResource.cpp:393)
31  com.apple.WebCore             	0x0000000750cd0a61 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*, WebCore::NetworkLoadMetrics const&) + 337 (CachedRawResource.cpp:124)
32  com.apple.WebCore             	0x0000000750c51c94 WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) + 1668 (SubresourceLoader.cpp:734)
33  com.apple.WebKit              	0x00000007415ecd97 WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) + 775
34  com.apple.WebKit              	0x0000000741be68fa void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) + 154 (HandleMessage.h:42)
35  com.apple.WebKit              	0x0000000741be6830 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) + 112 (HandleMessage.h:48)
36  com.apple.WebKit              	0x0000000741be408e void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) + 190 (HandleMessage.h:115)
37  com.apple.WebKit              	0x0000000741be38d0 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) + 592 (WebResourceLoaderMessageReceiver.cpp:70)
38  com.apple.WebKit              	0x00000007415b0f00 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 144 (NetworkProcessConnection.cpp:94)
39  com.apple.WebKit              	0x000000074007481f IPC::Connection::dispatchMessage(IPC::Decoder&) + 431 (Connection.cpp:1002)
40  com.apple.WebKit              	0x0000000740075160 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 528 (Connection.cpp:1072)
41  com.apple.WebKit              	0x00000007400757e3 IPC::Connection::dispatchOneIncomingMessage() + 211 (Connection.cpp:1139)
42  com.apple.WebKit              	0x000000074009468b IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7::operator()() + 91 (Connection.cpp:979)
43  com.apple.WebKit              	0x00000007400945a9 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7, void>::call() + 25 (Function.h:52)
44  com.apple.JavaScriptCore      	0x000000076aa951aa WTF::Function<void ()>::operator()() const + 138 (Function.h:84)
45  com.apple.JavaScriptCore      	0x000000076ab0e898 WTF::RunLoop::performWork() + 280 (RunLoop.cpp:120)
46  com.apple.JavaScriptCore      	0x000000076ab0ff7e WTF::RunLoop::performWork(void*) + 30 (RunLoopCF.cpp:39)
47  com.apple.CoreFoundation      	0x00007fff2c47b683 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
48  com.apple.CoreFoundation      	0x00007fff2c47b629 __CFRunLoopDoSource0 + 108
49  com.apple.CoreFoundation      	0x00007fff2c45efeb __CFRunLoopDoSources0 + 195
50  com.apple.CoreFoundation      	0x00007fff2c45e5b5 __CFRunLoopRun + 1189
51  com.apple.CoreFoundation      	0x00007fff2c45debe CFRunLoopRunSpecific + 455
52  com.apple.Foundation          	0x00007fff2e6c27df -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280
53  com.apple.Foundation          	0x00007fff2e6c26b4 -[NSRunLoop(NSRunLoop) run] + 76
54  libxpc.dylib                  	0x00007fff585ed077 _xpc_objc_main + 552
55  libxpc.dylib                  	0x00007fff585ecb79 xpc_main + 433
56  com.apple.WebKit              	0x0000000740861d22 WebKit::XPCServiceMain(int, char const**) + 2034 (XPCServiceMain.mm:177)
57  com.apple.WebKit              	0x0000000741c8c4cb WKXPCServiceMain + 27 (WKMain.mm:33)
58  com.apple.WebKit.WebContent   	0x000000010363de72 main + 34 (AuxiliaryProcessMain.cpp:30)
59  libdyld.dylib                 	0x00007fff583b43d5 start + 1

Comment 1 Radar WebKit Bug Importer 2020-05-20 08:13:48 PDT

<rdar://problem/63447683>

Comment 2 Jacob Uphoff 2020-05-20 08:14:31 PDT

Reproduced with command: 'run-webkit-tests --iterations 2000 --exit-after-n-failures 1 --exit-after-n-crashes-or-timeouts 1 --debug-rwt-logging --no-retry --force --no-build -f --debug --root /Volumes/Data/tmp/MacDebug fast/layoutformattingcontext/table-basic-row-baseline-with-nested-table.html'


Working on bisecting now.

Comment 3 Jacob Uphoff 2020-05-20 08:48:20 PDT

Looks like the most likely cause was https://trac.webkit.org/changeset/261745/webkit and I was able to bisect it down to this commit as well.

Comment 4 Jacob Uphoff 2020-05-20 10:52:43 PDT

Set this test to skip: https://trac.webkit.org/changeset/261929/webkit

Comment 5 zalan 2020-05-21 06:54:00 PDT

Created attachment 399951 [details]
Patch

Comment 6 EWS 2020-05-21 07:28:10 PDT

Committed r261994: <https://trac.webkit.org/changeset/261994>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 399951 [details].