216376 – Assertion Failed: m_currentScriptCallbackID in UIScriptContext::requestUIScriptCompletion

Bug 216376 - Assertion Failed: m_currentScriptCallbackID in UIScriptContext::requestUIScriptCompletion

Summary: Assertion Failed: m_currentScriptCallbackID in UIScriptContext::requestUIScri...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Tools / Tests (show other bugs)
Version:	Safari Technology Preview
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Sihui Liu

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-09-10 13:11 PDT by Simon Fraser (smfr)
Modified:	2020-09-11 21:01 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (2.47 KB, patch) 2020-09-10 16:50 PDT, Sihui Liu	no flags	Details \| Formatted Diff \| Diff
Patch (3.62 KB, patch) 2020-09-11 10:37 PDT, Sihui Liu	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Fraser (smfr) 2020-09-10 13:11:08 PDT

At r266884 I get an assertion when running compositing/iframes/remove-reinsert-webview-with-iframe.html in macOS WK2 WTR:

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [13975]

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 000000010d61d000-000000010d719000 [ 1008K] r-x/r-x SM=COW  /Volumes/VOLUME/*

Application Specific Information:
CRASHING TEST: compositing/iframes/remove-reinsert-webview-with-iframe.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000010d99417e WTFCrash + 14 (Assertions.cpp:295)
1   WebKitTestRunner              	0x000000010d63f95b WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   WebKitTestRunner              	0x000000010d6abb7c WTR::UIScriptContext::requestUIScriptCompletion(OpaqueJSString*) + 108 (UIScriptContext.cpp:160)
3   WebKitTestRunner              	0x000000010d6ababf WTR::UIScriptContext::runUIScript(WTF::String const&, unsigned int) + 239 (UIScriptContext.cpp:71)
4   WebKitTestRunner              	0x000000010d6a5293 WTR::TestInvocation::runUISideScript(OpaqueWKString const*, unsigned int) + 163 (TestInvocation.cpp:1900)
5   WebKitTestRunner              	0x000000010d69f5c4 WTR::TestInvocation::runUISideScriptImmediately(OpaqueWKError const*, void*) + 196 (TestInvocation.cpp:1885)
6   WebKitTestRunner              	0x000000010d69f4ed WTR::TestInvocation::runUISideScriptAfterUpdateCallback(OpaqueWKError const*, void*) + 29 (TestInvocation.cpp:1891)
7   com.apple.WebKit              	0x000000011b9678f7 WKPageCallAfterNextPresentationUpdate::$_5::operator()(WebKit::CallbackBase::Error) const + 119 (WKPage.cpp:2896)
8   com.apple.WebKit              	0x000000011b967851 WTF::Detail::CallableWrapper<WKPageCallAfterNextPresentationUpdate::$_5, void, WebKit::CallbackBase::Error>::call(WebKit::CallbackBase::Error) + 49 (Function.h:52)
9   com.apple.WebKit              	0x000000011b702d08 WTF::Function<void (WebKit::CallbackBase::Error)>::operator()(WebKit::CallbackBase::Error) const + 152 (Function.h:83)
10  com.apple.WebKit              	0x000000011b70f265 WebKit::GenericCallback<>::performCallbackWithReturnValue() + 229 (GenericCallback.h:109)
11  com.apple.WebKit              	0x000000011b702125 WebKit::GenericCallback<>::performCallback() + 21 (GenericCallback.h:115)
12  com.apple.WebKit              	0x000000011b976109 WebKit::TiledCoreAnimationDrawingAreaProxy::dispatchPresentationCallbacksAfterFlushingLayers(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) + 201 (TiledCoreAnimationDrawingAreaProxy.mm:221)
13  com.apple.WebKit              	0x000000011a8fcf50 void IPC::callMemberFunctionImpl<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&), std::__1::tuple<WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >, 0ul>(WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&), std::__1::tuple<WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&, std::__1::integer_sequence<unsigned long, 0ul>) + 160 (HandleMessage.h:42)
14  com.apple.WebKit              	0x000000011a8fac50 void IPC::callMemberFunction<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&), std::__1::tuple<WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)) + 112 (HandleMessage.h:48)
15  com.apple.WebKit              	0x000000011a8f90ad void IPC::handleMessage<Messages::DrawingAreaProxy::DispatchPresentationCallbacksAfterFlushingLayers, WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)>(IPC::Decoder&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)) + 157 (HandleMessage.h:121)
16  com.apple.WebKit              	0x000000011a8f8cee WebKit::DrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 318 (DrawingAreaProxyMessageReceiver.cpp:58)
17  com.apple.WebKit              	0x000000011a9631b1 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 305 (MessageReceiverMap.cpp:124)
18  com.apple.WebKit              	0x000000011b5727ae WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 46 (AuxiliaryProcessProxy.cpp:209)
19  com.apple.WebKit              	0x000000011b7b192f WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 47 (WebProcessProxy.cpp:772)
20  com.apple.WebKit              	0x000000011a8a981f IPC::Connection::dispatchMessage(IPC::Decoder&) + 431 (Connection.cpp:1002)
21  com.apple.WebKit              	0x000000011a8aa150 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 528
22  com.apple.WebKit              	0x000000011a8a89a1 IPC::Connection::dispatchIncomingMessages() + 913 (Connection.cpp:1174)
23  com.apple.WebKit              	0x000000011a8c9242 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7::operator()() + 66 (Connection.cpp:976)
24  com.apple.WebKit              	0x000000011a8c916e WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7, void>::call() + 30 (Function.h:52)
25  com.apple.JavaScriptCore      	0x000000010d9bc032 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
26  com.apple.JavaScriptCore      	0x000000010da2e565 WTF::RunLoop::performWork() + 341 (RunLoop.cpp:124)
27  com.apple.JavaScriptCore      	0x000000010da31cf1 WTF::RunLoop::performWork(void*) + 33 (RunLoopCF.cpp:47)
28  com.apple.CoreFoundation      	0x00007fff34dc7d52 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
29  com.apple.CoreFoundation      	0x00007fff34dc7cf1 __CFRunLoopDoSource0 + 103
30  com.apple.CoreFoundation      	0x00007fff34dc7b0b __CFRunLoopDoSources0 + 209
31  com.apple.CoreFoundation      	0x00007fff34dc683a __CFRunLoopRun + 927
32  com.apple.CoreFoundation      	0x00007fff34dc5e3e CFRunLoopRunSpecific + 462
33  com.apple.Foundation          	0x00007fff374611c8 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
34  WebKitTestRunner              	0x000000010d69452e WTR::TestController::platformRunUntil(bool&, WTF::Seconds) + 302 (TestControllerCocoa.mm:223)
35  WebKitTestRunner              	0x000000010d6518ef WTR::TestController::runUntil(bool&, WTF::Seconds) + 79 (TestController.cpp:1907)
36  WebKitTestRunner              	0x000000010d69973a WTR::TestInvocation::invoke() + 458 (TestInvocation.cpp:185)
37  WebKitTestRunner              	0x000000010d65b8c6 WTR::TestController::runTest(char const*) + 534 (TestController.cpp:1836)
38  WebKitTestRunner              	0x000000010d65c366 WTR::TestController::runTestingServerLoop() + 214 (TestController.cpp:1882)
39  WebKitTestRunner              	0x000000010d6522f7 WTR::TestController::run() + 39 (TestController.cpp:1890)
40  WebKitTestRunner              	0x000000010d651c4f WTR::TestController::TestController(int, char const**) + 831 (TestController.cpp:168)
41  WebKitTestRunner              	0x000000010d6523c3 WTR::TestController::TestController(int, char const**) + 35 (TestController.cpp:169)
42  WebKitTestRunner              	0x000000010d6242cc main + 108 (main.mm:70)
43  libdyld.dylib                 	0x00007fff6ee98cc9 start + 1

Comment 1 Sihui Liu 2020-09-10 16:50:50 PDT

Created attachment 408498 [details]
Patch

Comment 2 Sihui Liu 2020-09-11 10:37:16 PDT

Created attachment 408546 [details]
Patch

Comment 3 Hector Lopez 2020-09-11 15:05:43 PDT

pageoverlay/overlay-remove-reinsert-view.html

Test is also hitting same ASSERTION FAILURE. First occurrence of a crash is at r266895.

History:
https://results.webkit.org/?suite=layout-tests&test=pageoverlay%2Foverlay-remove-reinsert-view.html

StdErr:
ASSERTION FAILED: m_currentScriptCallbackID
/Volumes/Data/slave/catalina-debug/build/Tools/TestRunnerShared/UIScriptContext/UIScriptContext.cpp(160) : void WTR::UIScriptContext::requestUIScriptCompletion(JSStringRef)
1   0x106e002a9 WTFCrash
2   0x1023b14ab WTFCrashWithInfo(int, char const*, char const*, int)
3   0x10242339c WTR::UIScriptContext::requestUIScriptCompletion(OpaqueJSString*)
4   0x1024232df WTR::UIScriptContext::runUIScript(WTF::String const&, unsigned int)
5   0x10241af23 WTR::TestInvocation::runUISideScript(OpaqueWKString const*, unsigned int)
6   0x102415254 WTR::TestInvocation::runUISideScriptImmediately(OpaqueWKError const*, void*)
7   0x10241517d WTR::TestInvocation::runUISideScriptAfterUpdateCallback(OpaqueWKError const*, void*)
8   0x10f459a27 WKPageCallAfterNextPresentationUpdate::$_5::operator()(WebKit::CallbackBase::Error) const
9   0x10f459981 WTF::Detail::CallableWrapper<WKPageCallAfterNextPresentationUpdate::$_5, void, WebKit::CallbackBase::Error>::call(WebKit::CallbackBase::Error)
10  0x10f1e7e38 WTF::Function<void (WebKit::CallbackBase::Error)>::operator()(WebKit::CallbackBase::Error) const
11  0x10f1f5205 WebKit::GenericCallback<>::performCallbackWithReturnValue()
12  0x10f1e7255 WebKit::GenericCallback<>::performCallback()
13  0x10f468279 WebKit::TiledCoreAnimationDrawingAreaProxy::dispatchPresentationCallbacksAfterFlushingLayers(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)
14  0x10e3b1df0 void IPC::callMemberFunctionImpl<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&), std::__1::tuple<WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >, 0ul>(WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&), std::__1::tuple<WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&, std::__1::integer_sequence<unsigned long, 0ul>)
15  0x10e3af980 void IPC::callMemberFunction<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&), std::__1::tuple<WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> >&&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&))
16  0x10e3add3d void IPC::handleMessage<Messages::DrawingAreaProxy::DispatchPresentationCallbacksAfterFlushingLayers, WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)>(IPC::Decoder&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(WTF::Vector<WebKit::CallbackID, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&))
17  0x10e3ad97e WebKit::DrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
18  0x10e418121 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
19  0x10f0512ce WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&)
20  0x10f29862f WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
21  0x10e35ca7f IPC::Connection::dispatchMessage(IPC::Decoder&)
22  0x10e35d3b0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)
23  0x10e35bc01 IPC::Connection::dispatchIncomingMessages()
24  0x10e37cfe2 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7::operator()()
25  0x10e37cf0e WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7, void>::call()
26  0x106e2b792 WTF::Function<void ()>::operator()() const
27  0x106ea9025 WTF::RunLoop::performWork()
28  0x106ead6b1 WTF::RunLoop::performWork(void*)
29  0x7fff2f1fbd52 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
30  0x7fff2f1fbcf1 __CFRunLoopDoSource0


I was able to reproduce crash at r266889 but the spade before that is gapped at r266827 at which test passes

run-webkit-tests pageoverlay/overlay-remove-reinsert-view.html  --iterations 100 --exit-after-n-failures 3

Comment 4 EWS 2020-09-11 21:00:57 PDT

Committed r266971: <https://trac.webkit.org/changeset/266971>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 408546 [details].

Comment 5 Radar WebKit Bug Importer 2020-09-11 21:01:16 PDT

<rdar://problem/68748403>