219009 – REGRESSION (r269227?): Flaky crash in WebCore::DOMPromiseProxy seen with imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html

RESOLVED FIXED 219009

REGRESSION (r269227?): Flaky crash in WebCore::DOMPromiseProxy seen with imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html

https://bugs.webkit.org/show_bug.cgi?id=219009

Summary REGRESSION (r269227?): Flaky crash in WebCore::DOMPromiseProxy seen with impo...

Ryan Haddad

Reported 2020-11-16 16:16:02 PST

Created attachment 414287 [details] crash log imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html is a flaky crash on iOS and macOS bots with the following backtrace: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000003a9e06b9b WebCore::DOMPromiseProxy<WebCore::IDLInterface<WebCore::ServiceWorkerRegistration> >::resolve(WebCore::ServiceWorkerRegistration&) + 27 1 com.apple.WebCore 0x00000003a9e06b40 WTF::Detail::CallableWrapper<auto WebCore::ServiceWorkerContainer::ready()::$_4::operator()<WebCore::ServiceWorkerRegistrationData>(WebCore::ServiceWorkerRegistrationData&&)::'lambda'(), void>::call() + 96 2 com.apple.WebCore 0x00000003a907e211 WebCore::EventLoop::run() + 337 3 com.apple.WebCore 0x00000003a90ff871 WebCore::WindowEventLoop::didReachTimeToRun() + 17 4 com.apple.WebCore 0x00000003a972fbd6 WebCore::ThreadTimers::sharedTimerFiredInternal() + 198 5 com.apple.WebCore 0x00000003a97594af WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 6 com.apple.CoreFoundation 0x0000000105373112 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 7 com.apple.CoreFoundation 0x0000000105372be5 __CFRunLoopDoTimer + 926 8 com.apple.CoreFoundation 0x0000000105372198 __CFRunLoopDoTimers + 265 9 com.apple.CoreFoundation 0x000000010536c826 __CFRunLoopRun + 1949 10 com.apple.CoreFoundation 0x000000010536bb9e CFRunLoopRunSpecific + 567 11 com.apple.Foundation 0x0000000103223e61 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 209 12 com.apple.Foundation 0x0000000103224075 -[NSRunLoop(NSRunLoop) run] + 76 13 libxpc.dylib 0x0000000106d3b506 _xpc_objc_main + 591 14 libxpc.dylib 0x0000000106d3d4aa xpc_main + 143 15 com.apple.WebKit 0x0000000103827867 WebKit::XPCServiceMain(int, char const**) + 111 16 libdyld.dylib 0x0000000106975415 start + 1 https://results.webkit.org/?suite=layout-tests&test=imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html

Attachments
crash log (128.24 KB, text/plain) 2020-11-16 16:16 PST, Ryan Haddad	no flags	Details
Patch (2.21 KB, patch) 2020-11-18 14:43 PST, Chris Dumez	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2020-11-16 16:16:24 PST

<rdar://problem/71464073>

Ryan Haddad

Comment 2 2020-11-16 16:18:00 PST

The first crash I see in the history for the test was with r269228, but that seems unrelated. This landed right before it, though: Promises returned by our DOM API have the caller's global instead of the callee's https://bugs.webkit.org/show_bug.cgi?id=218363 https://trac.webkit.org/changeset/269227/webkit

Chris Dumez

Comment 3 2020-11-18 14:41:53 PST

Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [9577] VM Regions Near 0: --> __TEXT 0000000106a22000-0000000106a23000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/*.Development Application Specific Information: dyld: in dlopen_preflight() Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000007c7b13e6c WTF::Optional<WebCore::ExceptionOr<WTF::Ref<WebCore::ServiceWorkerRegistration, WTF::RawPtrTraits<WebCore::ServiceWorkerRegistration> > > >::initialized() const + 12 (Optional.h:373) 1 com.apple.WebCore 0x00000007c7b13ac5 WTF::Optional<WebCore::ExceptionOr<WTF::Ref<WebCore::ServiceWorkerRegistration, WTF::RawPtrTraits<WebCore::ServiceWorkerRegistration> > > >::operator bool() const + 21 (Optional.h:516) 2 com.apple.WebCore 0x00000007cb4ac2a1 WebCore::DOMPromiseProxy<WebCore::IDLInterface<WebCore::ServiceWorkerRegistration> >::resolve(WebCore::ServiceWorkerRegistration&) + 33 (DOMPromiseProxy.h:158) 3 com.apple.WebCore 0x00000007cb4ac24d auto WebCore::ServiceWorkerContainer::ready()::$_4::operator()<WebCore::ServiceWorkerRegistrationData>(WebCore::ServiceWorkerRegistrationData&&)::'lambda'()::operator()() + 173 (ServiceWorkerContainer.cpp:117) 4 com.apple.WebCore 0x00000007cb4ac109 WTF::Detail::CallableWrapper<auto WebCore::ServiceWorkerContainer::ready()::$_4::operator()<WebCore::ServiceWorkerRegistrationData>(WebCore::ServiceWorkerRegistrationData&&)::'lambda'(), void>::call() + 25 (Function.h:52) 5 com.apple.WebCore 0x00000007c64742ea WTF::Function<void ()>::operator()() const + 138 (Function.h:83) 6 com.apple.WebCore 0x00000007cb4b2769 void WebCore::ActiveDOMObject::queueTaskKeepingObjectAlive<WebCore::ServiceWorkerContainer>(WebCore::ServiceWorkerContainer&, WebCore::TaskSource, WTF::Function<void ()>&&)::'lambda'()::operator()() const + 25 (ActiveDOMObject.h:128) 7 com.apple.WebCore 0x00000007cb4b25c9 WTF::Detail::CallableWrapper<void WebCore::ActiveDOMObject::queueTaskKeepingObjectAlive<WebCore::ServiceWorkerContainer>(WebCore::ServiceWorkerContainer&, WebCore::TaskSource, WTF::Function<void ()>&&)::'lambda'(), void>::call() + 25 (Function.h:52) 8 com.apple.WebCore 0x00000007c64742ea WTF::Function<void ()>::operator()() const + 138 (Function.h:83) 9 com.apple.WebCore 0x00000007c9428c39 WebCore::EventLoopFunctionDispatchTask::execute() + 25 (EventLoop.cpp:159) 10 com.apple.WebCore 0x00000007c941e8ca WebCore::EventLoop::run() + 378 (EventLoop.cpp:124) 11 com.apple.WebCore 0x00000007c95b0cd0 WebCore::WindowEventLoop::didReachTimeToRun() + 48 (WindowEventLoop.cpp:121) 12 com.apple.WebCore 0x00000007c95b5bf1 decltype(*(std::__1::forward<WebCore::WindowEventLoop*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&, void>(void (WebCore::WindowEventLoop::*&&&)(), WebCore::WindowEventLoop*&&&) + 113 (type_traits:4280)

Chris Dumez

Comment 4 2020-11-18 14:43:51 PST

Created attachment 414487 [details] Patch

Geoffrey Garen

Comment 5 2020-11-18 14:46:10 PST

Comment on attachment 414487 [details] Patch r=me

EWS

Comment 6 2020-11-18 15:38:37 PST

Committed r269997: <https://trac.webkit.org/changeset/269997> All reviewed patches have been landed. Closing bug and clearing flags on attachment 414487 [details].

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Chris Dumez

Reported

2020-11-16 16:16 PST

Modified

2020-11-18 15:38 PST History

CC List

8 users Show

URL

Keywords InRadar

Depends on

Blocks