Bug 225528 - [ BigSur ARM64, iOS 14 EWS] http/wpt/fetch/fetch-response-body-stop-in-worker.html is a flaky crash
Summary: [ BigSur ARM64, iOS 14 EWS] http/wpt/fetch/fetch-response-body-stop-in-worker...
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: youenn fablet
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-05-07 11:34 PDT by Robert Jenner
Modified: 2021-12-21 09:21 PST (History)
5 users (show)

See Also:

Attachments
Full crashlog (77.16 KB, text/plain)
2021-05-07 11:35 PDT, Robert Jenner 		no flags Details
Patch (4.50 KB, patch)
2021-12-13 06:28 PST, youenn fablet 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Jenner 2021-05-07 11:34:29 PDT 
http/wpt/fetch/fetch-response-body-stop-in-worker.html

is a flaky crash on BigSur Apple Silicon Macs only. So far, it has only crashed on BigSur Release wk2, and BigSur Debug wk1. But so far has only been on Apple Silicon Macs. 

HISTORY:
https://results.webkit.org/?suite=layout-tests&test=http%2Fwpt%2Ffetch%2Ffetch-response-body-stop-in-worker.html

CRASH TEXT:
Thread 7 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x000000010a7ce350 structure + 0 (JSCellInlines.h:141) [inlined]
1   com.apple.JavaScriptCore      	0x000000010a7ce350 globalObject + 0 (JSObject.h:877) [inlined]
2   com.apple.JavaScriptCore      	0x000000010a7ce350 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 128 (Interpreter.cpp:865)
3   com.apple.JavaScriptCore      	0x000000010a7ce318 isCollectorBusyOnCurrentThread + 8 (VM.h:1033) [inlined]
4   com.apple.JavaScriptCore      	0x000000010a7ce318 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 72 (Interpreter.cpp:851)
5   com.apple.WebCore             	0x0000000105a35fc8 invokeReadableStreamDefaultControllerFunction + 200 (ReadableStreamDefaultController.cpp:52) [inlined]
6   com.apple.WebCore             	0x0000000105a35fc8 WebCore::ReadableStreamDefaultController::enqueue(JSC::JSValue) + 412 (ReadableStreamDefaultController.cpp:105)
7   com.apple.WebCore             	0x0000000105a361b0 WebCore::ReadableStreamDefaultController::enqueue(WTF::RefPtr<JSC::ArrayBuffer, WTF::RawPtrTraits<JSC::ArrayBuffer>, WTF::DefaultRefDerefTraits<JSC::ArrayBuffer> >&&) + 344 (ReadableStreamDefaultController.cpp:128)
8   com.apple.WebCore             	0x000000010567cb90 enqueue + 20 (FetchBodySource.h:44) [inlined]
9   com.apple.WebCore             	0x000000010567cb90 WebCore::FetchResponse::BodyLoader::didReceiveData(char const*, unsigned long) + 312 (FetchResponse.cpp:373)
10  com.apple.WebCore             	0x000000010619b770 didReceiveData + 12 (ThreadableLoaderClientWrapper.h:72) [inlined]
11  com.apple.WebCore             	0x000000010619b770 operator() + 32 (WorkerThreadableLoader.cpp:238) [inlined]
12  com.apple.WebCore             	0x000000010619b770 WTF::Detail::CallableWrapper<WebCore::WorkerThreadableLoader::MainThreadBridge::didReceiveData(char const*, int)::$_17, void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&) + 56 (Function.h:52)
13  com.apple.WebCore             	0x000000010696198c operator() + 20 (Function.h:83) [inlined]
14  com.apple.WebCore             	0x000000010696198c performTask + 20 (ScriptExecutionContext.h:203) [inlined]
15  com.apple.WebCore             	0x000000010696198c performTask + 36 (WorkerRunLoop.cpp:270) [inlined]
16  com.apple.WebCore             	0x000000010696198c WebCore::WorkerRunLoop::runInMode(WebCore::WorkerOrWorkletGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 392 (WorkerRunLoop.cpp:209)
17  com.apple.WebCore             	0x00000001069617a0 WebCore::WorkerRunLoop::run(WebCore::WorkerOrWorkletGlobalScope*) + 100 (WorkerRunLoop.cpp:143)
18  com.apple.WebCore             	0x000000010695d0ec WebCore::WorkerOrWorkletThread::workerOrWorkletThread() + 744 (WorkerOrWorkletThread.cpp:146)
19  com.apple.JavaScriptCore      	0x0000000109f38338 operator() + 16 (Function.h:83) [inlined]
20  com.apple.JavaScriptCore      	0x0000000109f38338 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 136 (Threading.cpp:185)
21  com.apple.JavaScriptCore      	0x0000000109f3a6e8 WTF::wtfThreadEntryPoint(void*) + 12 (ThreadingPOSIX.cpp:241)
22  libsystem_pthread.dylib       	0x000000018dc9606c _pthread_start + 320
23  libsystem_pthread.dylib       	0x000000018dc90da0 thread_start + 8

https://build.webkit.org/results/Apple-BigSur-Release-AppleSilicon-WK2-Tests/r277174%20(1348)/http/wpt/fetch/fetch-response-body-stop-in-worker-crash-log.txt
Comment 1 Robert Jenner 2021-05-07 11:35:10 PDT 
Created attachment 428014 [details]
Full crashlog

Attaching full crashlog to bug.
Comment 2 Radar WebKit Bug Importer 2021-05-07 17:01:01 PDT 
<rdar://problem/77679378>
Comment 3 Robert Jenner 2021-05-10 15:35:23 PDT 
This only appears to occur on Apple Silicon Macs. As such, I cannot reproduce the failure, as I do not have access to said system type. 

I have updated the test expectations here to Pass Crash for arm64 only:
https://trac.webkit.org/changeset/277300/webkit
Comment 4 youenn fablet 2021-05-10 23:53:35 PDT 
Another crash log:
Thread 32 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x00000001022b7120 WTFCrash + 20 (Assertions.cpp:305)
1   com.apple.WebCore             	0x00000001237995c0 WTFCrashWithInfo(int, char const*, char const*, int) + 32 (Assertions.h:695)
2   com.apple.WebCore             	0x0000000125cf43b8 WebCore::invokeReadableStreamDefaultControllerFunction(JSC::JSGlobalObject&, JSC::Identifier const&, JSC::MarkedArgumentBuffer const&) + 220 (ReadableStreamDefaultController.cpp:48)
3   com.apple.WebCore             	0x0000000125cf4818 WebCore::ReadableStreamDefaultController::enqueue(JSC::JSValue) + 220 (ReadableStreamDefaultController.cpp:105)
4   com.apple.WebCore             	0x0000000125cf4a74 WebCore::ReadableStreamDefaultController::enqueue(WTF::RefPtr<JSC::ArrayBuffer, WTF::RawPtrTraits<JSC::ArrayBuffer>, WTF::DefaultRefDerefTraits<JSC::ArrayBuffer> >&&) + 524 (ReadableStreamDefaultController.cpp:128)
5   com.apple.WebCore             	0x0000000124fdf474 WebCore::FetchBodySource::enqueue(WTF::RefPtr<JSC::ArrayBuffer, WTF::RawPtrTraits<JSC::ArrayBuffer>, WTF::DefaultRefDerefTraits<JSC::ArrayBuffer> >&&) + 64 (FetchBodySource.h:44)


It seems like JS built-ins are non properly setup since they are not callable here.
Comment 6 Eric Hutchison 2021-10-22 11:58:40 PDT 
https://trac.webkit.org/changeset/284706/webkit: updated test expectations as test is also crashing on iOS15
Comment 7 youenn fablet 2021-12-13 05:52:12 PST 
Latest crash is at https://build.webkit.org/results/Apple-Monterey-Debug-AppleSilicon-WK1-Tests/r286611%20(365)/http/wpt/fetch/fetch-response-body-stop-in-worker-crash-log.txt.

What happens is that, if enqueue fails due to a termination error, we fail the response, which errors the source that is already errored.
We should just exit early when erroring the source the second time.
Comment 8 youenn fablet 2021-12-13 06:28:17 PST 
Created attachment 446999 [details]
Patch
Comment 9 youenn fablet 2021-12-21 09:21:49 PST 
Marking as configuration changed, since test is no longer crashing after Mark's changes.