Recently, the following tests are randomly crashing only on WinCairo buildbot. They are "No crash log found for WebProcess:12628.". imported/w3c/web-platform-tests/trusted-types/worker-constructor.https.html imported/w3c/web-platform-tests/wai-aria/idlharness.window.html History: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Ftrusted-types%2Fworker-constructor.https.html&test=imported%2Fw3c%2Fweb-platform-tests%2Fwai-aria%2Fidlharness.window.html&platform=wincairo
Created attachment 469779 [details] CrashLog_25b0_2024-01-31_12-25-38-653.txt This seems to be the first test failure. Buildbot: builder WinCairo-64-bit-Release-Tests build 3393 : 273819@main https://build.webkit.org/#/builders/728/builds/3393 There is one crash log in the test result directory. https://build.webkit.org/results/WinCairo-64-bit-Release-Tests/273819@main%20(3393)/CrashLog_25b0_2024-01-31_12-25-38-653.txt # 24 Id: 3154.3388 Suspend: 1 Teb: 00000006`91254000 Unfrozen # Child-SP RetAddr Call Site 00 (Inline Function) --------`-------- WebCore!JSC::WeakImpl::clear [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\JavaScriptCore\PrivateHeaders\JavaScriptCore\WeakImpl.h @ 77] 01 (Inline Function) --------`-------- WebCore!JSC::Weak<WebCore::JSDOMGlobalObject>::clear+0x8 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\JavaScriptCore\PrivateHeaders\JavaScriptCore\WeakImpl.h @ 126] 02 (Inline Function) --------`-------- WebCore!JSC::Weak<WebCore::JSDOMGlobalObject>::~Weak+0x8 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\JavaScriptCore\PrivateHeaders\JavaScriptCore\Weak.h @ 60] 03 (Inline Function) --------`-------- WebCore!WebCore::JSCallbackData::~JSCallbackData+0x8 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\bindings\js\JSCallbackData.h @ 64] 04 (Inline Function) --------`-------- WebCore!WebCore::JSCallbackDataStrong::~JSCallbackDataStrong+0x4f [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\bindings\js\JSCallbackData.h @ 73] 05 00000006`92eff710 00007ff8`d31543d0 WebCore!WebCore::JSCreateScriptURLCallback::~JSCreateScriptURLCallback(void)+0x98 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WebCore\DerivedSources\JSCreateScriptURLCallback.cpp @ 46] 06 00000006`92eff770 00007ff8`d3718560 WebCore!WebCore::JSCreateScriptURLCallback::~JSCreateScriptURLCallback(int should_call_delete = 0n1)+0x10 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WebCore\DerivedSources\JSCreateScriptURLCallback.cpp @ 41] 07 (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::CreateScriptURLCallback>::operator()+0xb [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 08 (Inline Function) --------`-------- WebCore!WTF::RefCounted<WebCore::CreateScriptURLCallback,std::default_delete<WebCore::CreateScriptURLCallback> >::deref+0x17 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\RefCounted.h @ 220] 09 (Inline Function) --------`-------- WebCore!WTF::DefaultRefDerefTraits<WebCore::CreateScriptURLCallback>::derefIfNotNull+0x1c [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\Ref.h @ 62] 0a (Inline Function) --------`-------- WebCore!WTF::RefPtr<WebCore::CreateScriptURLCallback,WTF::RawPtrTraits<WebCore::CreateScriptURLCallback>,WTF::DefaultRefDerefTraits<WebCore::CreateScriptURLCallback> >::~RefPtr+0x28 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 60] 0b 00000006`92eff7b0 00007ff8`d37195e7 WebCore!WebCore::TrustedTypePolicy::~TrustedTypePolicy(void)+0x30 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\dom\TrustedTypePolicy.h @ 48] 0c (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::TrustedTypePolicy>::operator()+0x8 [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 0d (Inline Function) --------`-------- WebCore!WTF::RefCounted<WebCore::TrustedTypePolicy,std::default_delete<WebCore::TrustedTypePolicy> >::deref+0x14 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\RefCounted.h @ 220] 0e (Inline Function) --------`-------- WebCore!WTF::DefaultRefDerefTraits<WebCore::TrustedTypePolicy>::derefIfNotNull+0x19 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\Ref.h @ 62] 0f (Inline Function) --------`-------- WebCore!WTF::RefPtr<WebCore::TrustedTypePolicy,WTF::RawPtrTraits<WebCore::TrustedTypePolicy>,WTF::DefaultRefDerefTraits<WebCore::TrustedTypePolicy> >::~RefPtr+0x25 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 60] 10 00000006`92eff7e0 00007ff8`d3f1cfe1 WebCore!WebCore::TrustedTypePolicyFactory::~TrustedTypePolicyFactory(void)+0x97 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\dom\TrustedTypePolicyFactory.h @ 46] 11 (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::TrustedTypePolicyFactory>::operator()+0x8 [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 12 (Inline Function) --------`-------- WebCore!WTF::RefCounted<WebCore::TrustedTypePolicyFactory,std::default_delete<WebCore::TrustedTypePolicyFactory> >::deref+0x2a [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\RefCounted.h @ 220] 13 (Inline Function) --------`-------- WebCore!WTF::DefaultRefDerefTraits<WebCore::TrustedTypePolicyFactory>::derefIfNotNull+0x2f [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\Ref.h @ 62] 14 (Inline Function) --------`-------- WebCore!WTF::RefPtr<WebCore::TrustedTypePolicyFactory,WTF::RawPtrTraits<WebCore::TrustedTypePolicyFactory>,WTF::DefaultRefDerefTraits<WebCore::TrustedTypePolicyFactory> >::~RefPtr+0x3b [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 60] 15 (Inline Function) --------`-------- WebCore!WebCore::WorkerGlobalScopeTrustedTypes::~WorkerGlobalScopeTrustedTypes+0x45 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\dom\WindowOrWorkerGlobalScopeTrustedTypes.cpp @ 87] 16 00000006`92eff830 00007ff8`d4b257e4 WebCore!WebCore::WorkerGlobalScopeTrustedTypes::~WorkerGlobalScopeTrustedTypes(int should_call_delete = 0n1)+0x51 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\dom\WindowOrWorkerGlobalScopeTrustedTypes.cpp @ 87] 17 (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> >::operator()+0xa [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 18 (Inline Function) --------`-------- WebCore!std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > >::~unique_ptr+0x14 [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\memory @ 3290] 19 (Inline Function) --------`-------- WebCore!WTF::KeyValuePair<WTF::ASCIILiteral,std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > > >::~KeyValuePair+0x14 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\KeyValuePair.h @ 33] 1a (Inline Function) --------`-------- WebCore!WTF::HashTable<WTF::ASCIILiteral,WTF::KeyValuePair<WTF::ASCIILiteral,std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > > >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ASCIILiteral,std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > > > >,WTF::ASCIILiteralPtrHash,WTF::HashMap<WTF::ASCIILiteral,std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > >,WTF::ASCIILiteralPtrHash,WTF::HashTraits<WTF::ASCIILiteral>,WTF::HashTraits<std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > > >,WTF::HashTableTraits>::KeyValuePairTraits,WTF::HashTraits<WTF::ASCIILiteral> >::deallocateTable+0x3a [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\HashTable.h @ 1169] 1b (Inline Function) --------`-------- WebCore!WTF::HashTable<WTF::ASCIILiteral,WTF::KeyValuePair<WTF::ASCIILiteral,std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > > >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ASCIILiteral,std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > > > >,WTF::ASCIILiteralPtrHash,WTF::HashMap<WTF::ASCIILiteral,std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > >,WTF::ASCIILiteralPtrHash,WTF::HashTraits<WTF::ASCIILiteral>,WTF::HashTraits<std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > > >,WTF::HashTableTraits>::KeyValuePairTraits,WTF::HashTraits<WTF::ASCIILiteral> >::~HashTable+0x46 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\HashTable.h @ 424] 1c (Inline Function) --------`-------- WebCore!WTF::HashMap<WTF::ASCIILiteral,std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > >,WTF::ASCIILiteralPtrHash,WTF::HashTraits<WTF::ASCIILiteral>,WTF::HashTraits<std::unique_ptr<WebCore::Supplement<WebCore::WorkerGlobalScope>,std::default_delete<WebCore::Supplement<WebCore::WorkerGlobalScope> > > >,WTF::HashTableTraits>::~HashMap+0x46 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\HashMap.h @ 35] 1d (Inline Function) --------`-------- WebCore!WebCore::Supplementable<WebCore::WorkerGlobalScope>::~Supplementable+0x46 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\platform\Supplementable.h @ 98] 1e 00000006`92eff870 00007ff8`d4b22f60 WebCore!WebCore::WorkerGlobalScope::~WorkerGlobalScope(void)+0x624 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\workers\WorkerGlobalScope.cpp @ 148] 1f (Inline Function) --------`-------- WebCore!WebCore::DedicatedWorkerGlobalScope::~DedicatedWorkerGlobalScope+0x35 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\workers\DedicatedWorkerGlobalScope.cpp @ 80] 20 00000006`92eff8e0 00007ff8`d4b353b3 WebCore!WebCore::DedicatedWorkerGlobalScope::~DedicatedWorkerGlobalScope(int should_call_delete = 0n1)+0x40 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\workers\DedicatedWorkerGlobalScope.cpp @ 77] 21 (Inline Function) --------`-------- WebCore!std::default_delete<WebCore::WorkerOrWorkletGlobalScope>::operator()+0xe [C:\MSVS\VC\Tools\MSVC\14.37.32822\include\memory @ 3180] 22 (Inline Function) --------`-------- WebCore!WTF::RefCounted<WebCore::WorkerOrWorkletGlobalScope,std::default_delete<WebCore::WorkerOrWorkletGlobalScope> >::deref+0xfb [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\RefCounted.h @ 220] 23 (Inline Function) --------`-------- WebCore!WTF::DefaultRefDerefTraits<WebCore::WorkerOrWorkletGlobalScope>::derefIfNotNull+0x100 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\Ref.h @ 62] 24 (Inline Function) --------`-------- WebCore!WTF::RefPtr<WebCore::WorkerOrWorkletGlobalScope,WTF::RawPtrTraits<WebCore::WorkerOrWorkletGlobalScope>,WTF::DefaultRefDerefTraits<WebCore::WorkerOrWorkletGlobalScope> >::operator=+0x100 [C:\BW\WinCairo-64-bit-Release-Build\build\WebKitBuild\Release\WTF\Headers\wtf\RefPtr.h @ 155] 25 00000006`92eff920 00007ff8`d4b34f89 WebCore!WebCore::WorkerOrWorkletThread::destroyWorkerGlobalScope(class WTF::Ref<WebCore::WorkerOrWorkletThread,WTF::RawPtrTraits<WebCore::WorkerOrWorkletThread>,WTF::DefaultRefDerefTraits<WebCore::WorkerOrWorkletThread> > * protectedThis = 0x00000006`92eff9d8)+0x193 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\workers\WorkerOrWorkletThread.cpp @ 230] 26 00000006`92eff990 00007ff8`f6483c73 WebCore!WebCore::WorkerOrWorkletThread::workerOrWorkletThread(void)+0x439 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WebCore\workers\WorkerOrWorkletThread.cpp @ 199] 27 (Inline Function) --------`-------- WTF!WTF::Function<void +0x9 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WTF\wtf\Function.h @ 82] 28 00000006`92effa10 00007ff8`f64e8819 WTF!WTF::Thread::entryPoint(struct WTF::Thread::NewThreadContext * newThreadContext = 0x00000180`6ca9e3b0)+0xb3 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WTF\wtf\Threading.cpp @ 259] 29 00000006`92effa80 00007ff8`efe16b4c WTF!WTF::wtfThreadEntryPoint(void * data = <Value unavailable error>)+0x9 [C:\BW\WinCairo-64-bit-Release-Build\build\Source\WTF\wtf\win\ThreadingWin.cpp @ 151] 2a 00000006`92effab0 00007ff8`f3384de0 ucrtbase!recalloc+0x5c 2b 00000006`92effae0 00007ff9`03ffec4b KERNEL32!BaseThreadInitThunk+0x10 2c 00000006`92effb10 00000000`00000000 ntdll!RtlUserThreadStart+0x2b
273817@main (bug#266980) added TrustedTypePolicy.h.
Interesting that that is crashing on win-cairo, with an ASAN build a similar crash happens with the worker-constructor test. I spent Monday and Tuesday trying to debug it but couldn't find a fix so left it for now to come back to.
Mac buildbot is also crashing for imported/w3c/web-platform-tests/trusted-types/worker-constructor.https.html Buildbot: builder Apple-Sonoma-Debug-WK2-Tests build 888 : 274264@main https://build.webkit.org/#/builders/933/builds/888 But, > No crash log found for com.apple.WebKit.WebContent.Development:45722.
This crash is reproducible on my PC. > python .\Tools\Scripts\run-webkit-tests --debug --iter=2 --no-retry imported/w3c/web-platform-tests/trusted-types/worker-constructor.https.html
<rdar://problem/123031066>
Created attachment 470239 [details] WIP patch m_defaultPolicy of TrustedTypePolicyFactory should be destroyed before WorkerOrWorkletGlobalScope::clearScript. This can be worked around by removing WorkerGlobalScopeTrustedTypes supplement in WorkerGlobalScope::prepareForDestruction.
https://commits.webkit.org/276974@main fixed it.