Bug 254275

Summary: ASSERTION FAILED: m_normalWorld->hasOneRef() on imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker.html, flakily
Product: WebKit Reporter: Bri Harris <bharris9>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: cdumez, webkit-bot-watchers-bugzilla, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=254184

Bri Harris
Reported 2023-03-22 10:09:35 PDT
imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker.html is a flaky crash on iOS 16 and macOS Debug running on Intel only. HISTORY: https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Ffetch%2Fapi%2Fpolicies%2Fcsp-blocked-worker.html CRASH LOG/ STDERR Text: ASSERTION FAILED: m_normalWorld->hasOneRef() bindings/js/WebCoreJSClientData.cpp(144) : virtual WebCore::JSVMClientData::~JSVMClientData() 1 0x703cade79 WTFCrash 2 0x6c32fe6fb WTFCrashWithInfo(int, char const*, char const*, int) 3 0x6c679471d WebCore::JSVMClientData::~JSVMClientData() 4 0x6c67949d5 WebCore::JSVMClientData::~JSVMClientData() 5 0x6c67949f9 WebCore::JSVMClientData::~JSVMClientData() 6 0x705ede709 JSC::VM::~VM() 7 0x705edf805 JSC::VM::~VM() 8 0x70475aaca WTF::ThreadSafeRefCounted<JSC::VM, (WTF::DestructionThread)0>::deref() const::'lambda'()::operator()() const 9 0x704740b27 WTF::ThreadSafeRefCounted<JSC::VM, (WTF::DestructionThread)0>::deref() const 10 0x7055e599e WTF::DefaultRefDerefTraits<JSC::VM>::derefIfNotNull(JSC::VM*) 11 0x7055c9fa1 WTF::RefPtr<JSC::VM, WTF::RawPtrTraits<JSC::VM>, WTF::DefaultRefDerefTraits<JSC::VM> >::operator=(std::nullptr_t) 12 0x705bdf18a JSC::JSLockHolder::~JSLockHolder() 13 0x705bdf1f5 JSC::JSLockHolder::~JSLockHolder() 14 0x6c967cd9b WebCore::WorkerOrWorkletScriptController::~WorkerOrWorkletScriptController() 15 0x6c967ce35 WebCore::WorkerOrWorkletScriptController::~WorkerOrWorkletScriptController() 16 0x6c96a9bab std::__1::default_delete<WebCore::WorkerOrWorkletScriptController>::operator()(WebCore::WorkerOrWorkletScriptController*) const 17 0x6c96a9b2c std::__1::unique_ptr<WebCore::WorkerOrWorkletScriptController, std::__1::default_delete<WebCore::WorkerOrWorkletScriptController> >::reset(WebCore::WorkerOrWorkletScriptController*) 18 0x6c967c501 std::__1::unique_ptr<WebCore::WorkerOrWorkletScriptController, std::__1::default_delete<WebCore::WorkerOrWorkletScriptController> >::operator=(std::nullptr_t) 19 0x6c967c4d0 WebCore::WorkerOrWorkletGlobalScope::clearScript() 20 0x6c96d0bd6 WebCore::WorkerOrWorkletThread::stop(WTF::Function<void ()>&&)::$_6::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&)::operator()(WebCore::ScriptExecutionContext&) const 21 0x6c96d0b81 WTF::Detail::CallableWrapper<WebCore::WorkerOrWorkletThread::stop(WTF::Function<void ()>&&)::$_6::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&), void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&) 22 0x6c63592a7 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const 23 0x6c6349d7d WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) 24 0x6c96b53cd WebCore::WorkerDedicatedRunLoop::Task::performTask(WebCore::WorkerOrWorkletGlobalScope*) 25 0x6c96b4b05 WebCore::WorkerDedicatedRunLoop::runCleanupTasks(WebCore::WorkerOrWorkletGlobalScope*) 26 0x6c96b2eaf WebCore::WorkerDedicatedRunLoop::run(WebCore::WorkerOrWorkletGlobalScope*) 27 0x6c96b2e34 WebCore::WorkerOrWorkletThread::runEventLoop() 28 0x6c9823745 WebCore::ServiceWorkerThread::runEventLoop() 29 0x6c96b3213 WebCore::WorkerOrWorkletThread::workerOrWorkletThread() 30 0x6c96de8c8 WebCore::WorkerThread::createThread()::$_17::operator()() const 31 0x6c96de869 WTF::Detail::CallableWrapper<WebCore::WorkerThread::createThread()::$_17, void>::call() com.apple.WebKit.WebContent.Development terminated (pid 32996) for reason: crash LEAK: 1 WebPageProxy
Attachments
Add attachment proposed patch, testcase, etc.
Bri Harris
Comment 1 2023-03-22 10:18:40 PDT
I was able to reproduce this crash running on Ventura ToT as follows: run-webkit-tests imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker.html
Radar WebKit Bug Importer
Comment 2 2023-03-22 10:18:58 PDT
<rdar://problem/107062990>
Note You need to log in before you can comment on or make changes to this bug.