Bug 254275

Summary: ASSERTION FAILED: m_normalWorld->hasOneRef() on imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker.html, flakily
Product: WebKit Reporter: Bri Harris <bharris9>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: cdumez, webkit-bot-watchers-bugzilla, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=254184

Description Bri Harris 2023-03-22 10:09:35 PDT 
imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker.html

is a flaky crash on iOS 16 and macOS Debug running on Intel only. 

HISTORY:

https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Ffetch%2Fapi%2Fpolicies%2Fcsp-blocked-worker.html


CRASH LOG/ STDERR Text:

ASSERTION FAILED: m_normalWorld->hasOneRef()
bindings/js/WebCoreJSClientData.cpp(144) : virtual WebCore::JSVMClientData::~JSVMClientData()
1   0x703cade79 WTFCrash
2   0x6c32fe6fb WTFCrashWithInfo(int, char const*, char const*, int)
3   0x6c679471d WebCore::JSVMClientData::~JSVMClientData()
4   0x6c67949d5 WebCore::JSVMClientData::~JSVMClientData()
5   0x6c67949f9 WebCore::JSVMClientData::~JSVMClientData()
6   0x705ede709 JSC::VM::~VM()
7   0x705edf805 JSC::VM::~VM()
8   0x70475aaca WTF::ThreadSafeRefCounted<JSC::VM, (WTF::DestructionThread)0>::deref() const::'lambda'()::operator()() const
9   0x704740b27 WTF::ThreadSafeRefCounted<JSC::VM, (WTF::DestructionThread)0>::deref() const
10  0x7055e599e WTF::DefaultRefDerefTraits<JSC::VM>::derefIfNotNull(JSC::VM*)
11  0x7055c9fa1 WTF::RefPtr<JSC::VM, WTF::RawPtrTraits<JSC::VM>, WTF::DefaultRefDerefTraits<JSC::VM> >::operator=(std::nullptr_t)
12  0x705bdf18a JSC::JSLockHolder::~JSLockHolder()
13  0x705bdf1f5 JSC::JSLockHolder::~JSLockHolder()
14  0x6c967cd9b WebCore::WorkerOrWorkletScriptController::~WorkerOrWorkletScriptController()
15  0x6c967ce35 WebCore::WorkerOrWorkletScriptController::~WorkerOrWorkletScriptController()
16  0x6c96a9bab std::__1::default_delete<WebCore::WorkerOrWorkletScriptController>::operator()(WebCore::WorkerOrWorkletScriptController*) const
17  0x6c96a9b2c std::__1::unique_ptr<WebCore::WorkerOrWorkletScriptController, std::__1::default_delete<WebCore::WorkerOrWorkletScriptController> >::reset(WebCore::WorkerOrWorkletScriptController*)
18  0x6c967c501 std::__1::unique_ptr<WebCore::WorkerOrWorkletScriptController, std::__1::default_delete<WebCore::WorkerOrWorkletScriptController> >::operator=(std::nullptr_t)
19  0x6c967c4d0 WebCore::WorkerOrWorkletGlobalScope::clearScript()
20  0x6c96d0bd6 WebCore::WorkerOrWorkletThread::stop(WTF::Function<void ()>&&)::$_6::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&)::operator()(WebCore::ScriptExecutionContext&) const
21  0x6c96d0b81 WTF::Detail::CallableWrapper<WebCore::WorkerOrWorkletThread::stop(WTF::Function<void ()>&&)::$_6::operator()(WebCore::ScriptExecutionContext&) const::'lambda'(WebCore::ScriptExecutionContext&), void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&)
22  0x6c63592a7 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const
23  0x6c6349d7d WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&)
24  0x6c96b53cd WebCore::WorkerDedicatedRunLoop::Task::performTask(WebCore::WorkerOrWorkletGlobalScope*)
25  0x6c96b4b05 WebCore::WorkerDedicatedRunLoop::runCleanupTasks(WebCore::WorkerOrWorkletGlobalScope*)
26  0x6c96b2eaf WebCore::WorkerDedicatedRunLoop::run(WebCore::WorkerOrWorkletGlobalScope*)
27  0x6c96b2e34 WebCore::WorkerOrWorkletThread::runEventLoop()
28  0x6c9823745 WebCore::ServiceWorkerThread::runEventLoop()
29  0x6c96b3213 WebCore::WorkerOrWorkletThread::workerOrWorkletThread()
30  0x6c96de8c8 WebCore::WorkerThread::createThread()::$_17::operator()() const
31  0x6c96de869 WTF::Detail::CallableWrapper<WebCore::WorkerThread::createThread()::$_17, void>::call()
com.apple.WebKit.WebContent.Development terminated (pid 32996) for reason: crash
LEAK: 1 WebPageProxy
Comment 1 Bri Harris 2023-03-22 10:18:40 PDT 
I was able to reproduce this crash running on Ventura ToT as follows:

run-webkit-tests imported/w3c/web-platform-tests/fetch/api/policies/csp-blocked-worker.html
Comment 2 Radar WebKit Bug Importer 2023-03-22 10:18:58 PDT 
<rdar://problem/107062990>