[Webkit-unassigned] [Bug 193026] New: NetworkHTTPSUpgradeChecker::query() can get called off the main thread

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 24 19:57:53 PST 2018 

https://bugs.webkit.org/show_bug.cgi?id=193026

            Bug ID: 193026
           Summary: NetworkHTTPSUpgradeChecker::query() can get called off
                    the main thread
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com
                CC: beidson at apple.com

I just hit this assertion on the first test (imported/w3c/web-platform-tests/css/css-color/border-bottom-color.xht) when running "run-webkit-tests --debug --no-build --no-show-results LayoutTests/imported/w3c/web-platform-tests/css/css-color/"

Crashed Thread:        1  Dispatch queue: HTTPS Upgrade Checker Thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [13618]

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 000000010d1ce000-000000010d1d0000 [    8K] r-x/rwx SM=COW  /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking.Development

Thread 0:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib              0x00007fff61117c2a mach_msg_trap + 10
1   libsystem_kernel.dylib              0x00007fff61118174 mach_msg + 60
2   com.apple.CoreFoundation            0x00007fff33f3c05e __CFRunLoopServiceMachPort + 337
3   com.apple.CoreFoundation            0x00007fff33f3b5ad __CFRunLoopRun + 1654
4   com.apple.CoreFoundation            0x00007fff33f3ace4 CFRunLoopRunSpecific + 463
5   com.apple.Foundation                0x00007fff3629b5da -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280
6   com.apple.Foundation                0x00007fff3629b4af -[NSRunLoop(NSRunLoop) run] + 76
7   libxpc.dylib                        0x00007fff61215ee6 _xpc_objc_main + 555
8   libxpc.dylib                        0x00007fff612159e5 xpc_main + 433
9   com.apple.WebKit.Networking         0x000000010d1cf035 WebKit::XPCServiceMain(int, char const**) + 1333 (XPCServiceMain.mm:157)
10  com.apple.WebKit.Networking         0x000000010d1cf322 main + 34 (XPCServiceMain.mm:165)
11  libdyld.dylib                       0x00007fff60fdf085 start + 1

Thread 1 Crashed:: Dispatch queue: HTTPS Upgrade Checker Thread
0   com.apple.JavaScriptCore            0x00000001252837f0 WTFCrash + 16 (Assertions.cpp:255)
1   com.apple.WebKit                    0x000000010d1ebe5b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:559)
2   com.apple.WebKit                    0x000000010d44b3cd WebKit::NetworkHTTPSUpgradeChecker::query(WTF::String&&, PAL::SessionID, WTF::CompletionHandler<void (bool)>&&)::$_11::operator()() + 525 (NetworkHTTPSUpgradeChecker.cpp:99)
3   com.apple.WebKit                    0x000000010d44b0f9 WTF::Function<void ()>::CallableWrapper<WebKit::NetworkHTTPSUpgradeChecker::query(WTF::String&&, PAL::SessionID, WTF::CompletionHandler<void (bool)>&&)::$_11>::call() + 25 (Function.h:101)
4   com.apple.JavaScriptCore            0x00000001252acf7f WTF::Function<void ()>::operator()() const + 175 (Function.h:56)
5   com.apple.JavaScriptCore            0x000000012538a1a9 WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0::operator()() const + 25 (WorkQueueCocoa.cpp:38)
6   com.apple.JavaScriptCore            0x000000012538a3e0 WTF::BlockPtr<void ()> WTF::BlockPtr<void ()>::fromCallable<WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0>(WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0)::'lambda'(void*)::operator()(void*) const + 32 (BlockPtr.h:96)
7   com.apple.JavaScriptCore            0x000000012538a3b8 WTF::BlockPtr<void ()> WTF::BlockPtr<void ()>::fromCallable<WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0>(WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0)::'lambda'(void*)::__invoke(void*) + 24 (BlockPtr.h:95)
8   libdispatch.dylib                   0x00007fff60f8fd4f _dispatch_call_block_and_release + 12
9   libdispatch.dylib                   0x00007fff60f90dcb _dispatch_client_callout + 8
10  libdispatch.dylib                   0x00007fff60f97120 _dispatch_lane_serial_drain + 618
11  libdispatch.dylib                   0x00007fff60f97bd8 _dispatch_lane_invoke + 388
12  libdispatch.dylib                   0x00007fff60fa0084 _dispatch_workloop_worker_thread + 603
13  libsystem_pthread.dylib             0x00007fff611d061c _pthread_wqthread + 409
14  libsystem_pthread.dylib             0x00007fff611d0415 start_wqthread + 13

It's ASSERT(stepResult == SQLITE_ROW || stepResult == SQLITE_DONE);.

I'm also confused about how this function calls ASSERT(RunLoop::isMain()); but is running on a dispatch thread.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181225/dcb57448/attachment.html>

More information about the webkit-unassigned mailing list