[Win] fast/workers/worker-crash-with-invalid-location.html is crashing AppleWin WK1 and WinCairo WK1 is crashing. Callstack of AppleWin EWS: # Child-SP RetAddr Call Site 00 (Inline Function) --------`-------- WTF!WTF::StringImpl::setIsAtom [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WTF\wtf\text\StringImpl.h @ 1095] 01 00000012`5c57de60 00007ffa`02eb6a66 WTF!WTF::AtomStringTable::~AtomStringTable(void)+0x122 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WTF\wtf\text\AtomStringTable.cpp @ 31] 02 00000012`5c57deb0 00007ff9`e3985e6e WTF!WTF::Thread::~Thread(void)+0x66 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WTF\wtf\win\ThreadingWin.cpp @ 107] 03 00000012`5c57dee0 00007ff9`e39c85de WebKit!WebCore::WorkerOrWorkletThread::~WorkerOrWorkletThread(void)+0xee [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\workers\WorkerOrWorkletThread.cpp @ 82] 04 (Inline Function) --------`-------- WebKit!WebCore::DedicatedWorkerThread::{dtor}+0x14 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WebCore\workers\DedicatedWorkerThread.cpp @ 48] 05 00000012`5c57df20 00007ff9`e32f80ab WebKit!WebCore::DedicatedWorkerThread::`scalar deleting destructor'(void)+0x1e 06 (Inline Function) --------`-------- WebKit!WTF::ThreadSafeRefCounted<WTF::SharedTask<void __cdecl+0x17 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\WebKitBuild\Release\DerivedSources\ForwardingHeaders\wtf\ThreadSafeRefCounted.h @ 117] 07 (Inline Function) --------`-------- WebKit!WTF::ThreadSafeRefCounted<WTF::SharedTask<void __cdecl+0x29 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\WebKitBuild\Release\DerivedSources\ForwardingHeaders\wtf\ThreadSafeRefCounted.h @ 129] 08 (Inline Function) --------`-------- WebKit!WTF::Ref<WTF::SharedTask<void __cdecl+0x3c [C:\cygwin\home\buildbot\worker\Windows-EWS\build\WebKitBuild\Release\DerivedSources\ForwardingHeaders\wtf\Ref.h @ 61] 09 00000012`5c57df50 00007ffa`02e5d2be WebKit!WTF::Detail::CallableWrapper<`WebCore::ScriptController::executeAsynchronousUserAgentScriptInWorld'::`2'::<lambda_3>,__int64,JSC::JSGlobalObject *,JSC::CallFrame *>::`scalar deleting destructor'(void)+0x4b 0a (Inline Function) --------`-------- WTF!std::default_delete<WTF::Detail::CallableWrapperBase<void> >::operator()+0xb [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\include\memory @ 3125] 0b (Inline Function) --------`-------- WTF!std::unique_ptr<WTF::Detail::CallableWrapperBase<void>,std::default_delete<WTF::Detail::CallableWrapperBase<void> > >::{dtor}+0xd [C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.31.31103\include\memory @ 3233] 0c 00000012`5c57df80 00007ffa`02eb644c WTF!WTF::RunLoop::performWork(void)+0x27e [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WTF\wtf\RunLoop.cpp @ 140] 0d (Inline Function) --------`-------- WTF!WTF::RunLoop::wndProc+0x36 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WTF\wtf\win\RunLoopWin.cpp @ 56] 0e 00000012`5c57dfe0 00007ffa`20e8e858 WTF!WTF::RunLoop::RunLoopWndProc(struct HWND__ * hWnd = 0x00000000`0338087c, unsigned int message = 0x401, unsigned int64 wParam = 0x0000011f`5d367610, int64 lParam = 0n0)+0x5c [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Source\WTF\wtf\win\RunLoopWin.cpp @ 39] 0f 00000012`5c57e040 00007ffa`20e8e299 USER32!UserCallWinProcCheckWow+0x2f8 10 00000012`5c57e1d0 00007ffa`09bc48a8 USER32!DispatchMessageWorker+0x249 11 00000012`5c57e250 00007ffa`09bc680f DumpRenderTreeLib!runTest(class std::basic_string<char,std::char_traits<char>,std::allocator<char> > * inputLine = <Value unavailable error>)+0xb78 [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Tools\DumpRenderTree\win\DumpRenderTree.cpp @ 1315] 12 00000012`5c57ef10 00007ff6`3b042fbd DumpRenderTreeLib!main(int argc = <Value unavailable error>, char ** argv = <Value unavailable error>)+0x53f [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Tools\DumpRenderTree\win\DumpRenderTree.cpp @ 1667] 13 00000012`5c57f830 00007ff6`3b043870 DumpRenderTree!main(int argc = 0n2, char ** argv = 0x0000011f`5d2f4d80)+0x81d [C:\cygwin\home\buildbot\worker\Windows-EWS\build\Tools\win\DLLLauncher\DLLLauncherMain.cpp @ 223] 14 (Inline Function) --------`-------- DumpRenderTree!invoke_main+0x22 [d:\a01\_work\43\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 78] 15 00000012`5c57fbc0 00007ffa`1fa57034 DumpRenderTree!__scrt_common_main_seh(void)+0x10c [d:\a01\_work\43\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288] 16 00000012`5c57fc00 00007ffa`21362651 KERNEL32!BaseThreadInitThunk+0x14 17 00000012`5c57fc30 00000000`00000000 ntdll!RtlUserThreadStart+0x21
WinCairo-64-bit-WKL-Release-Tests First bad test run 254283@main https://build.webkit.org/#/builders/60/builds/8036 Last good test run 254281@main https://build.webkit.org/#/builders/60/builds/8035
Created attachment 462697 [details] WinCairo WK1 Release crash log https://build.webkit.org/results/WinCairo-64-bit-WKL-Release-Tests/254283@main%20(8036)/CrashLog_1304_2022-09-08_15-53-54-193.txt
Created attachment 462698 [details] AppleWin EWS crash log
fast/workers/worker-copy-shared-blob-url.html makes the following test crash. Skipping fast/workers/worker-copy-shared-blob-url.html works around the crash.
Mac WK1 can reproduce the crash. > run-webkit-tests --debug fast/workers/worker-copy-shared-blob-url.html --iterations=100 -f1
Mac WK1 Debug reported an assertion failure. ASSERTION FAILED: The string being removed is an atom in the string table of an other thread! iterator != atomStringTable.end() /Volumes/Data/webkit/ga/Source/WTF/wtf/text/AtomStringImpl.cpp(458) : static void WTF::AtomStringImpl::remove(WTF::AtomStringImpl *) 1 0x7ff7b8081740 (null) 2 0x11f73b885 (null) 3 0x1f1d0e2885 (null) 4 0x7ff7b8081740 (null) 5 0x7ff7b80816f8 (null) 6 0x7ff7b8081710 (null) 7 0x11d0e2a1f WTFPrintBacktrace 8 0x7ff7b8081710 (null) 9 0x1201147a0 vtable for CrashLogPrintStream 10 0x1fb808172c (null) 11 0x7ff7b8081740 (null) 12 0x7ff7b8081840 (null) 13 0x11d0e29bf WTFReportBacktrace 14 0x3000000010 (null) 15 0x211f73d1ea (null) 16 0x11d1c6dbf WTFGetBacktrace 17 0x11d0e29a6 WTFReportBacktrace 18 0x11d0e2aa9 WTFCrash 19 0x11d0ece29 WTF::AtomStringImpl::remove(WTF::AtomStringImpl*) 20 0x11d1cc685 WTF::StringImpl::~StringImpl() 21 0x11d1cca25 WTF::StringImpl::~StringImpl() 22 0x11d1cca45 WTF::StringImpl::destroy(WTF::StringImpl*) 23 0x17443d3ff WTF::StringImpl::deref() 24 0x1744432ce WTF::DefaultRefDerefTraits<WTF::StringImpl>::derefIfNotNull(WTF::StringImpl*) 25 0x174443299 WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl> >::~RefPtr() 26 0x174443135 WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl> >::~RefPtr() 27 0x174443a35 WTF::String::~String() 28 0x1744424e5 WTF::String::~String() 29 0x17456db85 WTF::URL::~URL() 30 0x17456cb45 WTF::URL::~URL() 31 0x1781c1f72 WebCore::URLKeepingBlobAlive::~URLKeepingBlobAlive()
URLKeepingBlobAlive was introduced by 254283@main (bug#244922).
(In reply to Fujii Hironori from comment #5) > Mac WK1 can reproduce the crash. > > > run-webkit-tests --debug fast/workers/worker-copy-shared-blob-url.html --iterations=100 -f1 I can reproduce this way, Thanks. I will fix.
Pull request: https://github.com/WebKit/WebKit/pull/4839
Committed 255028@main (4123405e0625): <https://commits.webkit.org/255028@main> Reviewed commits have been landed. Closing PR #4839 and removing active labels.
<rdar://problem/100622616>