202648 2019-10-07 12:49:31 -0700 IndexedDB hits assertion with crypto/workers/subtle/aes-indexeddb.html 2020-03-16 12:57:51 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=202500 InRadar P2 Normal --- 1 jiewen_tan sihui_liu commit-queue jiewen_tan sihui_liu webkit-bug-importer oldest_to_newest 1577438 0 jiewen_tan 2019-10-07 12:49:31 -0700 Here is the crashlog: Thread 17 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x00000003c84430ce WTFCrash + 14 (Assertions.cpp:305) 1 com.apple.WebCore 0x00000003b0008bfb WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x00000003b1946848 WebCore::IDBTransaction::requestPutOrAdd(JSC::ExecState&, WebCore::IDBObjectStore&, WTF::RefPtr<WebCore::IDBKey, WTF::DumbPtrTraits<WebCore::IDBKey> >&&, WebCore::SerializedScriptValue&, WebCore::IndexedDB::ObjectStoreOverwriteMode) + 184 (IDBTransaction.cpp:1254) 3 com.apple.WebCore 0x00000003b1946523 WebCore::IDBObjectStore::putOrAdd(JSC::ExecState&, JSC::JSValue, WTF::RefPtr<WebCore::IDBKey, WTF::DumbPtrTraits<WebCore::IDBKey> >, WebCore::IndexedDB::ObjectStoreOverwriteMode, WebCore::IDBObjectStore::InlineKeyCheck) + 2963 (IDBObjectStore.cpp:384) 4 com.apple.WebCore 0x00000003b1946633 WebCore::IDBObjectStore::put(JSC::ExecState&, JSC::JSValue, JSC::JSValue) + 179 (IDBObjectStore.cpp:313) 5 com.apple.WebCore 0x00000003b0dbaa25 WebCore::jsIDBObjectStorePrototypeFunctionPutBody(JSC::ExecState*, WebCore::JSIDBObjectStore*, JSC::ThrowScope&) + 501 (JSIDBObjectStore.cpp:372) 6 com.apple.WebCore 0x00000003b0d9d770 long long WebCore::IDLOperation<WebCore::JSIDBObjectStore>::call<&(WebCore::jsIDBObjectStorePrototypeFunctionPutBody(JSC::ExecState*, WebCore::JSIDBObjectStore*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) + 768 (JSDOMOperation.h:53) 7 com.apple.WebCore 0x00000003b0d9d45c WebCore::jsIDBObjectStorePrototypeFunctionPut(JSC::ExecState*) + 28 (JSIDBObjectStore.cpp:377) 8 ??? 0x000022ed2e0018cb 0 + 38402074351819 9 com.apple.JavaScriptCore 0x00000003c8959ca2 op_call_return_location_narrow + 160 10 com.apple.JavaScriptCore 0x00000003c8959ca2 op_call_return_location_narrow + 160 11 com.apple.JavaScriptCore 0x00000003c893d7a3 vmEntryToJavaScript + 273 12 com.apple.JavaScriptCore 0x00000003c9616747 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 199 (JITCodeInlines.h:38) 13 com.apple.JavaScriptCore 0x00000003c9616d7d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1469 (Interpreter.cpp:904) 14 com.apple.JavaScriptCore 0x00000003c98df79c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 236 (CallData.cpp:59) 15 com.apple.JavaScriptCore 0x00000003c98df88a JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 218 (CallData.cpp:66) 16 com.apple.JavaScriptCore 0x00000003c98dfb7e JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 142 (CallData.cpp:87) 17 com.apple.WebCore 0x00000003b20d60d8 WebCore::JSExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 136 (JSExecState.h:73) 18 com.apple.WebCore 0x00000003b2122882 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1970 (JSEventListener.cpp:175) 19 com.apple.WebCore 0x00000003b2733731 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>, WebCore::EventTarget::EventInvokePhase) + 961 (EventTarget.cpp:318) 20 com.apple.WebCore 0x00000003b272f932 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 354 (EventTarget.cpp:255) 21 com.apple.WebCore 0x00000003b270a104 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 228 (EventContext.cpp:58) 22 com.apple.WebCore 0x00000003b270ac0b WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 379 (EventDispatcher.cpp:101) 23 com.apple.WebCore 0x00000003b270b012 void WebCore::dispatchEventWithType<WebCore::EventTarget>(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::Event&) + 338 (EventDispatcher.cpp:186) 24 com.apple.WebCore 0x00000003b270aead WebCore::EventDispatcher::dispatchEvent(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::Event&) + 29 (EventDispatcher.cpp:192) 25 com.apple.WebCore 0x00000003b194e7ca WebCore::IDBRequest::dispatchEvent(WebCore::Event&) + 906 (IDBRequest.cpp:329) 26 com.apple.WebCore 0x00000003b194e2ee WebCore::IDBOpenDBRequest::dispatchEvent(WebCore::Event&) + 174 (IDBOpenDBRequest.cpp:132) 27 com.apple.WebCore 0x00000003b4103920 WebCore::WorkerEventQueue::EventDispatcher::dispatch() + 128 (WorkerEventQueue.cpp:66) 28 com.apple.WebCore 0x00000003b4103871 WebCore::WorkerEventQueue::enqueueEvent(WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >&&)::$_1::operator()(WebCore::ScriptExecutionContext&) const + 33 (WorkerEventQueue.cpp:92) 29 com.apple.WebCore 0x00000003b41037c1 WTF::Detail::CallableWrapper<WebCore::WorkerEventQueue::enqueueEvent(WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >&&)::$_1, void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&) + 49 (Function.h:52) 30 com.apple.WebCore 0x00000003b1f53517 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const + 151 (Function.h:79) 31 com.apple.WebCore 0x00000003b1f3f11d WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) + 29 (ScriptExecutionContext.h:183) 32 com.apple.WebCore 0x00000003b4114ec0 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerGlobalScope*) + 128 (WorkerRunLoop.cpp:270) 33 com.apple.WebCore 0x00000003b411439f WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 879 (WorkerRunLoop.cpp:209) 34 com.apple.WebCore 0x00000003b4113f95 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 85 (WorkerRunLoop.cpp:142) 35 com.apple.WebCore 0x00000003b41180d3 WebCore::WorkerThread::runEventLoop() + 51 (WorkerThread.cpp:266) 36 com.apple.WebCore 0x00000003b40f3f0f WebCore::DedicatedWorkerThread::runEventLoop() + 95 (DedicatedWorkerThread.cpp:59) 37 com.apple.WebCore 0x00000003b4117b98 WebCore::WorkerThread::workerThread() + 1160 (WorkerThread.cpp:206) 38 com.apple.WebCore 0x00000003b41288d8 WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_12::operator()() const + 24 (WorkerThread.cpp:148) 39 com.apple.WebCore 0x00000003b4128899 WTF::Detail::CallableWrapper<WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_12, void>::call() + 25 (Function.h:52) 40 com.apple.JavaScriptCore 0x00000003c846cc5a WTF::Function<void ()>::operator()() const + 138 (Function.h:79) 41 com.apple.JavaScriptCore 0x00000003c8509aa0 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 416 (Threading.cpp:149) 42 com.apple.JavaScriptCore 0x00000003c85140a5 WTF::wtfThreadEntryPoint(void*) + 21 (ThreadingPOSIX.cpp:200) 43 libsystem_pthread.dylib 0x00007fff6fc03d76 _pthread_start + 125 44 libsystem_pthread.dylib 0x00007fff6fc005d7 thread_start + 15 Here is the way to reproduce: run-webkit-tests --iteration 1000 --fully-parallel --no-retry --exit-after-n-failures 1 crypto/workers/subtle/aes-indexeddb.html 1577608 1 webkit-bug-importer 2019-10-07 19:04:29 -0700 <rdar://problem/56059602> 1577859 2 jiewen_tan 2019-10-08 11:51:29 -0700 Committed r250844: <https://trac.webkit.org/changeset/250844> 1630411 3 393672 sihui_liu 2020-03-16 12:12:55 -0700 Created attachment 393672 Patch for landing 1630425 4 393672 commit-queue 2020-03-16 12:57:50 -0700 Comment on attachment 393672 Patch for landing Clearing flags on attachment: 393672 Committed r258514: <https://trac.webkit.org/changeset/258514> 1630426 5 commit-queue 2020-03-16 12:57:51 -0700 All reviewed patches have been landed. Closing bug. 393672 2020-03-16 12:12:55 -0700 2020-03-16 12:57:50 -0700 Patch for landing bug-202648-20200316121253.patch text/plain 2233 sihui_liu U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4NTA2CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9DaGFu Z2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKaW5kZXggMTU0MWE5ZTBjNTY5MTk5NWY3OTZk MDFjMjU4ZWU3NzBkYzIwOTdjNS4uMzc1ODFhMmYzZDZiMmI0YzAwMmNlOTRjYTA5YTU5MTU1MzYz MTRkOCAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCisrKyBiL0xheW91dFRlc3Rz L0NoYW5nZUxvZwpAQCAtMSwzICsxLDE0IEBACisyMDIwLTAzLTE2ICBTaWh1aSBMaXUgIDxzaWh1 aV9saXVAYXBwbGUuY29tPgorCisgICAgICAgIEluZGV4ZWREQiBoaXRzIGFzc2VydGlvbiB3aXRo IGNyeXB0by93b3JrZXJzL3N1YnRsZS9hZXMtaW5kZXhlZGRiLmh0bWwKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwMjY0OAorICAgICAgICA8cmRhcjov L3Byb2JsZW0vNTYwNTk2MDI+CisKKyAgICAgICAgVW5yZXZpZXdlZCB0ZXN0IGdhcmRlbmluZy4K KworICAgICAgICAqIFRlc3RFeHBlY3RhdGlvbnM6CisgICAgICAgICogcGxhdGZvcm0vaW9zLXNp bXVsYXRvci9UZXN0RXhwZWN0YXRpb25zOgorCiAyMDIwLTAzLTE2ICBZb3Vlbm4gRmFibGV0ICA8 eW91ZW5uQGFwcGxlLmNvbT4KIAogICAgICAgICBBcHBseSByb3RhdGlvbiBhdCBzb3VyY2UgbGV2 ZWwgaWYgV2ViUlRDIHNpbmsgYXNrIHNvCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9UZXN0RXhw ZWN0YXRpb25zIGIvTGF5b3V0VGVzdHMvVGVzdEV4cGVjdGF0aW9ucwppbmRleCBhMzE4NTQ4YzM1 NjFlZjc1OWRlNmJjNzYxYTBhNTY1NWRlYzE4MTg1Li43YTVkNmUxY2FkMzM4MGU3ZjkzMmM2OWU5 Y2QzNWMyYWQxNTRlYWIxIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9UZXN0RXhwZWN0YXRpb25z CisrKyBiL0xheW91dFRlc3RzL1Rlc3RFeHBlY3RhdGlvbnMKQEAgLTMwNDAsOCArMzA0MCw2IEBA IHdlYmtpdC5vcmcvYi8xOTY2OTggaW1wb3J0ZWQvdzNjL3dlYi1wbGF0Zm9ybS10ZXN0cy9odG1s L3NlbWFudGljcy9lbWJlZGRlZC1jb250CiAKIHdlYmtpdC5vcmcvYi8yMDI1MTcgaW1wb3J0ZWQv dzNjL3dlYi1wbGF0Zm9ybS10ZXN0cy8yZGNvbnRleHQvdGV4dC1zdHlsZXMvMmQudGV4dC5kcmF3 LmJhc2VsaW5lLmlkZW9ncmFwaGljLmh0bWwgWyBTa2lwIF0KIAotd2Via2l0Lm9yZy9iLzIwMjY0 OCBbIERlYnVnIF0gY3J5cHRvL3dvcmtlcnMvc3VidGxlL2Flcy1pbmRleGVkZGIuaHRtbCBbIFNr aXAgXQotCiAjIHdwdCBjc3MtaW1hZ2VzIGZhaWx1cmVzCiB3ZWJraXQub3JnL2IvMjAwMjA3IGlt cG9ydGVkL3czYy93ZWItcGxhdGZvcm0tdGVzdHMvY3NzL2Nzcy1pbWFnZXMvY3NzLWltYWdlLWZh bGxiYWNrcy1hbmQtYW5ub3RhdGlvbnMwMDIuaHRtbCBbIEltYWdlT25seUZhaWx1cmUgXQogd2Vi a2l0Lm9yZy9iLzIwMDIwNyBpbXBvcnRlZC93M2Mvd2ViLXBsYXRmb3JtLXRlc3RzL2Nzcy9jc3Mt aW1hZ2VzL2Nzcy1pbWFnZS1mYWxsYmFja3MtYW5kLWFubm90YXRpb25zMDAzLmh0bWwgWyBJbWFn ZU9ubHlGYWlsdXJlIF0KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL3BsYXRmb3JtL2lvcy1zaW11 bGF0b3IvVGVzdEV4cGVjdGF0aW9ucyBiL0xheW91dFRlc3RzL3BsYXRmb3JtL2lvcy1zaW11bGF0 b3IvVGVzdEV4cGVjdGF0aW9ucwppbmRleCAxNWIxYTBhZGNkZjFjMmZmODdjYmE4NzU4MzNhNmIw OTc0ZmUzZjhmLi44ZDY2NzYyNjk5MDVmNWE2NDgyNmNkNDFiODQzYjhlNGIzMGYwNTdlIDEwMDY0 NAotLS0gYS9MYXlvdXRUZXN0cy9wbGF0Zm9ybS9pb3Mtc2ltdWxhdG9yL1Rlc3RFeHBlY3RhdGlv bnMKKysrIGIvTGF5b3V0VGVzdHMvcGxhdGZvcm0vaW9zLXNpbXVsYXRvci9UZXN0RXhwZWN0YXRp b25zCkBAIC0xMzAsNyArMTMwLDUgQEAgaW1wb3J0ZWQvdzNjL3dlYi1wbGF0Zm9ybS10ZXN0cy93 YXNtIFsgU2tpcCBdCiAKIHdlYmtpdC5vcmcvYi8yMDE1MDkgaW1wb3J0ZWQvdzNjL3dlYi1wbGF0 Zm9ybS10ZXN0cy9odG1sL3NlbWFudGljcy9lbWJlZGRlZC1jb250ZW50L3RoZS12aWRlby1lbGVt ZW50L3ZpZGVvX3RpbWV1cGRhdGVfb25fc2Vlay5odG1sIFsgRmFpbHVyZSBdCiAKLXdlYmtpdC5v cmcvYi8yMDI2NDggY3J5cHRvL3dvcmtlcnMvc3VidGxlL2Flcy1pbmRleGVkZGIuaHRtbCBbIFNr aXAgXQotCiAjIFdlYkdQVSBpcyBub3QgZW5hYmxlZCBvbiBpT1MgU2ltdWxhdG9yLgogd2ViZ3B1 IFsgU2tpcCBdCg==