Bug 153525

Summary: fast/history/page-cache-webdatabase-no-transaction-db.html flakily crashes
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: PlatformAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, ap, beidson, buildbot, commit-queue, dbates, kling, koivisto, rniwa
Priority: P1    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews115 for mac-yosemite
none
Archive of layout-test-results from ews100 for mac-yosemite
none
Patch none

Chris Dumez
Reported 2016-01-26 16:36:16 PST
fast/history/page-cache-webdatabase-no-transaction-db.html flakily crashes: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 0000000100067000-0000000100109000 [ 648K] r-x/rwx SM=COW /Volumes/VOLUME/* Application Specific Information: CRASHING TEST: fast/history/page-cache-webdatabase-no-transaction-db.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010138ffc7 WTFCrash + 39 1 com.apple.WebCore 0x0000000106523512 WTF::HashTableConstIterator<WTF::RefPtr<WebCore::Database>, WTF::RefPtr<WebCore::Database>, WTF::IdentityExtractor, WTF::PtrHash<WTF::RefPtr<WebCore::Database> >, WTF::HashTraits<WTF::RefPtr<WebCore::Database> >, WTF::HashTraits<WTF::RefPtr<WebCore::Database> > >::checkValidity() const + 66 (HashTable.h:212) 2 com.apple.WebCore 0x0000000106523539 WTF::HashTableConstIterator<WTF::RefPtr<WebCore::Database>, WTF::RefPtr<WebCore::Database>, WTF::IdentityExtractor, WTF::PtrHash<WTF::RefPtr<WebCore::Database> >, WTF::HashTraits<WTF::RefPtr<WebCore::Database> >, WTF::HashTraits<WTF::RefPtr<WebCore::Database> > >::operator++() + 25 (HashTable.h:180) 3 com.apple.WebCore 0x000000010651f359 WTF::HashTableConstIteratorAdapter<WTF::HashTable<WTF::RefPtr<WebCore::Database>, WTF::RefPtr<WebCore::Database>, WTF::IdentityExtractor, WTF::PtrHash<WTF::RefPtr<WebCore::Database> >, WTF::HashTraits<WTF::RefPtr<WebCore::Database> >, WTF::HashTraits<WTF::RefPtr<WebCore::Database> > >, WTF::RefPtr<WebCore::Database> >::operator++() + 25 (HashTable.h:1436) 4 com.apple.WebCore 0x000000010651ec4e WebCore::DatabaseThread::hasPendingDatabaseActivity() const + 190 (DatabaseThread.cpp:186) 5 com.apple.WebCore 0x00000001065127b8 WebCore::DatabaseContext::canSuspendForDocumentSuspension() const + 104 (DatabaseContext.cpp:150) 6 com.apple.WebCore 0x0000000107df45e0 WebCore::ScriptExecutionContext::canSuspendActiveDOMObjectsForDocumentSuspension(WTF::Vector<WebCore::ActiveDOMObject*, 0ul, WTF::CrashOnOverflow, 16ul>*) + 192 (ScriptExecutionContext.cpp:196) 7 com.apple.WebCore 0x00000001078f257d WebCore::canCacheFrame(WebCore::Frame&, WebCore::DiagnosticLoggingClient&, unsigned int) + 3165 (PageCache.cpp:153) 8 com.apple.WebCore 0x00000001078efa45 WebCore::canCachePage(WebCore::Page&) + 181 (PageCache.cpp:194) 9 com.apple.WebCore 0x00000001078ef924 WebCore::PageCache::canCache(WebCore::Page&) const + 164 (PageCache.cpp:288) 10 com.apple.WebCore 0x00000001078f0955 WebCore::PageCache::addIfCacheable(WebCore::HistoryItem&, WebCore::Page*) + 181 (PageCache.cpp:417) 11 com.apple.WebCore 0x000000010696c659 WebCore::FrameLoader::commitProvisionalLoad() + 1865 (FrameLoader.cpp:1778) 12 com.apple.WebCore 0x000000010663f20c WebCore::DocumentLoader::commitIfReady() + 60 (DocumentLoader.cpp:358) 13 com.apple.WebCore 0x000000010664222c WebCore::DocumentLoader::commitLoad(char const*, int) + 76 (DocumentLoader.cpp:799) 14 com.apple.WebCore 0x0000000106642733 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 579 (DocumentLoader.cpp:919) 15 com.apple.WebCore 0x00000001061c0b61 WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 161 (CachedRawResource.cpp:118) 16 com.apple.WebCore 0x00000001061c0a0f WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) + 191 (CachedRawResource.cpp:70) 17 com.apple.WebCore 0x00000001080bccbe WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 478 (SubresourceLoader.cpp:300) 18 com.apple.WebCore 0x00000001080bcde2 WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr<WebCore::SharedBuffer>, long long, WebCore::DataPayloadType) + 66 (SubresourceLoader.cpp:281) 19 com.apple.WebCore 0x0000000107d58a3f WebCore::ResourceLoader::didReceiveBuffer(WebCore::ResourceHandle*, WTF::PassRefPtr<WebCore::SharedBuffer>, int) + 79 (ResourceLoader.cpp:638) 20 com.apple.WebCore 0x00000001084163df -[WebCoreResourceHandleAsDelegate connection:didReceiveDataArray:] + 303 (WebCoreResourceHandleAsDelegate.mm:197) 21 com.apple.CFNetwork 0x00007fff879e481d __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke + 69 22 com.apple.CFNetwork 0x00007fff879e4681 -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 232 23 com.apple.CFNetwork 0x00007fff879e4587 -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 48 24 com.apple.CFNetwork 0x00007fff87ad8eeb _NSURLConnectionDidReceiveDataArray(_CFURLConnection*, __CFArray const*, void const*) + 82 25 com.apple.CFNetwork 0x00007fff879e4ea3 ___ZN27URLConnectionClient_Classic29_delegate_didReceiveDataArrayEv_block_invoke + 145 26 com.apple.CFNetwork 0x00007fff87a994a3 ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 94 27 com.apple.CFNetwork 0x00007fff87937eec RunloopBlockContext::_invoke_block(void const*, void*) + 72 28 com.apple.CoreFoundation 0x00007fff8ed0d664 CFArrayApplyFunction + 68 29 com.apple.CFNetwork 0x00007fff87937dad RunloopBlockContext::perform() + 133 30 com.apple.CFNetwork 0x00007fff87937b98 MultiplexerSource::perform() + 282 31 com.apple.CFNetwork 0x00007fff879379ba MultiplexerSource::_perform(void*) + 72 32 com.apple.CoreFoundation 0x00007fff8ed41a01 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 33 com.apple.CoreFoundation 0x00007fff8ed33b8d __CFRunLoopDoSources0 + 269 34 com.apple.CoreFoundation 0x00007fff8ed331bf __CFRunLoopRun + 927 35 com.apple.CoreFoundation 0x00007fff8ed32bd8 CFRunLoopRunSpecific + 296 36 DumpRenderTree 0x00000001000870a5 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 6261 (DumpRenderTree.mm:2037) 37 DumpRenderTree 0x00000001000857ca runTestingServerLoop() + 330 (DumpRenderTree.mm:1188) 38 DumpRenderTree 0x0000000100084d40 dumpRenderTree(int, char const**) + 448 (DumpRenderTree.mm:1297) 39 DumpRenderTree 0x00000001000879ad DumpRenderTreeMain(int, char const**) + 125 (DumpRenderTree.mm:1432) 40 DumpRenderTree 0x00000001000de6c2 main + 34 (DumpRenderTreeMain.mm:32) 41 libdyld.dylib 0x00007fff910fe5c9 start + 1 c.f. https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK1%20(Tests)/r195620%20(10325)/fast/history/page-cache-webdatabase-no-transaction-db-crash-log.txt
Attachments
Patch (5.92 KB, patch)
2016-01-26 17:00 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews115 for mac-yosemite (868.04 KB, application/zip)
2016-01-26 17:52 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews100 for mac-yosemite (1.38 MB, application/zip)
2016-01-26 18:25 PST, Build Bot 		no flags
Details
Patch (5.84 KB, patch)
2016-01-26 18:57 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-01-26 16:37:32 PST
I think the issue is that DatabaseThread::hasPendingDatabaseActivity() is called from the main thread and accesses m_openDatabaseSet which is only meant to be accessed from the database thread. As a result, the database thread can alter m_openDatabaseSet while the main thread is iterating over it.
Chris Dumez
Comment 2 2016-01-26 16:52:40 PST
Committed r195638: <http://trac.webkit.org/changeset/195638>
Chris Dumez
Comment 3 2016-01-26 16:52:53 PST
Test temporarily skipped in <http://trac.webkit.org/changeset/195638>
Chris Dumez
Comment 4 2016-01-26 16:53:10 PST
Reopening as I did not land a fix yet.
Chris Dumez
Comment 5 2016-01-26 17:00:57 PST
Created attachment 269952 [details] Patch
Andreas Kling
Comment 6 2016-01-26 17:11:40 PST
Comment on attachment 269952 [details] Patch r=me
Build Bot
Comment 7 2016-01-26 17:52:27 PST
Comment on attachment 269952 [details] Patch Attachment 269952 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/743443 New failing tests: fast/history/page-cache-webdatabase-no-transaction-db.html
Build Bot
Comment 8 2016-01-26 17:52:30 PST
Created attachment 269962 [details] Archive of layout-test-results from ews115 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-yosemite Platform: Mac OS X 10.10.5
Build Bot
Comment 9 2016-01-26 18:25:08 PST
Comment on attachment 269952 [details] Patch Attachment 269952 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/743589 New failing tests: fast/history/page-cache-webdatabase-no-transaction-db.html
Build Bot
Comment 10 2016-01-26 18:25:11 PST
Created attachment 269965 [details] Archive of layout-test-results from ews100 for mac-yosemite The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-yosemite Platform: Mac OS X 10.10.5
Chris Dumez
Comment 11 2016-01-26 18:57:19 PST
Created attachment 269969 [details] Patch
WebKit Commit Bot
Comment 12 2016-01-26 19:45:17 PST
Comment on attachment 269969 [details] Patch Clearing flags on attachment: 269969 Committed r195652: <http://trac.webkit.org/changeset/195652>
WebKit Commit Bot
Comment 13 2016-01-26 19:45:21 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.