Bug 157984
| Summary: | REGRESSION(r201188): ASSERTION FAILED: !m_queuedTaskCount in WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Carlos Garcia Campos <cgarcia> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, ap, beidson, bugs-noreply, clopez, ryanhaddad |
| Priority: | P2 | Keywords: | LayoutTestFailure, Regression |
| Version: | WebKit Local Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Carlos Garcia Campos
After r201188 several IndexedDB tests started to crash due to an assert in GTK+ debug bot.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Carlos Garcia Campos
Full bt, form the GTK+ bot:
STDERR: ASSERTION FAILED: !m_queuedTaskCount
STDERR: ../../Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp(68) : WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase()
STDERR: 1 0x7f31ee1bae45 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7f31ee1bae45]
STDERR: 2 0x7f31f4a249b6 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase()+0x21e) [0x7f31f4a249b6]
STDERR: 3 0x7f31f42ca72d /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WTF::ThreadSafeRefCounted<WebCore::IDBServer::UniqueIDBDatabase>::deref()+0x2f) [0x7f31f42ca72d]
STDERR: 4 0x7f31f42d33c7 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(void WTF::derefIfNotNull<WebCore::IDBServer::UniqueIDBDatabase>(WebCore::IDBServer::UniqueIDBDatabase*)+0x28) [0x7f31f42d33c7]
STDERR: 5 0x7f31f42d2485 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WTF::RefPtr<WebCore::IDBServer::UniqueIDBDatabase>::~RefPtr()+0x2f) [0x7f31f42d2485]
STDERR: 6 0x7f31f4a2e046 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired()+0x3e4) [0x7f31f4a2e046]
STDERR: 7 0x7f31f4a57ae7 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(void std::_Mem_fn<void (WebCore::IDBServer::UniqueIDBDatabase::*)()>::operator()<, void>(WebCore::IDBServer::UniqueIDBDatabase*) const+0x65) [0x7f31f4a57ae7]
STDERR: 8 0x7f31f4a535c8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(void std::_Bind<std::_Mem_fn<void (WebCore::IDBServer::UniqueIDBDatabase::*)()> (WebCore::IDBServer::UniqueIDBDatabase*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)+0x48) [0x7f31f4a535c8]
STDERR: 9 0x7f31f4a4d05c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(void std::_Bind<std::_Mem_fn<void (WebCore::IDBServer::UniqueIDBDatabase::*)()> (WebCore::IDBServer::UniqueIDBDatabase*)>::operator()<, void>()+0x2a) [0x7f31f4a4d05c]
STDERR: 10 0x7f31f4a41acd /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::IDBServer::UniqueIDBDatabase::*)()> (WebCore::IDBServer::UniqueIDBDatabase*)> >::_M_invoke(std::_Any_data const&)+0x20) [0x7f31f4a41acd]
STDERR: 11 0x7f31f42c7a1c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(std::function<void ()>::operator()() const+0x32) [0x7f31f42c7a1c]
STDERR: 12 0x7f31f4313a26 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::Timer::fired()+0x1c) [0x7f31f4313a26]
STDERR: 13 0x7f31f573710f /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::ThreadTimers::sharedTimerFiredInternal()+0x157) [0x7f31f573710f]
STDERR: 14 0x7f31f5736d2d /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x631fd2d) [0x7f31f5736d2d]
STDERR: 15 0x7f31f57372fd /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x63202fd) [0x7f31f57372fd]
STDERR: 16 0x7f31f42c7a1c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(std::function<void ()>::operator()() const+0x32) [0x7f31f42c7a1c]
STDERR: 17 0x7f31f5719c53 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::MainThreadSharedTimer::fired()+0x57) [0x7f31f5719c53]
STDERR: 18 0x7f31f5719ebc /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WTF::RunLoop::Timer<WebCore::MainThreadSharedTimer>::fired()+0x66) [0x7f31f5719ebc]
STDERR: 19 0x7f31ee210265 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x21e7265) [0x7f31ee210265]
STDERR: 20 0x7f31ee2102a1 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x21e72a1) [0x7f31ee2102a1]
STDERR: 21 0x7f31ee20f8a8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x21e68a8) [0x7f31ee20f8a8]
STDERR: 22 0x7f31ee20f8d7 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x21e68d7) [0x7f31ee20f8d7]
STDERR: 23 0x7f31e91d4a26 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0(+0x53a26) [0x7f31e91d4a26]
STDERR: 24 0x7f31e91d5854 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7f31e91d5854]
STDERR: 25 0x7f31e91d5a39 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0(+0x54a39) [0x7f31e91d5a39]
STDERR: 26 0x7f31e91d5e60 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0(g_main_loop_run+0x1d7) [0x7f31e91d5e60]
STDERR: 27 0x7f31ee20fea8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTF::RunLoop::run()+0xac) [0x7f31ee20fea8]
STDERR: 28 0x7f31f4764818 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(int WebKit::ChildProcessMain<WebKit::DatabaseProcess, WebKit::DatabaseProcessMain>(int, char**)+0x82) [0x7f31f4764818]
STDERR: 29 0x7f31f47645f2 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(DatabaseProcessMainUnix+0x20) [0x7f31f47645f2]
STDERR: 30 0x400ca6 /home/slave/webkitgtk/gtk-linux-64-debug-tests/build/WebKitBuild/Debug/bin/WebKitDatabaseProcess(main+0x20) [0x400ca6]
STDERR: 31 0x7f31e584fb45 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f31e584fb45]
Brady Eidson
Well, before r201188 this was a use-after-free, so that's progress.
Super curious that only the GTK bots are seeing this - It hasn't shown on the Mac/iOS bots at all.
Alexey Proskuryakov
Here is a Mac instance:
https://build.webkit.org/results/Apple%20Yosemite%20Debug%20WK2%20(Tests)/r201392%20(12386)/imported/w3c/web-platform-tests/IndexedDB/idbcursor-key-crash-log.txt
Carlos Garcia Campos
Something similar happened with the fix in r201997, in this case the assertion is isMainThread() also in the ~UniqueIDBDatabase() destructor. If we take a ref in the secondary thread because the call to performTask() can remove the last ref, it means that in such case, the object is going to be deleted in the secondary thread.
Carlos Garcia Campos
hmm, this is a different issue, because replies happen in the main thread.
Ryan Haddad
Just saw this assertion with imported/w3c/web-platform-tests/IndexedDB/idbcursor-direction-index-keyrange.htm here:
https://build.webkit.org/results/Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/r210021%20(10082)/results.html
Brady Eidson
(In reply to comment #6)
> Just saw this assertion with
> imported/w3c/web-platform-tests/IndexedDB/idbcursor-direction-index-keyrange.
> htm here:
> https://build.webkit.org/results/
> Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/r210021%20(10082)/results.html
I don't know what was happening before with GTK seeing this, but it makes some amount of sense now with the way I added prefetch.
I'll take a look soon.