Bug 223098

Summary: REGRESSION (r274286): [ macOS/iOS debug wk2 ] 2 storage/indexeddb layout-tests are crashing
Product: WebKit Reporter: Robert Jenner <jenner>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Full Crashlogs for crashing tests. none

Description Robert Jenner 2021-03-11 16:03:13 PST 
storage/indexeddb/modern/opendatabase-after-storage-crash.html
storage/indexeddb/IDBObject-leak.html

Are crashing in macOS and iOS simulator debug wk2. 


This test may also be part of this, but it's flaky crashing only on macOS wk2 Debug:
storage/indexeddb/cursor-update.html


HISTORY URL:
https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=layout-tests&test=storage%2Findexeddb%2FIDBObject-leak.html&test=storage%2Findexeddb%2Fcursor-update.html&test=storage%2Findexeddb%2Fmodern%2Fopendatabase-after-storage-crash.html

CRASH TEXT:
Thread 0 Crashed:
0   com.apple.JavaScriptCore      	0x00000003b305844e WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebCore             	0x0000000390b59a7b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671)
2   com.apple.WebCore             	0x00000003935561af WebCore::JSEventListener::ensureJSFunction(WebCore::ScriptExecutionContext&) const + 639 (JSEventListener.h:128)
3   com.apple.WebCore             	0x00000003935554f4 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 212 (JSEventListener.cpp:117)
4   com.apple.WebCore             	0x0000000393cf6d77 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1063 (EventTarget.cpp:344)
5   com.apple.WebCore             	0x0000000393cf67d4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 356 (EventTarget.cpp:276)
6   com.apple.WebCore             	0x0000000393cc8ce9 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 409 (EventContext.cpp:75)
7   com.apple.WebCore             	0x0000000393cc9e17 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 375 (EventDispatcher.cpp:107)
8   com.apple.WebCore             	0x0000000393cca222 void WebCore::dispatchEventWithType<WebCore::EventTarget>(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::Event&) + 338 (EventDispatcher.cpp:225)
9   com.apple.WebCore             	0x0000000393cca0bd WebCore::EventDispatcher::dispatchEvent(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::Event&) + 29 (EventDispatcher.cpp:231)
10  com.apple.WebCore             	0x0000000392a31c5e WebCore::IDBRequest::dispatchEvent(WebCore::Event&) + 910 (IDBRequest.cpp:318)
11  com.apple.WebCore             	0x0000000393b33b03 WebCore::ActiveDOMObjectEventDispatchTask::execute() + 99 (ActiveDOMObject.cpp:161)
12  com.apple.WebCore             	0x0000000393cf02f5 WebCore::EventLoop::run() + 373 (EventLoop.cpp:123)
13  com.apple.WebCore             	0x0000000393e856dc WebCore::WindowEventLoop::didReachTimeToRun() + 44 (WindowEventLoop.cpp:120)
14  com.apple.WebCore             	0x0000000393e8a827 decltype(*(std::__1::forward<WebCore::WindowEventLoop*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&, void>(void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&) + 119 (type_traits:3486)
15  com.apple.WebCore             	0x0000000393e8a7a0 std::__1::__bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, 0ul, std::__1::tuple<> >(void (WebCore::WindowEventLoop::*&)(), std::__1::tuple<WebCore::WindowEventLoop*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64 (functional:2845)
16  com.apple.WebCore             	0x0000000393e8a759 std::__1::__bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*>::operator()<>() + 41 (functional:2878)
17  com.apple.WebCore             	0x0000000393e8a6de WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*>, void>::call() + 30 (Function.h:52)
18  com.apple.WebCore             	0x0000000390b6ea62 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
19  com.apple.WebCore             	0x0000000390bb1d3e WebCore::Timer::fired() + 30 (Timer.h:136)
20  com.apple.WebCore             	0x0000000394d9add4 WebCore::ThreadTimers::sharedTimerFiredInternal() + 644 (ThreadTimers.cpp:127)
21  com.apple.WebCore             	0x0000000394da52d1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:67)
22  com.apple.WebCore             	0x0000000394da525e WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() + 30 (Function.h:52)
23  com.apple.WebCore             	0x0000000390b6ea62 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
24  com.apple.WebCore             	0x0000000394d5288b WebCore::MainThreadSharedTimer::fired() + 139 (MainThreadSharedTimer.cpp:83)
25  com.apple.WebCore             	0x0000000394e22fa6 WebCore::timerFired(__CFRunLoopTimer*, void*) + 38 (MainThreadSharedTimerCF.cpp:85)
26  com.apple.CoreFoundation      	0x00007fff2048690d __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
27  com.apple.CoreFoundation      	0x00007fff204863e8 __CFRunLoopDoTimer + 922
28  com.apple.CoreFoundation      	0x00007fff20485f42 __CFRunLoopDoTimers + 307
29  com.apple.CoreFoundation      	0x00007fff2046c57f __CFRunLoopRun + 2008
30  com.apple.CoreFoundation      	0x00007fff2046b6ce CFRunLoopRunSpecific + 563
31  com.apple.Foundation          	0x00007fff211f8fa1 0x7fff21199000 + 393121
32  com.apple.Foundation          	0x00007fff21287384 0x7fff21199000 + 975748
33  libxpc.dylib                  	0x00007fff200c23dd 0x7fff200ad000 + 87005
34  libxpc.dylib                  	0x00007fff200c1e65 0x7fff200ad000 + 85605
35  com.apple.WebKit              	0x0000000380dd7b2c WebKit::XPCServiceMain(int, char const**) + 1020 (XPCServiceMain.mm:207)
36  com.apple.WebKit              	0x000000038241786b WKXPCServiceMain + 27 (WKMain.mm:33)
37  com.apple.WebKit.WebContent   	0x0000000104f09ea2 main + 34 (AuxiliaryProcessMain.cpp:30)
38  libdyld.dylib                 	0x00007fff20390621 0x7fff2037b000 + 87585

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x00000000bbadbeef  rbx: 0x00007f92ee013078  rcx: 0x00000003b5c8d440  rdx: 0x12c7374a86d3009f
  rdi: 0x00007ffeeacf6888  rsi: 0x0000000000000000  rbp: 0x00007ffeeacf69e0  rsp: 0x00007ffeeacf69e0
   r8: 0x00000000000130a8   r9: 0x00007fff889d50e8  r10: 0x0000000000000000  r11: 0x00000000ffffff00
  r12: 0x00007f92ef1047d0  r13: 0x00007f92ef0106d8  r14: 0x00007f92ef0106c0  r15: 0x0000000394e22f80
  rip: 0x00000003b305844e  rfl: 0x0000000000010202  cr2: 0x00000000bbadbeef
  
Logical CPU:     11
Error Code:      0x00000006 (no mapping for user data write)
Trap Number:     14
Comment 1 Robert Jenner 2021-03-11 16:05:04 PST 
Created attachment 422985 [details]
Full Crashlogs for crashing tests.

Attaching full crashlogs for three crashing tests.
Comment 2 Robert Jenner 2021-03-11 17:16:33 PST 
Was able to reproduce both test crashes using the following test:


run-webkit-test storage/indexeddb/modern/opendatabase-after-storage-crash.html --iterations 100 --debug --child-process=1


Crashes reproduced at tip of tree, and at r274286, but not at r274284.

It appears the the crashing started at revision r274286:
https://trac.webkit.org/changeset/274286/webkit
Comment 3 Radar WebKit Bug Importer 2021-03-11 18:01:14 PST 
<rdar://problem/75342646>
Comment 4 Chris Dumez 2021-03-12 10:44:05 PST 
 <https://commits.webkit.org/r274363>
Comment 5 Ryan Haddad 2021-03-12 10:48:44 PST 
For posterity:

These tests:
storage/indexeddb/modern/opendatabase-after-storage-crash.html
storage/indexeddb/IDBObject-leak.html

were failing this assert

ASSERTION FAILED: !m_impl || m_impl->wasConstructedOnMainThread() == isMainThread()
/Volumes/Data/worker/bigsur-debug/build/WebKitBuild/Debug/usr/local/include/wtf/WeakPtr.h(107) : T *WTF::WeakPtr<WebKit::StorageArea, WTF::EmptyCounter>::operator->() const [T = WebKit::StorageArea, Counter = WTF::EmptyCounter]


The crashlog pasted in the description is for storage/indexeddb/cursor-update.html, which appears to be a flaky crash unrelated to the blamed revision.