Bug 223098

Summary: REGRESSION (r274286): [ macOS/iOS debug wk2 ] 2 storage/indexeddb layout-tests are crashing
Product: WebKit Reporter: Robert Jenner <jenner>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Full Crashlogs for crashing tests. none

Robert Jenner
Reported 2021-03-11 16:03:13 PST
storage/indexeddb/modern/opendatabase-after-storage-crash.html storage/indexeddb/IDBObject-leak.html Are crashing in macOS and iOS simulator debug wk2. This test may also be part of this, but it's flaky crashing only on macOS wk2 Debug: storage/indexeddb/cursor-update.html HISTORY URL: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=layout-tests&test=storage%2Findexeddb%2FIDBObject-leak.html&test=storage%2Findexeddb%2Fcursor-update.html&test=storage%2Findexeddb%2Fmodern%2Fopendatabase-after-storage-crash.html CRASH TEXT: Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00000003b305844e WTFCrash + 14 (Assertions.cpp:295) 1 com.apple.WebCore 0x0000000390b59a7b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671) 2 com.apple.WebCore 0x00000003935561af WebCore::JSEventListener::ensureJSFunction(WebCore::ScriptExecutionContext&) const + 639 (JSEventListener.h:128) 3 com.apple.WebCore 0x00000003935554f4 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 212 (JSEventListener.cpp:117) 4 com.apple.WebCore 0x0000000393cf6d77 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1063 (EventTarget.cpp:344) 5 com.apple.WebCore 0x0000000393cf67d4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 356 (EventTarget.cpp:276) 6 com.apple.WebCore 0x0000000393cc8ce9 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 409 (EventContext.cpp:75) 7 com.apple.WebCore 0x0000000393cc9e17 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 375 (EventDispatcher.cpp:107) 8 com.apple.WebCore 0x0000000393cca222 void WebCore::dispatchEventWithType<WebCore::EventTarget>(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::Event&) + 338 (EventDispatcher.cpp:225) 9 com.apple.WebCore 0x0000000393cca0bd WebCore::EventDispatcher::dispatchEvent(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::Event&) + 29 (EventDispatcher.cpp:231) 10 com.apple.WebCore 0x0000000392a31c5e WebCore::IDBRequest::dispatchEvent(WebCore::Event&) + 910 (IDBRequest.cpp:318) 11 com.apple.WebCore 0x0000000393b33b03 WebCore::ActiveDOMObjectEventDispatchTask::execute() + 99 (ActiveDOMObject.cpp:161) 12 com.apple.WebCore 0x0000000393cf02f5 WebCore::EventLoop::run() + 373 (EventLoop.cpp:123) 13 com.apple.WebCore 0x0000000393e856dc WebCore::WindowEventLoop::didReachTimeToRun() + 44 (WindowEventLoop.cpp:120) 14 com.apple.WebCore 0x0000000393e8a827 decltype(*(std::__1::forward<WebCore::WindowEventLoop*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&, void>(void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&) + 119 (type_traits:3486) 15 com.apple.WebCore 0x0000000393e8a7a0 std::__1::__bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, 0ul, std::__1::tuple<> >(void (WebCore::WindowEventLoop::*&)(), std::__1::tuple<WebCore::WindowEventLoop*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64 (functional:2845) 16 com.apple.WebCore 0x0000000393e8a759 std::__1::__bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*>::operator()<>() + 41 (functional:2878) 17 com.apple.WebCore 0x0000000393e8a6de WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*>, void>::call() + 30 (Function.h:52) 18 com.apple.WebCore 0x0000000390b6ea62 WTF::Function<void ()>::operator()() const + 130 (Function.h:83) 19 com.apple.WebCore 0x0000000390bb1d3e WebCore::Timer::fired() + 30 (Timer.h:136) 20 com.apple.WebCore 0x0000000394d9add4 WebCore::ThreadTimers::sharedTimerFiredInternal() + 644 (ThreadTimers.cpp:127) 21 com.apple.WebCore 0x0000000394da52d1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:67) 22 com.apple.WebCore 0x0000000394da525e WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() + 30 (Function.h:52) 23 com.apple.WebCore 0x0000000390b6ea62 WTF::Function<void ()>::operator()() const + 130 (Function.h:83) 24 com.apple.WebCore 0x0000000394d5288b WebCore::MainThreadSharedTimer::fired() + 139 (MainThreadSharedTimer.cpp:83) 25 com.apple.WebCore 0x0000000394e22fa6 WebCore::timerFired(__CFRunLoopTimer*, void*) + 38 (MainThreadSharedTimerCF.cpp:85) 26 com.apple.CoreFoundation 0x00007fff2048690d __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 27 com.apple.CoreFoundation 0x00007fff204863e8 __CFRunLoopDoTimer + 922 28 com.apple.CoreFoundation 0x00007fff20485f42 __CFRunLoopDoTimers + 307 29 com.apple.CoreFoundation 0x00007fff2046c57f __CFRunLoopRun + 2008 30 com.apple.CoreFoundation 0x00007fff2046b6ce CFRunLoopRunSpecific + 563 31 com.apple.Foundation 0x00007fff211f8fa1 0x7fff21199000 + 393121 32 com.apple.Foundation 0x00007fff21287384 0x7fff21199000 + 975748 33 libxpc.dylib 0x00007fff200c23dd 0x7fff200ad000 + 87005 34 libxpc.dylib 0x00007fff200c1e65 0x7fff200ad000 + 85605 35 com.apple.WebKit 0x0000000380dd7b2c WebKit::XPCServiceMain(int, char const**) + 1020 (XPCServiceMain.mm:207) 36 com.apple.WebKit 0x000000038241786b WKXPCServiceMain + 27 (WKMain.mm:33) 37 com.apple.WebKit.WebContent 0x0000000104f09ea2 main + 34 (AuxiliaryProcessMain.cpp:30) 38 libdyld.dylib 0x00007fff20390621 0x7fff2037b000 + 87585 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x00000000bbadbeef rbx: 0x00007f92ee013078 rcx: 0x00000003b5c8d440 rdx: 0x12c7374a86d3009f rdi: 0x00007ffeeacf6888 rsi: 0x0000000000000000 rbp: 0x00007ffeeacf69e0 rsp: 0x00007ffeeacf69e0 r8: 0x00000000000130a8 r9: 0x00007fff889d50e8 r10: 0x0000000000000000 r11: 0x00000000ffffff00 r12: 0x00007f92ef1047d0 r13: 0x00007f92ef0106d8 r14: 0x00007f92ef0106c0 r15: 0x0000000394e22f80 rip: 0x00000003b305844e rfl: 0x0000000000010202 cr2: 0x00000000bbadbeef Logical CPU: 11 Error Code: 0x00000006 (no mapping for user data write) Trap Number: 14
Attachments
Full Crashlogs for crashing tests. (72.30 KB, application/zip)
2021-03-11 16:05 PST, Robert Jenner 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Robert Jenner
Comment 1 2021-03-11 16:05:04 PST
Created attachment 422985 [details] Full Crashlogs for crashing tests. Attaching full crashlogs for three crashing tests.
Robert Jenner
Comment 2 2021-03-11 17:16:33 PST
Was able to reproduce both test crashes using the following test: run-webkit-test storage/indexeddb/modern/opendatabase-after-storage-crash.html --iterations 100 --debug --child-process=1 Crashes reproduced at tip of tree, and at r274286, but not at r274284. It appears the the crashing started at revision r274286: https://trac.webkit.org/changeset/274286/webkit
Radar WebKit Bug Importer
Comment 3 2021-03-11 18:01:14 PST
<rdar://problem/75342646>
Chris Dumez
Comment 4 2021-03-12 10:44:05 PST
<https://commits.webkit.org/r274363>
Ryan Haddad
Comment 5 2021-03-12 10:48:44 PST
For posterity: These tests: storage/indexeddb/modern/opendatabase-after-storage-crash.html storage/indexeddb/IDBObject-leak.html were failing this assert ASSERTION FAILED: !m_impl || m_impl->wasConstructedOnMainThread() == isMainThread() /Volumes/Data/worker/bigsur-debug/build/WebKitBuild/Debug/usr/local/include/wtf/WeakPtr.h(107) : T *WTF::WeakPtr<WebKit::StorageArea, WTF::EmptyCounter>::operator->() const [T = WebKit::StorageArea, Counter = WTF::EmptyCounter] The crashlog pasted in the description is for storage/indexeddb/cursor-update.html, which appears to be a flaky crash unrelated to the blamed revision.
Note You need to log in before you can comment on or make changes to this bug.