Bug 224845

Summary: ASSERTION FAILED: unwrapParamsOrException.exception().code() != ExistingExceptionError on http/wpt/preload/change-link-rel-attribute.html
Product: WebKit Reporter: Robert Jenner <jenner>
Component: New BugsAssignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, cdumez, jiewen_tan, mark.lam, sam, tsavell, webkit-bot-watchers-bugzilla, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=225315
Attachments:
Description Flags
Full crashlog
none
Patch none

Description Robert Jenner 2021-04-20 17:41:43 PDT 
http/wpt/preload/change-link-rel-attribute.html

is flakey crashing on BigSur wk2 Debug on Apple Silicon only. 

HISTORY:
https://results.webkit.org/?suite=layout-tests&test=http%2Fwpt%2Fpreload%2Fchange-link-rel-attribute.html

CRASH TEXT:
Thread 20 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x0000000132b512cc WTFCrash + 20 (Assertions.cpp:305)
1   com.apple.WebCore             	0x000000011292e830 WTFCrashWithInfo(int, char const*, char const*, int) + 32 (Assertions.h:671)
2   com.apple.WebCore             	0x0000000114ff0eb0 WebCore::SubtleCrypto::unwrapKey(JSC::JSGlobalObject&, WebCore::CryptoKeyFormat, WebCore::BufferSource&&, WebCore::CryptoKey&, WTF::Variant<JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>, WTF::String>&&, WTF::Variant<JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>, WTF::String>&&, bool, WTF::Vector<WebCore::CryptoKeyUsage, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) + 292 (SubtleCrypto.cpp:1071)
3   com.apple.WebCore             	0x00000001139b7fac WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()::operator()() const + 304 (JSSubtleCrypto.cpp:586)
4   com.apple.WebCore             	0x00000001139b7aa8 JSC::JSValue WebCore::toJS<WebCore::IDLPromise<WebCore::IDLInterface<WebCore::CryptoKey> >, WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()>(JSC::JSGlobalObject&, WebCore::JSDOMGlobalObject&, JSC::ThrowScope&, WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()&&) + 36 (JSDOMConvertBase.h:195)
5   com.apple.WebCore             	0x00000001139b7914 WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) + 2404 (JSSubtleCrypto.cpp:586)
6   com.apple.WebCore             	0x00000001139b6f9c long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::'lambda'(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::operator()(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) const + 492 (JSDOMOperationReturningPromise.h:52)
7   com.apple.WebCore             	0x00000001139b6c80 JSC::JSValue WebCore::callPromiseFunction<long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::'lambda'(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)>(JSC::JSGlobalObject&, JSC::CallFrame&, &(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&))) + 352 (JSDOMPromiseDeferred.h:337)
8   com.apple.WebCore             	0x00000001139b6b08 long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 48 (JSDOMOperationReturningPromise.h:41)
9   com.apple.WebCore             	0x00000001139aa4fc WebCore::jsSubtleCryptoPrototypeFunction_unwrapKey(JSC::JSGlobalObject*, JSC::CallFrame*) + 40 (JSSubtleCrypto.cpp:591)
10  ???                           	0x00000002800414dc 0 + 10737685724
11  ???                           	0x00000002800052dc 0 + 10737439452
12  com.apple.JavaScriptCore      	0x00000001330bf8c8 llint_entry + 145912
13  com.apple.JavaScriptCore      	0x000000013309bbe8 vmEntryToJavaScript + 264
14  com.apple.JavaScriptCore      	0x0000000133f5b364 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 212 (JITCodeInlines.h:42)
15  com.apple.JavaScriptCore      	0x0000000133f5b994 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1392 (Interpreter.cpp:902)
16  com.apple.JavaScriptCore      	0x00000001342e90d4 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 236 (CallData.cpp:57)
17  com.apple.JavaScriptCore      	0x00000001342e93c4 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 132 (CallData.cpp:78)
18  com.apple.JavaScriptCore      	0x0000000134581764 JSC::JSMicrotask::run(JSC::JSGlobalObject*) + 524 (JSMicrotask.cpp:93)
19  com.apple.WebCore             	0x0000000114def058 WebCore::JSExecState::runTask(JSC::JSGlobalObject*, JSC::Microtask&) + 64 (JSExecState.h:91)
20  com.apple.WebCore             	0x0000000114df6654 WebCore::JSMicrotaskCallback::call() + 216 (JSMicrotaskCallback.h:46)
21  com.apple.WebCore             	0x0000000114ef2e64 WebCore::JSWorkerGlobalScopeBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask> >&&)::$_0::operator()() + 28 (JSWorkerGlobalScopeBase.cpp:150)
22  com.apple.WebCore             	0x0000000114ef2d60 WTF::Detail::CallableWrapper<WebCore::JSWorkerGlobalScopeBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask> >&&)::$_0, void>::call() + 28 (Function.h:52)
23  com.apple.WebCore             	0x0000000114db04ec WTF::Function<void ()>::operator()() const + 124 (Function.h:83)
24  com.apple.WebCore             	0x000000011558c364 WebCore::EventLoopFunctionDispatchTask::execute() + 28 (EventLoop.cpp:159)
25  com.apple.WebCore             	0x00000001155d807c WebCore::MicrotaskQueue::performMicrotaskCheckpoint() + 344 (Microtasks.cpp:64)
26  com.apple.WebCore             	0x0000000115580dac WebCore::EventLoop::performMicrotaskCheckpoint() + 40 (EventLoop.cpp:51)
27  com.apple.WebCore             	0x0000000115582340 WebCore::EventLoopTaskGroup::performMicrotaskCheckpoint() + 60 (EventLoop.cpp:180)
28  com.apple.WebCore             	0x0000000114d92890 WebCore::JSExecState::didLeaveScriptContext(JSC::JSGlobalObject*) + 64 (JSExecState.cpp:42)
29  com.apple.WebCore             	0x0000000114da348c WebCore::JSExecState::~JSExecState() + 220 (JSExecState.h:143)
30  com.apple.WebCore             	0x0000000114e60e80 WebCore::JSExecState::~JSExecState() + 32 (JSExecState.h:132)
31  com.apple.WebCore             	0x0000000114e3fca4 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 100 (JSExecState.h:80)
32  com.apple.WebCore             	0x000000011771730c WebCore::WorkerOrWorkletScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::NakedPtr<JSC::Exception>&, WTF::String*) + 200 (WorkerOrWorkletScriptController.cpp:231)
33  com.apple.WebCore             	0x000000011771f658 WebCore::WorkerOrWorkletScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::String*) + 104 (WorkerOrWorkletScriptController.cpp:209)
34  com.apple.WebCore             	0x0000000117765314 WebCore::WorkerThread::evaluateScriptIfNecessary(WTF::String&) + 268 (WorkerThread.cpp:132)
35  com.apple.WebCore             	0x0000000117722d34 WebCore::WorkerOrWorkletThread::workerOrWorkletThread() + 364 (WorkerOrWorkletThread.cpp:139)
36  com.apple.WebCore             	0x0000000117775bd8 WebCore::WorkerThread::createThread()::$_0::operator()() const + 28 (WorkerThread.cpp:109)
37  com.apple.WebCore             	0x0000000117775b54 WTF::Detail::CallableWrapper<WebCore::WorkerThread::createThread()::$_0, void>::call() + 28 (Function.h:52)
38  com.apple.JavaScriptCore      	0x0000000132b796a0 WTF::Function<void ()>::operator()() const + 124 (Function.h:83)
39  com.apple.JavaScriptCore      	0x0000000132c3cdc0 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 388 (Threading.cpp:183)
40  com.apple.JavaScriptCore      	0x0000000132c4b340 WTF::wtfThreadEntryPoint(void*) + 24 (ThreadingPOSIX.cpp:241)
41  libsystem_pthread.dylib       	0x0000000195abe06c _pthread_start + 320
42  libsystem_pthread.dylib       	0x0000000195ab8da0 thread_start + 8
Comment 1 Robert Jenner 2021-04-20 17:42:29 PDT 
Created attachment 426624 [details]
Full crashlog

Attaching full crashlog to bug.
Comment 2 Robert Jenner 2021-04-20 17:49:36 PDT 
Crash appears to be very flakey, and has only occurred four times. The first occurrence was at r276315. Crashes only occur on Apple Silicon Macs, and as such I cannot reproduce the crash because I do not have access to said system. 

I have gone ahead and updated the test expectations to Pass Crash here:
https://trac.webkit.org/changeset/276337/webkit
Comment 3 Radar WebKit Bug Importer 2021-04-20 17:51:13 PDT 
<rdar://problem/76928843>
Comment 4 Alexey Proskuryakov 2021-04-21 16:57:42 PDT 
This test doesn't use WebCrypto, so this comes from one of preceding tests, as the worker thread continues to run after navigation.
Comment 5 Truitt Savell 2021-05-04 15:16:56 PDT 
I took a look at the list of tests that runs before this one. http/wpt/crypto/ tests run directly before and may have something to do with it. I have been unable to reproduce this though today.
Comment 6 youenn fablet 2021-05-05 01:29:25 PDT 
Test run just before changelink-rel-attribute.html is http/wpt/crypto/unwrap-rsa-key-crash.any.worker.html, which exercises that code path.
Comment 7 youenn fablet 2021-05-05 01:31:33 PDT 
Looking at the code, the debug assert is: ASSERT(unwrapParamsOrException.exception().code() != ExistingExceptionError);
After calling normalizeCryptoAlgorithmParameters.
normalizeCryptoAlgorithmParameters can return ExistingExceptionError if a dictionary conversion fails, which is possible, say parameters are bad or maybe worker is being terminated.
Comment 8 youenn fablet 2021-05-05 01:34:29 PDT 
Created attachment 427742 [details]
Patch
Comment 9 Alexey Proskuryakov 2021-05-05 12:50:08 PDT 
*** Bug 225315 has been marked as a duplicate of this bug. ***
Comment 10 youenn fablet 2021-05-18 00:29:16 PDT 
Ping review
Comment 11 Mark Lam 2021-05-18 10:10:51 PDT 
Comment on attachment 427742 [details]
Patch

Seems reasonable to me.
Comment 12 EWS 2021-05-19 05:16:33 PDT 
Committed r277718 (237897@main): <https://commits.webkit.org/237897@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 427742 [details].
Comment 13 Robert Jenner 2021-05-19 17:22:51 PDT 
Prior test expectations have been removed here:
https://trac.webkit.org/changeset/277764/webkit