Bug 224845

Summary: ASSERTION FAILED: unwrapParamsOrException.exception().code() != ExistingExceptionError on http/wpt/preload/change-link-rel-attribute.html
Product: WebKit Reporter: Robert Jenner <jenner>
Component: New BugsAssignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, cdumez, jiewen_tan, mark.lam, sam, tsavell, webkit-bot-watchers-bugzilla, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=225315
Attachments:
Description Flags
Full crashlog
none
Patch none

Robert Jenner
Reported 2021-04-20 17:41:43 PDT
http/wpt/preload/change-link-rel-attribute.html is flakey crashing on BigSur wk2 Debug on Apple Silicon only. HISTORY: https://results.webkit.org/?suite=layout-tests&test=http%2Fwpt%2Fpreload%2Fchange-link-rel-attribute.html CRASH TEXT: Thread 20 Crashed:: WebCore: Worker 0 com.apple.JavaScriptCore 0x0000000132b512cc WTFCrash + 20 (Assertions.cpp:305) 1 com.apple.WebCore 0x000000011292e830 WTFCrashWithInfo(int, char const*, char const*, int) + 32 (Assertions.h:671) 2 com.apple.WebCore 0x0000000114ff0eb0 WebCore::SubtleCrypto::unwrapKey(JSC::JSGlobalObject&, WebCore::CryptoKeyFormat, WebCore::BufferSource&&, WebCore::CryptoKey&, WTF::Variant<JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>, WTF::String>&&, WTF::Variant<JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>, WTF::String>&&, bool, WTF::Vector<WebCore::CryptoKeyUsage, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) + 292 (SubtleCrypto.cpp:1071) 3 com.apple.WebCore 0x00000001139b7fac WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()::operator()() const + 304 (JSSubtleCrypto.cpp:586) 4 com.apple.WebCore 0x00000001139b7aa8 JSC::JSValue WebCore::toJS<WebCore::IDLPromise<WebCore::IDLInterface<WebCore::CryptoKey> >, WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()>(JSC::JSGlobalObject&, WebCore::JSDOMGlobalObject&, JSC::ThrowScope&, WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()&&) + 36 (JSDOMConvertBase.h:195) 5 com.apple.WebCore 0x00000001139b7914 WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) + 2404 (JSSubtleCrypto.cpp:586) 6 com.apple.WebCore 0x00000001139b6f9c long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::'lambda'(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::operator()(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) const + 492 (JSDOMOperationReturningPromise.h:52) 7 com.apple.WebCore 0x00000001139b6c80 JSC::JSValue WebCore::callPromiseFunction<long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::'lambda'(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)>(JSC::JSGlobalObject&, JSC::CallFrame&, &(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&))) + 352 (JSDOMPromiseDeferred.h:337) 8 com.apple.WebCore 0x00000001139b6b08 long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 48 (JSDOMOperationReturningPromise.h:41) 9 com.apple.WebCore 0x00000001139aa4fc WebCore::jsSubtleCryptoPrototypeFunction_unwrapKey(JSC::JSGlobalObject*, JSC::CallFrame*) + 40 (JSSubtleCrypto.cpp:591) 10 ??? 0x00000002800414dc 0 + 10737685724 11 ??? 0x00000002800052dc 0 + 10737439452 12 com.apple.JavaScriptCore 0x00000001330bf8c8 llint_entry + 145912 13 com.apple.JavaScriptCore 0x000000013309bbe8 vmEntryToJavaScript + 264 14 com.apple.JavaScriptCore 0x0000000133f5b364 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 212 (JITCodeInlines.h:42) 15 com.apple.JavaScriptCore 0x0000000133f5b994 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1392 (Interpreter.cpp:902) 16 com.apple.JavaScriptCore 0x00000001342e90d4 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 236 (CallData.cpp:57) 17 com.apple.JavaScriptCore 0x00000001342e93c4 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 132 (CallData.cpp:78) 18 com.apple.JavaScriptCore 0x0000000134581764 JSC::JSMicrotask::run(JSC::JSGlobalObject*) + 524 (JSMicrotask.cpp:93) 19 com.apple.WebCore 0x0000000114def058 WebCore::JSExecState::runTask(JSC::JSGlobalObject*, JSC::Microtask&) + 64 (JSExecState.h:91) 20 com.apple.WebCore 0x0000000114df6654 WebCore::JSMicrotaskCallback::call() + 216 (JSMicrotaskCallback.h:46) 21 com.apple.WebCore 0x0000000114ef2e64 WebCore::JSWorkerGlobalScopeBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask> >&&)::$_0::operator()() + 28 (JSWorkerGlobalScopeBase.cpp:150) 22 com.apple.WebCore 0x0000000114ef2d60 WTF::Detail::CallableWrapper<WebCore::JSWorkerGlobalScopeBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask> >&&)::$_0, void>::call() + 28 (Function.h:52) 23 com.apple.WebCore 0x0000000114db04ec WTF::Function<void ()>::operator()() const + 124 (Function.h:83) 24 com.apple.WebCore 0x000000011558c364 WebCore::EventLoopFunctionDispatchTask::execute() + 28 (EventLoop.cpp:159) 25 com.apple.WebCore 0x00000001155d807c WebCore::MicrotaskQueue::performMicrotaskCheckpoint() + 344 (Microtasks.cpp:64) 26 com.apple.WebCore 0x0000000115580dac WebCore::EventLoop::performMicrotaskCheckpoint() + 40 (EventLoop.cpp:51) 27 com.apple.WebCore 0x0000000115582340 WebCore::EventLoopTaskGroup::performMicrotaskCheckpoint() + 60 (EventLoop.cpp:180) 28 com.apple.WebCore 0x0000000114d92890 WebCore::JSExecState::didLeaveScriptContext(JSC::JSGlobalObject*) + 64 (JSExecState.cpp:42) 29 com.apple.WebCore 0x0000000114da348c WebCore::JSExecState::~JSExecState() + 220 (JSExecState.h:143) 30 com.apple.WebCore 0x0000000114e60e80 WebCore::JSExecState::~JSExecState() + 32 (JSExecState.h:132) 31 com.apple.WebCore 0x0000000114e3fca4 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 100 (JSExecState.h:80) 32 com.apple.WebCore 0x000000011771730c WebCore::WorkerOrWorkletScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::NakedPtr<JSC::Exception>&, WTF::String*) + 200 (WorkerOrWorkletScriptController.cpp:231) 33 com.apple.WebCore 0x000000011771f658 WebCore::WorkerOrWorkletScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::String*) + 104 (WorkerOrWorkletScriptController.cpp:209) 34 com.apple.WebCore 0x0000000117765314 WebCore::WorkerThread::evaluateScriptIfNecessary(WTF::String&) + 268 (WorkerThread.cpp:132) 35 com.apple.WebCore 0x0000000117722d34 WebCore::WorkerOrWorkletThread::workerOrWorkletThread() + 364 (WorkerOrWorkletThread.cpp:139) 36 com.apple.WebCore 0x0000000117775bd8 WebCore::WorkerThread::createThread()::$_0::operator()() const + 28 (WorkerThread.cpp:109) 37 com.apple.WebCore 0x0000000117775b54 WTF::Detail::CallableWrapper<WebCore::WorkerThread::createThread()::$_0, void>::call() + 28 (Function.h:52) 38 com.apple.JavaScriptCore 0x0000000132b796a0 WTF::Function<void ()>::operator()() const + 124 (Function.h:83) 39 com.apple.JavaScriptCore 0x0000000132c3cdc0 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 388 (Threading.cpp:183) 40 com.apple.JavaScriptCore 0x0000000132c4b340 WTF::wtfThreadEntryPoint(void*) + 24 (ThreadingPOSIX.cpp:241) 41 libsystem_pthread.dylib 0x0000000195abe06c _pthread_start + 320 42 libsystem_pthread.dylib 0x0000000195ab8da0 thread_start + 8
Attachments
Full crashlog (127.40 KB, text/plain)
2021-04-20 17:42 PDT, Robert Jenner 		no flags
Details
Patch (1.77 KB, patch)
2021-05-05 01:34 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Robert Jenner
Comment 1 2021-04-20 17:42:29 PDT
Created attachment 426624 [details] Full crashlog Attaching full crashlog to bug.
Robert Jenner
Comment 2 2021-04-20 17:49:36 PDT
Crash appears to be very flakey, and has only occurred four times. The first occurrence was at r276315. Crashes only occur on Apple Silicon Macs, and as such I cannot reproduce the crash because I do not have access to said system. I have gone ahead and updated the test expectations to Pass Crash here: https://trac.webkit.org/changeset/276337/webkit
Radar WebKit Bug Importer
Comment 3 2021-04-20 17:51:13 PDT
<rdar://problem/76928843>
Alexey Proskuryakov
Comment 4 2021-04-21 16:57:42 PDT
This test doesn't use WebCrypto, so this comes from one of preceding tests, as the worker thread continues to run after navigation.
Truitt Savell
Comment 5 2021-05-04 15:16:56 PDT
I took a look at the list of tests that runs before this one. http/wpt/crypto/ tests run directly before and may have something to do with it. I have been unable to reproduce this though today.
youenn fablet
Comment 6 2021-05-05 01:29:25 PDT
Test run just before changelink-rel-attribute.html is http/wpt/crypto/unwrap-rsa-key-crash.any.worker.html, which exercises that code path.
youenn fablet
Comment 7 2021-05-05 01:31:33 PDT
Looking at the code, the debug assert is: ASSERT(unwrapParamsOrException.exception().code() != ExistingExceptionError); After calling normalizeCryptoAlgorithmParameters. normalizeCryptoAlgorithmParameters can return ExistingExceptionError if a dictionary conversion fails, which is possible, say parameters are bad or maybe worker is being terminated.
youenn fablet
Comment 8 2021-05-05 01:34:29 PDT
Created attachment 427742 [details] Patch
Alexey Proskuryakov
Comment 9 2021-05-05 12:50:08 PDT
*** Bug 225315 has been marked as a duplicate of this bug. ***
youenn fablet
Comment 10 2021-05-18 00:29:16 PDT
Ping review
Mark Lam
Comment 11 2021-05-18 10:10:51 PDT
Comment on attachment 427742 [details] Patch Seems reasonable to me.
EWS
Comment 12 2021-05-19 05:16:33 PDT
Committed r277718 (237897@main): <https://commits.webkit.org/237897@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427742 [details].
Robert Jenner
Comment 13 2021-05-19 17:22:51 PDT
Prior test expectations have been removed here: https://trac.webkit.org/changeset/277764/webkit
Note You need to log in before you can comment on or make changes to this bug.