Bug 275286
| Summary: | REGRESSION(279805@main): [Win] ASSERTION FAILED: m_activeConnections.contains(connection) in CacheStorageManager::unlockStorage(IPC::Connection::UniqueID) | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Fujii Hironori <fujii.hironori> |
| Component: | New Bugs | Assignee: | Fujii Hironori <fujii.hironori> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer, youennf |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Fujii Hironori
Ater 279805@main, only Windows port Debug builds are crashing for some layout tests due to an assertion failure.
Buildbot: builder WinCairo-64-bit-Debug-Tests build 22842 : 279809@main
https://build.webkit.org/#/builders/727/builds/22842
Regressions: Unexpected crashes (16)
editing/execCommand/outdent-regular-blockquote.html [ Crash ]
editing/execCommand/primitive-value-cleanup-minimal.html [ Crash ]
fast/css/content-visibility-crash.html [ Crash ]
fast/css/transform-infinity.html [ Crash ]
fast/rendering/searchfield-scale-crash.html [ Crash ]
http/tests/IndexedDB/storage-limit-1.https.html [ Crash ]
http/tests/IndexedDB/storage-limit-2.https.html [ Crash ]
http/tests/IndexedDB/storage-limit.https.html [ Crash ]
http/tests/workers/service/service-worker-cache-api.https.html [ Crash ]
http/wpt/service-workers/third-party-registration.html [ Crash ]
imported/w3c/web-platform-tests/service-workers/idlharness.https.any.html [ Crash ]
imported/w3c/web-platform-tests/service-workers/idlharness.https.any.serviceworker.html [ Crash ]
imported/w3c/web-platform-tests/service-workers/idlharness.https.any.sharedworker.html [ Crash ]
imported/w3c/web-platform-tests/service-workers/idlharness.https.any.worker.html [ Crash ]
js/finally-codegen-failure.html [ Crash ]
streams/readable-stream-default-reader-read.html [ Crash ]
https://build.webkit.org/results/WinCairo-64-bit-Debug-Tests/279809@main%20(22842)/fast/css/transform-infinity-stderr.txt
ASSERTION FAILED: m_activeConnections.contains(connection)
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\NetworkProcess/storage/CacheStorageManager.cpp(466) : void WebKit::CacheStorageManager::unlockStorage(IPC::Connection::UniqueID)
1 00007FFD0F11B39B WebKit::CacheStorageManager::unlockStorage
2 00007FFD0F16D008 WebKit::NetworkStorageManager::unlockCacheStorage
3 00007FFD0E570D35 IPC::callMemberFunction<WebKit::NetworkStorageManager,WebKit::NetworkStorageManager,void (IPC::Connection &, const WebCore::ClientOrigin &),std::tuple<WebCore::ClientOrigin> >::<lambda_1>::operator()<WebCore::ClientOrigin>
4 00007FFD0E570CED std::invoke<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:167:9',WebCore::ClientOrigin>
5 00007FFD0E570CCA std::_Apply_impl<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:167:9',std::tuple<WebCore::ClientOrigin>,0>
6 00007FFD0E570C92 std::apply<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:167:9',std::tuple<WebCore::ClientOrigin> >
7 00007FFD0E570C4E IPC::callMemberFunction<WebKit::NetworkStorageManager,WebKit::NetworkStorageManager,void (IPC::Connection &, const WebCore::ClientOrigin &),std::tuple<WebCore::ClientOrigin> >
8 00007FFD0E53B42F IPC::handleMessage<Messages::NetworkStorageManager::UnlockCacheStorage,WebKit::NetworkStorageManager,WebKit::NetworkStorageManager,void (IPC::Connection &, const WebCore::ClientOrigin &)>
9 00007FFD0E531D2C WebKit::NetworkStorageManager::didReceiveMessage
10 00007FFD0F1FB543 IPC::Connection::dispatchMessageReceiverMessage
11 00007FFD0F20E919 IPC::WorkQueueMessageReceiverQueue::enqueueMessage::<lambda_1>::operator()
12 00007FFD0F20E707 WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\MessageReceiveQueues.h:67:35',void>::call
13 00007FFD23D5A6FE WTF::Function<void ()>::operator()
14 00007FFD23DED479 WTF::SuspendableWorkQueue::dispatch::<lambda_1>::operator()
15 00007FFD23DED407 WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\SuspendableWorkQueue.cpp:101:25',void>::call
16 00007FFD23D5A6FE WTF::Function<void ()>::operator()
17 00007FFD23ECD847 WTF::WorkQueueBase::dispatch::<lambda_2>::operator()
18 00007FFD23ECD7E7 WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\generic\WorkQueueGeneric.cpp:67:25',void>::call
19 00007FFD23D5A6FE WTF::Function<void ()>::operator()
20 00007FFD23DE2BDA WTF::RunLoop::performWork
21 00007FFD23ED7C10 WTF::RunLoop::wndProc
22 00007FFD23ED7B47 WTF::RunLoop::RunLoopWndProc
23 00007FFD27D10089 CallWindowProcW
24 00007FFD27D0FA02 DispatchMessageW
25 00007FFD23ED7DED WTF::RunLoop::run
26 00007FFD23DE3494 WTF::RunLoop::create::<lambda_0>::operator()
27 00007FFD23DE3437 WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\RunLoop.cpp:111:32',void>::call
28 00007FFD23D5A6FE WTF::Function<void ()>::operator()
29 00007FFD23DF17F4 WTF::Thread::entryPoint
30 00007FFD23ED9CD3 WTF::wtfThreadEntryPoint
31 00007FFD261F6B4C recalloc
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/Network/NetworkProcessProxy.cpp(486) : virtual void WebKit::NetworkProcessProxy::didClose(IPC::Connection &)
NetworkProcess terminated (pid 5812) for reason: crash
#CRASHED - NetworkProcess (pid 5812)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Fujii Hironori
The assertion fails because CacheStorageManager::unlockStorage is called without calling CacheStorageManager::lockStorage.
CacheStorageManager::lockStorage isn't called because m_connection is empty in WebCacheStorageConnection::lockStorage.
Here is the callstack.
> WebKit2.dll!WebKit::WebCacheStorageConnection::lockStorage(const WebCore::ClientOrigin & origin) Line 122 C++
> WebCore.dll!WebCore::ConnectionStorageLock::ConnectionStorageLock(WTF::Ref<WebCore::CacheStorageConnection,WTF::RawPtrTraits<WebCore::CacheStorageConnection>,WTF::DefaultRefDerefTraits<WebCore::CacheStorageConnection>> && connection, const WebCore::ClientOrigin & origin) Line 160 C++
> [External Code]
> WebCore.dll!WTF::makeUnique<WebCore::ConnectionStorageLock,WTF::Ref<WebCore::CacheStorageConnection,WTF::RawPtrTraits<WebCore::CacheStorageConnection>,WTF::DefaultRefDerefTraits<WebCore::CacheStorageConnection>>,WebCore::ClientOrigin &>(WTF::Ref<WebCore::CacheStorageConnection,WTF::RawPtrTraits<WebCore::CacheStorageConnection>,WTF::DefaultRefDerefTraits<WebCore::CacheStorageConnection>> && args, WebCore::ClientOrigin & args) Line 613 C++
> WebCore.dll!WebCore::DOMCacheStorage::retrieveCaches(WTF::CompletionHandler<void (std::optional<WebCore::Exception> &&)> && callback) Line 181 C++
> WebCore.dll!WebCore::DOMCacheStorage::has(const WTF::String & name, WebCore::DOMPromiseDeferred<WebCore::IDLBoolean> && promise) Line 135 C++
> WebCore.dll!WebCore::jsDOMCacheStoragePrototypeFunction_hasBody::<lambda>() Line 229 C++
> WebCore.dll!WebCore::toJSNewlyCreated<WebCore::IDLPromise<WebCore::IDLBoolean>,`lambda at C:\webkit\wc\WebKitBuild\Debug\WebCore\DerivedSources\JSDOMCacheStorage.cpp:229:5'>(JSC::JSGlobalObject & lexicalGlobalObject, WebCore::JSDOMGlobalObject & globalObject, JSC::ThrowScope & throwScope, WebCore::jsDOMCacheStoragePrototypeFunction_hasBody::std::optional<WTF::RefPtr<WebCore::DOMMimeType,WTF::RawPtrTraits<WebCore::DOMMimeType>,WTF::DefaultRefDerefTraits<WebCore::DOMMimeType>>> <lambda>(WebCore::JSDOMMimeTypeArray &, JSC::PropertyName) && valueOrFunctor) Line 235 C++
> WebCore.dll!WebCore::jsDOMCacheStoragePrototypeFunction_hasBody(JSC::JSGlobalObject * lexicalGlobalObject, JSC::CallFrame * callFrame, WebCore::JSDOMCacheStorage * castedThis, WTF::Ref<WebCore::DeferredPromise,WTF::RawPtrTraits<WebCore::DeferredPromise>,WTF::DefaultRefDerefTraits<WebCore::DeferredPromise>> && promise) Line 229 C++
> WebCore.dll!WebCore::IDLOperationReturningPromise<WebCore::JSDOMCacheStorage>::call<&WebCore::jsDOMCacheStoragePrototypeFunction_hasBody,2>::<lambda>(JSC::JSGlobalObject & lexicalGlobalObject, JSC::CallFrame & callFrame, WTF::Ref<WebCore::DeferredPromise,WTF::RawPtrTraits<WebCore::DeferredPromise>,WTF::DefaultRefDerefTraits<WebCore::DeferredPromise>> && promise) Line 54 C++
> WebCore.dll!WebCore::callPromiseFunction<`lambda at C:\webkit\wc\Source\WebCore\bindings\js\JSDOMOperationReturningPromise.h:41:89'>(JSC::JSGlobalObject & lexicalGlobalObject, JSC::CallFrame & callFrame, WebCore::IDLOperationReturningPromise<WebCore::JSDOMCacheStorage>::call<&WebCore::jsDOMCacheStoragePrototypeFunction_hasBody,2>::std::optional<WTF::RefPtr<WebCore::DOMMimeType,WTF::RawPtrTraits<WebCore::DOMMimeType>,WTF::DefaultRefDerefTraits<WebCore::DOMMimeType>>> <lambda>(WebCore::JSDOMMimeTypeArray &, JSC::PropertyName) functor) Line 382 C++
> WebCore.dll!WebCore::IDLOperationReturningPromise<WebCore::JSDOMCacheStorage>::call<&WebCore::jsDOMCacheStoragePrototypeFunction_hasBody,2>(JSC::JSGlobalObject & lexicalGlobalObject, JSC::CallFrame & callFrame, const char * operationName) Line 41 C++
> WebCore.dll!WebCore::jsDOMCacheStoragePrototypeFunction_has(JSC::JSGlobalObject * lexicalGlobalObject, JSC::CallFrame * callFrame) Line 234 C++
> [External Code]
In DOMCacheStorage::retrieveCaches, there is the following line.
> scriptExecutionContext()->enqueueTaskWhenSettled(m_connection->retrieveCaches(*origin, m_updateCounter), TaskSource::DOMManipulation, [this, callback = WTFMove(callback), pendingActivity = makePendingActivity(*this), connectionStorageLock = makeUnique<ConnectionStorageLock>(m_connection.copyRef(), *origin)] (auto&& result) mutable {
makeUnique<ConnectionStorageLock>(...) is called before m_connection->retrieveCaches(...) is called.
This is the reason why m_connection is empty.
m_connection->retrieveCaches(...) has to be called before makeUnique<ConnectionStorageLock>(...).
Fujii Hironori
Pull request: https://github.com/WebKit/WebKit/pull/29654
EWS
Committed 279855@main (4d06a3cab666): <https://commits.webkit.org/279855@main>
Reviewed commits have been landed. Closing PR #29654 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/129464270>