NEW 157984
REGRESSION(r201188): ASSERTION FAILED: !m_queuedTaskCount in WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase 
https://bugs.webkit.org/show_bug.cgi?id=157984
Summary REGRESSION(r201188): ASSERTION FAILED: !m_queuedTaskCount in WebCore::IDBServ...
Carlos Garcia Campos
Reported 2016-05-23 01:47:16 PDT
After r201188 several IndexedDB tests started to crash due to an assert in GTK+ debug bot.
Attachments
Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2016-05-23 01:47:56 PDT
Full bt, form the GTK+ bot: STDERR: ASSERTION FAILED: !m_queuedTaskCount STDERR: ../../Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp(68) : WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase() STDERR: 1 0x7f31ee1bae45 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x1e) [0x7f31ee1bae45] STDERR: 2 0x7f31f4a249b6 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase()+0x21e) [0x7f31f4a249b6] STDERR: 3 0x7f31f42ca72d /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WTF::ThreadSafeRefCounted<WebCore::IDBServer::UniqueIDBDatabase>::deref()+0x2f) [0x7f31f42ca72d] STDERR: 4 0x7f31f42d33c7 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(void WTF::derefIfNotNull<WebCore::IDBServer::UniqueIDBDatabase>(WebCore::IDBServer::UniqueIDBDatabase*)+0x28) [0x7f31f42d33c7] STDERR: 5 0x7f31f42d2485 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WTF::RefPtr<WebCore::IDBServer::UniqueIDBDatabase>::~RefPtr()+0x2f) [0x7f31f42d2485] STDERR: 6 0x7f31f4a2e046 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::IDBServer::UniqueIDBDatabase::operationAndTransactionTimerFired()+0x3e4) [0x7f31f4a2e046] STDERR: 7 0x7f31f4a57ae7 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(void std::_Mem_fn<void (WebCore::IDBServer::UniqueIDBDatabase::*)()>::operator()<, void>(WebCore::IDBServer::UniqueIDBDatabase*) const+0x65) [0x7f31f4a57ae7] STDERR: 8 0x7f31f4a535c8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(void std::_Bind<std::_Mem_fn<void (WebCore::IDBServer::UniqueIDBDatabase::*)()> (WebCore::IDBServer::UniqueIDBDatabase*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)+0x48) [0x7f31f4a535c8] STDERR: 9 0x7f31f4a4d05c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(void std::_Bind<std::_Mem_fn<void (WebCore::IDBServer::UniqueIDBDatabase::*)()> (WebCore::IDBServer::UniqueIDBDatabase*)>::operator()<, void>()+0x2a) [0x7f31f4a4d05c] STDERR: 10 0x7f31f4a41acd /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::IDBServer::UniqueIDBDatabase::*)()> (WebCore::IDBServer::UniqueIDBDatabase*)> >::_M_invoke(std::_Any_data const&)+0x20) [0x7f31f4a41acd] STDERR: 11 0x7f31f42c7a1c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(std::function<void ()>::operator()() const+0x32) [0x7f31f42c7a1c] STDERR: 12 0x7f31f4313a26 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::Timer::fired()+0x1c) [0x7f31f4313a26] STDERR: 13 0x7f31f573710f /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::ThreadTimers::sharedTimerFiredInternal()+0x157) [0x7f31f573710f] STDERR: 14 0x7f31f5736d2d /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x631fd2d) [0x7f31f5736d2d] STDERR: 15 0x7f31f57372fd /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(+0x63202fd) [0x7f31f57372fd] STDERR: 16 0x7f31f42c7a1c /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(std::function<void ()>::operator()() const+0x32) [0x7f31f42c7a1c] STDERR: 17 0x7f31f5719c53 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WebCore::MainThreadSharedTimer::fired()+0x57) [0x7f31f5719c53] STDERR: 18 0x7f31f5719ebc /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(WTF::RunLoop::Timer<WebCore::MainThreadSharedTimer>::fired()+0x66) [0x7f31f5719ebc] STDERR: 19 0x7f31ee210265 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x21e7265) [0x7f31ee210265] STDERR: 20 0x7f31ee2102a1 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x21e72a1) [0x7f31ee2102a1] STDERR: 21 0x7f31ee20f8a8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x21e68a8) [0x7f31ee20f8a8] STDERR: 22 0x7f31ee20f8d7 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(+0x21e68d7) [0x7f31ee20f8d7] STDERR: 23 0x7f31e91d4a26 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0(+0x53a26) [0x7f31e91d4a26] STDERR: 24 0x7f31e91d5854 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7f31e91d5854] STDERR: 25 0x7f31e91d5a39 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0(+0x54a39) [0x7f31e91d5a39] STDERR: 26 0x7f31e91d5e60 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/DependenciesGTK/Root/lib/libglib-2.0.so.0(g_main_loop_run+0x1d7) [0x7f31e91d5e60] STDERR: 27 0x7f31ee20fea8 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libjavascriptcoregtk-4.0.so.18(WTF::RunLoop::run()+0xac) [0x7f31ee20fea8] STDERR: 28 0x7f31f4764818 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(int WebKit::ChildProcessMain<WebKit::DatabaseProcess, WebKit::DatabaseProcessMain>(int, char**)+0x82) [0x7f31f4764818] STDERR: 29 0x7f31f47645f2 /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37(DatabaseProcessMainUnix+0x20) [0x7f31f47645f2] STDERR: 30 0x400ca6 /home/slave/webkitgtk/gtk-linux-64-debug-tests/build/WebKitBuild/Debug/bin/WebKitDatabaseProcess(main+0x20) [0x400ca6] STDERR: 31 0x7f31e584fb45 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7f31e584fb45]
Brady Eidson
Comment 2 2016-05-23 08:54:10 PDT
Well, before r201188 this was a use-after-free, so that's progress. Super curious that only the GTK bots are seeing this - It hasn't shown on the Mac/iOS bots at all.
Carlos Garcia Campos
Comment 4 2016-07-15 05:16:41 PDT
Something similar happened with the fix in r201997, in this case the assertion is isMainThread() also in the ~UniqueIDBDatabase() destructor. If we take a ref in the secondary thread because the call to performTask() can remove the last ref, it means that in such case, the object is going to be deleted in the secondary thread.
Carlos Garcia Campos
Comment 5 2016-07-15 05:23:04 PDT
hmm, this is a different issue, because replies happen in the main thread.
Ryan Haddad
Comment 6 2016-12-20 09:53:50 PST
Just saw this assertion with imported/w3c/web-platform-tests/IndexedDB/idbcursor-direction-index-keyrange.htm here: https://build.webkit.org/results/Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/r210021%20(10082)/results.html
Brady Eidson
Comment 7 2016-12-20 11:15:24 PST
(In reply to comment #6) > Just saw this assertion with > imported/w3c/web-platform-tests/IndexedDB/idbcursor-direction-index-keyrange. > htm here: > https://build.webkit.org/results/ > Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/r210021%20(10082)/results.html I don't know what was happening before with GTK seeing this, but it makes some amount of sense now with the way I added prefetch. I'll take a look soon.
Note You need to log in before you can comment on or make changes to this bug.