WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
167576
IndexedDB: Several test crash in when destroying a IDBKeyData
https://bugs.webkit.org/show_bug.cgi?id=167576
Summary
IndexedDB: Several test crash in when destroying a IDBKeyData
Carlos Garcia Campos
Reported
2017-01-30 00:20:18 PST
I've seen this in the GTK+ bots, but it doesn't look like a GTk+ specific problem. See:
https://build.webkit.org/results/GTK%20Linux%2064-bit%20Release%20(Tests)/r211357%20(20510)/storage/indexeddb/modern/index-3-private-crash-log.txt
https://build.webkit.org/results/GTK%20Linux%2064-bit%20Release%20(Tests)/r211357%20(20510)/imported/w3c/IndexedDB-private-browsing/idbcursor_iterating_index-crash-log.txt
https://build.webkit.org/results/GTK%20Linux%2064-bit%20Release%20(Tests)/r211357%20(20510)/imported/w3c/IndexedDB-private-browsing/idbcursor_iterating-crash-log.txt
Slightly different bts, but all of them end up deleting the IDBKeyData: Thread 1 (Thread 0x7fbb837ff700 (LWP 1368)): #0 0x00007fbd23d15478 in void WTF::__destroy_op_table<WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::String, double, WebCore::ThreadSafeDataBuffer>, WTF::__index_sequence<0l, 1l, 2l, 3l> >::__destroy_func<0l>(WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::String, double, WebCore::ThreadSafeDataBuffer>*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007fbd24196f14 in std::enable_if<!WTF::HashTraitHasCustomDelete<WebCore::IDBKeyDataHashTraits, WebCore::IDBKeyData>::value, void>::type WTF::hashTraitsDeleteBucket<WebCore::IDBKeyDataHashTraits, WebCore::IDBKeyData>(WebCore::IDBKeyData&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007fbd24195588 in WebCore::IDBServer::IndexValueStore::removeRecord(WebCore::IDBKeyData const&, WebCore::IDBKeyData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007fbd241a68c0 in WebCore::IDBServer::MemoryIndex::removeRecord(WebCore::IDBKeyData const&, WebCore::IndexKey const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007fbd241ae4f3 in WebCore::IDBServer::MemoryObjectStore::updateIndexesForPutRecord(WebCore::IDBKeyData const&, WebCore::ThreadSafeDataBuffer const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007fbd241af5c3 in WebCore::IDBServer::MemoryObjectStore::addRecord(WebCore::IDBServer::MemoryBackingStoreTransaction&, WebCore::IDBKeyData const&, WebCore::IDBValue const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007fbd241a022c in WebCore::IDBServer::MemoryIDBBackingStore::addRecord(WebCore::IDBResourceIdentifier const&, WebCore::IDBObjectStoreInfo const&, WebCore::IDBKeyData const&, WebCore::IDBValue const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007fbd241d27b0 in WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd(unsigned long, WebCore::IDBResourceIdentifier const&, unsigned long, WebCore::IDBKeyData const&, WebCore::IDBValue const&, WebCore::IndexedDB::ObjectStoreOverwriteMode) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007fbd241d3ead in WTF::Function<void ()>::CallableWrapper<WTF::CrossThreadTask WTF::createCrossThreadTask<WebCore::IDBServer::UniqueIDBDatabase, unsigned long, WebCore::IDBResourceIdentifier const&, unsigned long, WebCore::IDBKeyData const&, WebCore::IDBValue const&, WebCore::IndexedDB::ObjectStoreOverwriteMode, unsigned long, WebCore::IDBResourceIdentifier, unsigned long, WebCore::IDBKeyData, WebCore::IDBValue, WebCore::IndexedDB::ObjectStoreOverwriteMode>(WebCore::IDBServer::UniqueIDBDatabase&, void (WebCore::IDBServer::UniqueIDBDatabase::*)(unsigned long, WebCore::IDBResourceIdentifier const&, unsigned long, WebCore::IDBKeyData const&, WebCore::IDBValue const&, WebCore::IndexedDB::ObjectStoreOverwriteMode), unsigned long const&, WebCore::IDBResourceIdentifier const&, unsigned long const&, WebCore::IDBKeyData const&, WebCore::IDBValue const&, WebCore::IndexedDB::ObjectStoreOverwriteMode const&)::{lambda()#1}>::call() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007fbd241cc33d in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007fbd2418cb82 in WebCore::IDBServer::IDBServer::databaseRunLoop() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #11 0x00007fbd21d29345 in WTF::threadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #12 0x00007fbd21d5e0ba in WTF::wtfThreadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #13 0x00007fbd1eed50a4 in start_thread (arg=0x7fbb837ff700) at pthread_create.c:309 #14 0x00007fbd1b1c387d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 1 (Thread 0x7f234bfff700 (LWP 7776)): #0 0x00007f23b1604478 in void WTF::__destroy_op_table<WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::String, double, WebCore::ThreadSafeDataBuffer>, WTF::__index_sequence<0l, 1l, 2l, 3l> >::__destroy_func<0l>(WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::String, double, WebCore::ThreadSafeDataBuffer>*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007f23b1a85f14 in std::enable_if<!WTF::HashTraitHasCustomDelete<WebCore::IDBKeyDataHashTraits, WebCore::IDBKeyData>::value, void>::type WTF::hashTraitsDeleteBucket<WebCore::IDBKeyDataHashTraits, WebCore::IDBKeyData>(WebCore::IDBKeyData&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007f23b1a9ea55 in WebCore::IDBServer::MemoryObjectStore::deleteRecord(WebCore::IDBKeyData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007f23b1a9ee1c in WebCore::IDBServer::MemoryObjectStore::deleteRange(WebCore::IDBKeyRangeData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007f23b1a8f527 in WebCore::IDBServer::MemoryIDBBackingStore::deleteRange(WebCore::IDBResourceIdentifier const&, unsigned long, WebCore::IDBKeyRangeData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007f23b1ac1dba in WebCore::IDBServer::UniqueIDBDatabase::performDeleteRecord(unsigned long, WebCore::IDBResourceIdentifier const&, unsigned long, WebCore::IDBKeyRangeData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007f23b1abb33d in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007f23b1a7bb82 in WebCore::IDBServer::IDBServer::databaseRunLoop() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007f23af618345 in WTF::threadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #9 0x00007f23af64d0ba in WTF::wtfThreadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #10 0x00007f23ac7c40a4 in start_thread (arg=0x7f234bfff700) at pthread_create.c:309 #11 0x00007f23a8ab287d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 Thread 1 (Thread 0x7fdba77fe700 (LWP 7394)): #0 0x00007fdc50f56478 in void WTF::__destroy_op_table<WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::String, double, WebCore::ThreadSafeDataBuffer>, WTF::__index_sequence<0l, 1l, 2l, 3l> >::__destroy_func<0l>(WTF::Variant<WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul>, WTF::String, double, WebCore::ThreadSafeDataBuffer>*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #1 0x00007fdc513d7f14 in std::enable_if<!WTF::HashTraitHasCustomDelete<WebCore::IDBKeyDataHashTraits, WebCore::IDBKeyData>::value, void>::type WTF::hashTraitsDeleteBucket<WebCore::IDBKeyDataHashTraits, WebCore::IDBKeyData>(WebCore::IDBKeyData&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #2 0x00007fdc513d68a8 in WebCore::IDBServer::IndexValueStore::removeEntriesWithValueKey(WebCore::IDBServer::MemoryIndex&, WebCore::IDBKeyData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #3 0x00007fdc513ed3a1 in WebCore::IDBServer::MemoryObjectStore::updateIndexesForDeleteRecord(WebCore::IDBKeyData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #4 0x00007fdc513f0b48 in WebCore::IDBServer::MemoryObjectStore::deleteRecord(WebCore::IDBKeyData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #5 0x00007fdc513f0e1c in WebCore::IDBServer::MemoryObjectStore::deleteRange(WebCore::IDBKeyRangeData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #6 0x00007fdc513e1527 in WebCore::IDBServer::MemoryIDBBackingStore::deleteRange(WebCore::IDBResourceIdentifier const&, unsigned long, WebCore::IDBKeyRangeData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #7 0x00007fdc51413dba in WebCore::IDBServer::UniqueIDBDatabase::performDeleteRecord(unsigned long, WebCore::IDBResourceIdentifier const&, unsigned long, WebCore::IDBKeyRangeData const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #8 0x00007fdc5140d33d in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #9 0x00007fdc513cdb82 in WebCore::IDBServer::IDBServer::databaseRunLoop() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #10 0x00007fdc4ef6a345 in WTF::threadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #11 0x00007fdc4ef9f0ba in WTF::wtfThreadEntryPoint(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #12 0x00007fdc4c1160a4 in start_thread (arg=0x7fdba77fe700) at pthread_create.c:309 #13 0x00007fdc4840487d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
Attachments
debug patch
(1.71 KB, patch)
2018-02-06 02:22 PST
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
Patch
(4.45 KB, patch)
2018-02-06 18:31 PST
,
Fujii Hironori
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Claudio Saavedra
Comment 1
2017-06-14 04:07:48 PDT
Same issue with the WPE port: imported/w3c/IndexedDB-private-browsing/idbcursor_iterating.html [ Crash ] imported/w3c/IndexedDB-private-browsing/idbcursor_iterating_index.html [ Crash ] Pretty much the same stacktraces.
Zan Dobersek
Comment 2
2017-06-18 12:17:37 PDT
This might be an issue in the GCC compiler: - doesn't occur in "-O -DNDEBUG" builds (i.e. release builds with optimizations disabled), - doesn't occur when building with Clang.
Claudio Saavedra
Comment 3
2017-06-20 03:10:14 PDT
Could this have been fixed by
r218516
?
Zan Dobersek
Comment 4
2017-06-20 07:14:23 PDT
Quite possible. Let's see how these tests behave in the next few days and act accordingly.
Michael Catanzaro
Comment 5
2017-06-23 18:18:34 PDT
(In reply to Claudio Saavedra from
comment #3
)
> Could this have been fixed by
r218516
?
Sadly the tests are still crashing.
Brady Eidson
Comment 6
2017-06-23 21:56:37 PDT
(In reply to Michael Catanzaro from
comment #5
)
> (In reply to Claudio Saavedra from
comment #3
) > > Could this have been fixed by
r218516
? > > Sadly the tests are still crashing.
:(
Fujii Hironori
Comment 7
2018-02-06 02:22:49 PST
Created
attachment 333160
[details]
debug patch An instance of IDBKeyData seems broken. If you apply this debug patch, you can observe the broken value even in debug build. I think this bug is *not* a GCC optimizer bug.
Fujii Hironori
Comment 8
2018-02-06 18:23:26 PST
> struct IDBKeyDataHashTraits : public WTF::CustomHashTraits<IDBKeyData> { > [...] > static void constructDeletedValue(IDBKeyData& key) > { > key = IDBKeyData::deletedValue(); > } >
constructDeletedValue is using operator= to assign deleteValue.
> template<typename Traits, typename T> > typename std::enable_if<!HashTraitHasCustomDelete<Traits, T>::value>::type > hashTraitsDeleteBucket(T& value) > { > value.~T(); > Traits::constructDeletedValue(value); > }
But, the value is destructed just before calling constructDeletedValue. You can't use operator= for a destructed value.
Fujii Hironori
Comment 9
2018-02-06 18:31:45 PST
Created
attachment 333249
[details]
Patch
Michael Catanzaro
Comment 10
2018-02-07 05:34:16 PST
Comment on
attachment 333249
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=333249&action=review
> Source/WebCore/Modules/indexeddb/IDBKeyData.h:211 > + new (&key) IDBKeyData;
Again, I'll wait a couple days for Brady to review it first, but it looks right. Thanks Fujii!
WebKit Commit Bot
Comment 11
2018-02-16 09:41:16 PST
Comment on
attachment 333249
[details]
Patch Clearing flags on attachment: 333249 Committed
r228560
: <
https://trac.webkit.org/changeset/228560
>
WebKit Commit Bot
Comment 12
2018-02-16 09:41:18 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 13
2018-02-16 09:42:25 PST
<
rdar://problem/37608014
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug