RESOLVED FIXED Bug 195563
Crash under WebCore::IDBDatabase::connectionToServerLost 
https://bugs.webkit.org/show_bug.cgi?id=195563
Summary Crash under WebCore::IDBDatabase::connectionToServerLost
Sihui Liu
Reported 2019-03-11 10:22:19 PDT
Thread[3] EXC_CRASH (SIGABRT) (0x0000000000000000, 0x0000000000000000) [ 0] 0x00000001c10c60dc libsystem_kernel.dylib`__pthread_kill + 8 0x00000001c10c60d4: mov x16, #0x148 0x00000001c10c60d8: svc #0x80 -> 0x00000001c10c60dc: b.lo 0x230f4 ; <+32> 0x00000001c10c60e0: stp x29, x30, [sp, #-0x10]! 0x00000001c10c60e4: mov x29, sp 0x00000001c10c60e8: bl 0x18a3c ; cerror_nocancel at errno.c:65 0x00000001c10c60ec: mov sp, x29 [ 1] 0x00000001c113f093 libsystem_pthread.dylib`pthread_kill$VARIANT$mp + 379 at pthread.c:1492:12 1488 if (th->wqthread != 0 && th->wqkillset == 0) { 1489 return ENOTSUP; 1490 } 1491 -> 1492 int ret = __pthread_kill(kport, sig); 1493 1494 if (ret == -1) { 1495 ret = errno; 1496 } Getting symbols for FE41653A-B56F-335A-B66A-F403B3203E61 /usr/lib/system/libsystem_c.dylib... ok [ 2] 0x00000001c101fe83 libsystem_c.dylib`abort + 139 at abort.c:94:8 90 /* <rdar://problem/8400096> Set the workqueue killable */ 91 __pthread_workqueue_setkill(1); 92 93 (void)pthread_sigmask(SIG_SETMASK, &act.sa_mask, NULL); -> 94 (void)pthread_kill(pthread_self(), SIGABRT); 95 96 usleep(TIMEOUT); /* give time for signal to happen */ 97 98 /* Getting symbols for 657809DE-074E-3BA3-8203-1CEB3DFA4966 /usr/lib/libc++abi.dylib... ok [ 3] 0x00000001c06f0787 libc++abi.dylib`::abort_message(const char *, ...) + 131 at abort_message.cpp:75:5 71 __assert2(__FILE__, __LINE__, __func__, buffer); 72 #endif // __ANDROID_API__ >= 21 73 #endif // __BIONIC__ 74 -> 75 abort(); 76 } [ 4] 0x00000001c06fda3f libc++abi.dylib`::__cxa_pure_virtual() + 19 at cxa_virtual.cpp:17:3 Getting symbols for B98F989B-7396-3D1C-AC26-730B711928A5 /System/Library/PrivateFrameworks/WebCore.framework/WebCore... ok [ 5] 0x00000001caf0b7b7 WebCore`WebCore::IDBDatabase::connectionToServerLost(WebCore::IDBError const&) [inlined] WebCore::EventTarget::ref() + 15 at EventTarget.h:55:18 [ 5] 0x00000001caf0b7a8 WebCore`WebCore::IDBDatabase::connectionToServerLost(WebCore::IDBError const&) [inlined] void WTF::refIfNotNull<WebCore::EventTarget>(WebCore::EventTarget*) + 4 at RefPtr.h:38 [ 5] 0x00000001caf0b7a4 WebCore`WebCore::IDBDatabase::connectionToServerLost(WebCore::IDBError const&) [inlined] WTF::RefPtr<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::RefPtr(WebCore::EventTarget*) + 4 at RefPtr.h:57 [ 5] 0x00000001caf0b7a0 WebCore`WebCore::IDBDatabase::connectionToServerLost(WebCore::IDBError const&) [inlined] WTF::RefPtr<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::RefPtr(WebCore::EventTarget*) at RefPtr.h:57 [ 5] 0x00000001caf0b7a0 WebCore`WebCore::IDBDatabase::connectionToServerLost(WebCore::IDBError const&) + 240 at IDBDatabase. IDBDatabase::connectionToServerLost a in CrossThreadTask is called after the callee IDBDatabase is freed.
Attachments
Patch (2.43 KB, patch)
2019-03-11 10:40 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch (2.44 KB, patch)
2019-03-11 10:46 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.40 KB, patch)
2019-03-11 12:41 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Sihui Liu
Comment 1 2019-03-11 10:23:06 PDT
<rdar://problem/37193655>
Sihui Liu
Comment 2 2019-03-11 10:40:37 PDT
Created attachment 364267 [details] Patch
EWS Watchlist
Comment 3 2019-03-11 10:42:14 PDT
Attachment 364267 [details] did not pass style-queue: ERROR: Source/WTF/ChangeLog:9: Line contains tab character. [whitespace/tab] [5] Total errors found: 1 in 2 files If any of these errors are false positives, please file a bug against check-webkit-style.
Sihui Liu
Comment 4 2019-03-11 10:46:40 PDT
Created attachment 364268 [details] Patch
Geoffrey Garen
Comment 5 2019-03-11 11:59:26 PDT
Comment on attachment 364268 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=364268&action=review r=me > Source/WTF/wtf/CrossThreadTask.h:92 > +CrossThreadTask createCrossThreadTask(T& callee, void (T::*method)(Parameters...), const Arguments&... arguments) > +{ > + return CrossThreadTask([callee = &callee, protectedCallee = makeRefPtr(&callee), method, arguments = std::make_tuple(crossThreadCopy<Arguments>(arguments)...)]() mutable { > + callMemberFunctionForCrossThreadTask(callee, method, WTFMove(arguments)); > + }); I think it would be slightly nicer to write this using only one value for callee. I think you can do that as return CrossThreadTask([callee = makeRefPtr(&callee)... callMemberFunctionForCrossThreadTask(callee.get()...
Geoffrey Garen
Comment 6 2019-03-11 11:59:39 PDT
Is this crash associated with some test?
Sihui Liu
Comment 7 2019-03-11 12:27:53 PDT
(In reply to Geoffrey Garen from comment #6) > Is this crash associated with some test? No, it's from crash reports.
Sihui Liu
Comment 8 2019-03-11 12:41:52 PDT
Created attachment 364278 [details] Patch for landing
WebKit Commit Bot
Comment 9 2019-03-11 13:07:01 PDT
Comment on attachment 364278 [details] Patch for landing Clearing flags on attachment: 364278 Committed r242732: <https://trac.webkit.org/changeset/242732>
WebKit Commit Bot
Comment 10 2019-03-11 13:07:03 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.