Bug 202648 - IndexedDB hits assertion with crypto/workers/subtle/aes-indexeddb.html
Summary: IndexedDB hits assertion with crypto/workers/subtle/aes-indexeddb.html
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Sihui Liu
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-10-07 12:49 PDT by Jiewen Tan
Modified: 2020-03-16 12:57 PDT (History)
4 users (show)

See Also:


Attachments
Patch for landing (2.18 KB, patch)
2020-03-16 12:12 PDT, Sihui Liu
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jiewen Tan 2019-10-07 12:49:31 PDT
Here is the crashlog:
Thread 17 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x00000003c84430ce WTFCrash + 14 (Assertions.cpp:305)
1   com.apple.WebCore             	0x00000003b0008bfb WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebCore             	0x00000003b1946848 WebCore::IDBTransaction::requestPutOrAdd(JSC::ExecState&, WebCore::IDBObjectStore&, WTF::RefPtr<WebCore::IDBKey, WTF::DumbPtrTraits<WebCore::IDBKey> >&&, WebCore::SerializedScriptValue&, WebCore::IndexedDB::ObjectStoreOverwriteMode) + 184 (IDBTransaction.cpp:1254)
3   com.apple.WebCore             	0x00000003b1946523 WebCore::IDBObjectStore::putOrAdd(JSC::ExecState&, JSC::JSValue, WTF::RefPtr<WebCore::IDBKey, WTF::DumbPtrTraits<WebCore::IDBKey> >, WebCore::IndexedDB::ObjectStoreOverwriteMode, WebCore::IDBObjectStore::InlineKeyCheck) + 2963 (IDBObjectStore.cpp:384)
4   com.apple.WebCore             	0x00000003b1946633 WebCore::IDBObjectStore::put(JSC::ExecState&, JSC::JSValue, JSC::JSValue) + 179 (IDBObjectStore.cpp:313)
5   com.apple.WebCore             	0x00000003b0dbaa25 WebCore::jsIDBObjectStorePrototypeFunctionPutBody(JSC::ExecState*, WebCore::JSIDBObjectStore*, JSC::ThrowScope&) + 501 (JSIDBObjectStore.cpp:372)
6   com.apple.WebCore             	0x00000003b0d9d770 long long WebCore::IDLOperation<WebCore::JSIDBObjectStore>::call<&(WebCore::jsIDBObjectStorePrototypeFunctionPutBody(JSC::ExecState*, WebCore::JSIDBObjectStore*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) + 768 (JSDOMOperation.h:53)
7   com.apple.WebCore             	0x00000003b0d9d45c WebCore::jsIDBObjectStorePrototypeFunctionPut(JSC::ExecState*) + 28 (JSIDBObjectStore.cpp:377)
8   ???                           	0x000022ed2e0018cb 0 + 38402074351819
9   com.apple.JavaScriptCore      	0x00000003c8959ca2 op_call_return_location_narrow + 160
10  com.apple.JavaScriptCore      	0x00000003c8959ca2 op_call_return_location_narrow + 160
11  com.apple.JavaScriptCore      	0x00000003c893d7a3 vmEntryToJavaScript + 273
12  com.apple.JavaScriptCore      	0x00000003c9616747 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 199 (JITCodeInlines.h:38)
13  com.apple.JavaScriptCore      	0x00000003c9616d7d JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1469 (Interpreter.cpp:904)
14  com.apple.JavaScriptCore      	0x00000003c98df79c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 236 (CallData.cpp:59)
15  com.apple.JavaScriptCore      	0x00000003c98df88a JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 218 (CallData.cpp:66)
16  com.apple.JavaScriptCore      	0x00000003c98dfb7e JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 142 (CallData.cpp:87)
17  com.apple.WebCore             	0x00000003b20d60d8 WebCore::JSExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 136 (JSExecState.h:73)
18  com.apple.WebCore             	0x00000003b2122882 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 1970 (JSEventListener.cpp:175)
19  com.apple.WebCore             	0x00000003b2733731 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul>, WebCore::EventTarget::EventInvokePhase) + 961 (EventTarget.cpp:318)
20  com.apple.WebCore             	0x00000003b272f932 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 354 (EventTarget.cpp:255)
21  com.apple.WebCore             	0x00000003b270a104 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 228 (EventContext.cpp:58)
22  com.apple.WebCore             	0x00000003b270ac0b WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 379 (EventDispatcher.cpp:101)
23  com.apple.WebCore             	0x00000003b270b012 void WebCore::dispatchEventWithType<WebCore::EventTarget>(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::Event&) + 338 (EventDispatcher.cpp:186)
24  com.apple.WebCore             	0x00000003b270aead WebCore::EventDispatcher::dispatchEvent(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::Event&) + 29 (EventDispatcher.cpp:192)
25  com.apple.WebCore             	0x00000003b194e7ca WebCore::IDBRequest::dispatchEvent(WebCore::Event&) + 906 (IDBRequest.cpp:329)
26  com.apple.WebCore             	0x00000003b194e2ee WebCore::IDBOpenDBRequest::dispatchEvent(WebCore::Event&) + 174 (IDBOpenDBRequest.cpp:132)
27  com.apple.WebCore             	0x00000003b4103920 WebCore::WorkerEventQueue::EventDispatcher::dispatch() + 128 (WorkerEventQueue.cpp:66)
28  com.apple.WebCore             	0x00000003b4103871 WebCore::WorkerEventQueue::enqueueEvent(WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >&&)::$_1::operator()(WebCore::ScriptExecutionContext&) const + 33 (WorkerEventQueue.cpp:92)
29  com.apple.WebCore             	0x00000003b41037c1 WTF::Detail::CallableWrapper<WebCore::WorkerEventQueue::enqueueEvent(WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >&&)::$_1, void, WebCore::ScriptExecutionContext&>::call(WebCore::ScriptExecutionContext&) + 49 (Function.h:52)
30  com.apple.WebCore             	0x00000003b1f53517 WTF::Function<void (WebCore::ScriptExecutionContext&)>::operator()(WebCore::ScriptExecutionContext&) const + 151 (Function.h:79)
31  com.apple.WebCore             	0x00000003b1f3f11d WebCore::ScriptExecutionContext::Task::performTask(WebCore::ScriptExecutionContext&) + 29 (ScriptExecutionContext.h:183)
32  com.apple.WebCore             	0x00000003b4114ec0 WebCore::WorkerRunLoop::Task::performTask(WebCore::WorkerGlobalScope*) + 128 (WorkerRunLoop.cpp:270)
33  com.apple.WebCore             	0x00000003b411439f WebCore::WorkerRunLoop::runInMode(WebCore::WorkerGlobalScope*, WebCore::ModePredicate const&, WebCore::WorkerRunLoop::WaitMode) + 879 (WorkerRunLoop.cpp:209)
34  com.apple.WebCore             	0x00000003b4113f95 WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 85 (WorkerRunLoop.cpp:142)
35  com.apple.WebCore             	0x00000003b41180d3 WebCore::WorkerThread::runEventLoop() + 51 (WorkerThread.cpp:266)
36  com.apple.WebCore             	0x00000003b40f3f0f WebCore::DedicatedWorkerThread::runEventLoop() + 95 (DedicatedWorkerThread.cpp:59)
37  com.apple.WebCore             	0x00000003b4117b98 WebCore::WorkerThread::workerThread() + 1160 (WorkerThread.cpp:206)
38  com.apple.WebCore             	0x00000003b41288d8 WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_12::operator()() const + 24 (WorkerThread.cpp:148)
39  com.apple.WebCore             	0x00000003b4128899 WTF::Detail::CallableWrapper<WebCore::WorkerThread::start(WTF::Function<void (WTF::String const&)>&&)::$_12, void>::call() + 25 (Function.h:52)
40  com.apple.JavaScriptCore      	0x00000003c846cc5a WTF::Function<void ()>::operator()() const + 138 (Function.h:79)
41  com.apple.JavaScriptCore      	0x00000003c8509aa0 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 416 (Threading.cpp:149)
42  com.apple.JavaScriptCore      	0x00000003c85140a5 WTF::wtfThreadEntryPoint(void*) + 21 (ThreadingPOSIX.cpp:200)
43  libsystem_pthread.dylib       	0x00007fff6fc03d76 _pthread_start + 125
44  libsystem_pthread.dylib       	0x00007fff6fc005d7 thread_start + 15

Here is the way to reproduce:
run-webkit-tests --iteration 1000 --fully-parallel --no-retry --exit-after-n-failures 1 crypto/workers/subtle/aes-indexeddb.html
Comment 1 Radar WebKit Bug Importer 2019-10-07 19:04:29 PDT
<rdar://problem/56059602>
Comment 2 Jiewen Tan 2019-10-08 11:51:29 PDT
Committed r250844: <https://trac.webkit.org/changeset/250844>
Comment 3 Sihui Liu 2020-03-16 12:12:55 PDT
Created attachment 393672 [details]
Patch for landing
Comment 4 WebKit Commit Bot 2020-03-16 12:57:50 PDT
Comment on attachment 393672 [details]
Patch for landing

Clearing flags on attachment: 393672

Committed r258514: <https://trac.webkit.org/changeset/258514>
Comment 5 WebKit Commit Bot 2020-03-16 12:57:51 PDT
All reviewed patches have been landed.  Closing bug.