223098 – REGRESSION (r274286): [ macOS/iOS debug wk2 ] 2 storage/indexeddb layout-tests are crashing

RESOLVED FIXED223098

REGRESSION (r274286): [ macOS/iOS debug wk2 ] 2 storage/indexeddb layout-tests are crashing

https://bugs.webkit.org/show_bug.cgi?id=223098

Summary REGRESSION (r274286): [ macOS/iOS debug wk2 ] 2 storage/indexeddb layout-test...

Robert Jenner

Reported 2021-03-11 16:03:13 PST

storage/indexeddb/modern/opendatabase-after-storage-crash.html storage/indexeddb/IDBObject-leak.html Are crashing in macOS and iOS simulator debug wk2. This test may also be part of this, but it's flaky crashing only on macOS wk2 Debug: storage/indexeddb/cursor-update.html HISTORY URL: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=layout-tests&test=storage%2Findexeddb%2FIDBObject-leak.html&test=storage%2Findexeddb%2Fcursor-update.html&test=storage%2Findexeddb%2Fmodern%2Fopendatabase-after-storage-crash.html CRASH TEXT: Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00000003b305844e WTFCrash + 14 (Assertions.cpp:295) 1 com.apple.WebCore 0x0000000390b59a7b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671) 2 com.apple.WebCore 0x00000003935561af WebCore::JSEventListener::ensureJSFunction(WebCore::ScriptExecutionContext&) const + 639 (JSEventListener.h:128) 3 com.apple.WebCore 0x00000003935554f4 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 212 (JSEventListener.cpp:117) 4 com.apple.WebCore 0x0000000393cf6d77 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1063 (EventTarget.cpp:344) 5 com.apple.WebCore 0x0000000393cf67d4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 356 (EventTarget.cpp:276) 6 com.apple.WebCore 0x0000000393cc8ce9 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 409 (EventContext.cpp:75) 7 com.apple.WebCore 0x0000000393cc9e17 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 375 (EventDispatcher.cpp:107) 8 com.apple.WebCore 0x0000000393cca222 void WebCore::dispatchEventWithType<WebCore::EventTarget>(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::Event&) + 338 (EventDispatcher.cpp:225) 9 com.apple.WebCore 0x0000000393cca0bd WebCore::EventDispatcher::dispatchEvent(WTF::Vector<WebCore::EventTarget*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::Event&) + 29 (EventDispatcher.cpp:231) 10 com.apple.WebCore 0x0000000392a31c5e WebCore::IDBRequest::dispatchEvent(WebCore::Event&) + 910 (IDBRequest.cpp:318) 11 com.apple.WebCore 0x0000000393b33b03 WebCore::ActiveDOMObjectEventDispatchTask::execute() + 99 (ActiveDOMObject.cpp:161) 12 com.apple.WebCore 0x0000000393cf02f5 WebCore::EventLoop::run() + 373 (EventLoop.cpp:123) 13 com.apple.WebCore 0x0000000393e856dc WebCore::WindowEventLoop::didReachTimeToRun() + 44 (WindowEventLoop.cpp:120) 14 com.apple.WebCore 0x0000000393e8a827 decltype(*(std::__1::forward<WebCore::WindowEventLoop*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&, void>(void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&) + 119 (type_traits:3486) 15 com.apple.WebCore 0x0000000393e8a7a0 std::__1::__bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, 0ul, std::__1::tuple<> >(void (WebCore::WindowEventLoop::*&)(), std::__1::tuple<WebCore::WindowEventLoop*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64 (functional:2845) 16 com.apple.WebCore 0x0000000393e8a759 std::__1::__bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*>::operator()<>() + 41 (functional:2878) 17 com.apple.WebCore 0x0000000393e8a6de WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*>, void>::call() + 30 (Function.h:52) 18 com.apple.WebCore 0x0000000390b6ea62 WTF::Function<void ()>::operator()() const + 130 (Function.h:83) 19 com.apple.WebCore 0x0000000390bb1d3e WebCore::Timer::fired() + 30 (Timer.h:136) 20 com.apple.WebCore 0x0000000394d9add4 WebCore::ThreadTimers::sharedTimerFiredInternal() + 644 (ThreadTimers.cpp:127) 21 com.apple.WebCore 0x0000000394da52d1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:67) 22 com.apple.WebCore 0x0000000394da525e WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() + 30 (Function.h:52) 23 com.apple.WebCore 0x0000000390b6ea62 WTF::Function<void ()>::operator()() const + 130 (Function.h:83) 24 com.apple.WebCore 0x0000000394d5288b WebCore::MainThreadSharedTimer::fired() + 139 (MainThreadSharedTimer.cpp:83) 25 com.apple.WebCore 0x0000000394e22fa6 WebCore::timerFired(__CFRunLoopTimer*, void*) + 38 (MainThreadSharedTimerCF.cpp:85) 26 com.apple.CoreFoundation 0x00007fff2048690d __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 27 com.apple.CoreFoundation 0x00007fff204863e8 __CFRunLoopDoTimer + 922 28 com.apple.CoreFoundation 0x00007fff20485f42 __CFRunLoopDoTimers + 307 29 com.apple.CoreFoundation 0x00007fff2046c57f __CFRunLoopRun + 2008 30 com.apple.CoreFoundation 0x00007fff2046b6ce CFRunLoopRunSpecific + 563 31 com.apple.Foundation 0x00007fff211f8fa1 0x7fff21199000 + 393121 32 com.apple.Foundation 0x00007fff21287384 0x7fff21199000 + 975748 33 libxpc.dylib 0x00007fff200c23dd 0x7fff200ad000 + 87005 34 libxpc.dylib 0x00007fff200c1e65 0x7fff200ad000 + 85605 35 com.apple.WebKit 0x0000000380dd7b2c WebKit::XPCServiceMain(int, char const**) + 1020 (XPCServiceMain.mm:207) 36 com.apple.WebKit 0x000000038241786b WKXPCServiceMain + 27 (WKMain.mm:33) 37 com.apple.WebKit.WebContent 0x0000000104f09ea2 main + 34 (AuxiliaryProcessMain.cpp:30) 38 libdyld.dylib 0x00007fff20390621 0x7fff2037b000 + 87585 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x00000000bbadbeef rbx: 0x00007f92ee013078 rcx: 0x00000003b5c8d440 rdx: 0x12c7374a86d3009f rdi: 0x00007ffeeacf6888 rsi: 0x0000000000000000 rbp: 0x00007ffeeacf69e0 rsp: 0x00007ffeeacf69e0 r8: 0x00000000000130a8 r9: 0x00007fff889d50e8 r10: 0x0000000000000000 r11: 0x00000000ffffff00 r12: 0x00007f92ef1047d0 r13: 0x00007f92ef0106d8 r14: 0x00007f92ef0106c0 r15: 0x0000000394e22f80 rip: 0x00000003b305844e rfl: 0x0000000000010202 cr2: 0x00000000bbadbeef Logical CPU: 11 Error Code: 0x00000006 (no mapping for user data write) Trap Number: 14

Attachments
Full Crashlogs for crashing tests. (72.30 KB, application/zip) 2021-03-11 16:05 PST, Robert Jenner	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Robert Jenner

Comment 1 2021-03-11 16:05:04 PST

Created attachment 422985 [details] Full Crashlogs for crashing tests. Attaching full crashlogs for three crashing tests.

Robert Jenner

Comment 2 2021-03-11 17:16:33 PST

Was able to reproduce both test crashes using the following test: run-webkit-test storage/indexeddb/modern/opendatabase-after-storage-crash.html --iterations 100 --debug --child-process=1 Crashes reproduced at tip of tree, and at r274286, but not at r274284. It appears the the crashing started at revision r274286: https://trac.webkit.org/changeset/274286/webkit

Radar WebKit Bug Importer

Comment 3 2021-03-11 18:01:14 PST

<rdar://problem/75342646>

Chris Dumez

Comment 4 2021-03-12 10:44:05 PST

<https://commits.webkit.org/r274363>

Ryan Haddad

Comment 5 2021-03-12 10:48:44 PST

For posterity: These tests: storage/indexeddb/modern/opendatabase-after-storage-crash.html storage/indexeddb/IDBObject-leak.html were failing this assert ASSERTION FAILED: !m_impl || m_impl->wasConstructedOnMainThread() == isMainThread() /Volumes/Data/worker/bigsur-debug/build/WebKitBuild/Debug/usr/local/include/wtf/WeakPtr.h(107) : T *WTF::WeakPtr<WebKit::StorageArea, WTF::EmptyCounter>::operator->() const [T = WebKit::StorageArea, Counter = WTF::EmptyCounter] The crashlog pasted in the description is for storage/indexeddb/cursor-update.html, which appears to be a flaky crash unrelated to the blamed revision.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2021-03-11 16:03 PST

Modified

2021-03-12 10:48 PST History

CC List

3 users Show

URL

Keywords InRadar

Depends on

Blocks