224845 – ASSERTION FAILED: unwrapParamsOrException.exception().code() != ExistingExceptionError on http/wpt/preload/change-link-rel-attribute.html

Bug 224845 - ASSERTION FAILED: unwrapParamsOrException.exception().code() != ExistingExceptionError on http/wpt/preload/change-link-rel-attribute.html

Summary: ASSERTION FAILED: unwrapParamsOrException.exception().code() != ExistingExcep...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	youenn fablet

URL:
Keywords:	InRadar

Duplicates (1):	225315 (view as bug list)
Depends on:
Blocks:

Reported:	2021-04-20 17:41 PDT by Robert Jenner
Modified:	2021-05-19 17:22 PDT (History)
CC List:	10 users (show)

See Also:	225315

Attachments
Full crashlog (127.40 KB, text/plain) 2021-04-20 17:42 PDT, Robert Jenner	no flags	Details
Patch (1.77 KB, patch) 2021-05-05 01:34 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Jenner 2021-04-20 17:41:43 PDT

http/wpt/preload/change-link-rel-attribute.html

is flakey crashing on BigSur wk2 Debug on Apple Silicon only. 

HISTORY:
https://results.webkit.org/?suite=layout-tests&test=http%2Fwpt%2Fpreload%2Fchange-link-rel-attribute.html

CRASH TEXT:
Thread 20 Crashed:: WebCore: Worker
0   com.apple.JavaScriptCore      	0x0000000132b512cc WTFCrash + 20 (Assertions.cpp:305)
1   com.apple.WebCore             	0x000000011292e830 WTFCrashWithInfo(int, char const*, char const*, int) + 32 (Assertions.h:671)
2   com.apple.WebCore             	0x0000000114ff0eb0 WebCore::SubtleCrypto::unwrapKey(JSC::JSGlobalObject&, WebCore::CryptoKeyFormat, WebCore::BufferSource&&, WebCore::CryptoKey&, WTF::Variant<JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>, WTF::String>&&, WTF::Variant<JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>, WTF::String>&&, bool, WTF::Vector<WebCore::CryptoKeyUsage, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) + 292 (SubtleCrypto.cpp:1071)
3   com.apple.WebCore             	0x00000001139b7fac WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()::operator()() const + 304 (JSSubtleCrypto.cpp:586)
4   com.apple.WebCore             	0x00000001139b7aa8 JSC::JSValue WebCore::toJS<WebCore::IDLPromise<WebCore::IDLInterface<WebCore::CryptoKey> >, WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()>(JSC::JSGlobalObject&, WebCore::JSDOMGlobalObject&, JSC::ThrowScope&, WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::'lambda'()&&) + 36 (JSDOMConvertBase.h:195)
5   com.apple.WebCore             	0x00000001139b7914 WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) + 2404 (JSSubtleCrypto.cpp:586)
6   com.apple.WebCore             	0x00000001139b6f9c long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::'lambda'(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::operator()(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) const + 492 (JSDOMOperationReturningPromise.h:52)
7   com.apple.WebCore             	0x00000001139b6c80 JSC::JSValue WebCore::callPromiseFunction<long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::'lambda'(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)>(JSC::JSGlobalObject&, JSC::CallFrame&, &(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&))) + 352 (JSDOMPromiseDeferred.h:337)
8   com.apple.WebCore             	0x00000001139b6b08 long long WebCore::IDLOperationReturningPromise<WebCore::JSSubtleCrypto>::call<&(WebCore::jsSubtleCryptoPrototypeFunction_unwrapKeyBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSSubtleCrypto*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)), (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 48 (JSDOMOperationReturningPromise.h:41)
9   com.apple.WebCore             	0x00000001139aa4fc WebCore::jsSubtleCryptoPrototypeFunction_unwrapKey(JSC::JSGlobalObject*, JSC::CallFrame*) + 40 (JSSubtleCrypto.cpp:591)
10  ???                           	0x00000002800414dc 0 + 10737685724
11  ???                           	0x00000002800052dc 0 + 10737439452
12  com.apple.JavaScriptCore      	0x00000001330bf8c8 llint_entry + 145912
13  com.apple.JavaScriptCore      	0x000000013309bbe8 vmEntryToJavaScript + 264
14  com.apple.JavaScriptCore      	0x0000000133f5b364 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 212 (JITCodeInlines.h:42)
15  com.apple.JavaScriptCore      	0x0000000133f5b994 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1392 (Interpreter.cpp:902)
16  com.apple.JavaScriptCore      	0x00000001342e90d4 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 236 (CallData.cpp:57)
17  com.apple.JavaScriptCore      	0x00000001342e93c4 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 132 (CallData.cpp:78)
18  com.apple.JavaScriptCore      	0x0000000134581764 JSC::JSMicrotask::run(JSC::JSGlobalObject*) + 524 (JSMicrotask.cpp:93)
19  com.apple.WebCore             	0x0000000114def058 WebCore::JSExecState::runTask(JSC::JSGlobalObject*, JSC::Microtask&) + 64 (JSExecState.h:91)
20  com.apple.WebCore             	0x0000000114df6654 WebCore::JSMicrotaskCallback::call() + 216 (JSMicrotaskCallback.h:46)
21  com.apple.WebCore             	0x0000000114ef2e64 WebCore::JSWorkerGlobalScopeBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask> >&&)::$_0::operator()() + 28 (JSWorkerGlobalScopeBase.cpp:150)
22  com.apple.WebCore             	0x0000000114ef2d60 WTF::Detail::CallableWrapper<WebCore::JSWorkerGlobalScopeBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask> >&&)::$_0, void>::call() + 28 (Function.h:52)
23  com.apple.WebCore             	0x0000000114db04ec WTF::Function<void ()>::operator()() const + 124 (Function.h:83)
24  com.apple.WebCore             	0x000000011558c364 WebCore::EventLoopFunctionDispatchTask::execute() + 28 (EventLoop.cpp:159)
25  com.apple.WebCore             	0x00000001155d807c WebCore::MicrotaskQueue::performMicrotaskCheckpoint() + 344 (Microtasks.cpp:64)
26  com.apple.WebCore             	0x0000000115580dac WebCore::EventLoop::performMicrotaskCheckpoint() + 40 (EventLoop.cpp:51)
27  com.apple.WebCore             	0x0000000115582340 WebCore::EventLoopTaskGroup::performMicrotaskCheckpoint() + 60 (EventLoop.cpp:180)
28  com.apple.WebCore             	0x0000000114d92890 WebCore::JSExecState::didLeaveScriptContext(JSC::JSGlobalObject*) + 64 (JSExecState.cpp:42)
29  com.apple.WebCore             	0x0000000114da348c WebCore::JSExecState::~JSExecState() + 220 (JSExecState.h:143)
30  com.apple.WebCore             	0x0000000114e60e80 WebCore::JSExecState::~JSExecState() + 32 (JSExecState.h:132)
31  com.apple.WebCore             	0x0000000114e3fca4 WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) + 100 (JSExecState.h:80)
32  com.apple.WebCore             	0x000000011771730c WebCore::WorkerOrWorkletScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::NakedPtr<JSC::Exception>&, WTF::String*) + 200 (WorkerOrWorkletScriptController.cpp:231)
33  com.apple.WebCore             	0x000000011771f658 WebCore::WorkerOrWorkletScriptController::evaluate(WebCore::ScriptSourceCode const&, WTF::String*) + 104 (WorkerOrWorkletScriptController.cpp:209)
34  com.apple.WebCore             	0x0000000117765314 WebCore::WorkerThread::evaluateScriptIfNecessary(WTF::String&) + 268 (WorkerThread.cpp:132)
35  com.apple.WebCore             	0x0000000117722d34 WebCore::WorkerOrWorkletThread::workerOrWorkletThread() + 364 (WorkerOrWorkletThread.cpp:139)
36  com.apple.WebCore             	0x0000000117775bd8 WebCore::WorkerThread::createThread()::$_0::operator()() const + 28 (WorkerThread.cpp:109)
37  com.apple.WebCore             	0x0000000117775b54 WTF::Detail::CallableWrapper<WebCore::WorkerThread::createThread()::$_0, void>::call() + 28 (Function.h:52)
38  com.apple.JavaScriptCore      	0x0000000132b796a0 WTF::Function<void ()>::operator()() const + 124 (Function.h:83)
39  com.apple.JavaScriptCore      	0x0000000132c3cdc0 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 388 (Threading.cpp:183)
40  com.apple.JavaScriptCore      	0x0000000132c4b340 WTF::wtfThreadEntryPoint(void*) + 24 (ThreadingPOSIX.cpp:241)
41  libsystem_pthread.dylib       	0x0000000195abe06c _pthread_start + 320
42  libsystem_pthread.dylib       	0x0000000195ab8da0 thread_start + 8

Comment 1 Robert Jenner 2021-04-20 17:42:29 PDT

Created attachment 426624 [details]
Full crashlog

Attaching full crashlog to bug.

Comment 2 Robert Jenner 2021-04-20 17:49:36 PDT

Crash appears to be very flakey, and has only occurred four times. The first occurrence was at r276315. Crashes only occur on Apple Silicon Macs, and as such I cannot reproduce the crash because I do not have access to said system. 

I have gone ahead and updated the test expectations to Pass Crash here:
https://trac.webkit.org/changeset/276337/webkit

Comment 3 Radar WebKit Bug Importer 2021-04-20 17:51:13 PDT

<rdar://problem/76928843>

Comment 4 Alexey Proskuryakov 2021-04-21 16:57:42 PDT

This test doesn't use WebCrypto, so this comes from one of preceding tests, as the worker thread continues to run after navigation.

Comment 5 Truitt Savell 2021-05-04 15:16:56 PDT

I took a look at the list of tests that runs before this one. http/wpt/crypto/ tests run directly before and may have something to do with it. I have been unable to reproduce this though today.

Comment 6 youenn fablet 2021-05-05 01:29:25 PDT

Test run just before changelink-rel-attribute.html is http/wpt/crypto/unwrap-rsa-key-crash.any.worker.html, which exercises that code path.

Comment 7 youenn fablet 2021-05-05 01:31:33 PDT

Looking at the code, the debug assert is: ASSERT(unwrapParamsOrException.exception().code() != ExistingExceptionError);
After calling normalizeCryptoAlgorithmParameters.
normalizeCryptoAlgorithmParameters can return ExistingExceptionError if a dictionary conversion fails, which is possible, say parameters are bad or maybe worker is being terminated.

Comment 8 youenn fablet 2021-05-05 01:34:29 PDT

Created attachment 427742 [details]
Patch

Comment 9 Alexey Proskuryakov 2021-05-05 12:50:08 PDT

*** Bug 225315 has been marked as a duplicate of this bug. ***

Comment 10 youenn fablet 2021-05-18 00:29:16 PDT

Ping review

Comment 11 Mark Lam 2021-05-18 10:10:51 PDT

Comment on attachment 427742 [details]
Patch

Seems reasonable to me.

Comment 12 EWS 2021-05-19 05:16:33 PDT

Committed r277718 (237897@main): <https://commits.webkit.org/237897@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 427742 [details].

Comment 13 Robert Jenner 2021-05-19 17:22:51 PDT

Prior test expectations have been removed here:
https://trac.webkit.org/changeset/277764/webkit