RESOLVED FIXED275286
REGRESSION(279805@main): [Win] ASSERTION FAILED: m_activeConnections.contains(connection) in CacheStorageManager::unlockStorage(IPC::Connection::UniqueID) 
https://bugs.webkit.org/show_bug.cgi?id=275286
Summary REGRESSION(279805@main): [Win] ASSERTION FAILED: m_activeConnections.contains...
Fujii Hironori
Reported 2024-06-07 18:17:09 PDT
Ater 279805@main, only Windows port Debug builds are crashing for some layout tests due to an assertion failure. Buildbot: builder WinCairo-64-bit-Debug-Tests build 22842 : 279809@main https://build.webkit.org/#/builders/727/builds/22842 Regressions: Unexpected crashes (16) editing/execCommand/outdent-regular-blockquote.html [ Crash ] editing/execCommand/primitive-value-cleanup-minimal.html [ Crash ] fast/css/content-visibility-crash.html [ Crash ] fast/css/transform-infinity.html [ Crash ] fast/rendering/searchfield-scale-crash.html [ Crash ] http/tests/IndexedDB/storage-limit-1.https.html [ Crash ] http/tests/IndexedDB/storage-limit-2.https.html [ Crash ] http/tests/IndexedDB/storage-limit.https.html [ Crash ] http/tests/workers/service/service-worker-cache-api.https.html [ Crash ] http/wpt/service-workers/third-party-registration.html [ Crash ] imported/w3c/web-platform-tests/service-workers/idlharness.https.any.html [ Crash ] imported/w3c/web-platform-tests/service-workers/idlharness.https.any.serviceworker.html [ Crash ] imported/w3c/web-platform-tests/service-workers/idlharness.https.any.sharedworker.html [ Crash ] imported/w3c/web-platform-tests/service-workers/idlharness.https.any.worker.html [ Crash ] js/finally-codegen-failure.html [ Crash ] streams/readable-stream-default-reader-read.html [ Crash ] https://build.webkit.org/results/WinCairo-64-bit-Debug-Tests/279809@main%20(22842)/fast/css/transform-infinity-stderr.txt ASSERTION FAILED: m_activeConnections.contains(connection) C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\NetworkProcess/storage/CacheStorageManager.cpp(466) : void WebKit::CacheStorageManager::unlockStorage(IPC::Connection::UniqueID) 1 00007FFD0F11B39B WebKit::CacheStorageManager::unlockStorage 2 00007FFD0F16D008 WebKit::NetworkStorageManager::unlockCacheStorage 3 00007FFD0E570D35 IPC::callMemberFunction<WebKit::NetworkStorageManager,WebKit::NetworkStorageManager,void (IPC::Connection &, const WebCore::ClientOrigin &),std::tuple<WebCore::ClientOrigin> >::<lambda_1>::operator()<WebCore::ClientOrigin> 4 00007FFD0E570CED std::invoke<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:167:9',WebCore::ClientOrigin> 5 00007FFD0E570CCA std::_Apply_impl<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:167:9',std::tuple<WebCore::ClientOrigin>,0> 6 00007FFD0E570C92 std::apply<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\HandleMessage.h:167:9',std::tuple<WebCore::ClientOrigin> > 7 00007FFD0E570C4E IPC::callMemberFunction<WebKit::NetworkStorageManager,WebKit::NetworkStorageManager,void (IPC::Connection &, const WebCore::ClientOrigin &),std::tuple<WebCore::ClientOrigin> > 8 00007FFD0E53B42F IPC::handleMessage<Messages::NetworkStorageManager::UnlockCacheStorage,WebKit::NetworkStorageManager,WebKit::NetworkStorageManager,void (IPC::Connection &, const WebCore::ClientOrigin &)> 9 00007FFD0E531D2C WebKit::NetworkStorageManager::didReceiveMessage 10 00007FFD0F1FB543 IPC::Connection::dispatchMessageReceiverMessage 11 00007FFD0F20E919 IPC::WorkQueueMessageReceiverQueue::enqueueMessage::<lambda_1>::operator() 12 00007FFD0F20E707 WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\Platform\IPC\MessageReceiveQueues.h:67:35',void>::call 13 00007FFD23D5A6FE WTF::Function<void ()>::operator() 14 00007FFD23DED479 WTF::SuspendableWorkQueue::dispatch::<lambda_1>::operator() 15 00007FFD23DED407 WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\SuspendableWorkQueue.cpp:101:25',void>::call 16 00007FFD23D5A6FE WTF::Function<void ()>::operator() 17 00007FFD23ECD847 WTF::WorkQueueBase::dispatch::<lambda_2>::operator() 18 00007FFD23ECD7E7 WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\generic\WorkQueueGeneric.cpp:67:25',void>::call 19 00007FFD23D5A6FE WTF::Function<void ()>::operator() 20 00007FFD23DE2BDA WTF::RunLoop::performWork 21 00007FFD23ED7C10 WTF::RunLoop::wndProc 22 00007FFD23ED7B47 WTF::RunLoop::RunLoopWndProc 23 00007FFD27D10089 CallWindowProcW 24 00007FFD27D0FA02 DispatchMessageW 25 00007FFD23ED7DED WTF::RunLoop::run 26 00007FFD23DE3494 WTF::RunLoop::create::<lambda_0>::operator() 27 00007FFD23DE3437 WTF::Detail::CallableWrapper<`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WTF\wtf\RunLoop.cpp:111:32',void>::call 28 00007FFD23D5A6FE WTF::Function<void ()>::operator() 29 00007FFD23DF17F4 WTF::Thread::entryPoint 30 00007FFD23ED9CD3 WTF::wtfThreadEntryPoint 31 00007FFD261F6B4C recalloc C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/Network/NetworkProcessProxy.cpp(486) : virtual void WebKit::NetworkProcessProxy::didClose(IPC::Connection &) NetworkProcess terminated (pid 5812) for reason: crash #CRASHED - NetworkProcess (pid 5812)
Attachments
Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2024-06-07 19:33:15 PDT
The assertion fails because CacheStorageManager::unlockStorage is called without calling CacheStorageManager::lockStorage. CacheStorageManager::lockStorage isn't called because m_connection is empty in WebCacheStorageConnection::lockStorage. Here is the callstack. > WebKit2.dll!WebKit::WebCacheStorageConnection::lockStorage(const WebCore::ClientOrigin & origin) Line 122 C++ > WebCore.dll!WebCore::ConnectionStorageLock::ConnectionStorageLock(WTF::Ref<WebCore::CacheStorageConnection,WTF::RawPtrTraits<WebCore::CacheStorageConnection>,WTF::DefaultRefDerefTraits<WebCore::CacheStorageConnection>> && connection, const WebCore::ClientOrigin & origin) Line 160 C++ > [External Code] > WebCore.dll!WTF::makeUnique<WebCore::ConnectionStorageLock,WTF::Ref<WebCore::CacheStorageConnection,WTF::RawPtrTraits<WebCore::CacheStorageConnection>,WTF::DefaultRefDerefTraits<WebCore::CacheStorageConnection>>,WebCore::ClientOrigin &>(WTF::Ref<WebCore::CacheStorageConnection,WTF::RawPtrTraits<WebCore::CacheStorageConnection>,WTF::DefaultRefDerefTraits<WebCore::CacheStorageConnection>> && args, WebCore::ClientOrigin & args) Line 613 C++ > WebCore.dll!WebCore::DOMCacheStorage::retrieveCaches(WTF::CompletionHandler<void (std::optional<WebCore::Exception> &&)> && callback) Line 181 C++ > WebCore.dll!WebCore::DOMCacheStorage::has(const WTF::String & name, WebCore::DOMPromiseDeferred<WebCore::IDLBoolean> && promise) Line 135 C++ > WebCore.dll!WebCore::jsDOMCacheStoragePrototypeFunction_hasBody::<lambda>() Line 229 C++ > WebCore.dll!WebCore::toJSNewlyCreated<WebCore::IDLPromise<WebCore::IDLBoolean>,`lambda at C:\webkit\wc\WebKitBuild\Debug\WebCore\DerivedSources\JSDOMCacheStorage.cpp:229:5'>(JSC::JSGlobalObject & lexicalGlobalObject, WebCore::JSDOMGlobalObject & globalObject, JSC::ThrowScope & throwScope, WebCore::jsDOMCacheStoragePrototypeFunction_hasBody::std::optional<WTF::RefPtr<WebCore::DOMMimeType,WTF::RawPtrTraits<WebCore::DOMMimeType>,WTF::DefaultRefDerefTraits<WebCore::DOMMimeType>>> <lambda>(WebCore::JSDOMMimeTypeArray &, JSC::PropertyName) && valueOrFunctor) Line 235 C++ > WebCore.dll!WebCore::jsDOMCacheStoragePrototypeFunction_hasBody(JSC::JSGlobalObject * lexicalGlobalObject, JSC::CallFrame * callFrame, WebCore::JSDOMCacheStorage * castedThis, WTF::Ref<WebCore::DeferredPromise,WTF::RawPtrTraits<WebCore::DeferredPromise>,WTF::DefaultRefDerefTraits<WebCore::DeferredPromise>> && promise) Line 229 C++ > WebCore.dll!WebCore::IDLOperationReturningPromise<WebCore::JSDOMCacheStorage>::call<&WebCore::jsDOMCacheStoragePrototypeFunction_hasBody,2>::<lambda>(JSC::JSGlobalObject & lexicalGlobalObject, JSC::CallFrame & callFrame, WTF::Ref<WebCore::DeferredPromise,WTF::RawPtrTraits<WebCore::DeferredPromise>,WTF::DefaultRefDerefTraits<WebCore::DeferredPromise>> && promise) Line 54 C++ > WebCore.dll!WebCore::callPromiseFunction<`lambda at C:\webkit\wc\Source\WebCore\bindings\js\JSDOMOperationReturningPromise.h:41:89'>(JSC::JSGlobalObject & lexicalGlobalObject, JSC::CallFrame & callFrame, WebCore::IDLOperationReturningPromise<WebCore::JSDOMCacheStorage>::call<&WebCore::jsDOMCacheStoragePrototypeFunction_hasBody,2>::std::optional<WTF::RefPtr<WebCore::DOMMimeType,WTF::RawPtrTraits<WebCore::DOMMimeType>,WTF::DefaultRefDerefTraits<WebCore::DOMMimeType>>> <lambda>(WebCore::JSDOMMimeTypeArray &, JSC::PropertyName) functor) Line 382 C++ > WebCore.dll!WebCore::IDLOperationReturningPromise<WebCore::JSDOMCacheStorage>::call<&WebCore::jsDOMCacheStoragePrototypeFunction_hasBody,2>(JSC::JSGlobalObject & lexicalGlobalObject, JSC::CallFrame & callFrame, const char * operationName) Line 41 C++ > WebCore.dll!WebCore::jsDOMCacheStoragePrototypeFunction_has(JSC::JSGlobalObject * lexicalGlobalObject, JSC::CallFrame * callFrame) Line 234 C++ > [External Code] In DOMCacheStorage::retrieveCaches, there is the following line. > scriptExecutionContext()->enqueueTaskWhenSettled(m_connection->retrieveCaches(*origin, m_updateCounter), TaskSource::DOMManipulation, [this, callback = WTFMove(callback), pendingActivity = makePendingActivity(*this), connectionStorageLock = makeUnique<ConnectionStorageLock>(m_connection.copyRef(), *origin)] (auto&& result) mutable { makeUnique<ConnectionStorageLock>(...) is called before m_connection->retrieveCaches(...) is called. This is the reason why m_connection is empty. m_connection->retrieveCaches(...) has to be called before makeUnique<ConnectionStorageLock>(...).
Fujii Hironori
Comment 2 2024-06-07 20:05:51 PDT
Pull request: https://github.com/WebKit/WebKit/pull/29654
EWS
Comment 3 2024-06-09 01:37:27 PDT
Committed 279855@main (4d06a3cab666): <https://commits.webkit.org/279855@main> Reviewed commits have been landed. Closing PR #29654 and removing active labels.
Radar WebKit Bug Importer
Comment 4 2024-06-09 01:38:15 PDT
<rdar://problem/129464270>
Note You need to log in before you can comment on or make changes to this bug.