Bug 251051

Summary:

REGRESSION(259215@main): [ BigSur+ Debug ] storage/indexeddb/modern/deleteindex-4-private.html is a constant crash

Product:

WebKit

Reporter:

Bri Harris <bharris9>

Component:

Website Storage

Assignee:

Sihui Liu <sihui_liu>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

sihui_liu, webkit-bot-watchers-bugzilla, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari Technology Preview

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Crash Log	none

Description Bri Harris 2023-01-23 16:40:12 PST

storage/indexeddb/modern/deleteindex-4-private.html 

is a constant crash on BigSur and later on Debug. 

HISTORY:

https://results.webkit.org/?suite=layout-tests&test=storage%2Findexeddb%2Fmodern%2Fdeleteindex-4-private.html

CRASH LOG TEXT:

Thread 7 Crashed:: Dispatch queue: com.apple.WebKit.Storage
0   com.apple.WebCore             	0x0000000124eaca11 WTF::HashTable<unsigned long long, WTF::KeyValuePair<unsigned long long, WebCore::IDBIndexInfo>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WebCore::IDBIndexInfo> >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WebCore::IDBIndexInfo, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WebCore::IDBIndexInfo>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >::keyCount() const + 33 (HashTable.h:606)
1   com.apple.WebCore             	0x0000000124eacbc5 WTF::HashTable<unsigned long long, WTF::KeyValuePair<unsigned long long, WebCore::IDBIndexInfo>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WebCore::IDBIndexInfo> >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WebCore::IDBIndexInfo, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WebCore::IDBIndexInfo>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >::isEmpty() const + 21 (HashTable.h:472)
2   com.apple.WebCore             	0x0000000124eac72e WTF::HashTable<unsigned long long, WTF::KeyValuePair<unsigned long long, WebCore::IDBIndexInfo>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<unsigned long long, WebCore::IDBIndexInfo> >, WTF::DefaultHash<unsigned long long>, WTF::HashMap<unsigned long long, WebCore::IDBIndexInfo, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WebCore::IDBIndexInfo>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<unsigned long long> >::begin() const + 46 (HashTable.h:453)
3   com.apple.WebCore             	0x0000000124f5636e WTF::HashMap<unsigned long long, WebCore::IDBIndexInfo, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WebCore::IDBIndexInfo>, WTF::HashTableTraits>::begin() const + 46 (HashMap.h:299)
4   com.apple.WebCore             	0x0000000125167751 WTF::HashMap<unsigned long long, WebCore::IDBIndexInfo, WTF::DefaultHash<unsigned long long>, WTF::HashTraits<unsigned long long>, WTF::HashTraits<WebCore::IDBIndexInfo>, WTF::HashTableTraits>::values() const + 65 (HashMap.h:130)
5   com.apple.WebCore             	0x0000000125167609 WebCore::IDBObjectStoreInfo::hasIndex(WTF::String const&) const + 41 (IDBObjectStoreInfo.cpp:64)
6   com.apple.WebCore             	0x000000012502e425 WebCore::IDBServer::MemoryObjectStore::maybeRestoreDeletedIndex(WTF::Ref<WebCore::IDBServer::MemoryIndex, WTF::RawPtrTraits<WebCore::IDBServer::MemoryIndex> >&&) + 117 (MemoryObjectStore.cpp:109)
7   com.apple.WebCore             	0x000000012502c9de WebCore::IDBServer::MemoryBackingStoreTransaction::abort() + 3102 (MemoryBackingStoreTransaction.cpp:270)
8   com.apple.WebCore             	0x000000012502fd4f WebCore::IDBServer::MemoryIDBBackingStore::abortTransaction(WebCore::IDBResourceIdentifier const&) + 303 (MemoryIDBBackingStore.cpp:109)
9   com.apple.WebCore             	0x00000001250d97e3 WebCore::IDBServer::UniqueIDBDatabase::abortTransaction(WebCore::IDBServer::UniqueIDBDatabaseTransaction&, WTF::Function<void (WebCore::IDBError const&)>, WebCore::IDBServer::UniqueIDBDatabase::SpaceCheckResult) + 2355 (UniqueIDBDatabase.cpp:1206)
10  com.apple.WebCore             	0x000000012512b9af WebCore::IDBServer::UniqueIDBDatabase::abortTransaction(WebCore::IDBServer::UniqueIDBDatabaseTransaction&, WTF::Function<void (WebCore::IDBError const&)>, WebCore::IDBServer::UniqueIDBDatabase::SpaceCheckResult)::$_22::operator()(bool) + 319 (UniqueIDBDatabase.cpp:1170)
11  com.apple.WebCore             	0x000000012512b75c WTF::Detail::CallableWrapper<WebCore::IDBServer::UniqueIDBDatabase::abortTransaction(WebCore::IDBServer::UniqueIDBDatabaseTransaction&, WTF::Function<void (WebCore::IDBError const&)>, WebCore::IDBServer::UniqueIDBDatabase::SpaceCheckResult)::$_22, void, bool>::call(bool) + 60 (Function.h:53)
12  com.apple.WebKit              	0x000000010c4ee463 WTF::Function<void (bool)>::operator()(bool) const + 163 (Function.h:82)
13  com.apple.WebKit              	0x000000010c4ee2db WTF::CompletionHandler<void (bool)>::operator()(bool) + 171 (CompletionHandler.h:75)
14  com.apple.WebKit              	0x000000010d9c3148 auto WebKit::OriginStorageManager::idbStorageManager(WebKit::IDBStorageRegistry&)::$_25::operator()(unsigned long long, WTF::CompletionHandler<void (bool)>&&)::'lambda'(auto)::operator()<WebKit::QuotaManager::Decision>(auto) + 40 (OriginStorageManager.cpp:651)
15  com.apple.WebKit              	0x000000010d9c306c WTF::Detail::CallableWrapper<WebKit::OriginStorageManager::idbStorageManager(WebKit::IDBStorageRegistry&)::$_25::operator()(unsigned long long, WTF::CompletionHandler<void (bool)>&&)::'lambda'(auto), void, WebKit::QuotaManager::Decision>::call(WebKit::QuotaManager::Decision) + 60 (Function.h:53)
16  com.apple.WebKit              	0x000000010d9c58d3 WTF::Function<void (WebKit::QuotaManager::Decision)>::operator()(WebKit::QuotaManager::Decision) const + 163 (Function.h:82)
17  com.apple.WebKit              	0x000000010d97cdd4 WTF::CompletionHandler<void (WebKit::QuotaManager::Decision)>::operator()(WebKit::QuotaManager::Decision) + 164 (CompletionHandler.h:75)
18  com.apple.WebKit              	0x000000010d97c948 WebKit::QuotaManager::handleRequests() + 296 (QuotaManager.cpp:68)
19  com.apple.WebKit              	0x000000010d97c72e WebKit::QuotaManager::requestSpace(unsigned long long, WTF::CompletionHandler<void (WebKit::QuotaManager::Decision)>&&) + 158 (QuotaManager.cpp:55)
20  com.apple.WebKit              	0x000000010d9c29ee WebKit::OriginStorageManager::idbStorageManager(WebKit::IDBStorageRegistry&)::$_25::operator()(unsigned long long, WTF::CompletionHandler<void (bool)>&&) + 174 (OriginStorageManager.cpp:650)
21  com.apple.WebKit              	0x000000010d9c267b WTF::Detail::CallableWrapper<WebKit::OriginStorageManager::idbStorageManager(WebKit::IDBStorageRegistry&)::$_25, void, unsigned long long, WTF::CompletionHandler<void (bool)>&&>::call(unsigned long long, WTF::CompletionHandler<void (bool)>&&) + 75 (Function.h:53)
22  com.apple.WebKit              	0x000000010d923a9a WTF::Function<void (unsigned long long, WTF::CompletionHandler<void (bool)>&&)>::operator()(unsigned long long, WTF::CompletionHandler<void (bool)>&&) const + 186 (Function.h:82)
23  com.apple.WebKit              	0x000000010d92f1d7 WebKit::IDBStorageManager::requestSpace(WebCore::ClientOrigin const&, unsigned long long, WTF::CompletionHandler<void (bool)>&&) + 71 (IDBStorageManager.cpp:279)
24  com.apple.WebCore             	0x00000001250d9157 WebCore::IDBServer::UniqueIDBDatabase::abortTransaction(WebCore::IDBServer::UniqueIDBDatabaseTransaction&, WTF::Function<void (WebCore::IDBError const&)>, WebCore::IDBServer::UniqueIDBDatabase::SpaceCheckResult) + 679 (UniqueIDBDatabase.cpp:1166)
25  com.apple.WebCore             	0x00000001250de196 WebCore::IDBServer::UniqueIDBDatabaseTransaction::abort() + 166 (UniqueIDBDatabaseTransaction.cpp:88)
26  com.apple.WebKit              	0x000000010d975ffd WebKit::NetworkStorageManager::abortTransaction(WebCore::IDBResourceIdentifier const&) + 93 (NetworkStorageManager.cpp:1040)
27  com.apple.WebKit              	0x000000010cb330d8 auto void IPC::callMemberFunction<WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier> >(WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier>&&)::'lambda'(auto&&...)::operator()<WebCore::IDBResourceIdentifier>(auto&&...) const + 136 (HandleMessage.h:136)
28  com.apple.WebKit              	0x000000010cb33022 decltype(std::__1::forward<WebKit::NetworkStorageManager>(fp)(std::__1::forward<WebKit::NetworkStorageManager>(fp0)...)) std::__1::__invoke_constexpr<void IPC::callMemberFunction<WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier> >(WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier>&&)::'lambda'(auto&&...), WebCore::IDBResourceIdentifier>(WebKit::NetworkStorageManager&&, WebKit::NetworkStorageManager&&...) + 50 (type_traits:3753)
29  com.apple.WebKit              	0x000000010cb32fda decltype(auto) std::__1::__apply_tuple_impl<void IPC::callMemberFunction<WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier> >(WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier>&&)::'lambda'(auto&&...), std::__1::tuple<WebCore::IDBResourceIdentifier>, 0ul>(WebKit::NetworkStorageManager&&, WebKit::NetworkStorageManager&&, std::__1::__tuple_indices<void (WebCore::IDBResourceIdentifier const&)...>) + 58 (tuple:1415)
30  com.apple.WebKit              	0x000000010cb32f82 decltype(auto) std::__1::apply<void IPC::callMemberFunction<WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier> >(WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier>&&)::'lambda'(auto&&...), std::__1::tuple<WebCore::IDBResourceIdentifier> >(WebKit::NetworkStorageManager&&, WebKit::NetworkStorageManager&&) + 50 (tuple:1424)
31  com.apple.WebKit              	0x000000010cb3287d void IPC::callMemberFunction<WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier> >(WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(WebCore::IDBResourceIdentifier const&), std::__1::tuple<WebCore::IDBResourceIdentifier>&&) + 77 (HandleMessage.h:134)
32  com.apple.WebKit              	0x000000010cafd633 void IPC::handleMessage<Messages::NetworkStorageManager::AbortTransaction, WebKit::NetworkStorageManager, WebKit::NetworkStorageManager, void (WebCore::IDBResourceIdentifier const&)>(IPC::Connection&, IPC::Decoder&, WebKit::NetworkStorageManager*, void (WebKit::NetworkStorageManager::*)(WebCore::IDBResourceIdentifier const&)) + 259 (HandleMessage.h:230)
33  com.apple.WebKit              	0x000000010caf909c WebKit::NetworkStorageManager::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 3532 (NetworkStorageManagerMessageReceiver.cpp:143)
34  com.apple.WebKit              	0x000000010f366c92 IPC::Connection::dispatchMessageReceiverMessage(IPC::MessageReceiver&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&) + 98 (Connection.cpp:415)
35  com.apple.WebKit              	0x000000010f371faa IPC::WorkQueueMessageReceiverQueue::enqueueMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&)::'lambda'()::operator()() + 90 (MessageReceiveQueues.h:68)
36  com.apple.WebKit              	0x000000010f371d0e WTF::Detail::CallableWrapper<IPC::WorkQueueMessageReceiverQueue::enqueueMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&&)::'lambda'(), void>::call() + 30 (Function.h:53)
37  com.apple.JavaScriptCore      	0x000000014d045412 WTF::Function<void ()>::operator()() const + 130 (Function.h:82)
38  com.apple.JavaScriptCore      	0x000000014d12700e WTF::SuspendableWorkQueue::dispatch(WTF::Function<void ()>&&)::$_1::operator()() const + 46 (SuspendableWorkQueue.cpp:102)
39  com.apple.JavaScriptCore      	0x000000014d126f1e WTF::Detail::CallableWrapper<WTF::SuspendableWorkQueue::dispatch(WTF::Function<void ()>&&)::$_1, void>::call() + 30 (Function.h:53)
40  com.apple.JavaScriptCore      	0x000000014d045412 WTF::Function<void ()>::operator()() const + 130 (Function.h:82)
41  com.apple.JavaScriptCore      	0x000000014d1a7a0e WTF::(anonymous namespace)::DispatchWorkItem::operator()() + 30 (WorkQueueCocoa.cpp:40)
42  com.apple.JavaScriptCore      	0x000000014d1a5d9d void WTF::dispatchWorkItem<WTF::(anonymous namespace)::DispatchWorkItem>(void*) + 29 (WorkQueueCocoa.cpp:48)
43  libdispatch.dylib             	0x00007fff20630806 _dispatch_client_callout + 8
44  libdispatch.dylib             	0x00007fff206365ea _dispatch_lane_serial_drain + 606
45  libdispatch.dylib             	0x00007fff206370ad _dispatch_lane_invoke + 366
46  libdispatch.dylib             	0x00007fff20640c0d _dispatch_workloop_worker_thread + 811
47  libsystem_pthread.dylib       	0x00007fff207d745d _pthread_wqthread + 314
48  libsystem_pthread.dylib       	0x00007fff207d642f start_wqthread + 15


CRASH LOG URL:
https://build.webkit.org/results/Apple-BigSur-Debug-WK2-Tests/259228@main%20(9250)/storage/indexeddb/modern/deleteindex-4-private-crash-log.txt

Comment 1 Radar WebKit Bug Importer 2023-01-23 16:40:38 PST

<rdar://problem/104579643>

Comment 2 Bri Harris 2023-01-23 16:41:27 PST

Created attachment 464617 [details]
Crash Log

Comment 3 Bri Harris 2023-01-23 16:58:40 PST

I was able to reproduce this at Venture Debug ToT running the test as follows:

run-webkit-test storage/indexeddb/modern/deleteindex-4-private.html 

Further, I was also able to verify a regression point at 259215@main. I was able to reproduce it there but not at 259214@main.

Comment 4 Bri Harris 2023-01-23 17:48:40 PST

Pull request: https://github.com/WebKit/WebKit/pull/9007

Comment 5 Sihui Liu 2023-01-23 20:35:30 PST

Pull request: https://github.com/WebKit/WebKit/pull/9014

Comment 6 EWS 2023-01-24 08:39:13 PST

Committed 259284@main (7ed8f0a8a41f): <https://commits.webkit.org/259284@main>

Reviewed commits have been landed. Closing PR #9007 and removing active labels.

Comment 7 Ryan Haddad 2023-01-24 09:59:54 PST

The above was just test gardening, the fix hasn't landed.

Comment 8 EWS 2023-01-25 09:01:36 PST

Committed 259360@main (35ff68953736): <https://commits.webkit.org/259360@main>

Reviewed commits have been landed. Closing PR #9014 and removing active labels.