[Webkit-unassigned] [Bug 205816] imported/w3c/web-platform-tests/IndexedDB/request-event-ordering.html crashes sometimes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 6 11:21:08 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=205816

--- Comment #1 from Aakash Jain <aakash_jain at apple.com> ---
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 000000010f42b000-000000010f52d000 [ 1032K] r-x/rwx SM=COW  - [/Volumes/Data/worker/macOS-High-Sierra-Debug-WK1-Tests-EWS/build/WebKitBuild/Debug/DumpRenderTree]

Application Specific Information:
CRASHING TEST: http://localhost:8800/IndexedDB/request-event-ordering.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore            0x00000001152ddb4d bmalloc::SmallLine::deref(std::__1::unique_lock<bmalloc::Mutex>&) + 45 (SmallLine.h:62)
1   com.apple.JavaScriptCore            0x00000001152dd8ac bmalloc::Heap::derefSmallLine(std::__1::unique_lock<bmalloc::Mutex>&, bmalloc::Object, std::__1::array<bmalloc::List<bmalloc::SmallPage>, 112ul>&) + 60 (Heap.h:178)
2   com.apple.JavaScriptCore            0x00000001152dd7d5 bmalloc::Deallocator::processObjectLog(std::__1::unique_lock<bmalloc::Mutex>&) + 165 (Deallocator.cpp:61)
3   com.apple.JavaScriptCore            0x00000001152dd9f7 bmalloc::Deallocator::deallocateSlowCase(void*) + 231
4   com.apple.JavaScriptCore            0x00000001151f6654 bmalloc::Deallocator::deallocate(void*) + 68 (Deallocator.h:79)
5   com.apple.JavaScriptCore            0x00000001151f65f5 bmalloc::Cache::deallocate(bmalloc::HeapKind, void*) + 165 (Cache.h:107)
6   com.apple.JavaScriptCore            0x00000001151f5b7b bmalloc::api::free(void*, bmalloc::HeapKind) + 27 (bmalloc.h:87)
7   com.apple.JavaScriptCore            0x00000001151f5b57 WTF::fastFree(void*) + 23 (FastMalloc.cpp:520)
8   com.apple.WebCore                   0x00000001221bd795 WTF::ThreadSafeRefCountedBase::operator delete(void*) + 21 (ThreadSafeRefCounted.h:43)
9   com.apple.WebCore                   0x00000001238c63d3 WTF::ThreadSafeRefCounted<WebCore::ThreadSafeDataBufferImpl, (WTF::DestructionThread)0>::deref() const::'lambda'()::operator()() const + 51 (ThreadSafeRefCounted.h:118)
10  com.apple.WebCore                   0x00000001238c638d WTF::ThreadSafeRefCounted<WebCore::ThreadSafeDataBufferImpl, (WTF::DestructionThread)0>::deref() const + 61 (ThreadSafeRefCounted.h:136)
11  com.apple.WebCore                   0x00000001238c62f1 void WTF::derefIfNotNull<WebCore::ThreadSafeDataBufferImpl>(WebCore::ThreadSafeDataBufferImpl*) + 49 (RefPtr.h:45)
12  com.apple.WebCore                   0x00000001238c62b9 WTF::RefPtr<WebCore::ThreadSafeDataBufferImpl, WTF::DumbPtrTraits<WebCore::ThreadSafeDataBufferImpl> >::~RefPtr() + 41 (RefPtr.h:69)
13  com.apple.WebCore                   0x00000001238c6285 WTF::RefPtr<WebCore::ThreadSafeDataBufferImpl, WTF::DumbPtrTraits<WebCore::ThreadSafeDataBufferImpl> >::~RefPtr() + 21 (RefPtr.h:69)
14  com.apple.WebCore                   0x00000001238c6265 WebCore::ThreadSafeDataBuffer::~ThreadSafeDataBuffer() + 21 (ThreadSafeDataBuffer.h:57)
15  com.apple.WebCore                   0x00000001238c6245 WebCore::ThreadSafeDataBuffer::~ThreadSafeDataBuffer() + 21 (ThreadSafeDataBuffer.h:57)
16  com.apple.WebCore                   0x00000001238c621c WebCore::IDBValue::~IDBValue() + 60 (IDBValue.h:37)
17  com.apple.WebCore                   0x00000001238bb8f5 WebCore::IDBValue::~IDBValue() + 21 (IDBValue.h:37)
18  com.apple.WebCore                   0x00000001238bb831 WebCore::IDBCursor::~IDBCursor() + 257 (IDBCursor.cpp:78)
19  com.apple.WebCore                   0x00000001238bf105 WebCore::IDBCursorWithValue::~IDBCursorWithValue() + 21 (IDBCursorWithValue.cpp:58)
20  com.apple.WebCore                   0x00000001238bf125 WebCore::IDBCursorWithValue::~IDBCursorWithValue() + 21 (IDBCursorWithValue.cpp:58)
21  com.apple.WebCore                   0x00000001238bf149 WebCore::IDBCursorWithValue::~IDBCursorWithValue() + 25 (IDBCursorWithValue.cpp:58)
22  com.apple.WebCore                   0x0000000122c999ff WTF::RefCounted<WebCore::IDBCursor, std::__1::default_delete<WebCore::IDBCursor> >::deref() const + 95 (RefCounted.h:190)
23  com.apple.WebCore                   0x0000000122dbe385 void WTF::derefIfNotNull<WebCore::IDBCursor>(WebCore::IDBCursor*) + 53 (RefPtr.h:45)
24  com.apple.WebCore                   0x0000000122dbe349 WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >::~RefPtr() + 41 (RefPtr.h:69)
25  com.apple.WebCore                   0x0000000122dbe315 WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >::~RefPtr() + 21 (RefPtr.h:69)
26  com.apple.WebCore                   0x0000000122dbe2cd WTF::__storage_wrapper<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> > >::__destroy() + 29 (Variant.h:444)
27  com.apple.WebCore                   0x0000000122dbe2a5 WTF::__variant_storage<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >, false>::__destroy(WTF::__storage_wrapper<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> > >&) + 21 (Variant.h:481)
28  com.apple.WebCore                   0x0000000122dbe27c WTF::__variant_data<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> > >::__destroy(WTF::in_place_tag (&)(WTF::__in_place_private::__value_holder<0ul>&)) + 28 (Variant.h:552)
29  com.apple.WebCore                   0x0000000123930f06 WTF::__variant_data<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >, WTF::RefPtr<WebCore::IDBDatabase, WTF::DumbPtrTraits<WebCore::IDBDatabase> >, WebCore::IDBKeyData, WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::IDBGetResult, WebCore::IDBGetAllResult, unsigned long long, WebCore::IDBRequest::NullResultType>::__destroy(WTF::in_place_tag (&)(WTF::__in_place_private::__value_holder<0ul>&)) + 38 (Variant.h:671)
30  com.apple.WebCore                   0x0000000123930d10 void WTF::__destroy_op_table<WTF::Variant<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >, WTF::RefPtr<WebCore::IDBDatabase, WTF::DumbPtrTraits<WebCore::IDBDatabase> >, WebCore::IDBKeyData, WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::IDBGetResult, WebCore::IDBGetAllResult, unsigned long long, WebCore::IDBRequest::NullResultType>, WTF::__index_sequence<0l, 1l, 2l, 3l, 4l, 5l, 6l, 7l> >::__destroy_func<0l>(WTF::Variant<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >, WTF::RefPtr<WebCore::IDBDatabase, WTF::DumbPtrTraits<WebCore::IDBDatabase> >, WebCore::IDBKeyData, WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::IDBGetResult, WebCore::IDBGetAllResult, unsigned long long, WebCore::IDBRequest::NullResultType>*) + 48 (Variant.h:827)
31  com.apple.WebCore                   0x0000000123930c7d WTF::Variant<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >, WTF::RefPtr<WebCore::IDBDatabase, WTF::DumbPtrTraits<WebCore::IDBDatabase> >, WebCore::IDBKeyData, WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::IDBGetResult, WebCore::IDBGetAllResult, unsigned long long, WebCore::IDBRequest::NullResultType>::__destroy_self() + 77 (Variant.h:1472)
32  com.apple.WebCore                   0x0000000123930c25 WTF::__variant_base<WTF::Variant<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >, WTF::RefPtr<WebCore::IDBDatabase, WTF::DumbPtrTraits<WebCore::IDBDatabase> >, WebCore::IDBKeyData, WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::IDBGetResult, WebCore::IDBGetAllResult, unsigned long long, WebCore::IDBRequest::NullResultType>, false>::~__variant_base() + 21 (Variant.h:923)
33  com.apple.WebCore                   0x0000000123930c05 WTF::Variant<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >, WTF::RefPtr<WebCore::IDBDatabase, WTF::DumbPtrTraits<WebCore::IDBDatabase> >, WebCore::IDBKeyData, WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::IDBGetResult, WebCore::IDBGetAllResult, unsigned long long, WebCore::IDBRequest::NullResultType>::~Variant() + 21 (Variant.h:1439)
34  com.apple.WebCore                   0x000000012391a695 WTF::Variant<WTF::RefPtr<WebCore::IDBCursor, WTF::DumbPtrTraits<WebCore::IDBCursor> >, WTF::RefPtr<WebCore::IDBDatabase, WTF::DumbPtrTraits<WebCore::IDBDatabase> >, WebCore::IDBKeyData, WTF::Vector<WebCore::IDBKeyData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::IDBGetResult, WebCore::IDBGetAllResult, unsigned long long, WebCore::IDBRequest::NullResultType>::~Variant() + 21 (Variant.h:1439)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200106/7f9bb92d/attachment-0001.htm>

More information about the webkit-unassigned mailing list