Bug 224059

Summary:

REGRESSION(r275267): [GTK][WPE] 12 new crashes on service-workers layout tests

Product:

WebKit

Reporter:

Carlos Alberto Lopez Perez <clopez>

Component:

Service Workers

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, bugs-noreply, cdumez, cgarcia, cmarcelo, ews-watchlist, ggaren, mcatanzaro, webkit-bug-importer, zdobersek

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=223808

Attachments:

Description	Flags
full crash log with threads for GTK debug for test imported/w3c/web-platform-tests/service-workers/service-worker/claim-not-using-registration.https.html	none
Patch	none
Patch	none

Description Carlos Alberto Lopez Perez 2021-04-01 11:22:39 PDT

Created attachment 424915 [details]
full crash log with threads for GTK debug for test imported/w3c/web-platform-tests/service-workers/service-worker/claim-not-using-registration.https.html

It seems r275267 has caused a regression and now this 11 tests crash on GTK and WPE:

Regressions: Unexpected crashes (11)
  imported/w3c/web-platform-tests/service-workers/service-worker/claim-affect-other-registration.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/claim-not-using-registration.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/claim-using-registration.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/controller-with-no-fetch-event-handler.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/registration-schedule-job.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/registration-script.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/registration-updateviacache.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/skip-waiting-installed.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/update-import-scripts.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/update-recovery.https.html [ Crash ]
  imported/w3c/web-platform-tests/service-workers/service-worker/update-result.https.html [ Crash ]


The crash log is this (for the thread crashing):

Thread 1 (Thread 0x7fd6a97fa700 (LWP 2300)):
#0  g_logv (log_domain=0x7fd7060d9998 "GLib-GIO", log_level=G_LOG_LEVEL_CRITICAL, format=<optimized out>, args=<optimized out>) at ../glib/gmessages.c:1413
#1  0x00007fd705e45973 in g_log (log_domain=log_domain@entry=0x7fd7060d9998 "GLib-GIO", log_level=log_level@entry=G_LOG_LEVEL_CRITICAL, format=format@entry=0x7fd705e9dad0 "%s: assertion '%s' failed") at ../glib/gmessages.c:1451
#2  0x00007fd705e4619d in g_return_if_fail_warning (log_domain=log_domain@entry=0x7fd7060d9998 "GLib-GIO", pretty_function=pretty_function@entry=0x7fd7060e8920 <__func__.31> "g_output_stream_write_all", expression=expression@entry=0x7fd7060db607 "buffer != NULL") at ../glib/gmessages.c:2883
#3  0x00007fd706019aba in g_output_stream_write_all (stream=0x7fd68c02e170 [GLocalFileOutputStream], buffer=0x0, count=0, bytes_written=0x7fd6a97f6240, cancellable=0x0, error=0x0) at ../gio/goutputstream.c:296
#4  0x00007fd709f15429 in WTF::FileSystemImpl::writeToFile(_GFileIOStream*, char const*, int) (handle=0x7fd68c001a00, data=0x0, length=0) at ../../Source/WTF/wtf/glib/FileSystemGlib.cpp:411
#5  0x00007fd711bcf74b in operator()(uint8_t const*, size_t) const (__closure=0x7fd702f9dae8, data=0x0, size=0) at ../../Source/WebCore/workers/service/server/SWScriptStorage.cpp:102
#6  0x00007fd711be366b in WTF::Detail::CallableWrapper<WebCore::SWScriptStorage::store(const WebCore::ServiceWorkerRegistrationKey&, const WTF::URL&, const WebCore::SharedBuffer&)::<lambda(const uint8_t*, size_t)>, bool, unsigned char const*, long unsigned int>::call(const unsigned char *, unsigned long) (this=0x7fd702f9dae0, in#0=0x0, in#1=0) at WTF/Headers/wtf/Function.h:52
#7  0x00007fd70dc8e65a in WTF::Function<bool (unsigned char const*, unsigned long)>::operator()(unsigned char const*, unsigned long) const (this=0x7fd6a97f63c0, in#0=0x0, in#1=0) at WTF/Headers/wtf/Function.h:83
#8  0x00007fd711bcf70a in operator()(const WTF::Function<bool(unsigned char const*, long unsigned int)> &) const (__closure=0x7fd6a97f63a8, writeData=...) at ../../Source/WebCore/workers/service/server/SWScriptStorage.cpp:92
#9  0x00007fd711bcf930 in WebCore::SWScriptStorage::store(WebCore::ServiceWorkerRegistrationKey const&, WTF::URL const&, WebCore::SharedBuffer const&) (this=0x7fd702f9d980, registrationKey=..., scriptURL=..., script=...) at ../../Source/WebCore/workers/service/server/SWScriptStorage.cpp:101
#10 0x00007fd711bccfb3 in WebCore::RegistrationDatabase::doPushChanges(WTF::Vector<WebCore::ServiceWorkerContextData, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Vector<WebCore::ServiceWorkerRegistrationKey, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) (this=0x7fd702ff70c0, updatedRegistrations=..., removedRegistrations=...) at ../../Source/WebCore/workers/service/server/RegistrationDatabase.cpp:468
#11 0x00007fd711bcbe91 in operator()() (__closure=0x7fd702f10d78) at ../../Source/WebCore/workers/service/server/RegistrationDatabase.cpp:370
#12 0x00007fd711be3710 in WTF::Detail::CallableWrapper<WebCore::RegistrationDatabase::schedulePushChanges(WTF::Vector<WebCore::ServiceWorkerContextData>&&, WTF::Vector<WebCore::ServiceWorkerRegistrationKey>&&, WebCore::RegistrationDatabase::ShouldRetry, WTF::CompletionHandler<void()>&&)::<lambda()>, void>::call(void) (this=0x7fd702f10d70) at WTF/Headers/wtf/Function.h:52
#13 0x00007fd70d36097b in WTF::Function<void ()>::operator()() const (this=0x7fd6a83fa4a8) at WTF/Headers/wtf/Function.h:83
#14 0x00007fd711bcab5a in operator()() (__closure=0x7fd6a83fa4a0) at ../../Source/WebCore/workers/service/server/RegistrationDatabase.cpp:188
#15 0x00007fd711be3790 in WTF::Detail::CallableWrapper<WebCore::RegistrationDatabase::postTaskToWorkQueue(WTF::Function<void()>&&)::<lambda()>, void>::call(void) (this=0x7fd6a83fa498) at WTF/Headers/wtf/Function.h:52
#16 0x00007fd708eed2b1 in WTF::Function<void ()>::operator()() const (this=0x7fd6a83fa4c0) at WTF/Headers/wtf/Function.h:83
#17 0x00007fd709f10aac in operator()() const (__closure=0x7fd6a83fa4b8) at ../../Source/WTF/wtf/generic/WorkQueueGeneric.cpp:71
#18 0x00007fd709f1296a in WTF::Detail::CallableWrapper<WTF::WorkQueue::dispatch(WTF::Function<void()>&&)::<lambda()>, void>::call(void) (this=0x7fd6a83fa4b0) at ../../Source/WTF/wtf/Function.h:52
#19 0x00007fd708eed2b1 in WTF::Function<void ()>::operator()() const (this=0x7fd6a97f9940) at WTF/Headers/wtf/Function.h:83
#20 0x00007fd709e76805 in WTF::RunLoop::performWork() (this=0x7fd702f9c000) at ../../Source/WTF/wtf/RunLoop.cpp:133
#21 0x00007fd709f183fa in operator()(gpointer) const (__closure=0x0, userData=0x7fd702f9c000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:80
#22 0x00007fd709f1841e in _FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:82
#23 0x00007fd709f1838d in operator()(GSource*, GSourceFunc, gpointer) const (__closure=0x0, source=0x7fd68c003a50, callback=0x7fd709f18401 <_FUN(gpointer)>, userData=0x7fd702f9c000) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#24 0x00007fd709f183db in _FUN(GSource*, GSourceFunc, gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#25 0x00007fd705e3ddbf in g_main_dispatch (context=0x7fd68c000b60) at ../glib/gmain.c:3337
#26 g_main_context_dispatch (context=0x7fd68c000b60) at ../glib/gmain.c:4055
#27 0x00007fd705e3e168 in g_main_context_iterate (context=0x7fd68c000b60, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4131
#28 0x00007fd705e3e483 in g_main_loop_run (loop=0x7fd68c003a30) at ../glib/gmain.c:4329
#29 0x00007fd709f18998 in WTF::RunLoop::run() () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#30 0x00007fd709f108f2 in operator()() const (__closure=0x7fd702ff65a8) at ../../Source/WTF/wtf/generic/WorkQueueGeneric.cpp:51
#31 0x00007fd709f129aa in WTF::Detail::CallableWrapper<WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::<lambda()>, void>::call(void) (this=0x7fd702ff65a0) at ../../Source/WTF/wtf/Function.h:52
#32 0x00007fd708eed2b1 in WTF::Function<void ()>::operator()() const (this=0x7fd6a97f9c30) at WTF/Headers/wtf/Function.h:83
#33 0x00007fd709e7c47f in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (newThreadContext=0x7fd702ff4690) at ../../Source/WTF/wtf/Threading.cpp:181
#34 0x00007fd709f2398d in WTF::wtfThreadEntryPoint(void*) (context=0x7fd702ff4690) at ../../Source/WTF/wtf/posix/ThreadingPOSIX.cpp:241
#35 0x00007fd705dcc4d2 in start_thread (arg=<optimized out>) at pthread_create.c:477
#36 0x00007fd7058ba323 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

I'm attaching the full crash log with threads

Comment 1 Carlos Alberto Lopez Perez 2021-04-01 11:28:20 PDT

And it have made also crash the test http/wpt/service-workers/clone-opaque-being-loaded-response.html (same backtrace)

Comment 2 Chris Dumez 2021-04-01 11:30:22 PDT

Sadly, the issue is not obvious to me. I don't see what's different about the glib port here, expect that it is using a different version of FileSystem::writeToFile(). I will likely need help from someone able to run the glib port to debug this.

Comment 3 Chris Dumez 2021-04-01 11:47:46 PDT

I think this means the buffer that is being passed to g_output_stream_write_all() is nullptr, which I guess is possible if the bufferSize is 0.

Comment 4 Chris Dumez 2021-04-01 11:52:20 PDT

Created attachment 424919 [details]
Patch

Comment 5 Chris Dumez 2021-04-01 11:53:14 PDT

I have not been able to validate my fix but I *think* this is what the glib port implementation of fileSystem::writeToFile() did not like.

Comment 6 Chris Dumez 2021-04-01 11:54:05 PDT

Comment on attachment 424919 [details]
Patch

Have another idea.

Comment 7 Chris Dumez 2021-04-01 11:57:52 PDT

Created attachment 424921 [details]
Patch

Comment 8 Carlos Alberto Lopez Perez 2021-04-01 13:39:18 PDT

Comment on attachment 424921 [details]
Patch

Tested! It fixes the issue! thanks :)

Comment 9 Chris Dumez 2021-04-01 13:40:51 PDT

Comment on attachment 424921 [details]
Patch

Great, thanks for validating the fix.

Comment 10 EWS 2021-04-01 13:59:20 PDT

Committed r275379: <https://commits.webkit.org/r275379>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 424921 [details].

Comment 11 Radar WebKit Bug Importer 2021-04-01 14:00:42 PDT

<rdar://problem/76120318>