Bug 225555

Summary: [WPE] Bot exiting early with crashes in new window layout tests inside wl_proxy_marshal_constructor
Product: WebKit Reporter: Lauro Moura <lmoura>
Component: WPE WebKitAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bst, bugs-noreply
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=225735

Description Lauro Moura 2021-05-07 21:25:27 PDT 
fast/dom/Window/mozilla-focus-blur.html
fast/dom/Window/new-window-opener.html
fast/dom/Window/open-window-min-size.html
http/tests/appcache/crash-when-navigating-away-then-back.html
http/tests/cookies/same-site/fetch-after-top-level-same-origin-redirect.html
http/tests/cookies/same-site/fetch-cookies-set-in-about-blank-iframe.html
http/tests/cookies/same-site/fetch-in-about-blank-page.html
http/tests/cookies/same-site/fetch-in-about-blank-popup.html
http/tests/cookies/same-site/fetch-in-cross-origin-iframe.html
http/tests/cookies/same-site/fetch-in-same-origin-page.html
http/tests/cookies/same-site/fetch-in-same-origin-service-worker.html
http/tests/cookies/same-site/fetch-in-same-origin-srcdoc-iframe.html
http/tests/cookies/same-site/fetch-in-same-origin-worker.html
http/wpt/prefetch/link-prefetch-main-resource-redirect.html
imported/w3c/web-platform-tests/fetch/http-cache/split-cache.html
imported/w3c/web-platform-tests/html/browsers/browsing-the-web/history-traversal/persisted-user-state-restoration/resume-timer-on-history-back.html
imported/w3c/web-platform-tests/html/browsers/browsing-the-web/navigating-across-documents/failure-check-sequence.https.html
imported/w3c/web-platform-tests/html/browsers/history/the-session-history-of-browsing-contexts/navigation-in-onload.tentative.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/creating_browsing_context_test_01.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-negative-innerwidth-innerheight.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-negative-screenx-screeny.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-negative-top-left.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-negative-width-height.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/apis-for-creating-and-navigating-browsing-contexts-by-name/open-features-non-integer-height.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/close-method.window.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/closed-attribute.window.html
imported/w3c/web-platform-tests/html/browsers/the-window-object/self-et-al.window.html
imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/browsing-context-_blank.html
imported/w3c/web-platform-tests/html/browsers/windows/browsing-context-names/choose-_blank-001.html
imported/w3c/web-platform-tests/html/browsers/windows/clear-window-name.https.html
imported/w3c/web-platform-tests/html/interaction/focus/the-autofocus-attribute/supported-elements.html
imported/w3c/web-platform-tests/html/semantics/forms/autofocus/supported-elements.html
imported/w3c/web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-javascript-job-queue/promise-job-entry-different-function-realm.html

Sample build run: https://build.webkit.org/results/WPE-Linux-64-bit-Release-Tests/r277222%20(1598)/results.html

First failure in build https://build.webkit.org/#/builders/40/builds/1582 after updating the SDK to r277166.

r277165 downgraded back only wpebackend-fdo to 1.8.3, while libwpe was kept at 1.10. Likely the cause?

Crash trace from thread 1:

Thread 1 (Thread 0x7f27aeffd700 (LWP 20005)):
#0  wl_proxy_marshal_constructor (proxy=0x0, opcode=opcode@entry=0, interface=0x7f2886736fe0 <wl_surface_interface>) at ../src/wayland-client.c:829
#1  0x00007f288581bd6d in wl_compositor_create_surface (wl_compositor=<optimized out>) at /usr/include/wayland-client-protocol.h:1281
#2  WS::BaseTarget::initialize(wl_display*) (this=this@entry=0x7f27a8002808, display=0x55e3fcf8e670) at ../src/ws-client.cpp:184
#3  0x00007f2885817e6c in (anonymous namespace)::Target::initialize (height=600, width=800, backend=..., this=0x7f27a8002800) at ../src/ws-client.h:41
#4  fdo_renderer_backend_egl_target::{lambda(void*, fdo_renderer_backend_egl_target, unsigned int, unsigned int)#3}::operator()(fdo_renderer_backend_egl_target, fdo_renderer_backend_egl_target, unsigned int, unsigned int) const (height=600, width=800, backend_data=<optimized out>, data=0x7f27a8002800, __closure=0x0) at ../src/renderer-backend-egl.cpp:122
#5  fdo_renderer_backend_egl_target::{lambda(void*, fdo_renderer_backend_egl_target, unsigned int, unsigned int)#3}::_FUN(fdo_renderer_backend_egl_target, fdo_renderer_backend_egl_target, unsigned int, unsigned int) () at ../src/renderer-backend-egl.cpp:123
#6  0x00007f288d57bae2 in WebKit::LayerTreeHost::nativeSurfaceHandleForCompositing() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#7  0x00007f288d261621 in WTF::Detail::CallableWrapper<WebKit::ThreadedCompositor::ThreadedCompositor(WebKit::ThreadedCompositor::Client&, WebKit::ThreadedDisplayRefreshMonitor::Client&, unsigned int, WebCore::IntSize const&, float, unsigned int)::{lambda()#2}, void>::call() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#8  0x00007f288d25f543 in WTF::Detail::CallableWrapper<WebKit::CompositingRunLoop::performTaskSync(WTF::Function<void ()>&&)::{lambda()#1}, void>::call() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#9  0x00007f28911b32fb in WTF::RunLoop::performWork() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#10 0x00007f289121f779 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#11 0x00007f289122012f in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#12 0x00007f288a7cedbf in g_main_dispatch (context=0x7f27a8005890) at ../glib/gmain.c:3337
#13 g_main_context_dispatch (context=0x7f27a8005890) at ../glib/gmain.c:4055
#14 0x00007f288a7cf168 in g_main_context_iterate (context=0x7f27a8005890, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4131
#15 0x00007f288a7cf483 in g_main_loop_run (loop=0x7f27a8003900) at ../glib/gmain.c:4329
#16 0x00007f2891220278 in WTF::RunLoop::run() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#17 0x00007f28911b4de9 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#18 0x00007f28912224e9 in WTF::wtfThreadEntryPoint(void*) () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#19 0x00007f2887e9e4d2 in start_thread (arg=<optimized out>) at pthread_create.c:477
#20 0x00007f288a128323 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Comment 1 Lauro Moura 2021-05-07 21:33:35 PDT 
These known failures were gardened in r277223.
Comment 2 Lauro Moura 2021-05-09 20:28:49 PDT 
Testing manually outside the SDK, indeed the combination of libwpe 1.10 with wpebackend-fdo 1.8.3 triggers this crash.

Rolling back libwpe to 1.7.1, the issue first appears with wpebackend-fdo between 1.8.0 and 1.8.1. Bisecting and using fast/dom/Window/new-window-opener.html as testcase:

First failure in https://github.com/Igalia/WPEBackend-fdo/commit/7789cd54c1d76b37c54d4b5960952403b612a1d7

The previous one at 
https://github.com/Igalia/WPEBackend-fdo/commit/25a23029f885da28182ba031f47350e8cc35d726 also crashes, but at a different point (A wl_list_insert segfault in ViewBackend::registerSurface).
Comment 3 Lauro Moura 2021-05-14 13:25:32 PDT 
(In reply to Lauro Moura from comment #1)
> These known failures were gardened in r277223.

Tests back to the previous behavior after SDK update in r277436. Will revert these and close the bug.
Comment 4 Lauro Moura 2021-05-14 13:33:33 PDT 
Committed r277503 (237734@main): <https://commits.webkit.org/237734@main>