Bug 193026 - Assert in NetworkHTTPSUpgradeChecker::query()
Summary: Assert in NetworkHTTPSUpgradeChecker::query()
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on: 193075
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-24 19:57 PST by Simon Fraser (smfr)
Modified: 2022-02-12 22:07 PST (History)
7 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Fraser (smfr) 2018-12-24 19:57:53 PST
I just hit this assertion on the first test (imported/w3c/web-platform-tests/css/css-color/border-bottom-color.xht) when running "run-webkit-tests --debug --no-build --no-show-results LayoutTests/imported/w3c/web-platform-tests/css/css-color/"

Crashed Thread:        1  Dispatch queue: HTTPS Upgrade Checker Thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [13618]

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                 000000010d1ce000-000000010d1d0000 [    8K] r-x/rwx SM=COW  /Volumes/VOLUME/*/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking.Development

Thread 0:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff61117c2a mach_msg_trap + 10
1   libsystem_kernel.dylib        	0x00007fff61118174 mach_msg + 60
2   com.apple.CoreFoundation      	0x00007fff33f3c05e __CFRunLoopServiceMachPort + 337
3   com.apple.CoreFoundation      	0x00007fff33f3b5ad __CFRunLoopRun + 1654
4   com.apple.CoreFoundation      	0x00007fff33f3ace4 CFRunLoopRunSpecific + 463
5   com.apple.Foundation          	0x00007fff3629b5da -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280
6   com.apple.Foundation          	0x00007fff3629b4af -[NSRunLoop(NSRunLoop) run] + 76
7   libxpc.dylib                  	0x00007fff61215ee6 _xpc_objc_main + 555
8   libxpc.dylib                  	0x00007fff612159e5 xpc_main + 433
9   com.apple.WebKit.Networking   	0x000000010d1cf035 WebKit::XPCServiceMain(int, char const**) + 1333 (XPCServiceMain.mm:157)
10  com.apple.WebKit.Networking   	0x000000010d1cf322 main + 34 (XPCServiceMain.mm:165)
11  libdyld.dylib                 	0x00007fff60fdf085 start + 1

Thread 1 Crashed:: Dispatch queue: HTTPS Upgrade Checker Thread
0   com.apple.JavaScriptCore      	0x00000001252837f0 WTFCrash + 16 (Assertions.cpp:255)
1   com.apple.WebKit              	0x000000010d1ebe5b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:559)
2   com.apple.WebKit              	0x000000010d44b3cd WebKit::NetworkHTTPSUpgradeChecker::query(WTF::String&&, PAL::SessionID, WTF::CompletionHandler<void (bool)>&&)::$_11::operator()() + 525 (NetworkHTTPSUpgradeChecker.cpp:99)
3   com.apple.WebKit              	0x000000010d44b0f9 WTF::Function<void ()>::CallableWrapper<WebKit::NetworkHTTPSUpgradeChecker::query(WTF::String&&, PAL::SessionID, WTF::CompletionHandler<void (bool)>&&)::$_11>::call() + 25 (Function.h:101)
4   com.apple.JavaScriptCore      	0x00000001252acf7f WTF::Function<void ()>::operator()() const + 175 (Function.h:56)
5   com.apple.JavaScriptCore      	0x000000012538a1a9 WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0::operator()() const + 25 (WorkQueueCocoa.cpp:38)
6   com.apple.JavaScriptCore      	0x000000012538a3e0 WTF::BlockPtr<void ()> WTF::BlockPtr<void ()>::fromCallable<WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0>(WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0)::'lambda'(void*)::operator()(void*) const + 32 (BlockPtr.h:96)
7   com.apple.JavaScriptCore      	0x000000012538a3b8 WTF::BlockPtr<void ()> WTF::BlockPtr<void ()>::fromCallable<WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0>(WTF::WorkQueue::dispatch(WTF::Function<void ()>&&)::$_0)::'lambda'(void*)::__invoke(void*) + 24 (BlockPtr.h:95)
8   libdispatch.dylib             	0x00007fff60f8fd4f _dispatch_call_block_and_release + 12
9   libdispatch.dylib             	0x00007fff60f90dcb _dispatch_client_callout + 8
10  libdispatch.dylib             	0x00007fff60f97120 _dispatch_lane_serial_drain + 618
11  libdispatch.dylib             	0x00007fff60f97bd8 _dispatch_lane_invoke + 388
12  libdispatch.dylib             	0x00007fff60fa0084 _dispatch_workloop_worker_thread + 603
13  libsystem_pthread.dylib       	0x00007fff611d061c _pthread_wqthread + 409
14  libsystem_pthread.dylib       	0x00007fff611d0415 start_wqthread + 13

It's ASSERT(stepResult == SQLITE_ROW || stepResult == SQLITE_DONE);.

I'm also confused about how this function calls ASSERT(RunLoop::isMain()); but is running on a dispatch thread.
Comment 1 Radar WebKit Bug Importer 2018-12-25 21:04:05 PST
<rdar://problem/46945206>
Comment 2 Chris Dumez 2019-01-02 08:24:20 PST
> I'm also confused about how this function calls ASSERT(RunLoop::isMain()); but is running on a dispatch thread.

It checks that it is on the main thread *then* dispatches on the dispatch queue. The crash is in the lambda that runs on the background queue. That part seems fine / expected.

Note that I am surprised this code is running at all since the feature is supposed to be off by default.
Comment 3 Chris Dumez 2019-01-02 08:31:43 PST
(In reply to Chris Dumez from comment #2)
> > I'm also confused about how this function calls ASSERT(RunLoop::isMain()); but is running on a dispatch thread.
> 
> It checks that it is on the main thread *then* dispatches on the dispatch
> queue. The crash is in the lambda that runs on the background queue. That
> part seems fine / expected.
> 
> Note that I am surprised this code is running at all since the feature is
> supposed to be off by default.

I cannot reproduce the crashes with 'run-webkit-tests --debug --no-build --no-show-results LayoutTests/imported/w3c/web-platform-tests/css/css-color/' but I was able to confirm the feature is on when running layout tests.
Comment 4 Chris Dumez 2019-01-02 08:36:46 PST
(In reply to Chris Dumez from comment #3)
> (In reply to Chris Dumez from comment #2)
> > > I'm also confused about how this function calls ASSERT(RunLoop::isMain()); but is running on a dispatch thread.
> > 
> > It checks that it is on the main thread *then* dispatches on the dispatch
> > queue. The crash is in the lambda that runs on the background queue. That
> > part seems fine / expected.
> > 
> > Note that I am surprised this code is running at all since the feature is
> > supposed to be off by default.
> 
> I cannot reproduce the crashes with 'run-webkit-tests --debug --no-build
> --no-show-results
> LayoutTests/imported/w3c/web-platform-tests/css/css-color/' but I was able
> to confirm the feature is on when running layout tests.

All experimental features get enabled when running layout tests based on code inspection so this is expected as well.
Comment 5 Chris Dumez 2019-01-04 13:12:28 PST
Simon, can you still reproduce this? If so, logging I added via Bug 193075 should help me debug. I personally cannot reproduce.