Bug 244890 - Assertion failure in FetchBodyOwner::loadBlob() when loading Xbox Cloud Gaming
Summary: Assertion failure in FetchBodyOwner::loadBlob() when loading Xbox Cloud Gaming
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-09-07 08:03 PDT by Olivier Blin
Modified: 2022-09-14 08:04 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Blin 2022-09-07 08:03:33 PDT 
When loading https://www.xbox.com/en-US/play/ (Xbox Cloud Gaming) in WPE, the WebProcess crashes with an assertion failure:

ASSERTION FAILED: !m_blobLoader                                                                                                                                              
Source/WebCore/Modules/fetch/FetchBodyOwner.cpp(251) : void WebCore::FetchBodyOwner::loadBlob(const WebCore::Blob &, WebCore::FetchBodyConsumer *)                                                                                                                                                                     

FetchBodyOwner::loadBlob() is called two times on the same body instance, while it should be called only once.
Here are the backtraces of the two callers of WebCore::FetchBodyOwner::loadBlob()

#0  WebCore::FetchBody::consumeAsStream(WebCore::FetchBodyOwner&, WebCore::FetchBodySource&) (this=0x7fadb688a420, owner=..., source=...) at Source/WebCore/Modules/fetch/FetchBody.cpp:192
#1  0x00007faf55860cdd in WebCore::FetchBodyOwner::consumeBodyAsStream() (this=0x7fadb688a3e0) at Source/WebCore/Modules/fetch/FetchBodyOwner.cpp:371
#2  0x00007faf5587ef48 in WebCore::FetchBodySource::doStart() (this=0x7fadadb1ccc0) at Source/WebCore/Modules/fetch/FetchBodySource.cpp:58
#3  0x00007faf55be530b in WebCore::ReadableStreamSource::start(WebCore::ReadableStreamDefaultController&&, WebCore::DOMPromiseDeferred<void>&&) (this=0x7fadadb1ccc0, controller=..., promise=...) at Source/WebCore/Modules/streams/ReadableStreamSource.cpp:41
#4  0x00007faf56022358 in WebCore::JSReadableStreamSource::start(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) (this=0x7fadb6fef208, lexicalGlobalObject=..., callFrame=..., promise=...) at Source/WebCore/bindings/js/JSReadableStreamSourceCustom.cpp:48
#5  0x00007faf54ffd4df in WebCore::jsReadableStreamSourcePrototypeFunction_startBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSReadableStreamSource*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) (lexicalGlobalObject=0x7fadfd29a468, callFrame=0x7ffe481cec60, castedThis=0x7fadb6fef208, promise=...) at WebCore/DerivedSources/JSReadableStreamSource.cpp:161
#6  0x00007faf54ffda67 in WebCore::IDLOperationReturningPromise<WebCore::JSReadableStreamSource>::call<&WebCore::jsReadableStreamSourcePrototypeFunction_startBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)#1}::operator()(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) const (this=0x7ffe481cebe0, lexicalGlobalObject=..., callFrame=..., promise=...) at Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h:52
#7  0x00007faf54ffd6ab in WebCore::callPromiseFunction<WebCore::IDLOperationReturningPromise<WebCore::JSReadableStreamSource>::call<&WebCore::jsReadableStreamSourcePrototypeFunction_startBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)#1}>(JSC::JSGlobalObject&, JSC::CallFrame&, WebCore::IDLOperationReturningPromise<WebCore::JSReadableStreamSource>::call<&WebCore::jsReadableStreamSourcePrototypeFunction_startBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)#1}) (lexicalGlobalObject=..., callFrame=..., functor=...) at Source/WebCore/bindings/js/JSDOMPromiseDeferred.h:349
#8  0x00007faf54ffd3ed in WebCore::IDLOperationReturningPromise<WebCore::JSReadableStreamSource>::call<&WebCore::jsReadableStreamSourcePrototypeFunction_startBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (lexicalGlobalObject=..., callFrame=..., operationName=0x7faf5b85ce9d "start") at Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h:41
#9  0x00007faf54ffd354 in WebCore::jsReadableStreamSourcePrototypeFunction_start(JSC::JSGlobalObject*, JSC::CallFrame*) (lexicalGlobalObject=0x7fadfd29a468, callFrame=0x7ffe481cec60) at WebCore/DerivedSources/JSReadableStreamSource.cpp:166
#10 0x00007faf005e4038 in  ()
#11 0x00007ffe481ced00 in  ()
#12 0x00007faf58b25d60 in op_call_varargs_slow_return_location () at WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3
#13 0x0000000000000000 in  ()


#0  WebCore::FetchBody::consume(WebCore::FetchBodyOwner&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) (this=0x7fadb688a420, owner=..., promise=...) at Source/WebCore/Modules/fetch/FetchBody.cpp:166
#1  0x00007faf5585ac7f in WebCore::FetchBody::blob(WebCore::FetchBodyOwner&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&, WTF::Stringconst&) (this=0x7fadb688a420, owner=..., promise=..., contentType=...) at Source/WebCore/Modules/fetch/FetchBody.cpp:110
#2  0x00007faf5585f6a3 in WebCore::FetchBodyOwner::blob(WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) (this=0x7fadb688a3e0, promise=...) at Source/WebCore/Modules/fetch/FetchBodyOwner.cpp:138
#3  0x00007faf5472548c in WebCore::jsFetchRequestPrototypeFunction_blobBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFetchRequest*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::{lambda()#1}::operator()() const (this=0x7ffe481d0270) at WebCore/DerivedSources/JSFetchRequest.cpp:607
#4  0x00007faf54725441 in WebCore::toJSNewlyCreated<WebCore::IDLPromise<WebCore::IDLInterface<WebCore::Blob> >, WebCore::jsFetchRequestPrototypeFunction_blobBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFetchRequest*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::{lambda()#1}>(JSC::JSGlobalObject&, WebCore::JSDOMGlobalObject&, JSC::ThrowScope&, WebCore::jsFetchRequestPrototypeFunction_blobBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFetchRequest*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)::{lambda()#1}&&) (lexicalGlobalObject=..., globalObject=..., throwScope=..., valueOrFunctor=...) at Source/WebCore/bindings/js/JSDOMConvertBase.h:225
#5  0x00007faf547250d2 in WebCore::jsFetchRequestPrototypeFunction_blobBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSFetchRequest*, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) (lexicalGlobalObject=0x7fadfd29a468, callFrame=0x7ffe481d0510, castedThis=0x7fadb6d05d68, promise=...) at WebCore/DerivedSources/JSFetchRequest.cpp:607
#6  0x00007faf547256d7 in WebCore::IDLOperationReturningPromise<WebCore::JSFetchRequest>::call<&WebCore::jsFetchRequestPrototypeFunction_blobBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)#1}::operator()(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&) const (this=0x7ffe481d0490, lexicalGlobalObject=..., callFrame=..., promise=...) at Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h:52
#7  0x00007faf5472529b in WebCore::callPromiseFunction<WebCore::IDLOperationReturningPromise<WebCore::JSFetchRequest>::call<&WebCore::jsFetchRequestPrototypeFunction_blobBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)#1}>(JSC::JSGlobalObject&, JSC::CallFrame&, WebCore::IDLOperationReturningPromise<WebCore::JSFetchRequest>::call<&WebCore::jsFetchRequestPrototypeFunction_blobBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)::{lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebCore::DeferredPromise> >&&)#1}) (lexicalGlobalObject=..., callFrame=..., functor=...) at Source/WebCore/bindings/js/JSDOMPromiseDeferred.h:349
#8  0x00007faf54724fcd in WebCore::IDLOperationReturningPromise<WebCore::JSFetchRequest>::call<&WebCore::jsFetchRequestPrototypeFunction_blobBody, (WebCore::CastedThisErrorBehavior)2>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (lexicalGlobalObject=..., callFrame=..., operationName=0x7faf5b157957 "blob") at Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h:41
#9  0x00007faf547243b4 in WebCore::jsFetchRequestPrototypeFunction_blob(JSC::JSGlobalObject*, JSC::CallFrame*) (lexicalGlobalObject=0x7fadfd29a468, callFrame=0x7ffe481d0510) at WebCore/DerivedSources/JSFetchRequest.cpp:612
#10 0x00007faf005e4038 in  ()
#11 0x00007ffe481d0620 in  ()
#12 0x00007faf58b24c71 in op_call_slow_return_location () at WebKitBuild/Debug/lib/libWPEWebKit-1.0.so.3
#13 0x0000000000000000 in  ()
Comment 1 Radar WebKit Bug Importer 2022-09-14 08:04:18 PDT 
<rdar://problem/99919506>