New issue
Advanced search Search tips

Issue 733569 link

Starred by 1 user
Status: Fixed
Owner:
eseckler@chromium.org
Closed: Jul 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Segfault in headless mode with webkitPersistentStorage.requestQuota

Reported by r...@journeyapps.com, Jun 15 2017 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36

Steps to reproduce the problem:
1. Open the attached html file in headless Chrome:

   google-chrome --unlimited-storage --headless --no-gpu --remote-debugging-port=9222 file://$PWD/crash.html

2. Observe the segfault.

Alternatively, just run this line by using the devtools:

    navigator.webkitPersistentStorage.requestQuota(10, () => { console.log('success') })

What is the expected behavior?
It should not crash.

What went wrong?
Getting this error:

    [1]    20738 segmentation fault (core dumped)

In non-headless mode, everything works fine.

The --unlimited-storage option doesn't seem to make a difference here (although it's required for automated tests in non-headless mode).

Did this work before? No 

Chrome version: 60.0.3112.24 beta  Channel: stable
OS Version: Ubuntu 16.04
Flash Version: 

Tested in Chrome stable (59) and beta (60).
crash.html
134 bytes View Download

Comment 1 by ligim...@chromium.org, Jun 15 2017

Labels: Needs-Triage-M60 Proj-Headless

Comment 2 by kavvaru@chromium.org, Jun 16 2017

Labels: -Type-Bug -Pri-2 M-61 has-bisect-per-revision Pri-1 Type-Bug-Regression
Owner: skyos...@chromium.org
Status: Assigned (was: Unconfirmed)
ralf@ Thanks for the issue.

Able to reproduce the issue on Ubuntu 14.04 using chrome version 59.0.3071.96 and canary 61.0.3131.0.This is regression issue broken in M57.Please find the bisect information as below

Narrow Bisect::
Good::57.0.2950.0  ----    (build revision 438011)
Bad::57.0.2951.0   ---    (build revision 438385)

Change Log::
https://chromium.googlesource.com/chromium/src/+log/e3f59ed9bdc15fc1cccc737e425d40a077c36a32..b354f8865623b8ca8da43f7ef37332bdb586dd82

Possible suspect::
https://chromium.googlesource.com/chromium/src/+/b354f8865623b8ca8da43f7ef37332bdb586dd82

skyostil@ could you please look into this issue if it is related to your change,else please help us in finding the appropriate owner for this issue.

Thanks,

Comment 3 by skyos...@chromium.org, Jun 16 2017

Components: -Platform>DevTools Internals>Headless
Status: Available (was: Assigned)

Comment 4 by r...@journeyapps.com, Jun 30 2017 

Any update on the issue? This also affects OSX (tested on 10.11.6). Haven't tested Windows.

Comment 5 by eseckler@chromium.org, Jul 17 2017

Owner: ----
Here's the stack trace:

[0717/150112.325205:FATAL:quota_dispatcher_host.cc(178)] Check failed: permission_context(). 
#0 0x7efe350f1967 base::debug::StackTrace::StackTrace()
#1 0x7efe35118481 logging::LogMessage::~LogMessage()
#2 0x7efe327fe16c content::QuotaDispatcherHost::RequestQuotaDispatcher::DidGetPersistentUsageAndQuota()
#3 0x7efe327fdebc _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN7content19QuotaDispatcherHost22RequestQuotaDispatcherEFvN7storage15QuotaStatusCodeEllERKNS_7WeakPtrIS6_EEJS8_llEEEvOT_OT0_DpOT1_
#4 0x7efe30d5e5a7 storage::(anonymous namespace)::DidGetUsageAndQuotaForWebApps()
#5 0x7efe30d68eea _ZN4base8internal7InvokerINS0_9BindStateIPFvRKNS_8CallbackIFvN7storage15QuotaStatusCodeEllELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEES5_llNS_8flat_mapINS4_11QuotaClient2IDElNSt3__14lessISE_EEEEEJS9_EEEFvS5_llSI_EE3RunEPNS0_13BindStateBaseEOS5_OlSR_OSI_
#6 0x7efe30d668bc storage::QuotaManager::UsageAndQuotaHelper::Completed()
#7 0x7efe30d6c972 storage::QuotaTask::CallCompleted()
#8 0x7efe30ceda38 _ZN4base8internal7InvokerINS0_9BindStateIMN7storage16BlobRegistryImpl21BlobUnderConstructionEFvvEJNS_7WeakPtrIS5_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
#9 0x7efe350de48a base::(anonymous namespace)::BarrierInfo::Run()
#10 0x7efe30d66fcc _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN7storage12QuotaManager19UsageAndQuotaHelperEFvRKNS_8CallbackIFvvELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEENS4_15QuotaStatusCodeElERKNS_7WeakPtrIS6_EEJSD_SE_lEEEvOT_OT0_DpOT1_
#11 0x7efe30d644f6 _ZN7storage16CallbackQueueMapIN4base8CallbackIFvNS_15QuotaStatusCodeElELNS1_8internal8CopyModeE1ELNS5_10RepeatModeE1EEENSt3__112basic_stringIcNS9_11char_traitsIcEENS9_9allocatorIcEEEEJS3_lEE3RunIJS3_RKlEEEvRKSF_DpOT_
#12 0x7efe30d5fcbb storage::QuotaManager::DidGetPersistentHostQuota()
#13 0x7efe30d6911d _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN7storage12QuotaManagerEFvRKNSt3__112basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEEPKlbERKNS_7WeakPtrIS5_EEJSE_PlbEEEvOT_OT0_DpOT1_
#14 0x7efe30d69053 _ZN4base8internal7InvokerINS0_9BindStateIMN7storage12QuotaManagerEFvRKNSt3__112basic_stringIcNS5_11char_traitsIcEENS5_9allocatorIcEEEEPKlbEJNS_7WeakPtrIS4_EESB_NS0_12OwnedWrapperIlEEEEEFvbEE3RunEPNS0_13BindStateBaseEOb
#15 0x7efe30d69acb base::internal::ReplyAdapter<>()
#16 0x7efe30ce455b _ZN4base8internal7InvokerINS0_9BindStateIPFvNS_8CallbackIFvN7storage12_GLOBAL__N_116EmptyFilesResultEELNS0_8CopyModeE0ELNS0_10RepeatModeE0EEEPS6_EJSA_NS0_12OwnedWrapperIS6_EEEEEFvvEE7RunOnceEPNS0_13BindStateBaseE
#17 0x7efe3518b68f base::(anonymous namespace)::PostTaskAndReplyRelay::RunReplyAndSelfDestruct()
#18 0x7efe350f21ab base::debug::TaskAnnotator::RunTask()
#19 0x7efe35124e5a base::MessageLoop::RunTask()

Comment 6 by eseckler@chromium.org, Jul 17 2017

Owner: eseckler@chromium.org
Status: Assigned (was: Available)
Looks like we need to implement HeadlessContentBrowserClient::CreateQuotaPermissionContext().

https://cs.chromium.org/chromium/src/content/public/browser/content_browser_client.cc?l=224

Comment 7 by eseckler@chromium.org, Jul 17 2017

Labels: -Needs-Triage-M60
Project Member

Comment 9 by bugdroid1@chromium.org, Jul 18 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ea51c9c225d54b1981c25f514e9862487b3733a5

commit ea51c9c225d54b1981c25f514e9862487b3733a5
Author: Eric Seckler <eseckler@chromium.org>
Date: Tue Jul 18 20:47:56 2017

[headless] Fix crashes when using storage quota APIs.

Adds a HeadlessQuotaPermissionContext.

When the ContentBrowserClient did not return a valid QPC, nullptr
crashes were possible.

Bug:  733569 
Change-Id: I082e3953580620b84802dc3330dbae3c113301c4
Reviewed-on: https://chromium-review.googlesource.com/574545
Reviewed-by: Alex Clarke <alexclarke@chromium.org>
Reviewed-by: Michael Nordman <michaeln@chromium.org>
Commit-Queue: Eric Seckler <eseckler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487596}
[modify] https://crrev.com/ea51c9c225d54b1981c25f514e9862487b3733a5/headless/BUILD.gn
[modify] https://crrev.com/ea51c9c225d54b1981c25f514e9862487b3733a5/headless/lib/browser/DEPS
[modify] https://crrev.com/ea51c9c225d54b1981c25f514e9862487b3733a5/headless/lib/browser/headless_content_browser_client.cc
[modify] https://crrev.com/ea51c9c225d54b1981c25f514e9862487b3733a5/headless/lib/browser/headless_content_browser_client.h
[add] https://crrev.com/ea51c9c225d54b1981c25f514e9862487b3733a5/headless/lib/browser/headless_quota_permission_context.cc
[add] https://crrev.com/ea51c9c225d54b1981c25f514e9862487b3733a5/headless/lib/browser/headless_quota_permission_context.h
[modify] https://crrev.com/ea51c9c225d54b1981c25f514e9862487b3733a5/headless/lib/headless_web_contents_browsertest.cc
[add] https://crrev.com/ea51c9c225d54b1981c25f514e9862487b3733a5/headless/test/data/request_storage_quota.html

Comment 10 by eseckler@chromium.org, Jul 19 2017

Status: Fixed (was: Assigned)

Sign in to add a comment