Page MenuHomePhabricator
Create Task
Maniphest T419172

LogicException: GrowthExperiments\NewcomerTasks\TaskSuggester\NewcomerTasksCacheRefreshJob executed for invalid userId (0)
Open, MediumPublicPRODUCTION ERROR
Actions

Description

Error
  • mwversion: 1.46.0-wmf.18
  • timestamp: 2026-03-05T21:23:40.144Z
  • phpversion: 8.3.30
  • reqId: cc4e0baa-2184-4d5a-9431-b1e6b35cc8b1
  • Find reqId in Logstash
normalized_message
[{reqId}] {exception_url}   LogicException: GrowthExperiments\NewcomerTasks\TaskSuggester\NewcomerTasksCacheRefreshJob executed for invalid userId (0)
FrameLocationCall
from/srv/mediawiki/php-1.46.0-wmf.18/extensions/GrowthExperiments/includes/NewcomerTasks/TaskSuggester/NewcomerTasksCacheRefreshJob.php(42)
#0/srv/mediawiki/php-1.46.0-wmf.18/extensions/EventBus/includes/JobExecutor.php(94)GrowthExperiments\NewcomerTasks\TaskSuggester\NewcomerTasksCacheRefreshJob->run()
#1/srv/mediawiki/rpc/RunSingleJob.php(60)MediaWiki\Extension\EventBus\JobExecutor->execute(array)
#2{main}
Impact

Details

Request URL
https://mw-jobrunner.discovery.wmnet/rpc/RunSingleJob.php
Related Changes in Gerrit:
SubjectRepoBranchLines +/-
HomepageHooks: Skip onBeforePageDisplay for non-named usersmediawiki/extensions/GrowthExperimentsmaster+7 -0
NewcomerTasks: Add logging for unexpected anon usersmediawiki/extensions/GrowthExperimentsmaster+18 -0
Customize query in gerrit

Related Objects

Event Timeline

Etonkovidova created this task.Mar 5 2026, 9:57 PM
Restricted Application added a project: Growth-Team. · View Herald TranscriptMar 5 2026, 9:57 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Etonkovidova updated the task description. (Show Details)Mar 5 2026, 10:11 PM
Michael triaged this task as Medium priority.Mar 13 2026, 3:59 PM
Michael moved this task from Inbox to Current Maintenance Backlog on the Growth-Team board.
Michael added a project: Essential-Work.Mar 23 2026, 4:29 PM
gerritbot added a comment.Apr 8 2026, 6:15 PM

Change #1269034 had a related patch set uploaded (by HakanIST; author: HakanIST):

[mediawiki/extensions/GrowthExperiments@master] fix: Gracefully handle invalid userId in NewcomerTasksCacheRefreshJob

https://gerrit.wikimedia.org/r/1269034

gerritbot added a project: Patch-For-Review.Apr 8 2026, 6:15 PM
HakanIST subscribed.Apr 8 2026, 7:39 PM

There are 7+ callers of suggest(), most of which should only be called for logged-in users. ApiQueryGrowthTasks is safe ( isNamed() guard), but other callers like HomepageHooks::onBeforePageDisplay (line 425) or SuggestedEdits::resetTaskCache could potentially pass an anonymous user.

HakanIST added a comment.EditedApr 17 2026, 5:27 PM

Root cause identified and fix uploaded.

CacheDecorator::suggest() enters the cache path for all users without checking userId. For userId=0 this creates a shared cache key and enqueues a NewcomerTasksCacheRefreshJob that fails because UserIdentityLookup cannot resolve userId=0.

Fix in https://gerrit.wikimedia.org/r/c/mediawiki/extensions/GrowthExperiments/+/1269034 (PS4): bypass the cache path entirely for userId=0 at the CacheDecorator level. The LogicException in the job is preserved as a safety net.

Edit: PS8 adds diagnostic logging with stack traces at both job scheduling sites instead. Should reveal which caller reaches this code with userId=0.

gerritbot added a comment.Apr 24 2026, 4:00 PM

Change #1269034 had a related patch set uploaded (by HakanIST; author: HakanIST):

[mediawiki/extensions/GrowthExperiments@master] Add diagnostic logging for T419172

https://gerrit.wikimedia.org/r/1269034

Minorax moved this task from Untriaged to Jan–Mar 2026 on the Wikimedia-production-error board.Apr 26 2026, 1:55 AM
gerritbot added a comment.Apr 27 2026, 2:52 PM

Change #1269034 merged by jenkins-bot:

[mediawiki/extensions/GrowthExperiments@master] NewcomerTasks: Add logging for unexpected anon users

https://gerrit.wikimedia.org/r/1269034

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.26; 2026-04-28).Apr 27 2026, 3:00 PM
HakanIST added a comment.May 5 2026, 4:11 PM

After the diagnostic logging, the Logstash hits I found all point to HomepageHooks::onBeforePageDisplay() line 425. It looks like anonymous users can reach URLs with GE parameters (geclickid, gesuggestededit), and the click-ID block ends up calling suggest() with userId=0 without a registration check.

Michael merged a task: T400153: LogicException: GrowthExperiments\NewcomerTasks\TaskSuggester\NewcomerTasksCacheRefreshJob executed for invalid userId (0).May 12 2026, 5:31 PM
Michael added subscribers: Reedy, brennen.
Michael added a comment.May 12 2026, 5:40 PM

We seem to have data from the logging that was added:

from /srv/mediawiki/php-1.47.0-wmf.1/extensions/GrowthExperiments/includes/NewcomerTasks/TaskSuggester/CacheDecorator.php(156)
#0 /srv/mediawiki/php-1.47.0-wmf.1/includes/libs/ObjectCache/WANObjectCache.php(1830): GrowthExperiments\NewcomerTasks\TaskSuggester\CacheDecorator->GrowthExperiments\NewcomerTasks\TaskSuggester\{closure}(bool, int, array, null, array)
#1 /srv/mediawiki/php-1.47.0-wmf.1/includes/libs/ObjectCache/WANObjectCache.php(1640): Wikimedia\ObjectCache\WANObjectCache->fetchOrRegenerate(string, int, Closure, array, array)
#2 /srv/mediawiki/php-1.47.0-wmf.1/extensions/GrowthExperiments/includes/NewcomerTasks/TaskSuggester/CacheDecorator.php(78): Wikimedia\ObjectCache\WANObjectCache->getWithSetCallback(string, int, Closure, array)
#3 /srv/mediawiki/php-1.47.0-wmf.1/extensions/GrowthExperiments/includes/NewcomerTasks/TaskSuggester/QualityGateDecorator.php(73): GrowthExperiments\NewcomerTasks\TaskSuggester\CacheDecorator->suggest(MediaWiki\User\User, GrowthExperiments\NewcomerTasks\Task\TaskSetFilters, int, null, array)
#4 /srv/mediawiki/php-1.47.0-wmf.1/extensions/GrowthExperiments/includes/HomepageHooks.php(385): GrowthExperiments\NewcomerTasks\TaskSuggester\QualityGateDecorator->suggest(MediaWiki\User\User, GrowthExperiments\NewcomerTasks\Task\TaskSetFilters, int)
#5 /srv/mediawiki/php-1.47.0-wmf.1/includes/HookContainer/HookContainer.php(127): GrowthExperiments\HomepageHooks->onBeforePageDisplay(MediaWiki\Output\OutputPage, MediaWiki\Minerva\Skins\SkinMinerva)
#6 /srv/mediawiki/php-1.47.0-wmf.1/includes/HookContainer/HookRunner.php(1025): MediaWiki\HookContainer\HookContainer->run(string, array, array)
#7 /srv/mediawiki/php-1.47.0-wmf.1/includes/Output/OutputPage.php(3304): MediaWiki\HookContainer\HookRunner->onBeforePageDisplay(MediaWiki\Output\OutputPage, MediaWiki\Minerva\Skins\SkinMinerva)
#8 /srv/mediawiki/php-1.47.0-wmf.1/includes/Actions/ActionEntryPoint.php(162): MediaWiki\Output\OutputPage->output(bool)
#9 /srv/mediawiki/php-1.47.0-wmf.1/includes/MediaWikiEntryPoint.php(180): MediaWiki\Actions\ActionEntryPoint->execute()
#10 /srv/mediawiki/php-1.47.0-wmf.1/index.php(44): MediaWiki\MediaWikiEntryPoint->run()
#11 /srv/mediawiki/w/index.php(3): require(string)
#12 {main}

If I'm looking at the code around HomepageHooks.php(385), then my guess is that someone bookmarked or shared a URL with getasktype and geclickid URL params and then this URL is visited by users that are not logged-in.

So, an immediate first fix would probably be to introuce a check for User->isNamed() at the beginning of \GrowthExperiments\HomepageHooks::onBeforePageDisplay and if they are not then to exit that method early. The homepage exists exclusively for named users, so none of that code should run for anon or temp users.

A more substantial fix would be to not only have a getasktype and a geclickid, but also a CSRF-token in the url, and if the token does not check out to discard all the rest. That should prevent bookmarked and shared links to create noise in our setup. But this is maybe a bit of a bigger lift.

Michael removed a project: Patch-For-Review.Mon, May 18, 7:21 PM
In T419172#11890448, @HakanIST wrote:

After the diagnostic logging, the Logstash hits I found all point to HomepageHooks::onBeforePageDisplay() line 425. It looks like anonymous users can reach URLs with GE parameters (geclickid, gesuggestededit), and the click-ID block ends up calling suggest() with userId=0 without a registration check.

Sorry, I totally missed your comment here! I think in my comment above I came to the same conclusion as you did. Do you want to take on the next step of fixing this?

gerritbot added a comment.Tue, May 19, 1:49 PM

Change #1289353 had a related patch set uploaded (by HakanIST; author: HakanIST):

[mediawiki/extensions/GrowthExperiments@master] HomepageHooks: Skip onBeforePageDisplay for non-named users

https://gerrit.wikimedia.org/r/1289353

gerritbot added a project: Patch-For-Review.Tue, May 19, 1:49 PM
HakanIST added a comment.Tue, May 19, 1:53 PM
In T419172#11933150, @Michael wrote:

Sorry, I totally missed your comment here! I think in my comment above I came to the same conclusion as you did. Do you want to take on the next step of fixing this?

No problem, added the isNamed() guard at the top of onBeforePageDisplay() as you suggested.

gerritbot added a comment.Wed, May 27, 7:33 PM

Change #1289353 merged by jenkins-bot:

[mediawiki/extensions/GrowthExperiments@master] HomepageHooks: Skip onBeforePageDisplay for non-named users

https://gerrit.wikimedia.org/r/1289353

Michael removed a project: Patch-For-Review.Tue, Jun 2, 1:18 PM
HakanIST added a comment.Fri, Jun 12, 9:25 AM

Looking at Logstash, the LogicException dropped to zero on Jun 11 after the remaining delayed jobs from before the fix expired.

image.png (1,000×400 px, 16 KB)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits