232314 2021-10-26 09:51:45 -0700 Network process crash when fetching WebsiteDataType::ResourceLoadStatistics or calling webkit_website_data_manager_get_itp_summary() in ephemeral sessions 2025-03-29 12:17:44 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build PC Linux REOPENED https://bugzilla.redhat.com/show_bug.cgi?id=2017496 InRadar P2 Normal --- 1 mcatanzaro webkit-unassigned kkinnunen mcatanzaro webkit-bug-importer wilander zyx oldest_to_newest 1808909 0 mcatanzaro 2021-10-26 09:51:45 -0700 Reproducer: create an incognito mode window in Epiphany, open preferences, then open the personal data dialog. The network process will crash. Detailed backtrace here: https://bugzilla-attachments.redhat.com/attachment.cgi?id=1837253&t=Coz3VzYSQm. That backtrace is for 2.32, but I've just reproduced with 2.34.1. Problem is Epiphany fetches all types of website data, as is reasonable. NetworkProcess::fetchWebsiteData does this: #if ENABLE(INTELLIGENT_TRACKING_PREVENTION) if (websiteDataTypes.contains(WebsiteDataType::ResourceLoadStatistics)) { if (auto* session = networkSession(sessionID)) { if (auto* resourceLoadStatistics = session->resourceLoadStatistics()) { resourceLoadStatistics->registrableDomains([callbackAggregator](auto&& domains) mutable { while (!domains.isEmpty()) callbackAggregator->m_websiteData.registrableDomainsWithResourceLoadStatistics.add(domains.takeLast()); }); } } } #endif The call to WebResourceLoadStatisticsStore::registrableDomains calls WebResourceLoadStatisticsStore::postTask, and that does this: // Resource load statistics should not be captured for ephemeral sessions. RELEASE_ASSERT(!isEphemeral()); Oops. We either need an early return in NetworkProcess::fetchWebsiteData, or perhaps better in WebResourceLoadStatisticsStore::registrableDomains? Or maybe it would be better if NetworkSession::resourceLoadStatistics would return nullptr rather than a valid WebResourceLoadStatisticsStore when we have an ephemeral session? Or for NetworkSession::setResourceLoadStatisticsEnabled to never be called in the first place? That's ultimately triggered via WebsiteDataStore::parameters and WebsiteDataStore::setResourceLoadStatisticsEnabled. Maybe that would be the right place to force it to false for ephemeral sessions? 1811155 1 webkit-bug-importer 2021-11-02 09:52:16 -0700 <rdar://problem/84934873> 1812823 2 mcatanzaro 2021-11-08 14:00:06 -0800 Hi John, any preferences on how to fix this? If not, I'll probably go for a localized fix in NetworkProcess::fetchWebsiteData. 1819306 3 mcatanzaro 2021-12-01 10:15:18 -0800 I can't reproduce this anymore, not with trunk and not with 2.34.1 either. I'm not sure when this somehow got fixed. 1819350 4 mcatanzaro 2021-12-01 12:00:39 -0800 Actually I can reproduce with 2.34.1, but not with trunk. Going to leave this closed. 2068600 5 mcatanzaro 2024-10-16 16:15:20 -0700 Reopening because I just hit this again today. Updated backtrace looks like: #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f0afd29af83 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78 #2 0x00007f0afd24208e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f0afd229882 in __GI_abort () at abort.c:79 #4 0x00007f0afdae8ddf in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:864 #5 0x00007f0afdd9ae36 in WebKit::WebResourceLoadStatisticsStore::postTask (this=0x7f0ae3018400, task=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:201 #6 WebKit::WebResourceLoadStatisticsStore::aggregatedThirdPartyData (this=0x7f0ae3018400, completionHandler=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:1561 ... I'll omit the rest of the backtrace because it's just this release assert: inline void WebResourceLoadStatisticsStore::postTask(WTF::Function<void()>&& task) { // Resource load statistics should not be captured for ephemeral sessions. RELEASE_ASSERT(!isEphemeral()); It's reproducible by opening Epiphany's Privacy Report dialog in a private browsing window, which calls webkit_website_data_manager_get_itp_summary(). Apparently that's guaranteed to crash the network process if called for an ephemeral session? I suppose the WebKit API will need to guard against this usage somewhere. 2107168 6 mcatanzaro 2025-03-29 12:17:44 -0700 *** Bug 290391 has been marked as a duplicate of this bug. ***