Full Text Bug Listing

Michael Catanzaro

Reported 2019-11-29 08:02:44 PST

This crash occurs since 2.27.3 when opening the address bar dropdown and scrolling through results. It doesn't happen always, but it occurs so frequently during regular browser usage that I'll likely roll Epiphany back to 2.26.2. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f01c2b2369b in WebKit::WebProcessProxy::sessionID ( this=this@entry=0x7f00566f8000) at ../Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:112 112 PAL::SessionID sessionID() const { return m_sessionID; } #0 0x00007f01c2b2369b in WebKit::WebProcessProxy::sessionID() const (this=this@entry=0x7f00566f8000) at ../Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:112 #1 0x00007f01c2c0bccc in WebKit::NetworkProcessProxy::openNetworkProcessConnection(unsigned long, WebKit::WebProcessProxy&) (this=this@entry=0x7f0148204000, connectionRequestIdentifier=<optimized out>, webProcessProxy=...) at ../Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:111 #2 0x00007f01c2c10797 in WebKit::NetworkProcessProxy::getNetworkProcessConnection(WebKit::WebProcessProxy&, WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&) (reply=..., webProcessProxy=..., this=0x7f0148204000) at ../Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:145 #3 0x00007f01c2c10797 in WebKit::NetworkProcessProxy::getNetworkProcessConnection(WebKit::WebProcessProxy&, WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&) (this=0x7f0148204000, webProcessProxy=..., reply=...) at ../Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp:140 #4 0x00007f01c2b38c7e in WebKit::WebProcessPool::getNetworkProcessConnection(WebKit::WebProcessProxy&, WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&) (this=<optimized out>, webProcessProxy=..., reply=...) at /usr/include/c++/9.2.0/bits/unique_ptr.h:352 #5 0x00007f01c2b38ca2 in WebKit::WebProcessProxy::getNetworkProcessConnection(WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&) (this=this@entry=0x7f00566f8000, reply=...) at DerivedSources/ForwardingHeaders/wtf/WeakPtr.h:100 #6 0x00007f01c28ad137 in IPC::callMemberFunctionImpl<WebKit::WebProcessProxy, void (WebKit::WebProcessProxy::*)(WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&), void (WebKit::NetworkProcessConnectionInfo const&), std::tuple<>>(WebKit::WebProcessProxy*, void (WebKit::WebProcessProxy::*)(WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&), WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&, std::tuple<>&&, std::integer_sequence<unsigned long>) (args=<synthetic pointer>, completionHandler=..., function=<optimized out>, object=0x7f00566f8000) at ../Source/WebKit/Platform/IPC/HandleMessage.h:59 completionHandler = {m_function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void, WebKit::NetworkProcessConnectionInfo const&>> = {get() = 0x0}}} protectedThis = {static isRef = <error reading variable: Missing ELF symbol "WTF::Ref<WebKit::WebProcessProxy, WTF::DumbPtrTraits<WebKit::WebProcessProxy> >::isRef".>, m_ptr = 0x7f00566f8000} #7 0x00007f01c28ad137 in IPC::callMemberFunction<WebKit::WebProcessProxy, void (WebKit::WebProcessProxy::*)(WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&), void (WebKit::NetworkProcessConnectionInfo const&), std::tuple<>, std::integer_sequence<unsigned long> >(std::tuple<>&&, WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&, WebKit::WebProcessProxy*, void (WebKit::WebProcessProxy::*)(WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&)) (args=<synthetic pointer>, function=<optimized out>, object=0x7f00566f8000, completionHandler=...) at ../Source/WebKit/Platform/IPC/HandleMessage.h:61 completionHandler = {m_function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void, WebKit::NetworkProcessConnectionInfo const&>> = {get() = 0x0}}} protectedThis = {static isRef = <error reading variable: Missing ELF symbol "WTF::Ref<WebKit::WebProcessProxy, WTF::DumbPtrTraits<WebKit::WebProcessProxy> >::isRef".>, m_ptr = 0x7f00566f8000} #8 0x00007f01c28ad137 in IPC::handleMessageSynchronous<Messages::WebProcessProxy::GetNetworkProcessConnection, WebKit::WebProcessProxy, void (WebKit::WebProcessProxy::*)(WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&)>(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&, WebKit::WebProcessProxy*, void (WebKit::WebProcessProxy::*)(WTF::CompletionHandler<void (WebKit::NetworkProcessConnectionInfo const&)>&&)) (function=<optimized out>, object=0x7f00566f8000, replyEncoder=..., decoder=..., connection=...) at ../Source/WebKit/Platform/IPC/HandleMessage.h:148 completionHandler = {m_function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void, WebKit::NetworkProcessConnectionInfo const&>> = {get() = 0x0}}} protectedThis = {static isRef = <error reading variable: Missing ELF symbol "WTF::Ref<WebKit::WebProcessProxy, WTF::DumbPtrTraits<WebKit::WebProcessProxy> >::isRef".>, m_ptr = 0x7f00566f8000} #9 0x00007f01c28ad137 in WebKit::WebProcessProxy::didReceiveSyncWebProcessProxyMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (this=0x7f00566f8000, connection=..., decoder=..., replyEncoder=...) at DerivedSources/WebKit/WebProcessProxyMessageReceiver.cpp:291 protectedThis = {static isRef = <error reading variable: Missing ELF symbol "WTF::Ref<WebKit::WebProcessProxy, WTF::DumbPtrTraits<WebKit::WebProcessProxy> >::isRef".>, m_ptr = 0x7f00566f8000} #10 0x00007f01c2a15d5d in IPC::Connection::dispatchSyncMessage(IPC::Decoder&) (this=0x7f007a470320, decoder=...) at ../Source/WebKit/Platform/IPC/Encoder.h:40 syncRequestID = 1 replyEncoder = std::unique_ptr<IPC::Encoder> = {get() = 0x0} #11 0x00007f01c2a15ea1 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7f007a470320, message=std::unique_ptr<IPC::Decoder> = {...}) at /usr/include/c++/9.2.0/bits/unique_ptr.h:352 isDispatchingMessageWhileWaitingForSyncReply = <optimized out> oldDidReceiveInvalidMessage = false #12 0x00007f01c2a160d7 in IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*) (this=this@entry=0x7f01c53fb820 <IPC::Connection::SyncMessageState::singleton()::syncMessageState>, allowedConnection=allowedConnection@entry=0x7f007a470320) at /usr/include/c++/9.2.0/bits/move.h:74 connectionAndIncomingMessage = @0x7f00566e0100: {connection = {static isRef = <error reading variable: Missing ELF symbol "WTF::Ref<IPC::Connection, WTF::DumbPtrTraits<IPC::Connection> >::isRef".>, m_ptr = 0x7f007a470320}, message = std::unique_ptr<IPC::Decoder> = {get() = 0x0}} i = <optimized out> messagesToPutBack = {<WTF::VectorBuffer<IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage, 0>> = {<WTF::VectorBufferBase<IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>} #13 0x00007f01c2a16545 in IPC::Connection::SyncMessageState::dispatchMessageAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) (this=0x7f01c53fb820 <IPC::Connection::SyncMessageState::singleton()::syncMessageState>, connection=...) at ../Source/WebKit/Platform/IPC/Connection.cpp:208 #14 0x00007f01c1de7865 in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at ../Source/WTF/wtf/Lock.h:84 function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void>> = {get() = 0x7f00566eb018}} functionsToHandle = 1 #15 0x00007f01c1de7865 in WTF::RunLoop::performWork() (this=0x7f01bc2f5000) at ../Source/WTF/wtf/RunLoop.cpp:107 function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void>> = {get() = 0x7f00566eb018}} functionsToHandle = 1 #16 0x00007f01c1e33e1d in WTF::RunLoop::<lambda(gpointer)>::operator() (__closure=0x0, userData=<optimized out>) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:68 #17 0x00007f01c1e33e1d in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:70 #18 0x00007f01c5e4458e in g_main_dispatch (context=0x55eadaadfd90) at ../glib/gmain.c:3185 dispatch = 0x7f01c1e33e30 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)> prev_source = 0x0 was_in_call = 0 user_data = 0x7f01bc2f5000 callback = 0x7f01c1e33e10 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)> cb_funcs = 0x7f01c5f19280 <g_source_callback_funcs> cb_data = 0x55eadac44370 need_destroy = <optimized out> source = 0x55eadac09d50 current = 0x55eadaae8e10 i = 0 __func__ = "g_main_dispatch" #19 0x00007f01c5e4458e in g_main_context_dispatch (context=context@entry=0x55eadaadfd90) at ../glib/gmain.c:3850 #20 0x00007f01c5e44940 in g_main_context_iterate (context=context@entry=0x55eadaadfd90, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3923 max_priority = 2147483647 timeout = 697 some_ready = 1 nfds = <optimized out> allocated_nfds = <optimized out> fds = 0x55eadad7edd0 #21 0x00007f01c5e449e3 in g_main_context_iteration (context=context@entry=0x55eadaadfd90, may_block=may_block@entry=1) at ../glib/gmain.c:3984 retval = <optimized out> #22 0x00007f01c605e4f5 in g_application_run (application=0x55eadaad4720 [EphyShell], argc=<optimized out>, argv=<optimized out>) at ../gio/gapplication.c:2559 arguments = 0x55eadabf38e0 status = 0 context = 0x55eadaadfd90 acquired_context = 1 __func__ = "g_application_run" #23 0x000055eada08d0cd in main (argc=1, argv=0x7ffd680c1648) at ../src/ephy-main.c:427 option_context = 0x55eadaa939b0 option_group = 0x55eadaa93a30 error = 0x0 user_time = 0 arbitrary_url = 0 ctx = 0x55eadac018f0 mode = EPHY_EMBED_SHELL_MODE_BROWSER status = 32765 flags = EPHY_FILE_HELPERS_ENSURE_EXISTS desktop_info = 0x0

Michael Catanzaro

Comment 1 2019-11-29 10:35:54 PST

I think it would be an assertion failure in debug builds. WebProcessProxy::sessionID() gets called before m_websiteDataStore is set.

Michael Catanzaro

Comment 2 2019-11-29 11:03:52 PST

OK, here's a 100% reproducer: * Load a website in the web view, e.g. https://webkit.org * Load a different website in the same web view, e.g. https://gnome.org. This triggers the creation of a new WebProcessProxy and a process swap. The new WebProcessProxy uses the same WebsiteDataStore as the original, and all works fine. * Ctrl+L to open the address bar dropdown, hold the down arrow key. A new WebProcessProxy is created (not sure why, is it for prewarming?) without any WebsiteDataStore. Then WebProcessProxy::getNetworkProcessConnection() gets called from somewhere, and we crash because WebProcessProxy::setWebsiteDataStore() has not been called yet.

Michael Catanzaro

Comment 3 2019-11-29 11:04:13 PST

(In reply to Michael Catanzaro from comment #0) > It doesn't happen always, but it occurs so > frequently during regular browser usage that I'll likely roll Epiphany back > to 2.26.2. I'll just disable PSON for now.

Michael Catanzaro

Comment 4 2019-11-29 11:07:31 PST

(In reply to Michael Catanzaro from comment #2) > * Load a different website in the same web view, e.g. https://gnome.org. > This triggers the creation of a new WebProcessProxy and a process swap. The > new WebProcessProxy uses the same WebsiteDataStore as the original, and all > works fine. > * Ctrl+L to open the address bar dropdown, hold the down arrow key. A new > WebProcessProxy is created (not sure why, is it for prewarming?) without any > WebsiteDataStore. I missed a step here. After you Ctrl+L, you have to type some characters to display history results. Just pressing the down arrow does nothing unless you type first.

Carlos Garcia Campos

Comment 5 2019-11-30 06:49:02 PST

(In reply to Michael Catanzaro from comment #2) > OK, here's a 100% reproducer: > > * Load a website in the web view, e.g. https://webkit.org > * Load a different website in the same web view, e.g. https://gnome.org. > This triggers the creation of a new WebProcessProxy and a process swap. The > new WebProcessProxy uses the same WebsiteDataStore as the original, and all > works fine. > * Ctrl+L to open the address bar dropdown, hold the down arrow key. A new > WebProcessProxy is created (not sure why, is it for prewarming?) without any > WebsiteDataStore. If it only happens with the keyboard, but not with the mouse, I would blame the DNS prefetch that we start when selecting entries of the dropdown list. > Then WebProcessProxy::getNetworkProcessConnection() gets called from > somewhere, and we crash because WebProcessProxy::setWebsiteDataStore() has > not been called yet.

Carlos Garcia Campos

Comment 6 2019-11-30 07:25:47 PST

Created attachment 384542 [details] Patch

EWS Watchlist

Comment 7 2019-11-30 07:26:47 PST

Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API

Michael Catanzaro

Comment 8 2019-11-30 07:41:50 PST

Comment on attachment 384542 [details] Patch Nice, thanks

Michael Catanzaro

Comment 9 2019-11-30 07:43:07 PST

(In reply to Michael Catanzaro from comment #1) > I think it would be an assertion failure in debug builds. > WebProcessProxy::sessionID() gets called before m_websiteDataStore is set. I think I would change this to be a RELEASE_ASSERT(). It seems somewhat fragile and that will likely help debugging in the future.

Carlos Garcia Campos

Comment 10 2019-12-02 01:40:40 PST

Committed r252980: <https://trac.webkit.org/changeset/252980>

Attachments
Patch (3.85 KB, patch) 2019-11-30 07:25 PST, Carlos Garcia Campos	mcatanzaro: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Bug 204703