147039 – REGRESSION(r184376): [SOUP] Multiple assertions when downloading files

Bug 147039 - REGRESSION(r184376): [SOUP] Multiple assertions when downloading files

Summary: REGRESSION(r184376): [SOUP] Multiple assertions when downloading files

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Michael Catanzaro

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-07-17 08:17 PDT by Michael Catanzaro
Modified:	2015-07-20 23:19 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Backtrace (58.26 KB, text/plain) 2015-07-17 08:22 PDT, Michael Catanzaro	no flags	Details
Patch (3.43 KB, patch) 2015-07-20 18:11 PDT, Michael Catanzaro	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Catanzaro 2015-07-17 08:17:20 PDT

With my debug build of r186919, the network process crashes when I download any file:

ASSERTION FAILED: !m_adoptionIsRequired
../../Source/WTF/wtf/RefCounted.h(45) : void WTF::RefCountedBase::ref()

My semi-random test file is http://cdimage.debian.org/debian-cd/8.1.0/amd64/iso-dvd/debian-8.1.0-amd64-DVD-1.iso

Backtrace incoming.

Comment 1 Michael Catanzaro 2015-07-17 08:22:54 PDT

Created attachment 256971 [details]
Backtrace

Comment 2 Michael Catanzaro 2015-07-20 17:07:09 PDT

<MagicSchoolBus>Carrrrlos!</MagicSchoolBus>

You have to either adopt the ref before assigning to the RefPtr:

    // We don't adopt the ref, as it will be released by cleanupSoupRequestOperation, which should always run.
    RefPtr<ResourceHandle> newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff);

Comment 3 Michael Catanzaro 2015-07-20 17:36:18 PDT

Insufficient patch:

diff --git a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp b/Sourc
e/WebCore/platform/network/soup/ResourceHandleSoup.cpp
index ea692d6..d407dcc 100644
--- a/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
+++ b/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp
@@ -1036,14 +1036,15 @@ bool ResourceHandle::start()
 RefPtr<ResourceHandle> ResourceHandle::releaseForDownload(ResourceHandleClient*
 downloadClient)
 {
     // We don't adopt the ref, as it will be released by cleanupSoupRequestOperation, which should always run.
-    RefPtr<ResourceHandle> newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff);
+    ResourceHandle* newHandle = new ResourceHandle(d->m_context.get(), firstRequest(), nullptr, d->m_defersLoading, d->m_shouldContentSniff);
+    newHandle->relaxAdoptionRequirement();
     std::swap(d, newHandle->d);
 
     g_signal_handlers_disconnect_matched(newHandle->d->m_soupMessage.get(), G_SIGNAL_MATCH_DATA, 0, 0, nullptr, nullptr, this);
-    g_object_set_data(G_OBJECT(newHandle->d->m_soupMessage.get()), "handle", newHandle.get());
+    g_object_set_data(G_OBJECT(newHandle->d->m_soupMessage.get()), "handle", newHandle);
 
     newHandle->d->m_client = downloadClient;
-    continueAfterDidReceiveResponse(newHandle.get());
+    continueAfterDidReceiveResponse(newHandle);
 
     return newHandle;
 }

That doesn't change the refcount so it should be good. But it's insufficient because that's not the only bug when downloading files; the next one is:

ASSERTION FAILED: client()
../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp(1377) : virtual void WebCore::ResourceHandle::continueDidReceiveResponse()

Truncated backtrace is:

1   0x7f7500255df0 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x20) [0x7f7500255df0]
2   0x7f750607ca29 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN7WebCore14ResourceHandle26continueDidReceiveResponseEv+0x49) [0x7f750607ca29]
3   0x7f75046df82b /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess33convertMainResourceLoadToDownloadEmmRKN7WebCore15ResourceRequestERKNS1_16ResourceResponseE+0xbb) [0x7f75046df82b]
4   0x7f750489fdf0 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC22callMemberFunctionImplIN6WebKit29NetworkConnectionToWebProcessEMS2_FvmmRKN7WebCore15ResourceRequestERKNS3_16ResourceResponseEESt5tupleIJmmS4_S7_EEJLm0ELm1ELm2ELm3EEEEvPT_T0_OT1_St14index_sequenceIJXspT2_EEE+0xf0) [0x7f750489fdf0]
5   0x7f750489fbbc /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC18callMemberFunctionIN6WebKit29NetworkConnectionToWebProcessEMS2_FvmmRKN7WebCore15ResourceRequestERKNS3_16ResourceResponseEESt5tupleIJmmS4_S7_EESt19make_index_sequenceILm4EEEEvOT1_PT_T0_+0x6c) [0x7f750489fbbc]
6   0x7f7504898b90 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC13handleMessageIN8Messages29NetworkConnectionToWebProcess33ConvertMainResourceLoadToDownloadEN6WebKit29NetworkConnectionToWebProcessEMS5_FvmmRKN7WebCore15ResourceRequestERKNS6_16ResourceResponseEEEEvRNS_14MessageDecoderEPT0_T1_+0x140) [0x7f7504898b90]
7   0x7f7504897b92 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess46didReceiveNetworkConnectionToWebProcessMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x302) [0x7f7504897b92]
8   0x7f75046ded1e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit29NetworkConnectionToWebProcess17didReceiveMessageERN3IPC10ConnectionERNS1_14MessageDecoderE+0x6e) [0x7f75046ded1e]
9   0x7f750424b4f3 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageERNS_14MessageDecoderE+0x33) [0x7f750424b4f3]
10  0x7f7504246477 /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection15dispatchMessageESt10unique_ptrINS_14MessageDecoderESt14default_deleteIS2_EE+0xc7) [0x7f7504246477]
11  0x7f750424b61f /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3IPC10Connection18dispatchOneMessageEv+0x11f) [0x7f750424b61f]
12  0x7f750424b95d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x36f895d) [0x7f750424b95d]
13  0x7f750424b72d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x36f872d) [0x7f750424b72d]
14  0x7f75041b637e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x3e) [0x7f75041b637e]
15  0x7f750688803a /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop11performWorkEv+0x13a) [0x7f750688803a]
16  0x7f750688e14d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x5d3b14d) [0x7f750688e14d]
17  0x7f750688df1d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x5d3af1d) [0x7f750688df1d]
18  0x7f75041b637e /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZNKSt8functionIFvvEEclEv+0x3e) [0x7f75041b637e]
19  0x7f75002b4519 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource12voidCallbackEv+0xa9) [0x7f75002b4519]
20  0x7f75002b2106 /home/mcatanzaro/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(_ZN3WTF15GMainLoopSource18voidSourceCallbackEPS0_+0x16) [0x7f75002b2106]
21  0x7f74fc507471 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x56471) [0x7f74fc507471]
22  0x7f74fc504ab9 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x53ab9) [0x7f74fc504ab9]
23  0x7f74fc5058fd /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7f74fc5058fd]
24  0x7f74fc505ae1 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(+0x54ae1) [0x7f74fc505ae1]
25  0x7f74fc505f07 /home/mcatanzaro/jhbuild/install/lib/libglib-2.0.so.0(g_main_loop_run+0x1d5) [0x7f74fc505f07]
26  0x7f750688d47d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN3WTF7RunLoop3runEv+0xbd) [0x7f750688d47d]
27  0x7f750474ad2d /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(_ZN6WebKit16ChildProcessMainINS_14NetworkProcessENS_18NetworkProcessMainEEEiiPPc+0xfd) [0x7f750474ad2d]
28  0x7f750474ab7b /home/mcatanzaro/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(NetworkProcessMainUnix+0x1b) [0x7f750474ab7b]
29  0x400c39 /home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess(main+0x49) [0x400c39]
30  0x7f74f5c1a790 /lib64/libc.so.6(__libc_start_main+0xf0) [0x7f74f5c1a790]
31  0x400b19 /home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess(_start+0x29) [0x400b19]

Comment 4 Michael Catanzaro 2015-07-20 17:39:11 PDT

ResourceHandle::continueAfterDidReceiveResponse is clearly prepared to handle the case of a missing client, so I think the assertions in ResourceHandle::ContinueDidReceiveResponse are wrong. Same for ResourceHandle::continueAfterWillSendRequest and ResourceHandle::continueWillSendRequest.

Comment 5 Michael Catanzaro 2015-07-20 18:11:09 PDT

Created attachment 257153 [details]
Patch

Comment 6 WebKit Commit Bot 2015-07-20 23:19:43 PDT

Comment on attachment 257153 [details]
Patch

Clearing flags on attachment: 257153

Committed r187101: <http://trac.webkit.org/changeset/187101>

Comment 7 WebKit Commit Bot 2015-07-20 23:19:47 PDT

All reviewed patches have been landed.  Closing bug.