Bug 163170 - REGRESSION(r206731): [SOUP] Network process crash in gotHeadersCallback
Summary: REGRESSION(r206731): [SOUP] Network process crash in gotHeadersCallback
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: Other
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-10-08 16:01 PDT by Michael Catanzaro
Modified: 2016-10-10 08:13 PDT (History)
8 users (show)

See Also:

Attachments
Patch (3.47 KB, patch)
2016-10-10 06:50 PDT, Carlos Garcia Campos 		mcatanzaro: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2016-10-08 16:01:24 PDT 
With trunk, the network process always crashes when creating Epiphany web application, so the favicon that's displayed in the new web app window never appears, the spinner just spins forever.

#0  0x00007feddf8eff87 in (anonymous namespace)::gotHeadersCallback (
    message=0x27d7a90, data=0x7fedc21581a0)
    at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:159
        handle = 0x7fedc21581a0
        d = 0x7fedc2166000
#1  0x00007fedd027f8f1 in g_cclosure_marshal_VOID__VOID (closure=0x27ec520, 
    return_value=0x0, n_param_values=1, param_values=0x7ffeac9baa50, 
    invocation_hint=0x7ffeac9ba990, marshal_data=0x0)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gmarshal.c:875
        callback = 0x7feddf8efedc <(anonymous namespace)::gotHeadersCallback(SoupMessage*, gpointer)>
        cc = 0x27ec520
        data1 = 0x27d7a90
        data2 = 0x7fedc21581a0
        __func__ = "g_cclosure_marshal_VOID__VOID"
#2  0x00007fedd027c8da in g_closure_invoke (closure=0x27ec520, 
    return_value=0x0, n_param_values=1, param_values=0x7ffeac9baa50, 
    invocation_hint=0x7ffeac9ba990)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gclosure.c:804
        marshal = 0x7fedd027f82f <g_cclosure_marshal_VOID__VOID>
        marshal_data = 0x0
        in_marshal = 0
        real_closure = 0x27ec500
        __func__ = "g_closure_invoke"
#3  0x00007fedd0298cbe in signal_emit_unlocked_R (node=0x27d52d0, detail=0, 
    instance=0x27d7a90, emission_return=0x0, 
    instance_and_params=0x7ffeac9baa50)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gsignal.c:3635
        tmp = 0x27d7a90
        handler = 0x27eb400
        accumulator = 0x0
        emission = {next = 0x0, instance = 0x27d7a90, ihint = {
            signal_id = 43, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, 
          state = EMISSION_RUN, chain_type = 4}
        class_closure = 0x27d52a0
        hlist = 0x1d82b48
        handler_list = 0x27eb400
        return_accu = 0x0
        accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, 
              v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, 
              v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, 
              v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, 
              v_float = 0, v_double = 0, v_pointer = 0x0}}}
        signal_id = 43
        max_sequential_handler_number = 109
        return_value_altered = 1
#4  0x00007fedd029800c in g_signal_emit_valist (instance=0x27d7a90, 
    signal_id=43, detail=0, var_args=0x7ffeac9bad08)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gsignal.c:3391
        instance_and_params = 0x7ffeac9baa50
        signal_return_type = 4
        param_values = 0x7ffeac9baa68
        node = 0x27d52d0
        i = 0
        n_params = 0
        __func__ = "g_signal_emit_valist"
#5  0x00007fedd029854e in g_signal_emit (instance=0x27d7a90, signal_id=43, 
    detail=0)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gsignal.c:3447
        var_args = {{gp_offset = 24, fp_offset = 48, 
            overflow_arg_area = 0x7ffeac9bade0, 
            reg_save_area = 0x7ffeac9bad20}}
#6  0x00007fedcf26e8b4 in soup_message_got_headers (msg=0x27d7a90)
    at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message.c:1128
No locals.
#7  0x00007fedcf274dcd in io_read (msg=0x27d7a90, blocking=0, 
    cancellable=0x27d3b40, error=0x7ffeac9baed8)
    at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message-io.c:706
        priv = 0x27d79f0
        io = 0x27d7ae0
        stack_buf = 0x0
        nread = 140731794304608
        buffer = 0x7ffeac9baf60
        status = 200
        __func__ = "io_read"
#8  0x00007fedcf275986 in io_run_until (msg=0x27d7a90, blocking=0, 
    read_state=SOUP_MESSAGE_IO_STATE_BODY, 
    write_state=SOUP_MESSAGE_IO_STATE_NOT_STARTED, cancellable=0x27d3b40, 
    error=0x7ffeac9baf60)
    at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message-io.c:982
        priv = 0x27d79f0
        io = 0x27d7ae0
        progress = 1
        done = 32766
        my_error = 0x0
#9  0x00007fedcf275eff in soup_message_io_run_until_read (msg=0x27d7a90, 
    blocking=0, cancellable=0x27d3b40, error=0x7ffeac9baf60)
    at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message-io.c:1095
No locals.
#10 0x00007fedcf28ad56 in try_run_until_read (item=0x27e8310)
    at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-session.c:4021
        error = 0x0
        stream = 0x0
#11 0x00007fedcf28ad12 in read_ready_cb (msg=0x27d7a90, user_data=0x27e8310)
    at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-session.c:4011
        item = 0x27e8310
#12 0x00007fedcf275202 in message_source_dispatch (source=0x27d4910, 
    callback=0x7fedcf28acad <read_ready_cb>, user_data=0x27e8310)
    at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message-io.c:844
        func = 0x7fedcf28acad <read_ready_cb>
        message_source = 0x27d4910
#13 0x00007fedcff951ee in g_main_dispatch (context=0x1d5d740)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/glib/gmain.c:3203
        dispatch = 0x7fedcf2751c6 <message_source_dispatch>
        prev_source = 0x0
        was_in_call = 0
        user_data = 0x27e8310
        callback = 0x7fedcf28acad <read_ready_cb>
        cb_funcs = 0x7fedd026aa40 <g_source_callback_funcs>
        cb_data = 0x27d17e0
        need_destroy = 0
        source = 0x27d4910
        current = 0x1d28730
        i = 3
        __func__ = "g_main_dispatch"
#14 0x00007fedcff96070 in g_main_context_dispatch (context=0x1d5d740)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/glib/gmain.c:3856
No locals.
#15 0x00007fedcff96254 in g_main_context_iterate (context=0x1d5d740, block=1, 
    dispatch=1, self=0x1d630f0)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/glib/gmain.c:3929
        max_priority = 2147483647
        timeout = -1
        some_ready = 1
        nfds = 3
        allocated_nfds = 3
        fds = 0x27e44d0
#16 0x00007fedcff9667a in g_main_loop_run (loop=0x1d3eb00)
    at /home/mcatanzaro/src/jhbuild/checkout/glib/glib/gmain.c:4125
        self = 0x1d630f0
        __func__ = "g_main_loop_run"
#17 0x00007fedd7e72b82 in WTF::RunLoop::run ()
    at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:94
        runLoop = 
    @0x7fedc21f9180: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher>> = {<WTF::ThreadSafeRefCountedBase> = {
                m_refCount = {<std::__atomic_base<int>> = {
                    static _S_alignment = 4, 
                    _M_i = 1}, <No data fields>}}, <No data fields>}, 
            _vptr.FunctionDispatcher = 0x7fedd8df2a08 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {m_mutex = {__data = {__lock = 0, __count = 0, 
                __owner = 0, __nusers = 0, __kind = 512, __spins = 0, 
                __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, 
              __size = '\000' <repeats 17 times>, "\002", '\000' <repeats 21 times>, __align = 0}}, m_functionQueue = {m_start = 6, m_end = 6, 
            m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {
                m_buffer = 0x7fedc21ec180, m_capacity = 16, 
                m_size = 0}, <No data fields>}, m_iterators = 0x0}, 
          m_mainContext = {m_ptr = 0x1d5d740}, 
          m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0ul>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {
                m_buffer = 0x7fedc21f9200, m_capacity = 16, 
                m_size = 1}, <No data fields>}, <No data fields>}, 
          m_source = {m_ptr = 0x1d5e000}}
        mainContext = 0x1d5d740
        __PRETTY_FUNCTION__ = "static void WTF::RunLoop::run()"
        innermostLoop = 0x1d3eb00
        nestedMainLoop = 0x7ffeac9bb14f
#18 0x00007fedddf8bf86 in (anonymous namespace)::ChildProcessMain<WebKit::NetworkProcess, WebKit::ChildProcessMainBase> (argc=2, argv=0x7ffeac9bb318)
    at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
        childMain = <incomplete type>
#19 0x00007fedddf8beee in (anonymous namespace)::NetworkProcessMainUnix (
    argc=2, argv=0x7ffeac9bb318)
    at ../../Source/WebKit2/NetworkProcess/soup/NetworkProcessMainSoup.cpp:37
No locals.
#20 0x0000000000400c2a in main (argc=2, argv=0x7ffeac9bb318)
    at ../../Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:44
No locals.
Comment 1 Michael Catanzaro 2016-10-09 09:47:17 PDT 
I believe it introduced crashes in the following tests (including all the HLS tests):

http/tests/download/area-download.html
http/tests/media/hls/hls-audio-tracks-has-audio.html
http/tests/media/hls/hls-audio-tracks-locale-selection.html
http/tests/media/hls/hls-audio-tracks.html
http/tests/media/hls/hls-progress.html
http/tests/media/hls/hls-video-resize.html
http/tests/media/hls/video-controller-getStartDate.html
http/tests/media/hls/video-controls-live-stream.html
http/tests/media/hls/video-cookie.html
http/tests/media/hls/video-duration-accessibility.html
http/tests/security/anchor-download-allow-sameorigin.html

Updating expectations accordingly.

The HLS crashes seem to occur only on the release bot, which is strange. The other two occur on the debug bot too. Seems our bot crash catcher is still broken, there's no backtrace even on the debug bot, but I see this error message:

STDERR: /home/slave/webkitgtk/gtk-linux-64-debug-tests/build/WebKitBuild/Debug/bin/NetworkProcess: No such file or directory.
STDERR: ERROR: WebLoaderStrategy::networkProcessCrashed: failing all pending resource loaders
STDERR: ../../Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp(308) : void WebKit::WebLoaderStrategy::networkProcessCrashed()

which (asides from the first line) is the same as what I see when I try creating an Epiphany web app, so I presume it's the same issue. The layout test crashes were introduced in r206731 "[SOUP] Cleanup persistent credential storage code"
Comment 2 Michael Catanzaro 2016-10-09 09:50:17 PDT 
(In reply to comment #1)
> Updating expectations accordingly.

Actually I'm not going to update the expectations, because there are existing expectations for some of the HLS tests and it's annoying to try to assign expectations to multiple bugs, and because I am hoping we can fix this quickly.
Comment 3 Michael Catanzaro 2016-10-09 09:52:23 PDT 
(In reply to comment #1)
> which (asides from the first line) is the same as what I see when I try
> creating an Epiphany web app, so I presume it's the same issue.

This might be a bad assumption because any network process crash would cause the same message, but let's assume it's the same for now as hopefully we did not introduce multiple network process crashes around the same time.
Comment 4 Carlos Garcia Campos 2016-10-10 06:50:59 PDT 
Created attachment 291100 [details]
Patch
Comment 5 Carlos Garcia Campos 2016-10-10 08:13:55 PDT 
Committed r206996: <http://trac.webkit.org/changeset/206996>