RESOLVED FIXED 163170
REGRESSION(r206731): [SOUP] Network process crash in gotHeadersCallback 
https://bugs.webkit.org/show_bug.cgi?id=163170
Summary REGRESSION(r206731): [SOUP] Network process crash in gotHeadersCallback
Michael Catanzaro
Reported 2016-10-08 16:01:24 PDT
With trunk, the network process always crashes when creating Epiphany web application, so the favicon that's displayed in the new web app window never appears, the spinner just spins forever. #0 0x00007feddf8eff87 in (anonymous namespace)::gotHeadersCallback ( message=0x27d7a90, data=0x7fedc21581a0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:159 handle = 0x7fedc21581a0 d = 0x7fedc2166000 #1 0x00007fedd027f8f1 in g_cclosure_marshal_VOID__VOID (closure=0x27ec520, return_value=0x0, n_param_values=1, param_values=0x7ffeac9baa50, invocation_hint=0x7ffeac9ba990, marshal_data=0x0) at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gmarshal.c:875 callback = 0x7feddf8efedc <(anonymous namespace)::gotHeadersCallback(SoupMessage*, gpointer)> cc = 0x27ec520 data1 = 0x27d7a90 data2 = 0x7fedc21581a0 __func__ = "g_cclosure_marshal_VOID__VOID" #2 0x00007fedd027c8da in g_closure_invoke (closure=0x27ec520, return_value=0x0, n_param_values=1, param_values=0x7ffeac9baa50, invocation_hint=0x7ffeac9ba990) at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gclosure.c:804 marshal = 0x7fedd027f82f <g_cclosure_marshal_VOID__VOID> marshal_data = 0x0 in_marshal = 0 real_closure = 0x27ec500 __func__ = "g_closure_invoke" #3 0x00007fedd0298cbe in signal_emit_unlocked_R (node=0x27d52d0, detail=0, instance=0x27d7a90, emission_return=0x0, instance_and_params=0x7ffeac9baa50) at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gsignal.c:3635 tmp = 0x27d7a90 handler = 0x27eb400 accumulator = 0x0 emission = {next = 0x0, instance = 0x27d7a90, ihint = { signal_id = 43, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4} class_closure = 0x27d52a0 hlist = 0x1d82b48 handler_list = 0x27eb400 return_accu = 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 43 max_sequential_handler_number = 109 return_value_altered = 1 #4 0x00007fedd029800c in g_signal_emit_valist (instance=0x27d7a90, signal_id=43, detail=0, var_args=0x7ffeac9bad08) at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gsignal.c:3391 instance_and_params = 0x7ffeac9baa50 signal_return_type = 4 param_values = 0x7ffeac9baa68 node = 0x27d52d0 i = 0 n_params = 0 __func__ = "g_signal_emit_valist" #5 0x00007fedd029854e in g_signal_emit (instance=0x27d7a90, signal_id=43, detail=0) at /home/mcatanzaro/src/jhbuild/checkout/glib/gobject/gsignal.c:3447 var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7ffeac9bade0, reg_save_area = 0x7ffeac9bad20}} #6 0x00007fedcf26e8b4 in soup_message_got_headers (msg=0x27d7a90) at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message.c:1128 No locals. #7 0x00007fedcf274dcd in io_read (msg=0x27d7a90, blocking=0, cancellable=0x27d3b40, error=0x7ffeac9baed8) at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message-io.c:706 priv = 0x27d79f0 io = 0x27d7ae0 stack_buf = 0x0 nread = 140731794304608 buffer = 0x7ffeac9baf60 status = 200 __func__ = "io_read" #8 0x00007fedcf275986 in io_run_until (msg=0x27d7a90, blocking=0, read_state=SOUP_MESSAGE_IO_STATE_BODY, write_state=SOUP_MESSAGE_IO_STATE_NOT_STARTED, cancellable=0x27d3b40, error=0x7ffeac9baf60) at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message-io.c:982 priv = 0x27d79f0 io = 0x27d7ae0 progress = 1 done = 32766 my_error = 0x0 #9 0x00007fedcf275eff in soup_message_io_run_until_read (msg=0x27d7a90, blocking=0, cancellable=0x27d3b40, error=0x7ffeac9baf60) at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message-io.c:1095 No locals. #10 0x00007fedcf28ad56 in try_run_until_read (item=0x27e8310) at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-session.c:4021 error = 0x0 stream = 0x0 #11 0x00007fedcf28ad12 in read_ready_cb (msg=0x27d7a90, user_data=0x27e8310) at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-session.c:4011 item = 0x27e8310 #12 0x00007fedcf275202 in message_source_dispatch (source=0x27d4910, callback=0x7fedcf28acad <read_ready_cb>, user_data=0x27e8310) at /home/mcatanzaro/src/jhbuild/checkout/libsoup/libsoup/soup-message-io.c:844 func = 0x7fedcf28acad <read_ready_cb> message_source = 0x27d4910 #13 0x00007fedcff951ee in g_main_dispatch (context=0x1d5d740) at /home/mcatanzaro/src/jhbuild/checkout/glib/glib/gmain.c:3203 dispatch = 0x7fedcf2751c6 <message_source_dispatch> prev_source = 0x0 was_in_call = 0 user_data = 0x27e8310 callback = 0x7fedcf28acad <read_ready_cb> cb_funcs = 0x7fedd026aa40 <g_source_callback_funcs> cb_data = 0x27d17e0 need_destroy = 0 source = 0x27d4910 current = 0x1d28730 i = 3 __func__ = "g_main_dispatch" #14 0x00007fedcff96070 in g_main_context_dispatch (context=0x1d5d740) at /home/mcatanzaro/src/jhbuild/checkout/glib/glib/gmain.c:3856 No locals. #15 0x00007fedcff96254 in g_main_context_iterate (context=0x1d5d740, block=1, dispatch=1, self=0x1d630f0) at /home/mcatanzaro/src/jhbuild/checkout/glib/glib/gmain.c:3929 max_priority = 2147483647 timeout = -1 some_ready = 1 nfds = 3 allocated_nfds = 3 fds = 0x27e44d0 #16 0x00007fedcff9667a in g_main_loop_run (loop=0x1d3eb00) at /home/mcatanzaro/src/jhbuild/checkout/glib/glib/gmain.c:4125 self = 0x1d630f0 __func__ = "g_main_loop_run" #17 0x00007fedd7e72b82 in WTF::RunLoop::run () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:94 runLoop = @0x7fedc21f9180: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher>> = {<WTF::ThreadSafeRefCountedBase> = { m_refCount = {<std::__atomic_base<int>> = { static _S_alignment = 4, _M_i = 1}, <No data fields>}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7fedd8df2a08 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {m_mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002", '\000' <repeats 21 times>, __align = 0}}, m_functionQueue = {m_start = 6, m_end = 6, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = { m_buffer = 0x7fedc21ec180, m_capacity = 16, m_size = 0}, <No data fields>}, m_iterators = 0x0}, m_mainContext = {m_ptr = 0x1d5d740}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0ul>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = { m_buffer = 0x7fedc21f9200, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_source = {m_ptr = 0x1d5e000}} mainContext = 0x1d5d740 __PRETTY_FUNCTION__ = "static void WTF::RunLoop::run()" innermostLoop = 0x1d3eb00 nestedMainLoop = 0x7ffeac9bb14f #18 0x00007fedddf8bf86 in (anonymous namespace)::ChildProcessMain<WebKit::NetworkProcess, WebKit::ChildProcessMainBase> (argc=2, argv=0x7ffeac9bb318) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 childMain = <incomplete type> #19 0x00007fedddf8beee in (anonymous namespace)::NetworkProcessMainUnix ( argc=2, argv=0x7ffeac9bb318) at ../../Source/WebKit2/NetworkProcess/soup/NetworkProcessMainSoup.cpp:37 No locals. #20 0x0000000000400c2a in main (argc=2, argv=0x7ffeac9bb318) at ../../Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:44 No locals.
Attachments
Patch (3.47 KB, patch)
2016-10-10 06:50 PDT, Carlos Garcia Campos 		mcatanzaro: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2016-10-09 09:47:17 PDT
I believe it introduced crashes in the following tests (including all the HLS tests): http/tests/download/area-download.html http/tests/media/hls/hls-audio-tracks-has-audio.html http/tests/media/hls/hls-audio-tracks-locale-selection.html http/tests/media/hls/hls-audio-tracks.html http/tests/media/hls/hls-progress.html http/tests/media/hls/hls-video-resize.html http/tests/media/hls/video-controller-getStartDate.html http/tests/media/hls/video-controls-live-stream.html http/tests/media/hls/video-cookie.html http/tests/media/hls/video-duration-accessibility.html http/tests/security/anchor-download-allow-sameorigin.html Updating expectations accordingly. The HLS crashes seem to occur only on the release bot, which is strange. The other two occur on the debug bot too. Seems our bot crash catcher is still broken, there's no backtrace even on the debug bot, but I see this error message: STDERR: /home/slave/webkitgtk/gtk-linux-64-debug-tests/build/WebKitBuild/Debug/bin/NetworkProcess: No such file or directory. STDERR: ERROR: WebLoaderStrategy::networkProcessCrashed: failing all pending resource loaders STDERR: ../../Source/WebKit2/WebProcess/Network/WebLoaderStrategy.cpp(308) : void WebKit::WebLoaderStrategy::networkProcessCrashed() which (asides from the first line) is the same as what I see when I try creating an Epiphany web app, so I presume it's the same issue. The layout test crashes were introduced in r206731 "[SOUP] Cleanup persistent credential storage code"
Michael Catanzaro
Comment 2 2016-10-09 09:50:17 PDT
(In reply to comment #1) > Updating expectations accordingly. Actually I'm not going to update the expectations, because there are existing expectations for some of the HLS tests and it's annoying to try to assign expectations to multiple bugs, and because I am hoping we can fix this quickly.
Michael Catanzaro
Comment 3 2016-10-09 09:52:23 PDT
(In reply to comment #1) > which (asides from the first line) is the same as what I see when I try > creating an Epiphany web app, so I presume it's the same issue. This might be a bad assumption because any network process crash would cause the same message, but let's assume it's the same for now as hopefully we did not introduce multiple network process crashes around the same time.
Carlos Garcia Campos
Comment 4 2016-10-10 06:50:59 PDT
Created attachment 291100 [details] Patch
Carlos Garcia Campos
Comment 5 2016-10-10 08:13:55 PDT
Committed r206996: <http://trac.webkit.org/changeset/206996>
Note You need to log in before you can comment on or make changes to this bug.