NEW186653
Add release assertion against destroying WebProcessPool from networkProcessFailedToLaunch callback 
https://bugs.webkit.org/show_bug.cgi?id=186653
Summary Add release assertion against destroying WebProcessPool from networkProcessFa...
Antti Koivisto
Reported 2018-06-15 04:33:12 PDT
Looks like some clients manage to tear down WebProcessPool from processDidClose callback. Add assertion to find out how. Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000000) [ 0] 0x000000023482c8fc WebKit`WebKit::WebProcessPool::networkProcessFailedToLaunch(WebKit::NetworkProcessProxy&) + 76 at WebProcessPool.cpp:548:21 544 ASSERT(&networkProcessProxy == m_networkProcess.get()); 545 m_didNetworkProcessCrash = true; 546 547 for (auto& supplement : m_supplements.values()) -> 548 supplement->processDidClose(&networkProcessProxy);
Attachments
patch (2.73 KB, patch)
2018-06-15 05:04 PDT, Antti Koivisto 		beidson: review-
ews-watchlist: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews204 for win-future (12.74 MB, application/zip)
2018-06-15 06:39 PDT, EWS Watchlist 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2018-06-15 05:01:13 PDT
<rdar://problem/41157398>
Antti Koivisto
Comment 2 2018-06-15 05:04:26 PDT
Created attachment 342803 [details] patch
EWS Watchlist
Comment 3 2018-06-15 06:39:35 PDT
Comment on attachment 342803 [details] patch Attachment 342803 [details] did not pass win-ews (win): Output: http://webkit-queues.webkit.org/results/8196219 New failing tests: http/tests/security/contentSecurityPolicy/userAgentShadowDOM/allow-video.html
EWS Watchlist
Comment 4 2018-06-15 06:39:46 PDT
Created attachment 342808 [details] Archive of layout-test-results from ews204 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews204 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Chris Dumez
Comment 5 2018-06-15 08:41:12 PDT
How did you determine that the WebProcessPool was dead? Brady and I were actually looking at the same crash trace a couple of days ago and I assumed the issue was that m_supplements was getting modified while we were iterating over it?
Chris Dumez
Comment 6 2018-06-15 08:44:48 PDT
(In reply to Chris Dumez from comment #5) > How did you determine that the WebProcessPool was dead? Brady and I were > actually looking at the same crash trace a couple of days ago and I assumed > the issue was that m_supplements was getting modified while we were > iterating over it? Hmm, looking at it more, it looks like we only ever add supplements in the WebProcessPool constructor. Also, we do not seem to have a way to remove supplements. Therefore, I guess you must be right that the WebProcessPool is getting destroyed.
Chris Dumez
Comment 7 2018-06-15 08:48:19 PDT
Comment on attachment 342803 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=342803&action=review > Source/WebKit/ChangeLog:9 > + Looks like some clients manage to tear down WebProcessPool from processDidClose callback. Add assertion to find out how. Why don't we protect |this| in networkProcessFailedToLaunch() ?
Brady Eidson
Comment 8 2018-06-15 08:57:54 PDT
I'm working on a bug right now where it is known and *expected* that the WebProcessPool is getting destroyed, and therefore a protector is the right call. Ping me for details or wait until I finish my API test which reproduces it :)
Brady Eidson
Comment 9 2018-06-15 09:00:11 PDT
(In reply to Brady Eidson from comment #8) > I'm working on a bug right now where it is known and *expected* that the > WebProcessPool is getting destroyed, and therefore a protector is the right > call. > > Ping me for details or wait until I finish my API test which reproduces it :) Actually mine is in StorageProcess related code, not NetworkProcess, but the general point still stands. You can create a WKWebsiteDataStore that points to non-default locations on disk. You can then use it for WebsiteData fetching or clearing. You can do this without ever creating a process pool or a web view. When you do so a process pool is created for you internally, and it's completely okay that said process pool is then destroyed. You can look for my storage process example later today, or try to construct a network process example if you'd like (We *can* API test this)
Antti Koivisto
Comment 10 2018-06-15 09:01:06 PDT
> Why don't we protect |this| in networkProcessFailedToLaunch() ? That's not going to be sufficient. The protection needs to be lower on the stack and other things (NetworkProcessProxy) will need to be protected too.
Brady Eidson
Comment 11 2018-06-15 09:02:08 PDT
(In reply to Antti Koivisto from comment #10) > > Why don't we protect |this| in networkProcessFailedToLaunch() ? > > That's not going to be sufficient. The protection needs to be lower on the > stack and other things (NetworkProcessProxy) will need to be protected too. In the storage process case that is absolutely not true. Please try to reproduce this with an API test now that I've described the behavior of how these process pools can come into existence and then be destroyed.
Antti Koivisto
Comment 12 2018-06-15 09:10:22 PDT
Basically the best explanation I have for this crash is that some cookie related callback (cookies appear to be the only client for this supplement) is destroying the process pool synchronously. That sounds to me like something the client shouldn't be doing. The idea here was to find out exactly how. Of course we can do handwavy papering over too if that is preferred.
Chris Dumez
Comment 13 2018-06-15 09:12:55 PDT
(In reply to Antti Koivisto from comment #12) > Basically the best explanation I have for this crash is that some cookie > related callback (cookies appear to be the only client for this supplement) > is destroying the process pool synchronously. That sounds to me like > something the client shouldn't be doing. I personally think it would be very fragile to expect the client not to do so. I'd rather we make our code more robust.
Antti Koivisto
Comment 14 2018-06-15 09:20:52 PDT
> I personally think it would be very fragile to expect the client not to do > so. I'd rather we make our code more robust. This a very specific crash occurring in SafariViewService. Basically I wanted to find out if there is bug in SafariViewService that we should fix.
Antti Koivisto
Comment 15 2018-06-15 09:31:28 PDT
Note that the assertion added here is correct no matter which fix is done and makes these sort of crashes much more debuggable. I don't quite get the r-.
Note You need to log in before you can comment on or make changes to this bug.