[Webkit-unassigned] [Bug 247442] New: Network process crash in WebResourceLoadStatisticsStore::registrableDomains

Thu Nov 3 09:57:36 PDT 2022

https://bugs.webkit.org/show_bug.cgi?id=247442

            Bug ID: 247442
           Summary: Network process crash in
                    WebResourceLoadStatisticsStore::registrableDomains
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bugs-noreply at webkitgtk.org

Not sure how I triggered this crash, but here it is:

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0)
    at pthread_kill.c:44
        tid = <optimized out>
        ret = 0
        pd = <optimized out>

                    old_mask = {__val = {140720907250576, 94914578345536, 8, 0, 140720907250656, 139706809536613, 8, 8, 1, 94914578345536, 0, 94914578216752, 0, 94914578336768, 140720907250768, 139706809538778}}
        ret = <optimized out>
#1  0x00007f100a6601f3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f100a60e00e in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
        ret = <optimized out>
#3  0x00007f100a5f77fc in __GI_abort () at abort.c:79
        save_stage = 1

                  act = {__sigaction_handler = {sa_handler = 0x7f1002010118, sa_sigaction = 0x7f1002010118}, sa_mask = {__val = {139706871148193, 140720907250992, 8, 140720907250976, 8, 140720907251008, 139706809956059, 1, 7827239952684542464, 94914578090320, 0, 140720907251056, 139706809610868, 139706729824480, 140720907251080, 139706729824480}}, sa_flags = 33641664, sa_restorer = 0x7ffc23b06dc0}

                    sigs = {__val = {32, 94914578429776, 140720907250896, 139706809751271, 94914578216752, 139601872175120, 139706810553504, 17, 17, 0, 94914578429776, 139706813294400, 140720907251040, 1, 140720907250928, 139706865000110}}
#4  0x00007f100b0f65ae in WTFCrashWithInfo(int, char const*, char const*, int) ()
    at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/_builddir/WTF/Headers/wtf/Assertions.h:754
#5  WebKit::WebResourceLoadStatisticsStore::postTask(WTF::Function<void ()>&&)
    (this=this at entry=0x7f1002008a00, task=...)
    at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:203
#6  0x00007f100b0ed48b in WebKit::WebResourceLoadStatisticsStore::registrableDomains(WTF::CompletionHandler<void (WTF::Vector<WebCore::RegistrableDomain, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)>&&)
    (this=this at entry=0x7f1002008a00, completionHandler=...) at /usr/include/c++/12.1.0/bits/unique_ptr.h:189
#7  0x00007f100b083d2a in WebKit::NetworkProcess::fetchWebsiteData(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption>, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&)
    (this=<optimized out>, sessionID=..., websiteDataTypes=..., fetchOptions=..., completionHandler=<optimized out>)
    at /usr/include/c++/12.1.0/bits/unique_ptr.h:189
        resourceLoadStatistics = 0x7f1002008a00
        __func__ = "fetchWebsiteData"
        callbackAggregator = {static isRef = <optimized out>, m_ptr = 0x7f10020154c0}
        session = 0x7f100202c700
#8  0x00007f100af3a60a in IPC::callMemberFunctionImpl<WebKit::NetworkProcess, void (WebKit::NetworkProcess::*)(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption>, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&), void (WebKit::WebsiteData&&), std::tuple<PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption> >, 0ul, 1ul, 2ul>(WebKit::NetworkProcess*, void (WebKit::NetworkProcess::*)(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption>, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&), WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&, std::tuple<PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption> >&&, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul>)
    (args=..., completionHandler=..., function=<optimized out>, object=0x7f10020300c0)
    at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Platform/IPC/HandleMessage.h:145
        listenerID = std::optional<unsigned long> = {[contained value] = <optimized out>}

                    arguments = std::optional<std::tuple<PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::W--Type <RET> for more, q to quit, c to continue without paging--c
ebsiteDataFetchOption> >> containing std::tuple containing = {[1] = {m_identifier = <optimized out>}, [2] = {m_storage = <optimized out>}, [3] = {m_storage = <optimized out>}}
#9  IPC::callMemberFunction<WebKit::NetworkProcess, void (WebKit::NetworkProcess::*)(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption>, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&), void (WebKit::WebsiteData&&), std::tuple<PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption> >, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul> >(std::tuple<PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption> >&&, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&, WebKit::NetworkProcess*, void (WebKit::NetworkProcess::*)(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption>, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&)) (function=<optimized out>, object=0x7f10020300c0, completionHandler=..., args=...) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Platform/IPC/HandleMessage.h:151
        listenerID = std::optional<unsigned long> = {[contained value] = <optimized out>}
        arguments = std::optional<std::tuple<PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption> >> containing std::tuple containing = {[1] = {m_identifier = <optimized out>}, [2] = {m_storage = <optimized out>}, [3] = {m_storage = <optimized out>}}
#10 IPC::handleMessageAsync<Messages::NetworkProcess::FetchWebsiteData, WebKit::NetworkProcess, void (WebKit::NetworkProcess::*)(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption>, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&)>(IPC::Connection&, IPC::Decoder&, WebKit::NetworkProcess*, void (WebKit::NetworkProcess::*)(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption>, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&)) (connection=..., decoder=..., object=object at entry=0x7f10020300c0, function=(void (WebKit::NetworkProcess::*)(class WebKit::NetworkProcess * const, class PAL::SessionID, class WTF::OptionSet<WebKit::WebsiteDataType>, class WTF::OptionSet<WebKit::WebsiteDataFetchOption>, class WTF::CompletionHandler<void(WebKit::WebsiteData&&)> &&)) 0x7f100b083ad0 <WebKit::NetworkProcess::fetchWebsiteData(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption>, WTF::CompletionHandler<void (WebKit::WebsiteData&&)>&&)>) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Platform/IPC/HandleMessage.h:353
        listenerID = std::optional<unsigned long> = {[contained value] = <optimized out>}
        arguments = std::optional<std::tuple<PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::OptionSet<WebKit::WebsiteDataFetchOption> >> containing std::tuple containing = {[1] = {m_identifier = <optimized out>}, [2] = {m_storage = <optimized out>}, [3] = {m_storage = <optimized out>}}
#11 0x00007f100af27606 in WebKit::NetworkProcess::didReceiveNetworkProcessMessage(IPC::Connection&, IPC::Decoder&) (this=0x7f10020300c0, connection=..., decoder=...) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/_builddir/DerivedSources/WebKit/NetworkProcessMessageReceiver.cpp:1718
        protectedThis = {m_ptr = 0x7f10020300c0}
#12 0x00007f100b1c3ac5 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (this=0x7f10020341a0, message=std::unique_ptr<IPC::Decoder> = {...}) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Platform/IPC/Connection.cpp:1150
        isDispatchingMessageWhileWaitingForSyncReply = <optimized out>
        oldDidReceiveInvalidMessage = false
#13 0x00007f100b1c538a in IPC::Connection::dispatchOneIncomingMessage() (this=0x7f10020341a0) at /usr/include/c++/12.1.0/bits/unique_ptr.h:189
        message = std::unique_ptr<IPC::Decoder> = {get() = 0x0}
#14 0x00007f100a11def5 in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/Function.h:79
        function = {m_callableWrapper = std::unique_ptr<class WTF::Detail::CallableWrapperBase<void>> = {get() = 0x7f100203c130}}
        didSuspendFunctions = false
#15 WTF::RunLoop::performWork() (this=0x7f10020100e0) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/RunLoop.cpp:133
        function = {m_callableWrapper = std::unique_ptr<class WTF::Detail::CallableWrapperBase<void>> = {get() = 0x7f100203c130}}
        didSuspendFunctions = false
#16 0x00007f100a17e76d in operator() (userData=<optimized out>, __closure=0x0) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:80
#17 _FUN(gpointer) () at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:82
#18 0x00007f100a17f12d in operator() (__closure=0x0, userData=0x7f10020100e0, callback=0x7f100a17e760 <_FUN(gpointer)>, source=0x565305b60950) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
        name = 0x565305b61a30 "[WebKit] RunLoop work"
        runLoopSource = @0x565305b60950: {source = {callback_data = 0x565305b5f680, callback_funcs = 0x7f1006d0d2e0 <g_source_callback_funcs>, source_funcs = 0x7f100a571000 <WTF::RunLoop::s_runLoopSourceFunctions>, ref_count = 3, context = 0x565305b5f780, priority = 100, flags = 35, source_id = 1, poll_fds = 0x0, prev = 0x0, next = 0x565305b8be20, name = 0x565305b61a30 "[WebKit] RunLoop work", priv = 0x565305b60a00}, runLoop = 0x7f10020100e0}
        returnValue = <optimized out>
#19 _FUN(GSource*, GSourceFunc, gpointer) () at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#20 0x00007f1006c29971 in g_main_dispatch (context=<optimized out>) at ../glib/gmain.c:3444
        dispatch = 0x7f100a17f0d0 <_FUN(GSource*, GSourceFunc, gpointer)>
        prev_source = 0x0
        begin_time_nsec = 6820129340251
        was_in_call = 0
        user_data = 0x7f10020100e0
        callback = 0x7f100a17e760 <_FUN(gpointer)>
        cb_funcs = 0x7f1006d0d2e0 <g_source_callback_funcs>
        cb_data = 0x565305b5f680
        need_destroy = <optimized out>
        source = 0x565305b60950
        current = 0x565305b7baf0
        i = 0
        __func__ = "g_main_dispatch"
#21 g_main_context_dispatch (context=<optimized out>) at ../glib/gmain.c:4162
#22 0x00007f1006c29ec8 in g_main_context_iterate (context=0x565305b5f780, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4238
        max_priority = 2147483647
        timeout = 55003
        some_ready = 1
        nfds = 2
        allocated_nfds = <optimized out>
        fds = <optimized out>
        begin_time_nsec = 6819703034984
#23 0x00007f1006c2a1af in g_main_loop_run (loop=0x565305b60930) at ../glib/gmain.c:4438
        __func__ = "g_main_loop_run"
#24 0x00007f100a17f290 in WTF::RunLoop::run() () at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
        runLoop = @0x7f10020100e0: {<WTF::FunctionDispatcher> = {_vptr.FunctionDispatcher = 0x7f100a55ea30 <vtable for WTF::RunLoop+16>}, <WTF::ThreadSafeRefCounted<WTF::RunLoop, (WTF::DestructionThread)0>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = std::atomic<unsigned int> = { 8 }}, <No data fields>}, m_currentIteration = {m_start = 1, m_end = 1, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()>, WTF::FastMalloc>> = {m_buffer = 0x7f1002044380, m_capacity = 16, m_size = 0}, <No data fields>}}, m_nextIterationLock = {static isHeldBit = 1 '\001', static hasParkedBit = 2 '\002', m_byte = {value = std::atomic<unsigned char> = { 0 '\000' }}}, m_nextIteration = {m_start = 0, m_end = 1, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()>, WTF::FastMalloc>> = {m_buffer = 0x7f1002009d00, m_capacity = 16, m_size = 0}, <No data fields>}}, m_isFunctionDispatchSuspended = false, m_hasSuspendedFunctions = false, static s_runLoopSourceFunctions = {prepare = 0x0, check = 0x0, dispatch = 0x7f100a17f0d0 <_FUN(GSource*, GSourceFunc, gpointer)>, finalize = 0x0, closure_callback = 0x0, closure_marshal = 0x0}, m_mainContext = {m_ptr = 0x565305b5f780}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop>, WTF::FastMalloc>> = {m_buffer = 0x7f1002008180, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_source = {m_ptr = 0x565305b60950}, m_observers = {m_set = {m_impl = {{m_table = 0x0, m_tableForLLDB = 0x0}}}}}
        mainContext = 0x565305b5f780
        innermostLoop = 0x565305b60930
        nestedMainLoop = <optimized out>
#25 0x00007f100b1956a0 in WebKit::AuxiliaryProcessMainBase<WebKit::NetworkProcess, false>::run(int, char**) (argc=3, argv=0x7ffc23b07558, this=0x7ffc23b073b0) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:71
        auxiliaryMain = {m_storage = {__data = " \263\"\016\020\177", '\000' <repeats 26 times>, "\026\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\r", '\000' <repeats 15 times>, "\001\000\000\000\000\000\000\000\300\000\003\002\020\177\000", __align = {<No data fields>}}}
#26 WebKit::AuxiliaryProcessMainBase<WebKit::NetworkProcess, false>::run(int, char**) (argv=0x7ffc23b07558, argc=3, this=0x7ffc23b073b0) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:58
        auxiliaryMain = {m_storage = {__data = " \263\"\016\020\177", '\000' <repeats 26 times>, "\026\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\r", '\000' <repeats 15 times>, "\001\000\000\000\000\000\000\000\300\000\003\002\020\177\000", __align = {<No data fields>}}}
#27 WebKit::AuxiliaryProcessMain<WebKit::NetworkProcessMainSoup>(int, char**) (argc=3, argv=0x7ffc23b07558) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:97
        auxiliaryMain = {m_storage = {__data = " \263\"\016\020\177", '\000' <repeats 26 times>, "\026\000\000\000\000\000\000\000\001\000\000\000\000\000\000\000\r", '\000' <repeats 15 times>, "\001\000\000\000\000\000\000\000\300\000\003\002\020\177\000", __align = {<No data fields>}}}
#28 0x00007f100a5f854a in __libc_start_call_main (main=main at entry=0x56530577a060 <main>, argc=argc at entry=3, argv=argv at entry=0x7ffc23b07558) at ../sysdeps/nptl/libc_start_call_main.h:58
        self = <optimized out>
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140720907253080, 5824029807542122901, 3, 0, 94914574011792, 139706936602624, 5824029807527442837, 5839848887685724565}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x3, 0x7ffc23b07550}, data = {prev = 0x0, cleanup = 0x0, canceltype = 3}}}
        not_first_call = <optimized out>
#29 0x00007f100a5f860b in __libc_start_main_impl (main=0x56530577a060 <main>, argc=3, argv=0x7ffc23b07558, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=<optimized out>) at ../csu/libc-start.c:389
#30 0x000056530577a095 in _start ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221103/67acb9d8/attachment-0001.htm>