DCHECK() sometimes fails while redirecting on verification failure of Signed Exchange |
||||||
Issue descriptionChromium 71.0.3570.0 (Developer Build) (64-bit) Revision 7a8b31a5fa717bbb20d6ac50d0fd716328dfa073-refs/heads/master@{#596183} What steps will reproduce the problem? (0) Build Chromium with dcheck_always_on=true (1) Launch Chromium with "--enable-features=SignedHTTPExchange --disable-featus=NetworkService,AllowSignedHTTPExchangeCertsWithoutExtension" flag (2) Go https://htxg-b1.appspot.com/ (3) Click amptest_with_js_img_preload.sxg What is the expected result? No crash What happens instead? DCHECK in ResourceDispatcherHostImpl::StartLoading() sometimes fails (not 100% reproducible). [9431:21251:1003/194102.097163:FATAL:resource_dispatcher_host_impl.cc(1880)] Check failed: pending_loaders_[info->GetGlobalRequestID()] == nullptr. 0 libbase.dylib 0x00000001174ad1dc base::debug::StackTrace::StackTrace(unsigned long) + 28 1 libbase.dylib 0x00000001173a95af logging::LogMessage::~LogMessage() + 223 2 libcontent.dylib 0x0000000119ec3bbe content::ResourceDispatcherHostImpl::StartLoading(content::ResourceRequestInfoImpl*, std::__1::unique_ptr<content::ResourceLoader, std::__1::default_delete<content::ResourceLoader> >) + 334 3 libcontent.dylib 0x0000000119ec0fb6 content::ResourceDispatcherHostImpl::BeginRequestInternal(std::__1::unique_ptr<net::URLRequest, std::__1::default_delete<net::URLRequest> >, std::__1::unique_ptr<content::ResourceHandler, std::__1::default_delete<content::ResourceHandler> >, bool, std::__1::unique_ptr<network::ScopedThrottlingToken, std::__1::default_delete<network::ScopedThrottlingToken> >) + 1254 4 libcontent.dylib 0x0000000119ec3693 content::ResourceDispatcherHostImpl::BeginNavigationRequest(content::ResourceContext*, net::URLRequestContext*, storage::FileSystemContext*, content::NavigationRequestInfo const&, std::__1::unique_ptr<content::NavigationUIData, std::__1::default_delete<content::NavigationUIData> >, mojo::InterfacePtr<network::mojom::URLLoaderClient>, mojo::InterfaceRequest<network::mojom::URLLoader>, content::ServiceWorkerNavigationHandleCore*, content::AppCacheNavigationHandleCore*, unsigned int, content::GlobalRequestID const&) + 3923 5 libcontent.dylib 0x0000000119eb2398 content::NavigationURLLoaderImpl::URLLoaderRequestController::CreateNonNetworkServiceURLLoader(net::URLRequestContextGetter*, storage::FileSystemContext*, std::__1::unique_ptr<content::NavigationRequestInfo, std::__1::default_delete<content::NavigationRequestInfo> >, content::ServiceWorkerNavigationHandleCore*, content::AppCacheNavigationHandleCore*, network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>) + 1528 6 libcontent.dylib 0x0000000119eb26ef void base::internal::FunctorTraits<void (content::NavigationURLLoaderImpl::URLLoaderRequestController::*)(net::URLRequestContextGetter*, storage::FileSystemContext*, std::__1::unique_ptr<content::NavigationRequestInfo, std::__1::default_delete<content::NavigationRequestInfo> >, content::ServiceWorkerNavigationHandleCore*, content::AppCacheNavigationHandleCore*, network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>), void>::Invoke<void (content::NavigationURLLoaderImpl::URLLoaderRequestController::*)(net::URLRequestContextGetter*, storage::FileSystemContext*, std::__1::unique_ptr<content::NavigationRequestInfo, std::__1::default_delete<content::NavigationRequestInfo> >, content::ServiceWorkerNavigationHandleCore*, content::AppCacheNavigationHandleCore*, network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>), base::WeakPtr<content::NavigationURLLoaderImpl::URLLoaderRequestController>, net::URLRequestContextGetter*, storage::FileSystemContext*, std::__1::unique_ptr<content::NavigationRequestInfo, std::__1::default_delete<content::NavigationRequestInfo> >, content::ServiceWorkerNavigationHandleCore*, content::AppCacheNavigationHandleCore*, network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient> >(void (content::NavigationURLLoaderImpl::URLLoaderRequestController::*)(net::URLRequestContextGetter*, storage::FileSystemContext*, std::__1::unique_ptr<content::NavigationRequestInfo, std::__1::default_delete<content::NavigationRequestInfo> >, content::ServiceWorkerNavigationHandleCore*, content::AppCacheNavigationHandleCore*, network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>), base::WeakPtr<content::NavigationURLLoaderImpl::URLLoaderRequestController>&&, net::URLRequestContextGetter*&&, storage::FileSystemContext*&&, std::__1::unique_ptr<content::NavigationRequestInfo, std::__1::default_delete<content::NavigationRequestInfo> >&&, content::ServiceWorkerNavigationHandleCore*&&, content::AppCacheNavigationHandleCore*&&, network::ResourceRequest const&&&, mojo::InterfaceRequest<network::mojom::URLLoader>&&, mojo::InterfacePtr<network::mojom::URLLoaderClient>&&) + 335 7 libcontent.dylib 0x0000000119eb2584 base::internal::Invoker<base::internal::BindState<void (content::NavigationURLLoaderImpl::URLLoaderRequestController::*)(net::URLRequestContextGetter*, storage::FileSystemContext*, std::__1::unique_ptr<content::NavigationRequestInfo, std::__1::default_delete<content::NavigationRequestInfo> >, content::ServiceWorkerNavigationHandleCore*, content::AppCacheNavigationHandleCore*, network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>), base::WeakPtr<content::NavigationURLLoaderImpl::URLLoaderRequestController>, base::internal::UnretainedWrapper<net::URLRequestContextGetter>, base::internal::UnretainedWrapper<storage::FileSystemContext>, std::__1::unique_ptr<content::NavigationRequestInfo, std::__1::default_delete<content::NavigationRequestInfo> >, base::internal::UnretainedWrapper<content::ServiceWorkerNavigationHandleCore>, base::internal::UnretainedWrapper<content::AppCacheNavigationHandleCore> >, void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>::RunOnce(base::internal::BindStateBase*, network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>&&, mojo::InterfacePtr<network::mojom::URLLoaderClient>&&) + 132 8 libcontent.dylib 0x000000011973f905 content::SingleRequestURLLoaderFactory::HandlerState::HandleRequest(network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>) + 373 9 libcontent.dylib 0x000000011973f745 content::SingleRequestURLLoaderFactory::CreateLoaderAndStart(mojo::InterfaceRequest<network::mojom::URLLoader>, int, int, unsigned int, network::ResourceRequest const&, mojo::InterfacePtr<network::mojom::URLLoaderClient>, net::MutableNetworkTrafficAnnotationTag const&) + 197 10 libcontent.dylib 0x0000000119741d29 content::ThrottlingURLLoader::StartNow() + 1049 11 libcontent.dylib 0x00000001197412b9 content::ThrottlingURLLoader::Start(scoped_refptr<network::SharedURLLoaderFactory>, int, int, unsigned int, network::ResourceRequest*, scoped_refptr<base::SingleThreadTaskRunner>) + 1097 12 libcontent.dylib 0x0000000119740dfa content::ThrottlingURLLoader::CreateLoaderAndStart(scoped_refptr<network::SharedURLLoaderFactory>, std::__1::vector<std::__1::unique_ptr<content::URLLoaderThrottle, std::__1::default_delete<content::URLLoaderThrottle> >, std::__1::allocator<std::__1::unique_ptr<content::URLLoaderThrottle, std::__1::default_delete<content::URLLoaderThrottle> > > >, int, int, unsigned int, network::ResourceRequest*, network::mojom::URLLoaderClient*, net::NetworkTrafficAnnotationTag const&, scoped_refptr<base::SingleThreadTaskRunner>) + 266 13 libcontent.dylib 0x0000000119eb340b content::NavigationURLLoaderImpl::URLLoaderRequestController::MaybeStartLoader(content::NavigationLoaderInterceptor*, base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>) + 1915 14 libcontent.dylib 0x0000000119eb4660 base::internal::Invoker<base::internal::BindState<void (content::NavigationURLLoaderImpl::URLLoaderRequestController::*)(content::NavigationLoaderInterceptor*, base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>), base::internal::UnretainedWrapper<content::NavigationURLLoaderImpl::URLLoaderRequestController>, content::NavigationLoaderInterceptor*>, void (base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>)>::RunOnce(base::internal::BindStateBase*, base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>&&) + 64 15 libcontent.dylib 0x000000011a20343c content::SignedExchangeRequestHandler::MaybeCreateLoader(network::ResourceRequest const&, content::ResourceContext*, base::OnceCallback<void (base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>)>, base::OnceCallback<void (bool)>) + 268 16 libcontent.dylib 0x0000000119eb3317 content::NavigationURLLoaderImpl::URLLoaderRequestController::MaybeStartLoader(content::NavigationLoaderInterceptor*, base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>) + 1671 17 libcontent.dylib 0x0000000119eb4660 base::internal::Invoker<base::internal::BindState<void (content::NavigationURLLoaderImpl::URLLoaderRequestController::*)(content::NavigationLoaderInterceptor*, base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>), base::internal::UnretainedWrapper<content::NavigationURLLoaderImpl::URLLoaderRequestController>, content::NavigationLoaderInterceptor*>, void (base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>)>::RunOnce(base::internal::BindStateBase*, base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>&&) + 64 18 libcontent.dylib 0x000000011a106259 content::ServiceWorkerNavigationLoader::FallbackToNetwork() + 601 19 libcontent.dylib 0x000000011a0d5f7f content::ServiceWorkerControlleeRequestHandler::DidLookupRegistrationForMainResource(std::__1::unique_ptr<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration, std::__1::default_delete<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration> >, blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>) + 159 20 libcontent.dylib 0x000000011a0d889f void base::internal::FunctorTraits<void (content::ServiceWorkerControlleeRequestHandler::*)(std::__1::unique_ptr<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration, std::__1::default_delete<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration> >, blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>), void>::Invoke<void (content::ServiceWorkerControlleeRequestHandler::*)(std::__1::unique_ptr<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration, std::__1::default_delete<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration> >, blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>), base::WeakPtr<content::ServiceWorkerControlleeRequestHandler>, std::__1::unique_ptr<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration, std::__1::default_delete<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration> >, blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration> >(void (content::ServiceWorkerControlleeRequestHandler::*)(std::__1::unique_ptr<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration, std::__1::default_delete<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration> >, blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>), base::WeakPtr<content::ServiceWorkerControlleeRequestHandler>&&, std::__1::unique_ptr<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration, std::__1::default_delete<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration> >&&, blink::ServiceWorkerStatusCode&&, scoped_refptr<content::ServiceWorkerRegistration>&&) + 207 21 libcontent.dylib 0x000000011a0d87c5 base::internal::Invoker<base::internal::BindState<void (content::ServiceWorkerControlleeRequestHandler::*)(std::__1::unique_ptr<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration, std::__1::default_delete<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration> >, blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>), base::WeakPtr<content::ServiceWorkerControlleeRequestHandler>, std::__1::unique_ptr<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration, std::__1::default_delete<content::ServiceWorkerControlleeRequestHandler::ScopedDisallowSetControllerRegistration> > >, void (blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>)>::RunOnce(base::internal::BindStateBase*, blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>&&) + 69 22 libcontent.dylib 0x000000011a14095a content::(anonymous namespace)::CompleteFindNow(scoped_refptr<content::ServiceWorkerRegistration>, blink::ServiceWorkerStatusCode, base::OnceCallback<void (blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>)>) + 282 23 libcontent.dylib 0x000000011a1405be content::ServiceWorkerStorage::FindRegistrationForDocument(GURL const&, base::OnceCallback<void (blink::ServiceWorkerStatusCode, scoped_refptr<content::ServiceWorkerRegistration>)>) + 1198 24 libcontent.dylib 0x000000011a0d5303 content::ServiceWorkerControlleeRequestHandler::PrepareForMainResource(GURL const&, GURL const&) + 1235 25 libcontent.dylib 0x000000011a0d5807 content::ServiceWorkerControlleeRequestHandler::MaybeCreateLoader(network::ResourceRequest const&, content::ResourceContext*, base::OnceCallback<void (base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>)>, base::OnceCallback<void (bool)>) + 679 26 libcontent.dylib 0x0000000119eb3317 content::NavigationURLLoaderImpl::URLLoaderRequestController::MaybeStartLoader(content::NavigationLoaderInterceptor*, base::OnceCallback<void (network::ResourceRequest const&, mojo::InterfaceRequest<network::mojom::URLLoader>, mojo::InterfacePtr<network::mojom::URLLoaderClient>)>) + 1671 27 libcontent.dylib 0x0000000119eb1cf2 content::NavigationURLLoaderImpl::URLLoaderRequestController::Restart() + 274 28 libcontent.dylib 0x0000000119eb0e21 content::NavigationURLLoaderImpl::URLLoaderRequestController::FollowRedirect(base::Optional<net::HttpRequestHeaders> const&) + 1441 29 libbase.dylib 0x000000011738c8e1 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 321 30 libbase.dylib 0x00000001173c457e base::MessageLoop::RunTask(base::PendingTask*) + 286 31 libbase.dylib 0x00000001173c49a3 base::MessageLoop::DoWork() + 387 32 libbase.dylib 0x00000001174d40f4 base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) + 244 33 libbase.dylib 0x00000001173c4114 base::MessageLoop::Run(bool) + 132 34 libbase.dylib 0x00000001174022a9 base::RunLoop::Run() + 249 35 libbase.dylib 0x000000011746dfbe base::Thread::Run(base::RunLoop*) + 206 36 libcontent.dylib 0x0000000119bc12b4 content::BrowserProcessSubThread::IOThreadRun(base::RunLoop*) + 20 37 libcontent.dylib 0x0000000119bc1254 content::BrowserProcessSubThread::Run(base::RunLoop*) + 212 38 libbase.dylib 0x000000011746e627 base::Thread::ThreadMain() + 839 39 libbase.dylib 0x00000001174bf4ef base::(anonymous namespace)::ThreadFunc(void*) + 95 40 libsystem_pthread.dylib 0x00007fff73f09661 _pthread_body + 340 41 libsystem_pthread.dylib 0x00007fff73f0950d _pthread_body + 0 42 libsystem_pthread.dylib 0x00007fff73f08bf9 thread_start + 13
,
Oct 3
,
Oct 3
,
Oct 4
ksakamoto@ This crash happens only when redirected on verification failure of SXG, which was implemented in crbug.com/874323 . Could you please handle this crash bug?
,
Oct 4
Looking.
,
Oct 4
As we talked offline, I think this carsh is caused by the reuse of global_request_id_.
,
Oct 9
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/578a959169e1409279742eb54d241ba74a379790 commit 578a959169e1409279742eb54d241ba74a379790 Author: Kunihiko Sakamoto <ksakamoto@chromium.org> Date: Tue Oct 09 03:17:27 2018 Signed Exchange: Cancel ResourceDispatcherHostImpl request on fallback redirect This patch fixes a DCHECK failure in ResourceDispatcherHostImpl due to request_id reuse, when Signed Exchange failed to load and triggered a network fallback. NavigationURLLoaderImpl::URLLoaderRequestController:: FallbackToNonInterceptedRequest() calls ResourceDispatcherHostImpl:: CancelRequest() to handle similar case for service worker network fallback, so we reuse it. Bug: 891673 Change-Id: Ifbbd847138b1d6edd61484c301e029092e229c6d Reviewed-on: https://chromium-review.googlesource.com/c/1264135 Reviewed-by: Tsuyoshi Horo <horo@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#597789} [modify] https://crrev.com/578a959169e1409279742eb54d241ba74a379790/content/browser/loader/navigation_url_loader_impl.cc [modify] https://crrev.com/578a959169e1409279742eb54d241ba74a379790/content/browser/web_package/signed_exchange_request_handler.cc
,
Oct 9
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by horo@chromium.org
, Oct 3