Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in webtorrent::OnHeadersReceived_TorrentRedirectWork (0.70.x and older) #6320

Closed
bsclifton opened this issue Oct 4, 2019 · 6 comments
Closed

Crash in webtorrent::OnHeadersReceived_TorrentRedirectWork (0.70.x and older) #6320

bsclifton opened this issue Oct 4, 2019 · 6 comments
Assignees
@iefremov
Labels
crash needs-investigation A bug not 100% confirmed/fixed priority/P1 A very extremely bad problem. We might push a hotfix for it. QA/No release-notes/include
Milestone
0.69.x - Release ...

Comments

@bsclifton
Copy link
Member

Description

Seeing these occasionally and have received some reports via Twitter/reddit.

Seems to be present in 0.68.138 and newer (ex: Chromium 77)

A few examples here:
https://stats.brave.com/dashboard#crash/5d8d07059557ce001f950f58
https://stats.brave.com/dashboard#crash/5d8cbe577d65f2001fe6642a
https://stats.brave.com/dashboard#crash/5d8d13425b062b001f078863

Call stack looks like this:

0  Brave Browser Framework! [iterator : 1437 + 0x0]
    rax = 0xa00007fe5bc4445e   rdx = 0x0000000000000004
    rcx = 0x000070000d0ba720   rbx = 0x0000000000000008
    rsi = 0x000070000d0ba738   rdi = 0x00007fe5b8e8bcc0
    rbp = 0x000070000d0ba710   rsp = 0x000070000d0ba6d0
     r8 = 0x0000000000000004    r9 = 0x000070000d0baa30
    r10 = 0x00007fe5ba200000   r11 = 0xfffff01a4fb205e0
    r12 = 0x000070000d0ba740   r13 = 0x00007fe5b8e8bcc0
    r14 = 0x0000000000000000   r15 = 0x000070000d0ba738
    rip = 0x0000000107c10816
    Found by: given as instruction pointer in context
 1  Brave Browser Framework! [http_response_headers.cc : 888 + 0x8]
    rbp = 0x000070000d0ba7a0   rsp = 0x000070000d0ba720
    rip = 0x0000000107c10fac
    Found by: previous frame's frame pointer
 2  Brave Browser Framework! [http_response_headers.cc : 895 + 0x5]
    rbp = 0x000070000d0ba7e0   rsp = 0x000070000d0ba7b0
    rip = 0x0000000107c11066
    Found by: previous frame's frame pointer
 3  Brave Browser Framework!webtorrent::OnHeadersReceived_TorrentRedirectWork(net::HttpResponseHeaders const*, scoped_refptr*, GURL*, base::RepeatingCallback const&, std::__1::shared_ptr) [brave_torrent_redirect_network_delegate_helper.cc : 46 + 0x8]
    rbp = 0x000070000d0ba950   rsp = 0x000070000d0ba7f0
    rip = 0x000000010609f182
    Found by: previous frame's frame pointer
 4  Brave Browser Framework!base::internal::Invoker*, GURL*, base::RepeatingCallback const&, std::__1::shared_ptr)>, int (net::HttpResponseHeaders const*, scoped_refptr*, GURL*, base::RepeatingCallback const&, std::__1::shared_ptr)>::Run(base::internal::BindStateBase*, net::HttpResponseHeaders const*, scoped_refptr*, GURL*, base::RepeatingCallback const&, std::__1::shared_ptr&&) [bind_internal.h : 399 + 0xe]
    rbp = 0x000070000d0ba980   rsp = 0x000070000d0ba960
    rip = 0x0000000106097a0b
    Found by: previous frame's frame pointer
 5  Brave Browser Framework! [callback.h : 132 + 0xa]
    rbp = 0x000070000d0baa90   rsp = 0x000070000d0ba990
    rip = 0x0000000106096665
    Found by: previous frame's frame pointer
 6  Brave Browser Framework!base::internal::Invoker), base::WeakPtr, std::__1::shared_ptr >, void ()>::Run(base::internal::BindStateBase*) [bind_internal.h : 499 + 0x3]
    rbp = 0x000070000d0baad0   rsp = 0x000070000d0baaa0
    rip = 0x0000000106097deb
    Found by: previous frame's frame pointer
 7  Brave Browser Framework! [callback.h : 98 + 0x3]
    rbp = 0x000070000d0bab80   rsp = 0x000070000d0baae0
    rip = 0x00000001075c7aaf
    Found by: previous frame's frame pointer
 8  Brave Browser Framework!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow*, bool*) [thread_controller_with_message_pump_impl.cc : 365 + 0x13]
    rbp = 0x000070000d0bace0   rsp = 0x000070000d0bab90
    rip = 0x00000001075d769d
    Found by: previous frame's frame pointer
<SNIP>

Steps to Reproduce

?

Brave version (brave://version info)

0.68.138 and newer for sure. Possibly before that. I am suspecting network service related changes

cc: @iefremov @bridiver
@bsclifton
Copy link
Member Author

Previously captured with #6193 - this was fixed in 0.71.x and 0.72.x (and future versions) with brave/brave-core#3583

A separate fix would be needed for this

Some more Report IDs:

  • d6447dd0dc85b96c
  • c8d77dd04888c038

@bsclifton bsclifton added crash needs-investigation A bug not 100% confirmed/fixed labels Oct 4, 2019
@kjozwiak
Copy link
Member

kjozwiak commented Oct 6, 2019

+1 from https://twitter.com/vinvinXD/status/1180181676862971904 while using 0.68.142 as per https://stats.brave.com/dashboard#crash/5d9789082872bf001f2bd8ed:

Brave Browser Framework!webtorrent::OnHeadersReceived_TorrentRedirectWork

@kjozwiak
Copy link
Member

kjozwiak commented Oct 6, 2019

Another +1 from #6300 (comment). Looks like https://stats.brave.com/dashboard#crash/5d96f4a8958efc001fd1b142 crashed via the following:

Brave Browser Framework!webtorrent::OnHeadersReceived_TorrentRedirectWork

@bsclifton
Copy link
Member Author

from convo on Slack

@yrliou :
was it related to accessing original_response_headers?
would copy headers in context or maybe keep string raw_headers in our context to use help?

@iefremov :
I think I can issue a smaller fix, without pulling all threading changes

@bsclifton bsclifton added priority/P2 A bad problem. We might uplift this to the next planned release. priority/P1 A very extremely bad problem. We might push a hotfix for it. and removed priority/P2 A bad problem. We might uplift this to the next planned release. labels Oct 7, 2019
@iefremov iefremov mentioned this issue Oct 7, 2019
Merged
32 tasks
@bsclifton bsclifton added this to the 0.69.x - next release milestone Oct 7, 2019
@bsclifton bsclifton mentioned this issue Oct 8, 2019
Merged
4 tasks
@bsclifton
Copy link
Member Author

Fixed in 0.69.x with brave/brave-core#3614

@bsclifton
Copy link
Member Author

Fixed in 0.70.x with brave/brave-core#3632

@LaurenWags LaurenWags mentioned this issue Oct 10, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iefremov iefremov

Labels
crash needs-investigation A bug not 100% confirmed/fixed priority/P1 A very extremely bad problem. We might push a hotfix for it. QA/No release-notes/include
Projects
None yet
Milestone
0.69.x - Release Hotfix 1
Development

No branches or pull requests
3 participants
@kjozwiak @iefremov @bsclifton