Crash in on_frame_recv_callback
After switching Ephy Tech Preview to GTK 4 and libsoup 3, I notice the network process is fairly crashy. I've hit this crash three times in the past hour or two:
#0 0x00007fb6f8e60b9c in on_frame_recv_callback
(session=0x560187e68ba0, frame=<optimized out>, user_data=0x560187e6b6a0)
at ../libsoup/http2/soup-client-message-io-http2.c:771
#1 0x00007fb6f63c527e in session_call_on_frame_received (frame=0x560187e68d30, session=0x560187e68ba0)
at ../../lib/nghttp2_session.c:3310
#2 nghttp2_session_on_data_received (session=session@entry=0x560187e68ba0, frame=frame@entry=0x560187e68d30)
at ../../lib/nghttp2_session.c:4984
#3 0x00007fb6f63ca6f0 in session_process_data_frame (session=0x560187e68ba0) at ../../lib/nghttp2_session.c:5003
#4 nghttp2_session_mem_recv (session=0x560187e68ba0, in=<optimized out>, in@entry=0x7ffdb2c25260 "", inlen=148)
at ../../lib/nghttp2_session.c:6627
#5 0x00007fb6f8e5e813 in io_read
(io=0x560187e6b6a0, blocking=<optimized out>, cancellable=<optimized out>, error=<optimized out>)
at ../libsoup/http2/soup-client-message-io-http2.c:459
#6 0x00007fb6f8e5e97b in io_read_ready (stream=<optimized out>, io=0x560187e6b6a0)
at ../libsoup/http2/soup-client-message-io-http2.c:483
#7 0x00007fb6fc38cceb in g_main_dispatch (context=0x56018788bab0) at ../glib/gmain.c:3417
#8 g_main_context_dispatch (context=0x56018788bab0) at ../glib/gmain.c:4135
#9 0x00007fb6fc38d1f8 in g_main_context_iterate
(context=0x56018788bab0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
at ../glib/gmain.c:4211
#10 0x00007fb6fc38d513 in g_main_loop_run (loop=0x56018788cc60) at ../glib/gmain.c:4411
#11 0x00007fb6fbfbdb40 in WTF::RunLoop::run() ()
at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#12 0x00007fb6fd309afb in WebKit::AuxiliaryProcessMainBase<WebKit::NetworkProcess, false>::run(int, char**)
(argc=3, argv=0x7ffdb2c27618, this=0x7ffdb2c27490)
at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:70
#13 WebKit::AuxiliaryProcessMainBase<WebKit::NetworkProcess, false>::run(int, char**)
(argv=0x7ffdb2c27618, argc=3, this=0x7ffdb2c27490)
at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:57
#14 WebKit::AuxiliaryProcessMain<WebKit::NetworkProcessMainSoup>(int, char**) (argc=3, argv=0x7ffdb2c27618)
at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:96
#15 0x00007fb6fc76cb90 in __libc_start_main (main=
0x560185ef9060 <main(int, char**)>, argc=3, argv=0x7ffdb2c27618, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdb2c27608) at ../csu/libc-start.c:332
#16 0x0000560185ef909e in _start () at ../sysdeps/x86_64/start.S:120
Full backtrace:
(gdb) bt full
#0 0x00007fb6f8e60b9c in on_frame_recv_callback
(session=0x560187e68ba0, frame=<optimized out>, user_data=0x560187e6b6a0)
at ../libsoup/http2/soup-client-message-io-http2.c:771
io = 0x560187e6b6a0
data = 0x560187ec8500
__func__ = "on_frame_recv_callback"
#1 0x00007fb6f63c527e in session_call_on_frame_received (frame=0x560187e68d30, session=0x560187e68ba0)
at ../../lib/nghttp2_session.c:3310
rv = <optimized out>
rv = 0
stream = 0x560187de6720
#2 nghttp2_session_on_data_received (session=session@entry=0x560187e68ba0, frame=frame@entry=0x560187e68d30)
at ../../lib/nghttp2_session.c:4984
rv = 0
stream = 0x560187de6720
#3 0x00007fb6f63ca6f0 in session_process_data_frame (session=0x560187e68ba0) at ../../lib/nghttp2_session.c:5003
rv = <optimized out>
public_data_frame = 0x560187e68d30
first = 0x7ffdb2c25260 ""
last = 0x7ffdb2c252f4 "\030]X\256T\026\027+եڿ\254\314\036\276\066\021\377\204l\227S9\272-7=\024\215\207\272\a(\235\023\005\217\313W\215\301_\"&\223\022\363\270=\324*\216\364\357\334?9\032\351\355\262vG\"CV\377\301\221\362\302B\271<?_\373\335L\367@\301\347\003߂Z\323L~8?\277\212\362S@\371\351\342v\216\270AnP\257\353\002\336\372,\300\333mI\340\355\b\343\355Ug֎\231\254\363vj%\340\344\331ξ*^\037Y=ub\365\352#W\037ܷ\262\064\267s\307\024\343y֡\365m\346\270\374E\v.!\300\345V\365\246#0\331f|\244E\207]\260ڨ\315\312\352\243\333cb\263y\226ڢ\003"...
iframe = 0x560187e68d30
readlen = <optimized out>
padlen = <optimized out>
rv = <optimized out>
busy = 0
cont_hd =
{length = 140727602532896, stream_id = -1269434914, type = 182 '\266', flags = 127 '\177', reserved = 0 '\000'}
stream = <optimized out>
pri_fieldlen = <optimized out>
mem = 0x560187e69420
__PRETTY_FUNCTION__ = "nghttp2_session_mem_recv"
#4 nghttp2_session_mem_recv (session=0x560187e68ba0, in=<optimized out>, in@entry=0x7ffdb2c25260 "", inlen=148)
at ../../lib/nghttp2_session.c:6627
first = 0x7ffdb2c25260 ""
last = 0x7ffdb2c252f4 "\030]X\256T\026\027+եڿ\254\314\036\276\066\021\377\204l\227S9\272-7=\024\215\207\272\a(\235\023\005\217\313W\215\301_\"&\223\022\363\270=\324*\216\364\357\334?9\032\351\355\262vG\"CV\377\301\221\362\302B\271<?_\373\335L\367@\301\347\003߂Z\323L~8?\277\212\362S@\371\351\342v\216\270AnP\257\353\002\336\372,\300\333mI\340\355\b\343\355Ug֎\231\254\363vj%\340\344\331ξ*^\037Y=ub\365\352#W\037ܷ\262\064\267s\307\024\343y֡\365m\346\270\374E\v.!\300\345V\365\246#0\331f|\244E\207]\260ڨ\315\312\352\243\333cb\263y\226ڢ\003"...
iframe = 0x560187e68d30
readlen = <optimized out>
padlen = <optimized out>
rv = <optimized out>
busy = 0
cont_hd =
{length = 140727602532896, stream_id = -1269434914, type = 182 '\266', flags = 127 '\177', reserved = 0 '\000'}
--Type <RET> for more, q to quit, c to continue without paging--c
stream = <optimized out>
pri_fieldlen = <optimized out>
mem = 0x560187e69420
__PRETTY_FUNCTION__ = "nghttp2_session_mem_recv"
#5 0x00007fb6f8e5e813 in io_read (io=0x560187e6b6a0, blocking=<optimized out>, cancellable=<optimized out>, error=<optimized out>) at ../libsoup/http2/soup-client-message-io-http2.c:459
buffer = "\000\000\202\001\004\000\000\000+\030\003\063\060\064\037\020\233\035u\320b\r&=Lt\037q\240\226\032\264\375\250I\307b\n\230\070o³\337\037\035\226\344Y>\224\v\212h\035\212\b\002\022\202\r\301\071q\227\324ţ\177\037\023\220\344\307\362\370\002\362\301vW\332\030\004\067\336\376\177\037\t\227\256\330\350\061>\224\256\303w\032K\364\245#\362\260\346,\017\070\320\000\017\037\022\226\337=\277J\t\245\064\016\305\004\001\tA\002\343/\334\v*bѿ\000\000\000\000\001\000\000\000+\030]X\256T\026\027+եڿ\254\314\036\276\066\021\377\204l\227S9\272-7=\024\215\207\272\a(\235\023\005\217\313W\215\301_\"&\223\022\363\270=\324*\216\364\357\334?"...
read = <optimized out>
ret = <optimized out>
__func__ = "io_read"
#6 0x00007fb6f8e5e97b in io_read_ready (stream=<optimized out>, io=0x560187e6b6a0) at ../libsoup/http2/soup-client-message-io-http2.c:483
error = 0x0
progress = <optimized out>
#7 0x00007fb6fc38cceb in g_main_dispatch (context=0x56018788bab0) at ../glib/gmain.c:3417
dispatch = 0x7fb6fc578910 <pollable_source_dispatch>
prev_source = 0x0
begin_time_nsec = 22488373080272
was_in_call = <optimized out>
user_data = 0x560187e6b6a0
callback = 0x7fb6f8e5e8c0 <io_read_ready>
cb_funcs = 0x7fb6fc46f2c0 <g_source_callback_funcs>
cb_data = 0x560187daf430
need_destroy = <optimized out>
source = 0x560187d62890
current = 0x5601878ae4b0
i = 3
__func__ = "g_main_dispatch"
#8 g_main_context_dispatch (context=0x56018788bab0) at ../glib/gmain.c:4135
#9 0x00007fb6fc38d1f8 in g_main_context_iterate (context=0x56018788bab0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4211
max_priority = 2147483647
timeout = 9672
some_ready = 1
nfds = 5
allocated_nfds = 5
fds = <optimized out>
begin_time_nsec = 22488370306076
#10 0x00007fb6fc38d513 in g_main_loop_run (loop=0x56018788cc60) at ../glib/gmain.c:4411
__func__ = "g_main_loop_run"
#11 0x00007fb6fbfbdb40 in WTF::RunLoop::run() () at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
runLoop = @0x7fb6f56f9000: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher, (WTF::DestructionThread)0>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 17}, static is_always_lock_free = true}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7fb6fc316ed0 <vtable for WTF::RunLoop+16>}, m_currentIteration = {m_start = 1, m_end = 1, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()>, WTF::FastMalloc>> = {m_buffer = 0x7fb6f56d9080, m_capacity = 16, m_size = 0}, <No data fields>}}, m_nextIterationLock = {static isHeldBit = 1 '\001', static hasParkedBit = 2 '\002', m_byte = {value = {<std::__atomic_base<unsigned char>> = {static _S_alignment = 1, _M_i = 0 '\000'}, static is_always_lock_free = true}}}, m_nextIteration = {m_start = 0, m_end = 0, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()>, WTF::FastMalloc>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}}, m_isFunctionDispatchSuspended = false, m_hasSuspendedFunctions = false, static s_runLoopSourceFunctions = {prepare = 0x0, check = 0x0, dispatch = 0x7fb6fbfbd980 <_FUN(GSource*, GSourceFunc, gpointer)>, finalize = 0x0, closure_callback = 0x0, closure_marshal = 0x0}, m_mainContext = {m_ptr = 0x56018788bab0}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop>, WTF::FastMalloc>> = {m_buffer = 0x7fb6f56f8000, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_source = {m_ptr = 0x56018788cc80}, m_observers = {m_set = {m_impl = {{m_table = 0x0, m_tableForLLDB = 0x0}}}}}
mainContext = 0x56018788bab0
innermostLoop = 0x56018788cc60
nestedMainLoop = <optimized out>
#12 0x00007fb6fd309afb in WebKit::AuxiliaryProcessMainBase<WebKit::NetworkProcess, false>::run(int, char**) (argc=3, argv=0x7ffdb2c27618, this=0x7ffdb2c27490) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:70
auxiliaryMain = {m_storage = {__data = "xY\034\000\267\177", '\000' <repeats 34 times>, "\306\b\000\000\000\000\000\000\001\000\000\000\000\000\000\000\r", '\000' <repeats 15 times>, "\001\000\000\000\000\000\000\000\000\060o\365\266\177\000", __align = {<No data fields>}}}
#13 WebKit::AuxiliaryProcessMainBase<WebKit::NetworkProcess, false>::run(int, char**) (argv=0x7ffdb2c27618, argc=3, this=0x7ffdb2c27490) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:57
auxiliaryMain = {m_storage = {__data = "xY\034\000\267\177", '\000' <repeats 34 times>, "\306\b\000\000\000\000\000\000\001\000\000\000\000\000\000\000\r", '\000' <repeats 15 times>, "\001\000\000\000\000\000\000\000\000\060o\365\266\177\000", __align = {<No data fields>}}}
#14 WebKit::AuxiliaryProcessMain<WebKit::NetworkProcessMainSoup>(int, char**) (argc=3, argv=0x7ffdb2c27618) at /usr/lib/debug/source/sdk/webkit2gtk-5.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:96
auxiliaryMain = {m_storage = {__data = "xY\034\000\267\177", '\000' <repeats 34 times>, "\306\b\000\000\000\000\000\000\001\000\000\000\000\000\000\000\r", '\000' <repeats 15 times>, "\001\000\000\000\000\000\000\000\000\060o\365\266\177\000", __align = {<No data fields>}}}
#15 0x00007fb6fc76cb90 in __libc_start_main (main=0x560185ef9060 <main(int, char**)>, argc=3, argv=0x7ffdb2c27618, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffdb2c27608) at ../csu/libc-start.c:332
self = <optimized out>
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {94564542026080, -2017446051729979378, 0, 140727602542096, 0, 0, -2017446051736270834, -1975379393924380658}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fb7004e31e0, 0x7ffdb2c27600}, data = {prev = 0x0, cleanup = 0x0, canceltype = 5124576}}}
not_first_call = <optimized out>
#16 0x0000560185ef909e in _start () at ../sysdeps/x86_64/start.S:120