283596 2024-11-22 14:55:33 -0800 REGRESSION(286883@main): ASSERT NOT REACHED in WebCore::toResourceLoadPriority(CFURLRequestPriority) 2025-01-29 08:48:05 -0800 1 1 1 Unclassified WebKit New Bugs WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 darbinyan webkit-unassigned pvarangot rniwa webkit-bot-watchers-bugzilla webkit-bug-importer oldest_to_newest 2077144 0 darbinyan 2024-11-22 14:55:33 -0800 The following test is constant crash on Sequoia Debug and appear as false-positive failure in EWS. ipc/create-connection-and-send-async.html The regression range points to 286883@main. 286883@main - Fail 286884@main - Pass Error: stderr: SHOULD NEVER BE REACHED /Volumes/Data/worker/Apple-Sequoia-Debug-Build/build/Source/WebCore/platform/network/cf/ResourceRequestCFNet.h(53) : ResourceLoadPriority WebCore::toResourceLoadPriority(CFURLRequestPriority) 1 0x146343578 WebCore::toResourceLoadPriority(long) 2 0x146342fd4 WebCore::ResourceRequest::doUpdateResourceRequest() 3 0x1499d60c4 WebCore::ResourceRequestBase::updateResourceRequest(WebCore::HTTPBodyUpdatePolicy) const 4 0x1499d643c WebCore::ResourceRequestBase::setIsAppInitiated(bool) 5 0x146341c60 WebCore::ResourceRequest::ResourceRequest(WebCore::ResourceRequestPlatformData&&, WTF::String const&, bool) 6 0x146341e28 WebCore::ResourceRequest::ResourceRequest(WebCore::ResourceRequestPlatformData&&, WTF::String const&, bool) 7 0x14634270c WebCore::ResourceRequest::fromResourceRequestData(std::__1::variant<WebCore::ResourceRequestBase::RequestData, WebCore::ResourceRequestPlatformData>, WTF::String const&, bool) 8 0x12da72d40 IPC::ArgumentCoder<WebCore::ResourceRequest, void>::decode(IPC::Decoder&) 9 0x12d9c0010 std::__1::optional<WebCore::ResourceRequest> IPC::Decoder::decode<WebCore::ResourceRequest>() 10 0x12e6e41f0 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>> IPC::ArgumentCoder<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>, void>::decode<IPC::Decoder, WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>(IPC::Decoder&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>&&) 11 0x12e6e4174 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>> IPC::ArgumentCoder<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>, void>::decode<IPC::Decoder>(IPC::Decoder&) 12 0x12e6e3f24 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>> IPC::Decoder::decode<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>>() 13 0x12e6e0728 void IPC::handleMessageAsync<Messages::RemoteMediaResourceManager::RedirectReceived, IPC::Connection, WebKit::RemoteMediaResourceManager, WebKit::RemoteMediaResourceManager, void (WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)>(IPC::Connection&, IPC::Decoder&, WebKit::RemoteMediaResourceManager*, void (WebKit::RemoteMediaResourceManager::*)(WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)) History: https://results.webkit.org/?suite=layout-tests&test=ipc%2Fcreate-connection-and-send-async.html&version_name=Sequoia&style=debug Test result: https://build.webkit.org/#/builders/1226/builds/355 2077145 1 webkit-bug-importer 2024-11-22 14:57:20 -0800 <rdar://problem/140442183> 2077157 2 ews-feeder 2024-11-22 15:16:00 -0800 Test gardening commit 286986@main (0b284a600aaf): <https://commits.webkit.org/286986@main> Reviewed commits have been landed. Closing PR #37053 and removing active labels. 2077588 3 ryanhaddad 2024-11-25 13:49:45 -0800 Skipping this test moved the crash to another test, so I think it is actually cased by a preceding test. The blamed change added `ipc/cfnetwork-crashes-with-string-to-string-http-headers.html`, and if I run that test right before `ipc/create-connection-and-send-async.html` it reproduces the crash. 2077591 4 ews-feeder 2024-11-25 14:00:14 -0800 Test gardening commit 287072@main (7a37f4c40a89): <https://commits.webkit.org/287072@main> Reviewed commits have been landed. Closing PR #37134 and removing active labels. 2085003 5 rniwa 2025-01-06 00:56:48 -0800 Hm... I can't reproduce this issue at 288456@main on Sequoia: ./Tools/Scripts/run-webkit-tests --debug --no-build --no-show-results --expect-pass ipc/cfnetwork-crashes-with-string-to-string-http-headers.html ipc/create-connection-and-send-async.html --iterations 50 --exit-after-n-crashes-or-timeouts 1 But we can probably fix the test: ipc/cfnetwork-crashes-with-string-to-string-http-headers.html. It specifies requestPriority of 89. We probably just need to sanitize this value in CoreIPCNSURLRequest::toID(). Right now, it allows any value but we should only permit: -1 through 4 based on the assertion in toResourceLoadPriority. Full stack trace: SHOULD NEVER BE REACHED /Volumes/Data/worker/Apple-Sequoia-Debug-Build/build/Source/WebCore/platform/network/cf/ResourceRequestCFNet.h(53) : ResourceLoadPriority WebCore::toResourceLoadPriority(CFURLRequestPriority) 1 0x186ac53d8 WebCore::toResourceLoadPriority(long) 2 0x186ac4c90 WebCore::ResourceRequest::doUpdateResourceRequest() 3 0x18a011aa6 WebCore::ResourceRequestBase::updateResourceRequest(WebCore::HTTPBodyUpdatePolicy) const 4 0x18a011e13 WebCore::ResourceRequestBase::setIsAppInitiated(bool) 5 0x186ac359c WebCore::ResourceRequest::ResourceRequest(WebCore::ResourceRequestPlatformData&&, WTF::String const&, bool) 6 0x186ac3744 WebCore::ResourceRequest::ResourceRequest(WebCore::ResourceRequestPlatformData&&, WTF::String const&, bool) 7 0x186ac4242 WebCore::ResourceRequest::fromResourceRequestData(std::__1::variant<WebCore::ResourceRequestBase::RequestData, WebCore::ResourceRequestPlatformData>, WTF::String const&, bool) 8 0x12d6d32f1 IPC::ArgumentCoder<WebCore::ResourceRequest, void>::decode(IPC::Decoder&) 9 0x12d61a5fc std::__1::optional<WebCore::ResourceRequest> IPC::Decoder::decode<WebCore::ResourceRequest>() 10 0x12e2fd714 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>> IPC::ArgumentCoder<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>, void>::decode<IPC::Decoder, WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>(IPC::Decoder&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>&&) 11 0x12e2fd697 std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>> IPC::ArgumentCoder<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>, void>::decode<IPC::Decoder>(IPC::Decoder&) 12 0x12e2fd46c std::__1::optional<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>> IPC::Decoder::decode<std::__1::tuple<WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest, WebCore::ResourceResponse>>() 13 0x12e2f981f void IPC::handleMessageAsync<Messages::RemoteMediaResourceManager::RedirectReceived, IPC::Connection, WebKit::RemoteMediaResourceManager, WebKit::RemoteMediaResourceManager, void (WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)>(IPC::Connection&, IPC::Decoder&, WebKit::RemoteMediaResourceManager*, void (WebKit::RemoteMediaResourceManager::*)(WTF::ObjectIdentifierGeneric<WebKit::RemoteMediaResourceIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&)>&&)) 14 0x12e2f92a3 WebKit::RemoteMediaResourceManager::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 15 0x12e99c89c WebKit::GPUConnectionToWebProcess::dispatchMessage(IPC::Connection&, IPC::Decoder&) 16 0x12e83dad0 WebKit::GPUConnectionToWebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 17 0x13155e1ce IPC::Connection::dispatchMessage(IPC::Decoder&) 18 0x13155e5c5 IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) 19 0x13155e92b IPC::Connection::dispatchOneIncomingMessage() 20 0x13158195d IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_2::operator()() const 21 0x1315818c9 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(WTF::UniqueRef<IPC::Decoder>)::$_2, void>::call() 22 0x104b86937 WTF::Function<void ()>::operator()() const 23 0x104c45d2e WTF::RunLoop::performWork() 24 0x104c4a0ce WTF::RunLoop::performWork(void*) 25 0x7ff81a46eb0f __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 26 0x7ff81a46eab1 __CFRunLoopDoSource0 27 0x7ff81a46e884 __CFRunLoopDoSources0 28 0x7ff81a46d51c __CFRunLoopRun 29 0x7ff81a46cb6c CFRunLoopRunSpecific 30 0x7ff81b492e59 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 31 0x7ff81b513197 -[NSRunLoop(NSRunLoop) run] com.apple.WebKit.GPU.Development terminated (pid 35772) for reason: crash LEAK: 1 WebPageProxy 2090445 6 ews-feeder 2025-01-29 08:48:03 -0800 Committed 289501@main (3a885897a634): <https://commits.webkit.org/289501@main> Reviewed commits have been landed. Closing PR #39406 and removing active labels.