Bug 174526

Summary: Regression(r199039): Possible crash under NetworkSocketStream::didFailSocketStream()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, buildbot, commit-queue, rniwa, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Archive of layout-test-results from ews102 for mac-elcapitan none

Chris Dumez
Reported 2017-07-14 13:42:44 PDT
Possible crash under NetworkSocketStream::didFailSocketStream(): Thread 0 Crashed ↩:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit 0x00007fffa1de73e2 IPC::Connection::sendMessage(std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>) + 26 1 com.apple.WebKit 0x00007fffa1e2062f IPC::MessageSender::sendMessage(std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>) + 57 2 com.apple.WebKit 0x00007fffa1e7cf2a bool IPC::MessageSender::send<Messages::WebSocketStream::DidFailSocketStream>(Messages::WebSocketStream::DidFailSocketStream const&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 112 3 com.apple.WebKit 0x00007fffa1e7ca31 non-virtual thunk to WebKit::NetworkSocketStream::didFailSocketStream(WebCore::SocketStreamHandle&, WebCore::SocketStreamError const&) + 51 4 com.apple.WebCore 0x00007fffa16cf679 WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl(WebCore::URL const&, WebCore::SocketStreamHandleClient&, WebCore::SessionID, WTF::String const&, WebCore::SourceApplicationAuditToken&&) + 793 5 com.apple.WebKit 0x00007fffa1e7c597 WebKit::NetworkSocketStream::create(WebCore::URL&&, WebCore::SessionID, WTF::String const&, unsigned long long, IPC::Connection&, WebCore::SourceApplicationAuditToken&&) + 147 6 com.apple.WebKit 0x00007fffa1e574bd WebKit::NetworkConnectionToWebProcess::createSocketStream(WebCore::URL&&, WebCore::SessionID, WTF::String, unsigned long long) + 107 7 com.apple.WebKit 0x00007fffa1e5cd65 void IPC::callMemberFunctionImpl<WebKit::NetworkConnectionToWebProcess, void (WebKit::NetworkConnectionToWebProcess::*)(WebCore::URL&&, WebCore::SessionID, WTF::String, unsigned long long), std::__1::tuple<WebCore::URL, WebCore::SessionID, WTF::String, unsigned long long>, 0ul, 1ul, 2ul, 3ul>(WebKit::NetworkConnectionToWebProcess*, void (WebKit::NetworkConnectionToWebProcess::*)(WebCore::URL&&, WebCore::SessionID, WTF::String, unsigned long long), std::__1::tuple<WebCore::URL, WebCore::SessionID, WTF::String, unsigned long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul>) + 63 8 com.apple.WebKit 0x00007fffa1e5b2fa void IPC::handleMessage<Messages::NetworkConnectionToWebProcess::CreateSocketStream, WebKit::NetworkConnectionToWebProcess, void (WebKit::NetworkConnectionToWebProcess::*)(WebCore::URL&&, WebCore::SessionID, WTF::String, unsigned long long)>(IPC::Decoder&, WebKit::NetworkConnectionToWebProcess*, void (WebKit::NetworkConnectionToWebProcess::*)(WebCore::URL&&, WebCore::SessionID, WTF::String, unsigned long long)) + 94 9 com.apple.WebKit 0x00007fffa1de69b5 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 119 10 com.apple.WebKit 0x00007fffa1de94ee IPC::Connection::dispatchOneMessage() + 176 11 com.apple.JavaScriptCore 0x00007fff96dcee39 WTF::RunLoop::performWork() + 169 12 com.apple.JavaScriptCore 0x00007fff96dcf0f2 WTF::RunLoop::performWork(void*) + 34 13 com.apple.CoreFoundation 0x00007fff93362c51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 14 com.apple.CoreFoundation 0x00007fff93345a6f __CFRunLoopDoSources0 + 271 15 com.apple.CoreFoundation 0x00007fff9334501f __CFRunLoopRun + 1039 16 com.apple.CoreFoundation 0x00007fff93344999 CFRunLoopRunSpecific + 409 17 com.apple.Foundation 0x00007fff953e5306 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 277 18 com.apple.Foundation 0x00007fff953e51de -[NSRunLoop(NSRunLoop) run] + 76 19 libxpc.dylib 0x00007fffba9c5e2b _xpc_objc_main + 672 20 libxpc.dylib 0x00007fffba9c4a21 xpc_main + 417 21 com.apple.WebKit.Networking 0x10892a6a1 main + 490 (/BuildRoot/Library/Caches/com.apple.xbs/Sources/WebKit2/WebKit2-7604.1.28.2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:148) 22 libdyld.dylib 0x00007fffba6fa639 start + 1
Attachments
Patch (4.85 KB, patch)
2017-07-14 13:46 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews102 for mac-elcapitan (1.13 MB, application/zip)
2017-07-14 14:39 PDT, Build Bot 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2017-07-14 13:43:10 PDT
<rdar://problem/32831441>
Chris Dumez
Comment 2 2017-07-14 13:46:00 PDT
Created attachment 315481 [details] Patch
Build Bot
Comment 3 2017-07-14 14:39:05 PDT
Comment on attachment 315481 [details] Patch Attachment 315481 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/4121474 New failing tests: security/contentSecurityPolicy/video-with-data-url-allowed-by-media-src-star.html
Build Bot
Comment 4 2017-07-14 14:39:06 PDT
Created attachment 315487 [details] Archive of layout-test-results from ews102 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Brent Fulgham
Comment 5 2017-07-14 14:40:16 PDT
Comment on attachment 315481 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=315481&action=review r=me > Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp:92 > + }); Wow! Nice catch.
Brent Fulgham
Comment 6 2017-07-14 14:40:34 PDT
The 'mac' test failure doesn't seem likely to be related to this patch.
Chris Dumez
Comment 7 2017-07-14 14:42:59 PDT
(In reply to Brent Fulgham from comment #6) > The 'mac' test failure doesn't seem likely to be related to this patch. Indeed, the test is currently failing on the non-EWS bots. The tree is red.
WebKit Commit Bot
Comment 8 2017-07-14 14:45:43 PDT
Comment on attachment 315481 [details] Patch Clearing flags on attachment: 315481 Committed r219525: <http://trac.webkit.org/changeset/219525>
WebKit Commit Bot
Comment 9 2017-07-14 14:45:45 PDT
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 10 2017-07-15 08:08:57 PDT
Comment on attachment 315481 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=315481&action=review >> Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp:92 >> + }); > > Wow! Nice catch. Can m_client get zeroed out in between?
Chris Dumez
Comment 11 2017-07-18 08:58:13 PDT
Comment on attachment 315481 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=315481&action=review >>> Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp:92 >>> + }); >> >> Wow! Nice catch. > > Can m_client get zeroed out in between? m_client is a reference, not a pointer and cannot be zeroed out.
Note You need to log in before you can comment on or make changes to this bug.