NEW 148890
http/tests/contentfiltering/load-substitute-data-from-appcache.html and http/tests/appcache/decide-navigation-policy-after-delay.html crash in DocumentLoader::dataReceived sometimes 
https://bugs.webkit.org/show_bug.cgi?id=148890
Summary http/tests/contentfiltering/load-substitute-data-from-appcache.html and http/...
Alexey Proskuryakov
Reported 2015-09-04 23:40:47 PDT
I saw http/tests/contentfiltering/load-substitute-data-from-appcache.html (a new test) crash several times on Yosemite with a release assert: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=http%2Ftests%2Fcontentfiltering%2Fload-substitute-data-from-appcache.html 0 com.apple.JavaScriptCore 0x000000010cbb4797 WTFCrash + 39 1 com.apple.WebCore 0x000000010eb4e4ce WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 206 (DocumentLoader.cpp:864) 2 com.apple.WebCore 0x000000010eb4dfed WebCore::DocumentLoader::continueAfterContentPolicy(WebCore::PolicyAction) + 1773 (DocumentLoader.cpp:753) 3 com.apple.WebCore 0x000000010eb4d680 WebCore::DocumentLoader::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&) + 1968 (DocumentLoader.cpp:660) 4 com.apple.WebCore 0x000000010e841f20 WebCore::ContentFilter::responseReceived(WebCore::CachedResource*, WebCore::ResourceResponse const&) + 432 (ContentFilter.cpp:163) 5 com.apple.WebCore 0x000000010e70e189 WebCore::CachedRawResource::responseReceived(WebCore::ResourceResponse const&) + 201 (CachedRawResource.cpp:185) 6 com.apple.WebCore 0x000000011040475f WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 767 (SubresourceLoader.cpp:232) 7 com.apple.WebKit 0x00000001098c4c92 WebKit::WebResourceLoader::didReceiveResponse(WebCore::ResourceResponse const&, bool) + 306 (WebResourceLoader.cpp:130)
Attachments
Patch (2.94 KB, patch)
2015-09-20 13:46 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews102 for mac-mavericks (610.61 KB, application/zip)
2015-09-20 14:19 PDT, Build Bot 		no flags
Details
add a similar test to isolate the problem (4.42 KB, patch)
2015-09-20 14:32 PDT, Andy Estes 		ap: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2015-09-08 09:23:19 PDT
rdar://problem/22611076
Alexey Proskuryakov
Comment 2 2015-09-16 16:01:53 PDT
<rdar://problem/22729876>
Andy Estes
Comment 3 2015-09-20 13:12:41 PDT
I suspect this assertion would be hit even if Content Filtering wasn't enabled. The test decides navigation policy asynchronously in order mimic iOS Safari's behavior, so the response is sometimes received before navigation policy is decided. When loading substitute data, dataReceived() is called in continueAfterContentPolicy() with a null CachedResource, and it asserts that m_mainResource has already been set to 0 in continueAfterNavigationPolicy(): ASSERT_UNUSED(resource, resource == m_mainResource); I'm going to upload this same test without Content Filtering enabled to verify my assumption that the crash will still sometimes occur.
Andy Estes
Comment 4 2015-09-20 13:46:07 PDT
Created attachment 261611 [details] Patch
Build Bot
Comment 5 2015-09-20 14:19:39 PDT
Comment on attachment 261611 [details] Patch Attachment 261611 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/190910 New failing tests: http/tests/appcache/decide-navigation-policy-after-delay.html
Build Bot
Comment 6 2015-09-20 14:19:42 PDT
Created attachment 261614 [details] Archive of layout-test-results from ews102 for mac-mavericks The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-mavericks Platform: Mac OS X 10.9.5
Andy Estes
Comment 7 2015-09-20 14:32:19 PDT
Created attachment 261615 [details] add a similar test to isolate the problem
Alexey Proskuryakov
Comment 8 2015-09-20 15:04:13 PDT
Comment on attachment 261615 [details] add a similar test to isolate the problem Is this completely unreproducible locally? What did you try?
Andy Estes
Comment 9 2015-09-20 15:07:53 PDT
(In reply to comment #8) > Comment on attachment 261615 [details] > Patch > > Is this completely unreproducible locally? What did you try? I wasn't able to reproduce locally after running the tests in http/tests/contentfiltering/ for 100 iterations, but it seems to crash on the bots at least once a day. I was planning to land this and check for crashes tomorrow.
Andy Estes
Comment 10 2015-09-20 15:10:15 PDT
I also tried with --order=random.
Alexey Proskuryakov
Comment 11 2015-09-20 16:22:57 PDT
It often helps to simulate full CPU load with --fully-parallel, possibly even overcommitting with --child-processes=<more than it normally starts>. > I was planning to land this and check for crashes tomorrow. Sure.
Andy Estes
Comment 12 2015-09-20 21:26:59 PDT
Committed r190041: <http://trac.webkit.org/changeset/190041>
Alexey Proskuryakov
Comment 13 2015-10-04 13:39:29 PDT
*** Bug 149723 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 14 2015-10-04 13:48:24 PDT
Marked both tests as flaky in r190552. It was tricky since they had complicated and different skip/unskip chains.
Alexey Proskuryakov
Comment 15 2016-12-15 14:41:11 PST
This seems like it stopped happening some time earlier in 2016.
Alexey Proskuryakov
Comment 16 2016-12-15 14:42:41 PST
(and then these same tests started to crash in a different way, frequently)
Note You need to log in before you can comment on or make changes to this bug.