Bug 213059 - REGRESSION (r262776): Flaky crash under -[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]
Summary: REGRESSION (r262776): Flaky crash under -[WebCoreResourceHandleAsOperationQue...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Rob Buis
URL:
Keywords: InRadar
Depends on:
Blocks: 213690
  Show dependency treegraph
 
Reported: 2020-06-10 16:30 PDT by Ryan Haddad
Modified: 2020-06-27 20:40 PDT (History)
5 users (show)

See Also:

Attachments
crash log (166.29 KB, text/plain)
2020-06-10 16:30 PDT, Ryan Haddad 		no flags Details
Patch (2.43 KB, patch)
2020-06-11 05:42 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2020-06-10 16:30:06 PDT 
Created attachment 401601 [details]
crash log

Seeing the following flaky crash with js/dom/promise-stack-overflow.html on Catalina WK1 bots:

Thread 34 Crashed:: Dispatch queue: NSOperationQueue 0x7fee45f3c840 (QOS: UNSPECIFIED)
0   com.apple.WebCore             	0x0000000124c05d25 std::__1::unique_ptr<WebCore::ResourceHandleInternal, std::__1::default_delete<WebCore::ResourceHandleInternal> >::operator->() const + 21 (memory:2620)
1   com.apple.WebCore             	0x0000000124c063de WebCore::ResourceHandle::firstRequest() + 30 (ResourceHandle.cpp:181)
2   com.apple.WebCore             	0x000000012590a79c -[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:] + 188 (WebCoreResourceHandleAsOperationQueueDelegate.mm:126)
3   com.apple.CFNetwork           	0x00007fff3696539e 0x7fff36741000 + 2245534
4   com.apple.CFNetwork           	0x00007fff367bd6b2 0x7fff36741000 + 509618
5   com.apple.Foundation          	0x00007fff3a5c1ba5 __NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ + 7
6   com.apple.Foundation          	0x00007fff3a5c1ac6 -[NSBlockOperation main] + 80
7   com.apple.Foundation          	0x00007fff3a5c1a61 __NSOPERATION_IS_INVOKING_MAIN__ + 17
8   com.apple.Foundation          	0x00007fff3a5c0c93 -[NSOperation start] + 722

https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fpromise-stack-overflow.html
Comment 1 Ryan Haddad 2020-06-10 16:30:31 PDT 
<rdar://problem/64204430>
Comment 2 Ryan Haddad 2020-06-10 16:32:04 PDT 
I think this started after:
XMLHTTPRequest.send should not send Content-Type headers when Blob has no type
https://trac.webkit.org/changeset/262776/webkit
Comment 3 Ryan Haddad 2020-06-10 16:38:23 PDT 
I was able to reproduce a crash locally with:
run-webkit-tests js/dom/promise-stack-overflow.html -1 --no-retry --iterations 100 -g --exit-after-n-crashes-or-timeouts 1

The 10th iteration hit the crash.
Comment 4 Rob Buis 2020-06-10 21:16:22 PDT 
This very likely needs a check that m_handle is not null.
Comment 5 Rob Buis 2020-06-11 05:42:25 PDT 
Created attachment 401636 [details]
Patch
Comment 6 Rob Buis 2020-06-11 05:43:30 PDT 
(In reply to Ryan Haddad from comment #3)
> I was able to reproduce a crash locally with:
> run-webkit-tests js/dom/promise-stack-overflow.html -1 --no-retry
> --iterations 100 -g --exit-after-n-crashes-or-timeouts 1
> 
> The 10th iteration hit the crash.

I was able to repro (for me it was the 30th iteration), and I verified adding m_handle null check fixes the problem.
Comment 7 Ryan Haddad 2020-06-11 11:11:18 PDT 
Thanks! Should the patch be flagged for review?
Comment 8 Rob Buis 2020-06-11 11:25:48 PDT 
Comment on attachment 401636 [details]
Patch

Sorry, I forgot to set the review flag (again!) :)
Comment 9 Alex Christensen 2020-06-11 13:53:07 PDT 
Thanks, Rob!
Comment 10 EWS 2020-06-11 14:05:44 PDT 
Committed r262925: <https://trac.webkit.org/changeset/262925>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 401636 [details].