RESOLVED FIXED 213059
REGRESSION (r262776): Flaky crash under -[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:] 
https://bugs.webkit.org/show_bug.cgi?id=213059
Summary REGRESSION (r262776): Flaky crash under -[WebCoreResourceHandleAsOperationQue...
Ryan Haddad
Reported 2020-06-10 16:30:06 PDT
Created attachment 401601 [details] crash log Seeing the following flaky crash with js/dom/promise-stack-overflow.html on Catalina WK1 bots: Thread 34 Crashed:: Dispatch queue: NSOperationQueue 0x7fee45f3c840 (QOS: UNSPECIFIED) 0 com.apple.WebCore 0x0000000124c05d25 std::__1::unique_ptr<WebCore::ResourceHandleInternal, std::__1::default_delete<WebCore::ResourceHandleInternal> >::operator->() const + 21 (memory:2620) 1 com.apple.WebCore 0x0000000124c063de WebCore::ResourceHandle::firstRequest() + 30 (ResourceHandle.cpp:181) 2 com.apple.WebCore 0x000000012590a79c -[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:] + 188 (WebCoreResourceHandleAsOperationQueueDelegate.mm:126) 3 com.apple.CFNetwork 0x00007fff3696539e 0x7fff36741000 + 2245534 4 com.apple.CFNetwork 0x00007fff367bd6b2 0x7fff36741000 + 509618 5 com.apple.Foundation 0x00007fff3a5c1ba5 __NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ + 7 6 com.apple.Foundation 0x00007fff3a5c1ac6 -[NSBlockOperation main] + 80 7 com.apple.Foundation 0x00007fff3a5c1a61 __NSOPERATION_IS_INVOKING_MAIN__ + 17 8 com.apple.Foundation 0x00007fff3a5c0c93 -[NSOperation start] + 722 https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fpromise-stack-overflow.html
Attachments
crash log (166.29 KB, text/plain)
2020-06-10 16:30 PDT, Ryan Haddad 		no flags
Details
Patch (2.43 KB, patch)
2020-06-11 05:42 PDT, Rob Buis 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryan Haddad
Comment 1 2020-06-10 16:30:31 PDT
<rdar://problem/64204430>
Ryan Haddad
Comment 2 2020-06-10 16:32:04 PDT
I think this started after: XMLHTTPRequest.send should not send Content-Type headers when Blob has no type https://trac.webkit.org/changeset/262776/webkit
Ryan Haddad
Comment 3 2020-06-10 16:38:23 PDT
I was able to reproduce a crash locally with: run-webkit-tests js/dom/promise-stack-overflow.html -1 --no-retry --iterations 100 -g --exit-after-n-crashes-or-timeouts 1 The 10th iteration hit the crash.
Rob Buis
Comment 4 2020-06-10 21:16:22 PDT
This very likely needs a check that m_handle is not null.
Rob Buis
Comment 5 2020-06-11 05:42:25 PDT
Created attachment 401636 [details] Patch
Rob Buis
Comment 6 2020-06-11 05:43:30 PDT
(In reply to Ryan Haddad from comment #3) > I was able to reproduce a crash locally with: > run-webkit-tests js/dom/promise-stack-overflow.html -1 --no-retry > --iterations 100 -g --exit-after-n-crashes-or-timeouts 1 > > The 10th iteration hit the crash. I was able to repro (for me it was the 30th iteration), and I verified adding m_handle null check fixes the problem.
Ryan Haddad
Comment 7 2020-06-11 11:11:18 PDT
Thanks! Should the patch be flagged for review?
Rob Buis
Comment 8 2020-06-11 11:25:48 PDT
Comment on attachment 401636 [details] Patch Sorry, I forgot to set the review flag (again!) :)
Alex Christensen
Comment 9 2020-06-11 13:53:07 PDT
Thanks, Rob!
EWS
Comment 10 2020-06-11 14:05:44 PDT
Committed r262925: <https://trac.webkit.org/changeset/262925> All reviewed patches have been landed. Closing bug and clearing flags on attachment 401636 [details].
Note You need to log in before you can comment on or make changes to this bug.