Created attachment 401601 [details] crash log Seeing the following flaky crash with js/dom/promise-stack-overflow.html on Catalina WK1 bots: Thread 34 Crashed:: Dispatch queue: NSOperationQueue 0x7fee45f3c840 (QOS: UNSPECIFIED) 0 com.apple.WebCore 0x0000000124c05d25 std::__1::unique_ptr<WebCore::ResourceHandleInternal, std::__1::default_delete<WebCore::ResourceHandleInternal> >::operator->() const + 21 (memory:2620) 1 com.apple.WebCore 0x0000000124c063de WebCore::ResourceHandle::firstRequest() + 30 (ResourceHandle.cpp:181) 2 com.apple.WebCore 0x000000012590a79c -[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:] + 188 (WebCoreResourceHandleAsOperationQueueDelegate.mm:126) 3 com.apple.CFNetwork 0x00007fff3696539e 0x7fff36741000 + 2245534 4 com.apple.CFNetwork 0x00007fff367bd6b2 0x7fff36741000 + 509618 5 com.apple.Foundation 0x00007fff3a5c1ba5 __NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ + 7 6 com.apple.Foundation 0x00007fff3a5c1ac6 -[NSBlockOperation main] + 80 7 com.apple.Foundation 0x00007fff3a5c1a61 __NSOPERATION_IS_INVOKING_MAIN__ + 17 8 com.apple.Foundation 0x00007fff3a5c0c93 -[NSOperation start] + 722 https://results.webkit.org/?suite=layout-tests&test=js%2Fdom%2Fpromise-stack-overflow.html
<rdar://problem/64204430>
I think this started after: XMLHTTPRequest.send should not send Content-Type headers when Blob has no type https://trac.webkit.org/changeset/262776/webkit
I was able to reproduce a crash locally with: run-webkit-tests js/dom/promise-stack-overflow.html -1 --no-retry --iterations 100 -g --exit-after-n-crashes-or-timeouts 1 The 10th iteration hit the crash.
This very likely needs a check that m_handle is not null.
Created attachment 401636 [details] Patch
(In reply to Ryan Haddad from comment #3) > I was able to reproduce a crash locally with: > run-webkit-tests js/dom/promise-stack-overflow.html -1 --no-retry > --iterations 100 -g --exit-after-n-crashes-or-timeouts 1 > > The 10th iteration hit the crash. I was able to repro (for me it was the 30th iteration), and I verified adding m_handle null check fixes the problem.
Thanks! Should the patch be flagged for review?
Comment on attachment 401636 [details] Patch Sorry, I forgot to set the review flag (again!) :)
Thanks, Rob!
Committed r262925: <https://trac.webkit.org/changeset/262925> All reviewed patches have been landed. Closing bug and clearing flags on attachment 401636 [details].