278500 2024-08-21 16:08:10 -0700 REGRESSION (282564@main): [ macOS iOS wk2 debug arm64 ] imported/w3c/web-platform-tests/navigation-api/navigate-event/replaceState-inside-back-handler.html is a constant crash with a assertion failure. 2024-08-28 14:17:00 -0700 1 1 1 Unclassified WebKit WebCore JavaScript WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 aviduya pgriffis achristensen pgriffis webkit-bot-watchers-bugzilla webkit-bug-importer oldest_to_newest 2054556 0 aviduya 2024-08-21 16:08:10 -0700 imported/w3c/web-platform-tests/navigation-api/navigate-event/replaceState-inside-back-handler.html is a constant crash producing an assertion failure. HISTORY: https://results.webkit.org/?platform=mac&platform=ios&suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fnavigation-api%2Fnavigate-event%2FreplaceState-inside-back-handler.html LOG: 1 0x35b3ad4d8 WebCore::DOMPromise::whenPromiseIsSettled(WebCore::JSDOMGlobalObject*, JSC::JSObject*, WTF::Function<void ()>&&) 2 0x35b3ad01c WebCore::DOMPromise::whenSettled(std::__1::function<void ()>&&) 3 0x35cfa8a68 WebCore::waitForAllPromises(WTF::Vector<WTF::RefPtr<WebCore::DOMPromise, WTF::RawPtrTraits<WebCore::DOMPromise>, WTF::DefaultRefDerefTraits<WebCore::DOMPromise>>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WTF::Function<void ()>&&, WTF::Function<void (JSC::JSValue)>&&) 4 0x35cfa7dd8 WebCore::Navigation::innerDispatchNavigateEvent(WebCore::NavigationNavigationType, WTF::Ref<WebCore::NavigationDestination, WTF::RawPtrTraits<WebCore::NavigationDestination>, WTF::DefaultRefDerefTraits<WebCore::NavigationDestination>>&&, WTF::String const&, WebCore::FormState*, WebCore::SerializedScriptValue*) 5 0x35cfa9014 WebCore::Navigation::dispatchPushReplaceReloadNavigateEvent(WTF::URL const&, WebCore::NavigationNavigationType, bool, WebCore::FormState*, WebCore::SerializedScriptValue*) LINK: https://build.webkit.org/results/Apple-Sonoma-Debug-AppleSilicon-WK2-Tests/282576@main%20(3805)/imported/w3c/web-platform-tests/navigation-api/navigate-event/replaceState-inside-back-handler-crash-log.txt DESCRIPTION: In 282564@main changes were made in Navigation. I tried to bisect the regression but it seems that 282564@main had a build failure. In 282563@main the crash does not occur. REPRODUCIBILITY: I was able to reproduce the constant crash on ToT using command run-webkit-test imported/w3c/web-platform-tests/navigation-api/navigate-event/replaceState-inside-back-handler.html --debug --iterations 10 2054557 1 webkit-bug-importer 2024-08-21 16:08:20 -0700 <rdar://problem/134452443> 2054558 2 aviduya 2024-08-21 16:14:24 -0700 ASSERTION FAILED: !scope.exception() || vm.hasPendingTerminationException() 2054570 3 ews-feeder 2024-08-21 17:03:56 -0700 Test gardening commit 282588@main (975b17dd3d6f): <https://commits.webkit.org/282588@main> Reviewed commits have been landed. Closing PR #32566 and removing active labels. 2054595 4 aviduya 2024-08-21 18:59:33 -0700 With the above commit it was decided to skip the test on affected platforms. 2054730 5 pgriffis 2024-08-22 09:42:11 -0700 Pull request: https://github.com/WebKit/WebKit/pull/32596 2054744 6 ews-feeder 2024-08-22 10:53:53 -0700 Committed 282623@main (df546f0d2c4d): <https://commits.webkit.org/282623@main> Reviewed commits have been landed. Closing PR #32596 and removing active labels. 2054846 7 ap 2024-08-22 16:55:15 -0700 This fix didn't unskip tests that were skipped in 282588@main, this still needs to be done. 2054849 8 ap 2024-08-22 17:08:59 -0700 My mistake, I somehow overlooked that the expectations were actually removed. Please ignore the above comment. 2056072 9 aviduya 2024-08-28 14:17:00 -0700 The fix was 282623@main. It reverted the commit that regressed the test.