Bug 285579

Summary: REGRESSION(288518@main): http/tests/navigation/forward-and-cancel.html is crashing
Product: WebKit Reporter: Fujii Hironori <fujii.hironori>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: charliew, rackler, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=285446
https://bugs.webkit.org/show_bug.cgi?id=285627

Fujii Hironori
Reported 2025-01-07 22:05:48 PST
[Win] http/tests/navigation/forward-and-cancel.html is crashing Windows Debug layout test is crashing. Regressions: Unexpected crashes (1) http/tests/navigation/forward-and-cancel.html [ Crash ] . 0 Id: 41d0.160c Suspend: 1 Teb: 000000fc`d8896000 Unfrozen # Child-SP RetAddr Call Site 00 000000fc`d91fcf20 00007ff9`472911a2 JavaScriptCore!WTF::RawPtrTraits<WTF::StringImpl>::unwrap(class WTF::StringImpl ** ptr = 0x00000000`00000018)+0x9 [C:\webkit\wb\WebKitBuild\Debug\WTF\Headers\wtf\RawPtrTraits.h @ 44] 01 000000fc`d91fcf30 00007ff9`47284612 JavaScriptCore!WTF::RefPtr<WTF::StringImpl,WTF::RawPtrTraits<WTF::StringImpl>,WTF::DefaultRefDerefTraits<WTF::StringImpl> >::RefPtr(class WTF::RefPtr<WTF::StringImpl,WTF::RawPtrTraits<WTF::StringImpl>,WTF::DefaultRefDerefTraits<WTF::StringImpl> > * o = 0x00000000`00000018)+0x22 [C:\webkit\wb\WebKitBuild\Debug\WTF\Headers\wtf\RefPtr.h @ 49] 02 000000fc`d91fcf70 00007ff9`49bd12bf JavaScriptCore!WTF::String::String(void)+0x22 [C:\webkit\wb\WebKitBuild\Debug\WTF\Headers\wtf\text\WTFString.h @ 85] 03 000000fc`d91fcfb0 00007ff9`4e6ffc8c JavaScriptCore!WTF::URL::URL(class WTF::URL * base = 0x000000fc`d91fd0e8, class WTF::String * relative = 0x00000000`00000018, class WTF::URLTextEncoding * encoding = 0x00000000`00000000)+0x5f [C:\webkit\wb\Source\WTF\wtf\URL.cpp @ 68] 04 000000fc`d91fd0a0 00007ff9`642ba00a WebCore!WebCore::HistoryItem::url(void)+0x5c [C:\webkit\wb\Source\WebCore\history\HistoryItem.cpp @ 164] 05 000000fc`d91fd120 00007ff9`63fff11f WebKit2!WKBundleScriptWorldCopyName+0x29df8a 06 000000fc`d91fd250 00007ff9`8837cecd WebKit2!WKBundlePageDumpHistoryForTesting+0x4f 07 000000fc`d91fd2b0 00007ff9`883694ec TestRunnerInjectedBundle!WTR::InjectedBundlePage::dumpHistory(void)+0x7d [C:\webkit\wb\Tools\WebKitTestRunner\InjectedBundle\InjectedBundlePage.cpp @ 1639] 08 000000fc`d91fd340 00007ff9`8837967a TestRunnerInjectedBundle!WTR::InjectedBundle::dumpBackForwardListsForAllPages(class WTF::StringBuilder * stringBuilder = 0x000000fc`d91fd4d0)+0x7c [C:\webkit\wb\Tools\WebKitTestRunner\InjectedBundle\InjectedBundle.cpp @ 425] 09 000000fc`d91fd3b0 00007ff9`8837d167 TestRunnerInjectedBundle!WTR::InjectedBundlePage::dump(bool forceRepaint = true)+0x46a [C:\webkit\wb\Tools\WebKitTestRunner\InjectedBundle\InjectedBundlePage.cpp @ 757] 0a 000000fc`d91fd530 00007ff9`8837d0e2 TestRunnerInjectedBundle!WTR::InjectedBundlePage::forceImmediateCompletion(void)+0x77 [C:\webkit\wb\Tools\WebKitTestRunner\InjectedBundle\InjectedBundlePage.cpp @ 1741] 0b 000000fc`d91fd580 00007ff9`883a7ca9 TestRunnerInjectedBundle!WTR::InjectedBundlePage::notifyDone(void)+0x32 [C:\webkit\wb\Tools\WebKitTestRunner\InjectedBundle\InjectedBundlePage.cpp @ 1733] 0c 000000fc`d91fd5c0 00007ff9`88402296 TestRunnerInjectedBundle!WTR::TestRunner::notifyDone(void)+0x59 [C:\webkit\wb\Tools\WebKitTestRunner\InjectedBundle\TestRunner.cpp @ 253] 0d 000000fc`d91fd600 00007ff9`88402263 TestRunnerInjectedBundle!WTR::callFunction<WTR::TestRunner,WTR::TestRunner,void (void)+0x26 [C:\webkit\wb\WebKitBuild\Debug\WebKitTestRunner\DerivedSources\InjectedBundle\JSTestRunner.cpp @ 69] 0e 000000fc`d91fd630 00007ff9`8840223d TestRunnerInjectedBundle!std::invoke<`lambda at C:\webkit\wb\WebKitBuild\Debug\WebKitTestRunner\DerivedSources\InjectedBundle\JSTestRunner.cpp:68:27'>(class WTR::callFunction<WTR::TestRunner,WTR::TestRunner,void ()>::<lambda_1> * _Obj = 0x000000fc`d91fd710)+0x13 [C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\include\type_traits @ 1695] 0f 000000fc`d91fd660 00007ff9`88402212 TestRunnerInjectedBundle!std::_Apply_impl<`lambda at C:\webkit\wb\WebKitBuild\Debug\WebKitTestRunner\DerivedSources\InjectedBundle\JSTestRunner.cpp:68:27',std::tuple<> >(class WTR::callFunction<WTR::TestRunner,WTR::TestRunner,void ()>::<lambda_1> * _Obj = 0x000000fc`d91fd710, class std::tuple<> * _Tpl = 0x000000fc`d91fd727)+0x1d [C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\include\tuple @ 1064] 10 000000fc`d91fd6a0 00007ff9`883fef3b TestRunnerInjectedBundle!std::apply<`lambda at C:\webkit\wb\WebKitBuild\Debug\WebKitTestRunner\DerivedSources\InjectedBundle\JSTestRunner.cpp:68:27',std::tuple<> >(class WTR::callFunction<WTR::TestRunner,WTR::TestRunner,void ()>::<lambda_1> * _Obj = 0x000000fc`d91fd710, class std::tuple<> * _Tpl = 0x000000fc`d91fd727)+0x22 [C:\Program Files\Microsoft Visual Studio\2022\Professional\VC\Tools\MSVC\14.42.34433\include\tuple @ 1075] 11 000000fc`d91fd6e0 00007ff9`883e892d TestRunnerInjectedBundle!WTR::callFunction<WTR::TestRunner,WTR::TestRunner,void (struct OpaqueJSContext * context = 0x00000263`de6ab708, class WTR::TestRunner * object = 0x00000263`e0ff5ab0, <function> * function = 0x00007ff9`883a7c50)+0x5b [C:\webkit\wb\WebKitBuild\Debug\WebKitTestRunner\DerivedSources\InjectedBundle\JSTestRunner.cpp @ 68] 12 000000fc`d91fd750 00007ff9`472aa761 TestRunnerInjectedBundle!WTR::JSTestRunner::notifyDone(struct OpaqueJSContext * context = 0x00000263`de6ab708, struct OpaqueJSValue * thisObject = 0x00000263`e151c180, unsigned int64 argumentCount = 0, struct OpaqueJSValue ** arguments = 0x000000fc`d91fd940, struct OpaqueJSValue ** exception = 0x000000fc`d91fd890)+0x8d [C:\webkit\wb\WebKitBuild\Debug\WebKitTestRunner\DerivedSources\InjectedBundle\JSTestRunner.cpp @ 514] 13 000000fc`d91fd7d0 00007ff9`47282acd JavaScriptCore!JSC::APICallbackFunction::callImpl<JSC::JSCallbackFunction>(class JSC::JSGlobalObject * globalObject = 0x00000263`de6ab708, class JSC::CallFrame * callFrame = 0x000000fc`d91fda10)+0x1d1 [C:\webkit\wb\Source\JavaScriptCore\API\APICallbackFunction.h @ 60] 14 000000fc`d91fd9d0 00000263`800014a7 JavaScriptCore!JSC::callJSCallbackFunction(class JSC::JSGlobalObject * globalObject = 0x00000263`de6ab708, class JSC::CallFrame * callFrame = 0x000000fc`d91fda10)+0x1d [C:\webkit\wb\Source\JavaScriptCore\API\JSCallbackFunction.cpp @ 42] 15 000000fc`d91fda10 000000fc`d91fda70 0x00000263`800014a7 16 000000fc`d91fda18 00007ff9`471842d9 0x000000fc`d91fda70 17 000000fc`d91fda20 00000000`00000000 JavaScriptCore!llint_entry+0x22f9d
Attachments
Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2025-01-07 22:39:00 PST
Not only Windows, but also Mac port is crashing. History: https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fnavigation%2Fforward-and-cancel.html Buildbot: builder Apple-Ventura-Debug-AppleSilicon-WK2-Tests build 7788 : 288518@main https://build.webkit.org/#/builders/704/builds/7788
Karl Rackler
Comment 2 2025-01-08 10:20:09 PST
I'll look into the macOS crashing and report back here.
Radar WebKit Bug Importer
Comment 3 2025-01-14 22:06:14 PST
<rdar://problem/142940302>
Fujii Hironori
Comment 4 2025-01-15 17:34:49 PST
*** This bug has been marked as a duplicate of bug 285627 ***
Note You need to log in before you can comment on or make changes to this bug.