RESOLVED FIXED 244338
Test addition (250224@main): [ macOS wk1 Debug ] storage/domstorage/sessionstorage/window-open-remove-item.html is a consistent crash 
https://bugs.webkit.org/show_bug.cgi?id=244338
Summary Test addition (250224@main): [ macOS wk1 Debug ] storage/domstorage/sessionst...
Karl Rackler
Reported 2022-08-25 10:03:00 PDT
Description: storage/domstorage/sessionstorage/window-open-remove-item.html This test was added at 250224@main and has been a consistent crash since. REPRODUCTION STEPS I can reproduce this on <commit> but cannot reproduce it on <commit> or earlier. Command: run-webkit-tests --debug -1 --exit-after-n-failures 1 --exit-after-n-crashes-or-timeouts 1 --iterations 50 -f --no-retry storage/domstorage/sessionstorage/window-open-remove-item.html Result: Regressions: Unexpected crashes (1) storage/domstorage/sessionstorage/window-open-remove-item.html [ Crash ] History: https://results.webkit.org/?suite=layout-tests&test=storage%2Fdomstorage%2Fsessionstorage%2Fwindow-open-remove-item.html&platform=mac&flavor=wk1&limit=50000&style=debug Crash Log: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x11653910e WTFCrash 1 DumpRenderTree 0x102ba00fa WTFCrashWithInfo(int, char const*, char const*, int) 2 DumpRenderTree 0x102c762ba -[UIDelegate webView:createWebViewWithRequest:] 3 com.apple.WebKitLegacy 0x1073c9d8c objc_object* wtfObjCMsgSend<objc_object*, WebView*, objc_object*>(objc_object*, objc_selector*, WebView*, objc_object*) 4 com.apple.WebKitLegacy 0x1073c714a CallDelegate(WebView*, objc_object*, objc_selector*, objc_object*) 5 com.apple.WebKitLegacy 0x1073c70e4 CallUIDelegate(WebView*, objc_selector*, objc_object*)
Attachments
Crash Log (40.62 KB, text/plain)
2022-08-25 10:09 PDT, Karl Rackler 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-08-25 10:03:21 PDT
<rdar://problem/99143234>
Karl Rackler
Comment 2 2022-08-25 10:09:07 PDT
Created attachment 461859 [details] Crash Log
Karl Rackler
Comment 3 2022-08-25 10:09:59 PDT
I have marked this test as a consistent crash while this issue is investigated.
EWS
Comment 4 2022-08-25 11:00:53 PDT
Test gardening commit 253781@main (44592aa28081): <https://commits.webkit.org/253781@main> Reviewed commits have been landed. Closing PR #3657 and removing active labels.
Ryan Haddad
Comment 5 2022-08-25 12:55:28 PDT
ASSERTION FAILED: gTestRunner->waitToDump() /Volumes/Data/worker/Apple-BigSur-Debug-Build/build/Tools/DumpRenderTree/mac/UIDelegate.mm(179) : -[UIDelegate webView:createWebViewWithRequest:] 1 0x10aa25129 WTFCrash 2 0x10464efab WTFCrashWithInfo(int, char const*, char const*, int) 3 0x10474ca8e -[UIDelegate webView:createWebViewWithRequest:] 4 0x10926828d objc_object* wtfObjCMsgSend<objc_object*, WebView*, objc_object*>(objc_object*, objc_selector*, WebView*, objc_object*) 5 0x1092656ba CallDelegate(WebView*, objc_object*, objc_selector*, objc_object*) 6 0x109265655 CallUIDelegate(WebView*, objc_selector*, objc_object*) 7 0x10924b195 WebChromeClient::createWindow(WebCore::Frame&, WebCore::WindowFeatures const&, WebCore::NavigationAction const&) 8 0x134c11492 WebCore::Chrome::createWindow(WebCore::Frame&, WebCore::WindowFeatures const&, WebCore::NavigationAction const&) const 9 0x134a59a80 WebCore::createWindow(WebCore::Frame&, WebCore::Frame&, WebCore::FrameLoadRequest&&, WebCore::WindowFeatures&, bool&) 10 0x134c39bde WebCore::DOMWindow::createWindow(WTF::String const&, WTF::AtomString const&, WebCore::WindowFeatures const&, WebCore::DOMWindow&, WebCore::Frame&, WebCore::Frame&, WTF::Function<void (WebCore::DOMWindow&)> const&) 11 0x134c3afbf WebCore::DOMWindow::open(WebCore::DOMWindow&, WebCore::DOMWindow&, WTF::String const&, WTF::AtomString const&, WTF::String const&) 12 0x130e2b159 WebCore::jsDOMWindowInstanceFunction_openBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*) 13 0x130e2a9aa long long WebCore::IDLOperation<WebCore::JSDOMWindow>::call<&(WebCore::jsDOMWindowInstanceFunction_openBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) 14 0x130e28a04 WebCore::jsDOMWindowInstanceFunction_open(JSC::JSGlobalObject*, JSC::CallFrame*) 15 0x3a329820c038 16 0x10b1736a4 llint_entry 17 0x10b14f1a0 vmEntryToJavaScript
Chris Dumez
Comment 6 2022-08-25 13:12:40 PDT
The fix is trivial, just call window.open() in the load event handler.
Chris Dumez
Comment 7 2022-08-25 15:05:19 PDT
Pull request: https://github.com/WebKit/WebKit/pull/3657
Chris Dumez
Comment 8 2022-08-25 15:09:00 PDT
Pull request: https://github.com/WebKit/WebKit/pull/3678
EWS
Comment 9 2022-08-25 22:52:08 PDT
Committed 253806@main (118ff24f776c): <https://commits.webkit.org/253806@main> Reviewed commits have been landed. Closing PR #3678 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.