NEW300402
REGRESSION: Crash in Navigation::initializeForNewWindow 
https://bugs.webkit.org/show_bug.cgi?id=300402
Summary REGRESSION: Crash in Navigation::initializeForNewWindow
Yury Semikhatsky
Reported 2025-10-08 12:35:33 PDT
After rolling WebKit with https://commits.webkit.org/299927@main and https://commits.webkit.org/299858@main into Playwright we see the following crash when page is reloaded:
Attachments
Add attachment proposed patch, testcase, etc.
Yury Semikhatsky
Comment 1 2025-10-08 12:36:10 PDT
* thread #1, name = 'WebKitWebProces', stop reason = signal SIGABRT * frame #0: 0x00007f09b86969fc libc.so.6`__GI___pthread_kill [inlined] __pthread_kill_implementation(no_tid=0, signo=6, threadid=139679660424064) at pthread_kill.c:44:76 frame #1: 0x00007f09b86969b0 libc.so.6`__GI___pthread_kill [inlined] __pthread_kill_internal(signo=6, threadid=139679660424064) at pthread_kill.c:78:10 frame #2: 0x00007f09b86969b0 libc.so.6`__GI___pthread_kill(threadid=139679660424064, signo=6) at pthread_kill.c:89:10 frame #3: 0x00007f09b8642476 libc.so.6`__GI_raise(sig=6) at raise.c:26:13 frame #4: 0x00007f09b86287f3 libc.so.6`__GI_abort at abort.c:79:7 frame #5: 0x00007f09b8ad836f libstdc++.so.6`std::__glibcxx_assert_fail(char const*, int, char const*, char const*) + 111 frame #6: 0x00007f09c13b0bb2 libwebkitgtk-6.0.so.4`WebCore::Navigation::initializeForNewWindow(std::optional<WebCore::NavigationNavigationType>, WebCore::LocalDOMWindow*) + 1890 frame #7: 0x00007f09c123faaf libwebkitgtk-6.0.so.4`WebCore::FrameLoader::didBeginDocument(bool, WebCore::LocalDOMWindow*) + 2751 frame #8: 0x00007f09c121e5a8 libwebkitgtk-6.0.so.4`WebCore::DocumentWriter::begin(WTF::URL const&, bool, WebCore::Document*, std::optional<WebCore::ProcessQualified<WTF::UUID>>, WebCore::NavigationAction const*) + 2552 frame #9: 0x00007f09c1215bb9 libwebkitgtk-6.0.so.4`WebCore::DocumentLoader::commitData(WebCore::SharedBuffer const&) + 297 frame #10: 0x00007f09bf7b43c8 libwebkitgtk-6.0.so.4`WebKit::WebLocalFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, WebCore::SharedBuffer const&) + 24 frame #11: 0x00007f09c121da89 libwebkitgtk-6.0.so.4`WebCore::DocumentLoader::commitLoad(WebCore::SharedBuffer const&) + 281 frame #12: 0x00007f09c12bdb6f libwebkitgtk-6.0.so.4`WebCore::CachedRawResource::notifyClientsDataWasReceived(WebCore::SharedBuffer const&) + 223 frame #13: 0x00007f09c12bd7a6 libwebkitgtk-6.0.so.4`WebCore::CachedRawResource::updateBuffer(WebCore::FragmentedSharedBuffer const&) + 390 frame #14: 0x00007f09c12a22ce libwebkitgtk-6.0.so.4`WebCore::SubresourceLoader::didReceiveBuffer(WebCore::FragmentedSharedBuffer const&, long long, WebCore::DataPayloadType) + 174 frame #15: 0x00007f09bf727edb libwebkitgtk-6.0.so.4`WebKit::WebResourceLoader::didReceiveData(IPC::SharedBufferReference&&, unsigned long) + 379 frame #16: 0x00007f09beed9a4e libwebkitgtk-6.0.so.4`WebKit::WebResourceLoader::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 142 frame #17: 0x00007f09bf7163d6 libwebkitgtk-6.0.so.4`WebKit::NetworkProcessConnection::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 646 frame #18: 0x00007f09beed82be libwebkitgtk-6.0.so.4`WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 574 frame #19: 0x00007f09bf2f983e libwebkitgtk-6.0.so.4`IPC::Connection::dispatchMessage(IPC::Decoder&) + 94 frame #20: 0x00007f09bf2f9b25 libwebkitgtk-6.0.so.4`IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) + 277 frame #21: 0x00007f09bf2f9c61 libwebkitgtk-6.0.so.4`IPC::Connection::dispatchOneIncomingMessage() + 161 frame #22: 0x00007f09bcab2445 libjavascriptcoregtk-6.0.so.1`WTF::RunLoop::performWork() + 549 frame #23: 0x00007f09bcb6ef26 libjavascriptcoregtk-6.0.so.1`WTF::RunLoop::RunLoop()::$_0::__invoke(void*) + 6 frame #24: 0x00007f09bcb6e28a libjavascriptcoregtk-6.0.so.1`WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*) + 74 frame #25: 0x00007f09bd1f3c44 libglib-2.0.so.0`g_main_context_dispatch + 372 frame #26: 0x00007f09bd2492b8 libglib-2.0.so.0`___lldb_unnamed_symbol2709 + 488 frame #27: 0x00007f09bd1f32b3 libglib-2.0.so.0`g_main_loop_run + 115 frame #28: 0x00007f09bcb6e7b3 libjavascriptcoregtk-6.0.so.1`WTF::RunLoop::run() + 243 frame #29: 0x00007f09bf84ea23 libwebkitgtk-6.0.so.4`WebKit::WebProcessMain(int, char**) + 179 frame #30: 0x00007f09b8629d90 libc.so.6`__libc_start_call_main(main=(WebKitWebProcess`main), argc=3, argv=0x00007fff6bb60218) at libc_start_call_main.h:58:16 frame #31: 0x00007f09b8629e40 libc.so.6`__libc_start_main_impl(main=(WebKitWebProcess`main), argc=3, argv=0x00007fff6bb60218, init=<unavailable>, fini=<unavailable>, rtld_fini=<unavailable>, stack_end=0x00007fff6bb60208) at libc-start.c:392:3 frame #32: 0x000056a784adf075 WebKitWebProcess`_start + 37 It happens because previousNavigation->m_currentEntryIndex is a nullopt at this line https://github.com/WebKit/WebKit/blob/75aed5e343cdfbd4713ff3267d7476a9b884648c/Source/WebCore/page/Navigation.cpp#L145
Yury Semikhatsky
Comment 2 2025-10-08 12:37:25 PDT
Original report https://github.com/microsoft/playwright/issues/37766, can be reproduced with the following playwright test: https://gist.github.com/mirao/707670c2378576f940c518b6e85b0794 (I'm getting 403 Forbidden when trying to add its code to this bug inline).
Radar WebKit Bug Importer
Comment 3 2025-10-08 14:00:01 PDT
<rdar://problem/162229228>
Diego Pino
Comment 4 2025-10-08 22:34:47 PDT
Pull request: https://github.com/WebKit/WebKit/pull/52049
Note You need to log in before you can comment on or make changes to this bug.