Bug 255665

Summary: Assertion failure in createWebViewWithRequest when running imported/w3c/web-platform-tests/shadow-dom/crashtests/move-to-new-tree-1343016.html
Product: WebKit Reporter: Bri Harris <bharris9>
Component: New BugsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: rniwa, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   

Description Bri Harris 2023-04-19 11:11:38 PDT 
imported/w3c/web-platform-tests/shadow-dom/crashtests/move-to-new-tree-1343016.html 

is a constant crash on macOS Debug affecting WK1 only. 


HISTORY:

https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fshadow-dom%2Fcrashtests%2Fmove-to-new-tree-1343016.html


STDERR TEXT:
ASSERTION FAILED: gTestRunner->waitToDump()
/Volumes/Data/worker/Apple-Ventura-Debug-Build/build/Tools/DumpRenderTree/mac/UIDelegate.mm(179) : -[UIDelegate webView:createWebViewWithRequest:]
1   0x115cf04f9 WTFCrash
2   0x100755ceb WTFCrashWithInfo(int, char const*, char const*, int)
3   0x10082c5cb -[UIDelegate webView:createWebViewWithRequest:]
4   0x1044fa56d objc_object* wtfObjCMsgSend<objc_object*, WebView*, objc_object*>(objc_object*, objc_selector*, WebView*, objc_object*)
5   0x1044f792a CallDelegate(WebView*, objc_object*, objc_selector*, objc_object*)
6   0x1044f78c5 CallUIDelegate(WebView*, objc_selector*, objc_object*)
7   0x1044e0739 WebChromeClient::createWindow(WebCore::LocalFrame&, WebCore::WindowFeatures const&, WebCore::NavigationAction const&)
8   0x122d990ee WebCore::Chrome::createWindow(WebCore::LocalFrame&, WebCore::WindowFeatures const&, WebCore::NavigationAction const&)
9   0x122c19575 WebCore::createWindow(WebCore::LocalFrame&, WebCore::LocalFrame&, WebCore::FrameLoadRequest&&, WebCore::WindowFeatures&, bool&)
10  0x122e3067f WebCore::LocalDOMWindow::createWindow(WTF::String const&, WTF::AtomString const&, WebCore::WindowFeatures const&, WebCore::LocalDOMWindow&, WebCore::LocalFrame&, WebCore::LocalFrame&, WTF::Function<void (WebCore::LocalDOMWindow&)> const&)
11  0x122e31a6d WebCore::LocalDOMWindow::open(WebCore::LocalDOMWindow&, WebCore::LocalDOMWindow&, WTF::String const&, WTF::AtomString const&, WTF::String const&)
12  0x11fcd205b WebCore::jsLocalDOMWindowInstanceFunction_openBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSLocalDOMWindow*)
13  0x11fcd18ee long long WebCore::IDLOperation<WebCore::JSLocalDOMWindow>::call<&WebCore::jsLocalDOMWindowInstanceFunction_openBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSLocalDOMWindow*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
14  0x11fccf974 WebCore::jsLocalDOMWindowInstanceFunction_open(JSC::JSGlobalObject*, JSC::CallFrame*)
15  0x53df7b6141b8 (null)
16  0x1163f625c llint_entry
17  0x53df7b725920 (null)
18  0x1163d1d1d vmEntryToJavaScript
19  0x1174d55eb JSC::Interpreter::executeCallImpl(JSC::VM&, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
20  0x1174d56f0 JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
21  0x11777647d JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
22  0x117776735 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
23  0x1179cf93a JSC::runJSMicrotask(JSC::JSGlobalObject*, WTF::ObjectIdentifierGeneric<JSC::MicrotaskIdentifierType, WTF::ObjectIdentifierThreadSafeAccessTraits>, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue, JSC::JSValue)
24  0x1179cfa8f JSC::JSMicrotask::run(JSC::JSGlobalObject*)
25  0x1218e5f5b WebCore::JSExecState::runTask(JSC::JSGlobalObject*, JSC::Microtask&)
26  0x1218e5e8e WebCore::JSMicrotaskCallback::call()
27  0x1218e5cdb WebCore::JSDOMWindowBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask>>&&)::$_47::operator()()
28  0x1218e5c19 WTF::Detail::CallableWrapper<WebCore::JSDOMWindowBase::queueMicrotaskToEventLoop(JSC::JSGlobalObject&, WTF::Ref<JSC::Microtask, WTF::RawPtrTraits<JSC::Microtask>>&&)::$_47, void>::call()
29  0x11e9bdad2 WTF::Function<void ()>::operator()() const
30  0x122175f19 WebCore::EventLoopFunctionDispatchTask::execute()
31  0x1221d0701 WebCore::MicrotaskQueue::performMicrotaskCheckpoint()
Comment 1 Radar WebKit Bug Importer 2023-04-19 11:14:10 PDT 
<rdar://problem/108270445>
Comment 2 Bri Harris 2023-04-19 11:38:10 PDT 
This test appears to have been consistently crashing on Debug since introduced. However, it didn’t become consistent on Ventura until commit 262667@main.


I was able to replicate this crash on Ventura ToT as follows:

Run-webkit-tests —root imported/w3c/web-platform-tests/shadow-dom/crashtests/move-to-new-tree-1343016.html -1
Comment 3 Bri Harris 2023-04-19 12:15:09 PDT 
Pull request: https://github.com/apple/WebKit/pull/555
Comment 4 Ryosuke Niwa 2023-04-19 15:03:50 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/12939
Comment 5 EWS 2023-04-19 17:04:28 PDT 
Committed 263156@main (02cdac5e4084): <https://commits.webkit.org/263156@main>

Reviewed commits have been landed. Closing PR #12939 and removing active labels.