[Webkit-unassigned] [Bug 265403] New: REGRESSION (270359 at main): [ macOS wk1 ] ASSERTION FAILED: ownerDocument->loader() /Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/Source/WebCore/bindings/js/ScriptController.cpp

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 27 13:56:01 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=265403

            Bug ID: 265403
           Summary: REGRESSION (270359 at main): [ macOS wk1 ] ASSERTION
                    FAILED: ownerDocument->loader()
                    /Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/So
                    urce/WebCore/bindings/js/ScriptController.cpp
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: darbinyan at apple.com

Description:
http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url.html is constantly crashing on macOS Debug and timeout on macOS Release since 270359 at main.

This issue can be bisected to 270359 at main using the command: 
run-webkit-tests --release --iterations=1 http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url.html 

History:
https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fsecurity%2Fxss-DENIED-synchronous-frame-load-in-javascript-url.html&flavor=wk1

Crash Log:
ASSERTION FAILED: ownerDocument->loader()
/Volumes/Data/worker/Apple-Sonoma-Debug-Build/build/Source/WebCore/bindings/js/ScriptController.cpp(861) : void WebCore::ScriptController::executeJavaScriptURL(const URL &, RefPtr<SecurityOrigin>, ShouldReplaceDocumentIfJavaScriptURL, bool &)
1   0x11927c948 WTFCrash
2   0x124e3d2f0 WebCore::BaseAudioContext::isGraphOwner() const
3   0x12544e3bc WebCore::ScriptController::executeJavaScriptURL(WTF::URL const&, WTF::RefPtr<WebCore::SecurityOrigin, WTF::RawPtrTraits<WebCore::SecurityOrigin>, WTF::DefaultRefDerefTraits<WebCore::SecurityOrigin>>, WebCore::ShouldReplaceDocumentIfJavaScriptURL, bool&)
4   0x126934434 WebCore::FrameLoader::executeJavaScriptURL(WTF::URL const&, WebCore::NavigationAction const&)
5   0x126932fac WebCore::FrameLoader::loadWithNavigationAction(WebCore::ResourceRequest const&, WebCore::NavigationAction&&, WebCore::FrameLoadType, WTF::RefPtr<WebCore::FormState, WTF::RawPtrTraits<WebCore::FormState>, WTF::DefaultRefDerefTraits<WebCore::FormState>>&&, WebCore::AllowNavigationToInvalidURL, WebCore::ShouldTreatAsContinuingLoad, WTF::CompletionHandler<void ()>&&)
6   0x12692efa8 WebCore::FrameLoader::loadURL(WebCore::FrameLoadRequest&&, WTF::String const&, WebCore::FrameLoadType, WebCore::Event*, WTF::RefPtr<WebCore::FormState, WTF::RawPtrTraits<WebCore::FormState>, WTF::DefaultRefDerefTraits<WebCore::FormState>>&&, std::__1::optional<WebCore::PrivateClickMeasurement>&&, WTF::CompletionHandler<void ()>&&)
7   0x126928dbc WebCore::FrameLoader::loadFrameRequest(WebCore::FrameLoadRequest&&, WebCore::Event*, WTF::RefPtr<WebCore::FormState, WTF::RawPtrTraits<WebCore::FormState>, WTF::DefaultRefDerefTraits<WebCore::FormState>>&&, std::__1::optional<WebCore::PrivateClickMeasurement>&&)
8   0x126928648 WebCore::FrameLoader::changeLocation(WebCore::FrameLoadRequest&&, WebCore::Event*, std::__1::optional<WebCore::PrivateClickMeasurement>&&)
9   0x126b7ec60 WebCore::LocalFrame::changeLocation(WebCore::FrameLoadRequest&&)
10  0x1269972f8 WebCore::ScheduledLocationChange::fire(WebCore::Frame&)
11  0x12698c804 WebCore::NavigationScheduler::timerFired()
12  0x12699d564 decltype(*std::declval<WebCore::NavigationScheduler*&>().*std::declval<void (WebCore::NavigationScheduler::*&)()>()()) std::__1::__invoke[abi:v160006]<void (WebCore::NavigationScheduler::*&)(), WebCore::NavigationScheduler*&, void>(void (WebCore::NavigationScheduler::*&)(), WebCore::NavigationScheduler*&)
13  0x12699d4e4 std::__1::__bind_return<void (WebCore::NavigationScheduler::*)(), std::__1::tuple<WebCore::NavigationScheduler*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::NavigationScheduler::*)(), std::__1::tuple<WebCore::NavigationScheduler*>, std::__1::tuple<>>::value>::type std::__1::__apply_functor[abi:v160006]<void (WebCore::NavigationScheduler::*)(), std::__1::tuple<WebCore::NavigationScheduler*>, 0ul, std::__1::tuple<>>(void (WebCore::NavigationScheduler::*&)(), std::__1::tuple<WebCore::NavigationScheduler*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&)
14  0x12699d49c std::__1::__bind_return<void (WebCore::NavigationScheduler::*)(), std::__1::tuple<WebCore::NavigationScheduler*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::NavigationScheduler::*)(), std::__1::tuple<WebCore::NavigationScheduler*>, std::__1::tuple<>>::value>::type std::__1::__bind<void (WebCore::NavigationScheduler::*&)(), WebCore::NavigationScheduler*>::operator()[abi:v160006]<>()
15  0x12699d440 WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::NavigationScheduler::*&)(), WebCore::NavigationScheduler*>, void>::call()
16  0x1222c8b78 WTF::Function<void ()>::operator()() const
17  0x125373694 WebCore::Timer::fired()
18  0x126e761a8 WebCore::ThreadTimers::sharedTimerFiredInternal()
19  0x126e7e258 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
20  0x126e7e204 WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call()
21  0x1222c8b78 WTF::Function<void ()>::operator()() const
22  0x126e26208 WebCore::MainThreadSharedTimer::fired()
23  0x126f09310 WebCore::timerFired(__CFRunLoopTimer*, void*)
24  0x19084dcd0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__
25  0x19084d978 __CFRunLoopDoTimer
26  0x19084d4b0 __CFRunLoopDoTimers
27  0x1908309f4 __CFRunLoopRun
28  0x19082fc5c CFRunLoopRunSpecific
29  0x1042977e8 runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>> const&)
30  0x104296b68 runTestingServerLoop()
31  0x1042961d8 dumpRenderTree(int, char const**)


Link:
https://build.webkit.org/results/Apple-Sonoma-Debug-AppleSilicon-WK1-Tests/271143@main%20(719)/http/tests/security/xss-DENIED-synchronous-frame-load-in-javascript-url-sample.txt

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231127/ea2569d9/attachment-0001.htm>

More information about the webkit-unassigned mailing list