Bug 244516

Summary:

REGRESSION (253762@main): [ macOS wk1 Debug ] fast/dom/lazy-image-loading-document-leak.html is a consistent crash under WebKit::WebStorageNamespaceProvider::copySessionStorageNamespace()

Product:

WebKit

Reporter:

Karl Rackler <rackler>

Component:

New Bugs

Assignee:

Sihui Liu <sihui_liu>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

sihui_liu, webkit-bot-watchers-bugzilla, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
symbolicated-log	none
test-list	none

Description Karl Rackler 2022-08-29 15:52:09 PDT

Description:
fast/dom/lazy-image-loading-document-leak.html

This test was consistently passing until 253762@main landed, and then the test began to crash consistently.

REPRODUCTION STEPS
I can reproduce this on 253762@main but cannot reproduce it on 253761@main or earlier.

Command: 
run-webkit-tests --debug -1 --exit-after-n-failures 1 --exit-after-n-crashes-or-timeouts 1 --iterations 50 -f --no-retry  --child-processes 1 --test-list <test list attached>

Result: 
Regressions: Unexpected crashes (1)
  fast/dom/lazy-image-loading-document-leak.html [ Crash ]

History:
https://results.webkit.org/?suite=layout-tests&test=fast%2Fdom%2Flazy-image-loading-document-leak.html&platform=mac&style=debug&flavor=wk1

Crash Log:
Thread 0 Crashed::   Dispatch queue: com.apple.main-thread
0   com.apple.WebKitLegacy        	       0x10a9a7400        WTF::HashTable<WebCore::SecurityOriginData, WTF::KeyValuePair<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > > >, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashMap<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> >, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashTraits<WebCore::SecurityOriginData>, WTF::HashTraits<WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WebCore::SecurityOriginData> >::keyCount() const
1   com.apple.WebKitLegacy        	       0x10a9a76b4        WTF::HashTable<WebCore::SecurityOriginData, WTF::KeyValuePair<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > > >, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashMap<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> >, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashTraits<WebCore::SecurityOriginData>, WTF::HashTraits<WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WebCore::SecurityOriginData> >::isEmpty() const
2   com.apple.WebKitLegacy        	       0x10a9a9a68        WTF::HashTable<WebCore::SecurityOriginData, WTF::KeyValuePair<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > > >, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashMap<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> >, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashTraits<WebCore::SecurityOriginData>, WTF::HashTraits<WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WebCore::SecurityOriginData> >::begin()
3   com.apple.WebKitLegacy        	       0x10a99f9e8        WTF::HashMap<WebCore::SecurityOriginData, WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> >, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashTraits<WebCore::SecurityOriginData>, WTF::HashTraits<WTF::RefPtr<WebCore::StorageNamespace, WTF::RawPtrTraits<WebCore::StorageNamespace>, WTF::DefaultRefDerefTraits<WebCore::StorageNamespace> > >, WTF::HashTableTraits>::begin()
4   com.apple.WebKitLegacy        	       0x10a99f760        WebKit::WebStorageNamespaceProvider::copySessionStorageNamespace(WebCore::Page&, WebCore::Page&)
5   com.apple.WebCore             	       0x12e4e3b50        WebCore::Chrome::createWindow(WebCore::Frame&, WebCore::WindowFeatures const&, WebCore::NavigationAction const&) const
6   com.apple.WebCore             	       0x12e3375f6        WebCore::createWindow(WebCore::Frame&, WebCore::Frame&, WebCore::FrameLoadRequest&&, WebCore::WindowFeatures&, bool&)
7   com.apple.WebCore             	       0x12e50b036        WebCore::DOMWindow::createWindow(WTF::String const&, WTF::AtomString const&, WebCore::WindowFeatures const&, WebCore::DOMWindow&, WebCore::Frame&, WebCore::Frame&, WTF::Function<void (WebCore::DOMWindow&)> const&)
8   com.apple.WebCore             	       0x12e50c39c        WebCore::DOMWindow::open(WebCore::DOMWindow&, WebCore::DOMWindow&, WTF::String const&, WTF::AtomString const&, WTF::String const&)
9   com.apple.WebCore             	       0x12a869440        WebCore::jsDOMWindowInstanceFunction_openBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*)
10  com.apple.WebCore             	       0x12a868c9e        long long WebCore::IDLOperation<WebCore::JSDOMWindow>::call<&(WebCore::jsDOMWindowInstanceFunction_openBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDOMWindow*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)

Comment 1 Radar WebKit Bug Importer 2022-08-29 15:52:27 PDT

<rdar://problem/99300132>

Comment 2 Karl Rackler 2022-08-29 15:56:48 PDT

Created attachment 461994 [details]
symbolicated-log

Comment 3 Karl Rackler 2022-08-29 15:57:14 PDT

Created attachment 461995 [details]
test-list

Comment 4 Alexey Proskuryakov 2022-08-29 17:24:51 PDT

*** Bug 244499 has been marked as a duplicate of this bug. ***

Comment 5 Alexey Proskuryakov 2022-08-29 17:25:03 PDT

*** Bug 244492 has been marked as a duplicate of this bug. ***

Comment 6 Sihui Liu 2022-08-29 22:21:59 PDT

Pull request: https://github.com/WebKit/WebKit/pull/3796

Comment 7 EWS 2022-08-30 07:49:59 PDT

Committed 253941@main (018d0e1fa829): <https://commits.webkit.org/253941@main>

Reviewed commits have been landed. Closing PR #3796 and removing active labels.

Comment 8 Karl Rackler 2022-08-30 09:46:36 PDT

Verified test passing consistently after landing 253941@main.