loader/change-src-during-iframe-load-crash.html is a flaky crash on macOS debug WK2 bots with the following assertion failure: ASSERTION FAILED: m_state == State::Committed /Volumes/Data/slave/bigsur-debug/build/Source/WebKit/UIProcess/FrameLoadState.cpp(102) : void WebKit::FrameLoadState::didFailLoad() 1 0x101952d69 WTFCrash 2 0x10a71415b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x10b97aaf7 WebKit::FrameLoadState::didFailLoad() 4 0x10bb4c6ee WebKit::WebFrameProxy::didFailLoad() 5 0x10bb834e5 WebKit::WebPageProxy::didFailLoadForFrame(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&) 6 0x10c875837 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) 7 0x10c872690 void IPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul> >(std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>&&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)) 8 0x10c84379e void IPC::handleMessage<Messages::WebPageProxy::DidFailLoadForFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)>(IPC::Decoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)) 9 0x10c83c718 WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 10 0x10ac03e01 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) 11 0x10b9761ee WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) 12 0x10bcbb33f WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 13 0x10a7939c4 IPC::Connection::dispatchMessage(IPC::Decoder&) 14 0x10a794ae0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 15 0x10a7929e1 IPC::Connection::dispatchIncomingMessages() 16 0x10a7b5b42 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_8::operator()() 17 0x10a7b5a6e WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_8, void>::call() 18 0x10197e592 WTF::Function<void ()>::operator()() const 19 0x101a00565 WTF::RunLoop::performWork() 20 0x101a04e01 WTF::RunLoop::performWork(void*) 21 0x7fff20460a0c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 22 0x7fff20460974 __CFRunLoopDoSource0 23 0x7fff204606ef __CFRunLoopDoSources0 24 0x7fff2045f121 __CFRunLoopRun 25 0x7fff2045e6ce CFRunLoopRunSpecific 26 0x7fff211ebfa1 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 27 0x1013d2a7e WTR::TestController::platformRunUntil(bool&, WTF::Seconds) 28 0x10138b30f WTR::TestController::runUntil(bool&, WTF::Seconds) 29 0x101392493 WTR::TestController::resetStateToConsistentValues(WTR::TestOptions const&, WTR::TestController::ResetStage)::$_3::operator()() const 30 0x101390d9b WTR::TestController::resetStateToConsistentValues(WTR::TestOptions const&, WTR::TestController::ResetStage) 31 0x1013fc957 WTR::TestInvocation::invoke() https://results.webkit.org/?suite=layout-tests&test=loader%2Fchange-src-during-iframe-load-crash.html
<rdar://problem/74257153>
It looks like this may have started after https://trac.webkit.org/changeset/272396/webkit landed
https://trac.webkit.org/changeset/272396/webkit introduced this test - looks like in Debug mode, a followup change is required.
It's actually the test introduced in https://trac.webkit.org/changeset/254662/webkit.
Skipped the test on debug bots in https://commits.webkit.org/r273110 for now.
Committed r273110 (234307@main): <https://commits.webkit.org/234307@main>
Created attachment 421014 [details] Patch
Added a patch to get a specific callstack (this isn't reproducible for me locally, but EWS can hit it).
*** Bug 222819 has been marked as a duplicate of this bug. ***
Created attachment 423277 [details] Patch
Comment on attachment 423277 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423277&action=review > Source/WebCore/editing/FrameSelection.cpp:184 > - setCaretVisibility(activeAndFocused ? Visible : Hidden); > + setCaretVisibility(activeAndFocused ? Visible : Hidden, false); Please add new enum class maybe something like: ShouldUpdateAppearance { Yes, No }
Comment on attachment 423277 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423277&action=review >> Source/WebCore/editing/FrameSelection.cpp:184 >> + setCaretVisibility(activeAndFocused ? Visible : Hidden, false); > > Please add new enum class maybe something like: ShouldUpdateAppearance { Yes, No } Or preferably: enum class ShouldUpdateAppearance : bool { No, Yes } (using bool underlying type and 0 meaning No, not Yes).
Created attachment 423289 [details] Patch
Comment on attachment 423289 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423289&action=review > Source/WebCore/editing/FrameSelection.h:302 > + enum ShouldUpdateAppearance : bool { No, Yes }; Please use enum class, not enum. Otherwise, there will be implicit type coercion between this type and bool, and No/Yes will pollute the namespace within FrameSelection.
Created attachment 423364 [details] Patch
Committed r274526: <https://commits.webkit.org/r274526> All reviewed patches have been landed. Closing bug and clearing flags on attachment 423364 [details].