RESOLVED FIXED 221783
ASSERTION FAILED: m_state == State::Committed in WebKit::FrameLoadState::didFailLoad() 
https://bugs.webkit.org/show_bug.cgi?id=221783
Summary ASSERTION FAILED: m_state == State::Committed in WebKit::FrameLoadState::didF...
Ryan Haddad
Reported 2021-02-11 16:56:53 PST
loader/change-src-during-iframe-load-crash.html is a flaky crash on macOS debug WK2 bots with the following assertion failure: ASSERTION FAILED: m_state == State::Committed /Volumes/Data/slave/bigsur-debug/build/Source/WebKit/UIProcess/FrameLoadState.cpp(102) : void WebKit::FrameLoadState::didFailLoad() 1 0x101952d69 WTFCrash 2 0x10a71415b WTFCrashWithInfo(int, char const*, char const*, int) 3 0x10b97aaf7 WebKit::FrameLoadState::didFailLoad() 4 0x10bb4c6ee WebKit::WebFrameProxy::didFailLoad() 5 0x10bb834e5 WebKit::WebPageProxy::didFailLoadForFrame(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&) 6 0x10c875837 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) 7 0x10c872690 void IPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul> >(std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>&&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)) 8 0x10c84379e void IPC::handleMessage<Messages::WebPageProxy::DidFailLoadForFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)>(IPC::Decoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)) 9 0x10c83c718 WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 10 0x10ac03e01 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) 11 0x10b9761ee WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) 12 0x10bcbb33f WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) 13 0x10a7939c4 IPC::Connection::dispatchMessage(IPC::Decoder&) 14 0x10a794ae0 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) 15 0x10a7929e1 IPC::Connection::dispatchIncomingMessages() 16 0x10a7b5b42 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_8::operator()() 17 0x10a7b5a6e WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_8, void>::call() 18 0x10197e592 WTF::Function<void ()>::operator()() const 19 0x101a00565 WTF::RunLoop::performWork() 20 0x101a04e01 WTF::RunLoop::performWork(void*) 21 0x7fff20460a0c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 22 0x7fff20460974 __CFRunLoopDoSource0 23 0x7fff204606ef __CFRunLoopDoSources0 24 0x7fff2045f121 __CFRunLoopRun 25 0x7fff2045e6ce CFRunLoopRunSpecific 26 0x7fff211ebfa1 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 27 0x1013d2a7e WTR::TestController::platformRunUntil(bool&, WTF::Seconds) 28 0x10138b30f WTR::TestController::runUntil(bool&, WTF::Seconds) 29 0x101392493 WTR::TestController::resetStateToConsistentValues(WTR::TestOptions const&, WTR::TestController::ResetStage)::$_3::operator()() const 30 0x101390d9b WTR::TestController::resetStateToConsistentValues(WTR::TestOptions const&, WTR::TestController::ResetStage) 31 0x1013fc957 WTR::TestInvocation::invoke() https://results.webkit.org/?suite=layout-tests&test=loader%2Fchange-src-during-iframe-load-crash.html
Attachments
Patch (7.49 KB, patch)
2021-02-19 12:41 PST, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (5.00 KB, patch)
2021-03-15 18:35 PDT, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (5.61 KB, patch)
2021-03-15 20:14 PDT, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Patch (5.75 KB, patch)
2021-03-16 11:16 PDT, Julian Gonzalez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-02-11 16:57:51 PST
<rdar://problem/74257153>
Ryan Haddad
Comment 2 2021-02-11 16:58:34 PST
It looks like this may have started after https://trac.webkit.org/changeset/272396/webkit landed
Julian Gonzalez
Comment 3 2021-02-12 11:12:57 PST
https://trac.webkit.org/changeset/272396/webkit introduced this test - looks like in Debug mode, a followup change is required.
Ryosuke Niwa
Comment 4 2021-02-18 15:58:24 PST
It's actually the test introduced in https://trac.webkit.org/changeset/254662/webkit.
Ryosuke Niwa
Comment 5 2021-02-18 16:15:39 PST
Skipped the test on debug bots in https://commits.webkit.org/r273110 for now.
Ryosuke Niwa
Comment 6 2021-02-18 16:17:04 PST
Committed r273110 (234307@main): <https://commits.webkit.org/234307@main>
Julian Gonzalez
Comment 7 2021-02-19 12:41:02 PST
Created attachment 421014 [details] Patch
Julian Gonzalez
Comment 8 2021-02-19 12:41:42 PST
Added a patch to get a specific callstack (this isn't reproducible for me locally, but EWS can hit it).
Robert Jenner
Comment 9 2021-03-12 09:07:54 PST
*** Bug 222819 has been marked as a duplicate of this bug. ***
Julian Gonzalez
Comment 10 2021-03-15 18:35:59 PDT
Created attachment 423277 [details] Patch
Ryosuke Niwa
Comment 11 2021-03-15 18:39:31 PDT
Comment on attachment 423277 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423277&action=review > Source/WebCore/editing/FrameSelection.cpp:184 > - setCaretVisibility(activeAndFocused ? Visible : Hidden); > + setCaretVisibility(activeAndFocused ? Visible : Hidden, false); Please add new enum class maybe something like: ShouldUpdateAppearance { Yes, No }
Chris Dumez
Comment 12 2021-03-15 18:54:48 PDT
Comment on attachment 423277 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423277&action=review >> Source/WebCore/editing/FrameSelection.cpp:184 >> + setCaretVisibility(activeAndFocused ? Visible : Hidden, false); > > Please add new enum class maybe something like: ShouldUpdateAppearance { Yes, No } Or preferably: enum class ShouldUpdateAppearance : bool { No, Yes } (using bool underlying type and 0 meaning No, not Yes).
Julian Gonzalez
Comment 13 2021-03-15 20:14:51 PDT
Created attachment 423289 [details] Patch
Ryosuke Niwa
Comment 14 2021-03-15 20:33:03 PDT
Comment on attachment 423289 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423289&action=review > Source/WebCore/editing/FrameSelection.h:302 > + enum ShouldUpdateAppearance : bool { No, Yes }; Please use enum class, not enum. Otherwise, there will be implicit type coercion between this type and bool, and No/Yes will pollute the namespace within FrameSelection.
Julian Gonzalez
Comment 15 2021-03-16 11:16:22 PDT
Created attachment 423364 [details] Patch
EWS
Comment 16 2021-03-16 15:45:05 PDT
Committed r274526: <https://commits.webkit.org/r274526> All reviewed patches have been landed. Closing bug and clearing flags on attachment 423364 [details].
Note You need to log in before you can comment on or make changes to this bug.