222819 – REGRESSION: [ macOS Debug wk2 ] ASSERTION FAILED: m_state == State::Committed in WebKit::FrameLoadState::didFailLoad()

Bug 222819 - REGRESSION: [ macOS Debug wk2 ] ASSERTION FAILED: m_state == State::Committed in WebKit::FrameLoadState::didFailLoad()

Summary: REGRESSION: [ macOS Debug wk2 ] ASSERTION FAILED: m_state == State::Committed...

Status:	RESOLVED DUPLICATE of bug 221783

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-03-05 13:25 PST by Robert Jenner
Modified:	2021-03-12 09:07 PST (History)
CC List:	4 users (show)

See Also:	221783

Attachments
Full-crashlog for loader/go-back-cached-main-resource.html (105.20 KB, text/plain) 2021-03-05 13:27 PST, Robert Jenner	no flags	Details
222819-testlist (402.32 KB, text/plain) 2021-03-05 15:26 PST, Robert Jenner	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Jenner 2021-03-05 13:25:37 PST

loader/go-back-cached-main-resource.html

is flakey crashing in macOS Catalina and BigSur Debug in wk2. 

HISTORY URL:
https://results.webkit.org/?suite=layout-tests&test=loader%2Fgo-back-cached-main-resource.html&platform=mac

CRASHLOG TEXT:
Process:               WebKitTestRunner [49693]
Path:                  /Volumes/VOLUME/*/WebKitTestRunner
Identifier:            WebKitTestRunner
Version:               0
Code Type:             X86-64 (Native)
Parent Process:        Python [41329]
Responsible:           bash [468]
User ID:               501

Date/Time:             2021-03-05 12:16:57.074 -0800
OS Version:            macOS 11.1 (20C69)
Report Version:        12
Bridge OS Version:     5.1 (18P3030)
Anonymous UUID:        3B4C700E-851B-8578-98A3-75555DE207E4


Time Awake Since Boot: 280000 seconds

System Integrity Protection: enabled

Crashed Thread:        0

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [49693]

VM Regions Near 0xbbadbeef:
--> 
    __TEXT                      10faed000-10fc6d000    [ 1536K] r-x/r-x SM=COW  /Volumes/*

Application Specific Information:
CRASHING TEST: loader/cancel-load-crash.html

Thread 0 Crashed:
0   com.apple.JavaScriptCore      	0x000000011012018e WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebKit              	0x000000011ccf3dcb WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671)
2   com.apple.WebKit              	0x000000011dfbcf37 WebKit::FrameLoadState::didFailLoad() + 103 (FrameLoadState.cpp:102)
3   com.apple.WebKit              	0x000000011e1a393e WebKit::WebFrameProxy::didFailLoad() + 30 (WebFrameProxy.cpp:182)
4   com.apple.WebKit              	0x000000011e1da629 WebKit::WebPageProxy::didFailLoadForFrame(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&) + 969 (WebPageProxy.cpp:4861)
5   com.apple.WebKit              	0x000000011ef43917 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul>) + 295 (HandleMessage.h:43)
6   com.apple.WebKit              	0x000000011ef40770 void IPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul> >(std::__1::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::ResourceRequest, unsigned long long, WebCore::ResourceError, WebKit::UserData>&&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)) + 112 (HandleMessage.h:49)
7   com.apple.WebKit              	0x000000011ef11a7e void IPC::handleMessage<Messages::WebPageProxy::DidFailLoadForFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)>(IPC::Decoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, unsigned long long, WebCore::ResourceError const&, WebKit::UserData const&)) + 190 (HandleMessage.h:121)
8   com.apple.WebKit              	0x000000011ef0ab38 WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 6632 (WebPageProxyMessageReceiver.cpp:1184)
9   com.apple.WebKit              	0x000000011d1fd511 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 305 (MessageReceiverMap.cpp:123)
10  com.apple.WebKit              	0x000000011dfb862e WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 46 (AuxiliaryProcessProxy.cpp:221)
11  com.apple.WebKit              	0x000000011e31c44f WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 47 (WebProcessProxy.cpp:819)
12  com.apple.WebKit              	0x000000011cd73cb4 IPC::Connection::dispatchMessage(IPC::Decoder&) + 516 (Connection.cpp:1010)
13  com.apple.WebKit              	0x000000011cd7447c IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 636 (Connection.cpp:1055)
14  com.apple.WebKit              	0x000000011cd72c61 IPC::Connection::dispatchIncomingMessages() + 913 (Connection.cpp:1159)
15  com.apple.WebKit              	0x000000011cd93752 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_9::operator()() + 66 (Connection.cpp:977)
16  com.apple.WebKit              	0x000000011cd9367e WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_9, void>::call() + 30 (Function.h:52)
17  com.apple.JavaScriptCore      	0x000000011014b682 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
18  com.apple.JavaScriptCore      	0x00000001101cd935 WTF::RunLoop::performWork() + 341 (RunLoop.cpp:128)
19  com.apple.JavaScriptCore      	0x00000001101d21f1 WTF::RunLoop::performWork(void*) + 33 (RunLoopCF.cpp:46)
20  com.apple.CoreFoundation      	0x00007fff2046da0c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
21  com.apple.CoreFoundation      	0x00007fff2046d974 __CFRunLoopDoSource0 + 180
22  com.apple.CoreFoundation      	0x00007fff2046d6ef __CFRunLoopDoSources0 + 248
23  com.apple.CoreFoundation      	0x00007fff2046c121 __CFRunLoopRun + 890
24  com.apple.CoreFoundation      	0x00007fff2046b6ce CFRunLoopRunSpecific + 563
25  com.apple.Foundation          	0x00007fff211f8fa1 0x7fff21199000 + 393121
26  WebKitTestRunner              	0x000000010fb8a31e WTR::TestController::platformRunUntil(bool&, WTF::Seconds) + 302 (TestControllerCocoa.mm:235)
27  WebKitTestRunner              	0x000000010fb423af WTR::TestController::runUntil(bool&, WTF::Seconds) + 79 (TestController.cpp:1563)
28  WebKitTestRunner              	0x000000010fb49533 WTR::TestController::resetStateToConsistentValues(WTR::TestOptions const&, WTR::TestController::ResetStage)::$_3::operator()() const + 131 (TestController.cpp:1115)
29  WebKitTestRunner              	0x000000010fb47e3b WTR::TestController::resetStateToConsistentValues(WTR::TestOptions const&, WTR::TestController::ResetStage) + 2139 (TestController.cpp:1120)
30  WebKitTestRunner              	0x000000010fbb4cf7 WTR::TestInvocation::invoke() + 535 (TestInvocation.cpp:180)
31  WebKitTestRunner              	0x000000010fb4add8 WTR::TestController::runTest(char const*) + 552 (TestController.cpp:1493)
32  WebKitTestRunner              	0x000000010fb4b286 WTR::TestController::runTestingServerLoop() + 214 (TestController.cpp:1539)
33  WebKitTestRunner              	0x000000010fb42ce7 WTR::TestController::run() + 39 (TestController.cpp:1547)
34  WebKitTestRunner              	0x000000010fb426e4 WTR::TestController::TestController(int, char const**) + 788 (TestController.cpp:194)
35  WebKitTestRunner              	0x000000010fb42db3 WTR::TestController::TestController(int, char const**) + 35 (TestController.cpp:191)
36  WebKitTestRunner              	0x000000010faf6443 main + 131 (main.mm:70)
37  libdyld.dylib                 	0x00007fff20390621 0x7fff2037b000 + 87585

Comment 1 Radar WebKit Bug Importer 2021-03-05 13:25:53 PST

<rdar://problem/75109110>

Comment 2 Robert Jenner 2021-03-05 13:27:24 PST

Created attachment 422403 [details]
Full-crashlog for loader/go-back-cached-main-resource.html

Attaching full crash log.

Comment 3 Robert Jenner 2021-03-05 15:26:05 PST

Reproduced the crashing at tip of tree by generating a test list from the stdio file. Tested the test list using: 

run-webkit-test --root <path to revision> <path to test list> --debug --child-process=1 

I have attached the test list I generated and used to duplicate the crashing. Next step is to narrow down what test causes this test to crash.

Comment 4 Robert Jenner 2021-03-05 15:26:50 PST

Created attachment 422435 [details]
222819-testlist

Test list used to reproduce crash.

Comment 5 Ryan Haddad 2021-03-10 10:27:05 PST

ASSERTION FAILED: m_state == State::Committed
/Volumes/Data/worker/bigsur-debug/build/Source/WebKit/UIProcess/FrameLoadState.cpp(102) : void WebKit::FrameLoadState::didFailLoad()

Comment 6 Ryan Haddad 2021-03-10 10:31:36 PST

I think this may be a dupe of https://bugs.webkit.org/show_bug.cgi?id=221783

Comment 7 Ryosuke Niwa 2021-03-10 18:41:59 PST

I can more easily reproduce this with:
./Tools/Scripts/run-webkit-tests --debug --no-show-results --no-build loader --iterations 5 --exit-after-n-crashes-or-timeouts=1 --child-processes=1

Comment 8 Robert Jenner 2021-03-12 09:07:54 PST


*** This bug has been marked as a duplicate of bug 221783 ***