RESOLVED FIXED304085
REGRESSION(304265@main) [WPE][WebDriver] Browser freeze simulating some input actions 
https://bugs.webkit.org/show_bug.cgi?id=304085
Summary REGRESSION(304265@main) [WPE][WebDriver] Browser freeze simulating some input...
Lauro Moura
Reported 2025-12-12 12:35:14 PST
Example of test that triggers the issue: imported/w3c/webdriver/tests/classic/perform_actions/key_events.py::test_printable_key_sends_correct_events[\xe0-] `MiniBrowser` just gets stuck with 100% cpu usage (single thread), leading the build to be aborted due to not output being printed. First failed build: https://build.webkit.org/#/builders/730/builds/179598 Last good: https://build.webkit.org/#/builders/730/builds/179596 (179596 was interrupted) Stopping the browser shows it stuck in WebKit::SimulatedInputDispatcher::transitionInputSourceToState, but I could not get a debug build yet to pinpoint where. Actually, I'm not sure yet whether this is affecting debug builds. Finishing a bisect, here are the candidate bad commits: * 304266@main (b47e7f0debf4) Push weak null removal logic down into HashTable https://bugs.webkit.org/show_bug.cgi?id=303710 rdar://problem/166015673 * 304265@main (87fd6dd1eafd) Adopt isReleasedWeakValue in WeakPtr https://bugs.webkit.org/show_bug.cgi?id=303711 rdar://problem/166015837
Attachments
Add attachment proposed patch, testcase, etc.
Lauro Moura
Comment 1 2025-12-12 19:05:14 PST
Bisecting show the issue starts with 304265@main (bug303711).
Lauro Moura
Comment 2 2025-12-15 07:24:12 PST
Pull request: https://github.com/WebKit/WebKit/pull/55407
Lauro Moura
Comment 3 2025-12-15 07:39:04 PST
The cause of the infinite loop `SimulatedInputDispatcher::transitionInputSourceToState` iterating over a reference (`a`) of `inputSource.state`, which was being overwritten by `eventDispatchFinished` while still iterating. 304265@main seems to have made ListHashSet stricter, thus exposing this issue. For reference, here's a trace of running the test under debug (a few lines might be off due to some extra print statements): #1 0x00007e5cec66ecfd in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:985 #2 0x00007e5cee65b77d in WTF::ListHashSetConstIterator<unsigned int, WTF::DefaultHash<unsigned int> >::operator++ (this=0x7ffca1bba350) at WTF/Headers/wtf/ListHashSet.h:391 #3 0x00007e5cee65b908 in WTF::ListHashSetIterator<unsigned int, WTF::DefaultHash<unsigned int> >::operator++ (this=0x7ffca1bba350) at WTF/Headers/wtf/ListHashSet.h:314 #4 0x00007e5cee6589e5 in WebKit::SimulatedInputDispatcher::transitionInputSourceToState(WebKit::SimulatedInputSource&, WebKit::SimulatedInputSourceState&, WTF::CompletionHandler<void (std::optional<WebKit::AutomationCommandError>)>&&) (this=0x7e5ccb0f8300, inputSource=..., newState=..., completionHandler=...) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:395 #5 0x00007e5cee655f35 in WebKit::SimulatedInputDispatcher::transitionToNextInputSourceState (this=0x7e5ccb0f8300) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:181 #6 0x00007e5cee6561a7 in WebKit::SimulatedInputDispatcher::transitionBetweenKeyFrames(WebKit::SimulatedInputKeyFrame const&, WebKit::SimulatedInputKeyFrame const&, WTF::CompletionHandler<void (std::optional<WebKit::AutomationCommandError>)>&&) (this=0x7e5ccb0f8300, a=..., b=..., completionHandler=...) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:206 #7 0x00007e5cee655c6c in WebKit::SimulatedInputDispatcher::transitionToNextKeyFrame (this=0x7e5ccb0f8300) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:155 #8 0x00007e5cee655b00 in operator() (__closure=0x7e5ccb0d5328, error=std::optional [no contained value]) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:161 #9 0x00007e5cee66b2a5 in WTF::Detail::CallableWrapper<WebKit::SimulatedInputDispatcher::transitionToNextKeyFrame()::<lambda(std::optional<WebKit::AutomationCommandError>)>, void, std::optional<WebKit::AutomationCommandError> >::call(std::optional<WebKit::AutomationCommandError>) (this=0x7e5ccb0d5320, in#0=std::optional [no contained value]) at WTF/Headers/wtf/Function.h:59 #10 0x00007e5cee65df16 in WTF::Function<void (std::optional<WebKit::AutomationCommandError>)>::operator()(std::optional<WebKit::AutomationCommandError>) const (this=0x7ffca1bba688, in#0=std::optional [no contained value]) at WTF/Headers/wtf/Function.h:103 #11 0x00007e5cee65a87b in WTF::CompletionHandler<void (std::optional<WebKit::AutomationCommandError>)>::operator()(std::optional<WebKit::AutomationCommandError>) (this=0x7ffca1bba6e0, in#0=std::optional [no contained value]) at WTF/Headers/wtf/CompletionHandler.h:94 #12 0x00007e5cee6558f4 in WebKit::SimulatedInputDispatcher::keyFrameTransitionDurationTimerFired (this=0x7e5ccb0f8300) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:130 #13 0x00007e5cee65a44e in WTF::RunLoop::Timer::Timer<WebKit::SimulatedInputDispatcher>(WTF::Ref<WTF::RunLoop, WTF::RawPtrTraits<WTF::RunLoop>, WTF::DefaultRefDerefTraits<WTF::RunLoop> >&&, WTF::ASCIILiteral, WebKit::SimulatedInputDispatcher*, void (WebKit::SimulatedInputDispatcher::*)())::{lambda()#1}::operator()() const (__closure=0x7e5ccb0399b8) at WTF/Headers/wtf/RunLoop.h:220 #14 0x00007e5cee66b2ec in WTF::Detail::CallableWrapper<WTF::RunLoop::Timer::Timer<WebKit::SimulatedInputDispatcher>(WTF::Ref<WTF::RunLoop, WTF::RawPtrTraits<WTF::RunLoop>, WTF::DefaultRefDerefTraits<WTF::RunLoop> >&&, WTF::ASCIILiteral, WebKit::SimulatedInputDispatcher*, void (WebKit::SimulatedInputDispatcher::*)())::{lambda()#1}, void>::call() (this=0x7e5ccb0399b0) at WTF/Headers/wtf/Function.h:59 #15 0x00007e5cec6ba1c9 in WTF::Function<void ()>::operator()() const (this=0x7e5ccb0f8398) at WTF/Headers/wtf/Function.h:103 #16 0x00007e5cec6b8ddc in WTF::RunLoop::Timer::fired (this=0x7e5ccb0f8360) at WTF/Headers/wtf/RunLoop.h:262 #17 0x00007e5cf2004621 in operator() (__closure=0x0, userData=0x7e5ccb0f8360) at ../../../Source/WTF/wtf/glib/RunLoopGLib.cpp:252 #18 0x00007e5cf2004665 in _FUN () at ../../../Source/WTF/wtf/glib/RunLoopGLib.cpp:256 #19 0x00007e5cf2003273 in operator() (__closure=0x0, source=0x64a24afaa700, callback=0x7e5cf2004644 <_FUN(gpointer)>, userData=0x7e5ccb0f8360) at ../../../Source/WTF/wtf/glib/RunLoopGLib.cpp:57 #20 0x00007e5cf20032c5 in _FUN () at ../../../Source/WTF/wtf/glib/RunLoopGLib.cpp:60 #21 0x00007e5cdc8e149e in ??? () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #22 0x00007e5cdc940737 in ??? () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #23 0x00007e5cdc8e0a63 in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #24 0x00007e5cdcb1787d in g_application_run () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #25 0x000064a225d99df4 in main (argc=1, argv=0x7ffca1bbab98) at ../../../Tools/MiniBrowser/wpe/main.cpp:760
EWS
Comment 4 2025-12-16 06:09:23 PST
Committed 304511@main (b29596b70459): <https://commits.webkit.org/304511@main> Reviewed commits have been landed. Closing PR #55407 and removing active labels.
Radar WebKit Bug Importer
Comment 5 2025-12-16 06:10:13 PST
<rdar://problem/166614361>
Note You need to log in before you can comment on or make changes to this bug.