WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
303562
ASSERTION FAILED: m_uncommittedState.provisionalURL.isEmpty() from fuzzer test case
https://bugs.webkit.org/show_bug.cgi?id=303562
Summary
ASSERTION FAILED: m_uncommittedState.provisionalURL.isEmpty() from fuzzer tes...
roberto_rodriguez2
Reported
2025-12-04 11:21:28 PST
Created
attachment 477615
[details]
Fuzzer-generated test case When the attached fuzzer-generated test case is run directly in WebKitTestRunner with a debug build, there is an assertion failure in void WebKit::PageLoadState::didFailLoad(const Transaction::Token &) of Source/WebKit/UIProcess/PageLoadState.cpp. Here is a UI process stack trace (from ASAN debug build on
303850@main
): #0 0x0000000112ec4e44 in ::WTFCrash() at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WTF/wtf/Assertions.cpp:375 #1 0x0000000146e0df1c in WTFCrashWithInfo at /Users/robertorodriguez/workspace/safari/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/Assertions.h:985 #2 0x000000014ce224e4 in WebKit::PageLoadState::didFailLoad at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/UIProcess/PageLoadState.cpp:343 #3 0x000000014d076724 in WebKit::WebPageProxy::didFailLoadForFrame at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/UIProcess/WebPageProxy.cpp:7888 #4 0x000000014a875e18 in auto void IPC::callMemberFunction<WebKit::WebPageProxy, WebKit::WebPageProxy, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), IPC::Connection&, std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>&&)::'lambda'(auto&&...)::operator()<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>(auto&&...) const at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:171 #5 0x000000014a875abc in std::__1::__invoke[abi:sn200100]<void IPC::callMemberFunction<WebKit::WebPageProxy, WebKit::WebPageProxy, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), IPC::Connection&, std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>&&)::'lambda'(auto&&...), WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData> at /Applications/XcodeInternal_LuckierC2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX26.2.Internal.sdk/usr/include/c++/v1/__type_traits/invoke.h:179 #6 0x000000014a875a64 in std::__1::__apply_tuple_impl[abi:sn200100]<void IPC::callMemberFunction<WebKit::WebPageProxy, WebKit::WebPageProxy, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), IPC::Connection&, std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>&&)::'lambda'(auto&&...), std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul> at /Applications/XcodeInternal_LuckierC2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX26.2.Internal.sdk/usr/include/c++/v1/tuple:1375 #7 0x000000014a8759d4 in std::__1::apply[abi:sn200100]<void IPC::callMemberFunction<WebKit::WebPageProxy, WebKit::WebPageProxy, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), IPC::Connection&, std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>&&)::'lambda'(auto&&...), std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>> at /Applications/XcodeInternal_LuckierC2.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX26.2.Internal.sdk/usr/include/c++/v1/tuple:1379 #8 0x000000014a873e00 in IPC::callMemberFunction<WebKit::WebPageProxy, WebKit::WebPageProxy, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&), std::__1::tuple<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData, WebCore::ResourceRequest, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError, WebKit::UserData>> at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:168 #9 0x000000014a7739ac in IPC::handleMessage<Messages::WebPageProxy::DidFailLoadForFrame, IPC::Connection, WebKit::WebPageProxy, WebKit::WebPageProxy, void (IPC::Connection&, WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>, WebKit::FrameInfoData&&, WebCore::ResourceRequest&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NavigationIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>>, WebCore::ResourceError const&, WebKit::UserData const&)> at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:335 #10 0x000000014a75ff40 in WebKit::WebPageProxy::didReceiveMessage at /Users/robertorodriguez/workspace/safari/OpenSource/WebKitBuild/Debug/DerivedSources/WebKit/WebPageProxyMessageReceiver.cpp:715 #11 0x000000014f7c68d0 in IPC::MessageReceiverMap::dispatchMessage at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/Platform/IPC/MessageReceiverMap.cpp:132 #12 0x000000014cd52778 in WebKit::AuxiliaryProcessProxy::dispatchMessage at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:333 #13 0x000000014d40db00 in WebKit::WebProcessProxy::dispatchMessage at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/UIProcess/WebProcessProxy.cpp:1251 #14 0x000000014a81fd94 in WebKit::WebProcessProxy::didReceiveMessage at /Users/robertorodriguez/workspace/safari/OpenSource/WebKitBuild/Debug/DerivedSources/WebKit/WebProcessProxyMessageReceiver.cpp:310 #15 0x000000014f6ecd5c in IPC::Connection::dispatchMessage at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:1412 #16 0x000000014f6ed758 in IPC::Connection::dispatchMessage at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:1470 #17 0x000000014f6ee934 in IPC::Connection::dispatchIncomingMessages at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:1589 #18 0x000000014f7aa53c in IPC::Connection::dispatchIncomingMessages()::$_0::operator()() const at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:1584 #19 0x000000014f7aa444 in WTF::Detail::CallableWrapper<IPC::Connection::dispatchIncomingMessages()::$_0, void>::call at /Users/robertorodriguez/workspace/safari/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/Function.h:59 #20 0x0000000112f36a30 in WTF::Function<void ()>::operator() at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WTF/wtf/Function.h:103 #21 0x00000001131045c4 in WTF::RunLoop::performWork at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WTF/wtf/RunLoop.cpp:144 #22 0x0000000113113348 in WTF::RunLoop::performWork at /Users/robertorodriguez/workspace/safari/OpenSource/Source/WTF/wtf/cf/RunLoopCF.cpp:46 #23 0x000000019d0b09e8 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ () #24 0x000000019d0b097c in __CFRunLoopDoSource0 () #25 0x000000019d0b06e8 in __CFRunLoopDoSources0 () #26 0x000000019d0af378 in __CFRunLoopRun () #27 0x000000019d16935c in _CFRunLoopRunSpecificWithOptions () #28 0x000000019f2f7850 in -[NSRunLoop(NSRunLoop) runMode:beforeDate:] () #29 0x00000001000c8ec0 in WTR::TestController::platformRunUntil at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/cocoa/TestControllerCocoa.mm:430 #30 0x0000000100073b68 in WTR::TestController::runUntil at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/TestController.cpp:2991 #31 0x000000010007c59c in WTR::TestController::setTracksRepaints at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/TestController.cpp:5216 #32 0x000000010007bb98 in WTR::TestController::resetStateToConsistentValues at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/TestController.cpp:1486 #33 0x00000001000e15e4 in WTR::TestInvocation::invoke at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/TestInvocation.cpp:222 #34 0x00000001000832b0 in WTR::TestController::runTest at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/TestController.cpp:2921 #35 0x0000000100074810 in WTR::TestController::run at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/TestController.cpp:2978 #36 0x0000000100073edc in WTR::TestController::TestController at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/TestController.cpp:232 #37 0x000000010007488c in WTR::TestController::TestController at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/TestController.cpp:229 #38 0x0000000100008d40 in main at /Users/robertorodriguez/workspace/safari/OpenSource/Tools/WebKitTestRunner/mac/main.mm:79 #39 0x000000019cc49d54 in start ()
Attachments
Fuzzer-generated test case
(20.12 KB, text/html)
2025-12-04 11:21 PST
,
roberto_rodriguez2
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2025-12-04 11:21:34 PST
<
rdar://problem/165854691
>
roberto_rodriguez2
Comment 2
2025-12-04 11:22:34 PST
Release build does not assert or crash with this test case
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug