Bug 242832

Summary: REGRESSION(252070@main): [ iOS16 Debug ] Updates to WebCore::RenderLayerBacking::updateGeometry cause testing to exit early and not complete
Product: WebKit Reporter: Robert Jenner <jenner>
Component: New BugsAssignee: Robert Jenner <jenner>
Status: RESOLVED INVALID    
Severity: Normal CC: darin, Hironori.Fujii, simon.fraser, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=242209
https://bugs.webkit.org/show_bug.cgi?id=242884

Description Robert Jenner 2022-07-15 23:06:06 PDT 
Changes to WebCore::RenderLayerBacking::updateGeometry committed at 252070@main https://commits.webkit.org/252070@main have caused testing on iOS16 Debug beta to crash and exit early. 


CRASHLOG TEXT:
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Exception Codes: 0x0000000000000001, 0x00000000bbadbeef
VM Region Info: 0xbbadbeef is not in any region.  Bytes before following region: 1188204817
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                      102805000-10292c000    [ 1180K] r-x/r-x SM=COW  ...TestRunnerApp
Exception Note:  EXC_CORPSE_NOTIFY
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [9467]

Triggered by Thread:  0
Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   JavaScriptCore                	       0x11aaaae1e WTFCrash + 14
1   WebKit                        	       0x14e4ed8bb WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   WebKit                        	       0x14fbd3e18 WebKit::RemoteLayerTreeDrawingAreaProxy::didUpdateGeometry() + 104
3   WebKit                        	       0x14e5d257b void IPC::callMemberFunctionImpl<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<> >(WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<>&&, std::__1::integer_sequence<unsigned long>) + 123
4   WebKit                        	       0x14e5d24ed void IPC::callMemberFunction<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<>, std::__1::integer_sequence<unsigned long> >(std::__1::tuple<>&&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)()) + 109
5   WebKit                        	       0x14e5cce7c void IPC::handleMessage<Messages::DrawingAreaProxy::DidUpdateGeometry, WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)()>(IPC::Connection&, IPC::Decoder&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)()) + 204
6   WebKit                        	       0x14e5cc8ca WebKit::DrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 426
7   WebKit                        	       0x14eafad16 WebKit::RemoteLayerTreeDrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 294
8   WebKit                        	       0x14fa41653 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 387
9   WebKit                        	       0x14ff667ac WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 44
10  WebKit                        	       0x150148d19 WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 41
11  WebKit                        	       0x14fa0bf90 IPC::Connection::dispatchMessage(IPC::Decoder&) + 544
12  WebKit                        	       0x14fa0c685 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 629
13  WebKit                        	       0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67
14  WebKit                        	       0x14fa057b6 IPC::Connection::SyncMessageState::dispatchMessages(WTF::Function<void (IPC::MessageName, unsigned long long)>&&) + 550
15  WebKit                        	       0x14fa0ba3a IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 586
16  WebKit                        	       0x14fa0c66b IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 603
17  WebKit                        	       0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67
18  WebKit                        	       0x14fa057b6 IPC::Connection::SyncMessageState::dispatchMessages(WTF::Function<void (IPC::MessageName, unsigned long long)>&&) + 550
19  WebKit                        	       0x14fa097ac IPC::Connection::waitForSyncReply(WTF::ObjectIdentifier<IPC::Connection::SyncRequestIDType>, IPC::MessageName, IPC::Timeout, WTF::OptionSet<IPC::SendSyncOption>) + 236
20  WebKit                        	       0x14fa08798 IPC::Connection::sendSyncMessage(WTF::ObjectIdentifier<IPC::Connection::SyncRequestIDType>, WTF::UniqueRef<IPC::Encoder>&&, IPC::Timeout, WTF::OptionSet<IPC::SendSyncOption>) + 680
21  WebKit                        	       0x14fa07ef4 IPC::Connection::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<WTF::Thread::QOS>) + 628
22  WebKit                        	       0x14ff6633c WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity) + 1068
23  WebKit                        	       0x14ff6a999 WebKit::DrawingAreaProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&) + 89
24  WebKit                        	       0x14fbe4440 bool IPC::MessageSender::send<Messages::DrawingArea::UpdateGeometry>(Messages::DrawingArea::UpdateGeometry&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 192
25  WebKit                        	       0x14fbd3eab bool IPC::MessageSender::send<Messages::DrawingArea::UpdateGeometry>(Messages::DrawingArea::UpdateGeometry&&, WTF::OptionSet<IPC::SendOption>) + 75
26  WebKit                        	       0x14fbd3c7b WebKit::RemoteLayerTreeDrawingAreaProxy::sendUpdateGeometry() + 123
27  WebKit                        	       0x14fbd3bf6 WebKit::RemoteLayerTreeDrawingAreaProxy::sizeDidChange() + 70
28  WebKit                        	       0x14ff6a7ce WebKit::DrawingAreaProxy::setSize(WebCore::IntSize const&, WebCore::IntSize const&) + 126
29  WebKit                        	       0x14f995ccb -[WKWebView(WKViewInternalIOS) _frameOrBoundsChanged] + 1083
30  WebKit                        	       0x14f9810f7 -[WKWebView(WKViewInternalIOS) setFrame:] + 311
31  WebKitTestRunnerApp           	       0x102813e1f WTR::PlatformWebView::setWindowFrame(WKRect, WTR::PlatformWebView::WebViewSizingMode) + 287
32  WebKitTestRunnerApp           	       0x102813c50 WTR::PlatformWebView::resizeTo(unsigned int, unsigned int, WTR::PlatformWebView::WebViewSizingMode) + 160
33  WebKitTestRunnerApp           	       0x10289d597 WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle(OpaqueWKString const*, void const*) + 1207
34  WebKitTestRunnerApp           	       0x10284bad7 WTR::TestController::didReceiveSynchronousMessageFromInjectedBundle(OpaqueWKString const*, void const*, OpaqueWKMessageListener const*) + 2903
35  WebKitTestRunnerApp           	       0x102844791 WTR::TestController::didReceiveSynchronousPageMessageFromInjectedBundleWithListener(OpaqueWKPage const*, OpaqueWKString const*, void const*, OpaqueWKMessageListener const*, void const*) + 49
36  WebKit                        	       0x1500d86db WebKit::WebPageInjectedBundleClient::didReceiveSynchronousMessageFromInjectedBundle(WebKit::WebPageProxy*, WTF::String const&, API::Object*, WTF::CompletionHandler<void (WTF::RefPtr<API::Object, WTF::RawPtrTraits<API::Object>, WTF::DefaultRefDerefTraits<API::Object> >)>&&) + 475
37  WebKit                        	       0x1500e1a3f WebKit::WebPageProxy::handleSynchronousMessage(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&) + 431
38  WebKit                        	       0x150ff3518 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), void (WebKit::UserData&&), std::__1::tuple<WTF::String, WebKit::UserData>, 0ul, 1ul>(IPC::Connection&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), WTF::CompletionHandler<void (WebKit::UserData&&)>&&, std::__1::tuple<WTF::String, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 216
39  WebKit                        	       0x150ff33db void IPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), void (WebKit::UserData&&), std::__1::tuple<WTF::String, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(IPC::Connection&, std::__1::tuple<WTF::String, WebKit::UserData>&&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)) + 203
40  WebKit                        	       0x150ebd41a bool IPC::handleMessageSynchronousWantsConnection<Messages::WebPageProxy::HandleSynchronousMessage, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)>(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)) + 410
41  WebKit                        	       0x150eb8b48 WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 4536
42  WebKit                        	       0x14fa41920 IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 400
43  WebKit                        	       0x14ff667f4 WebKit::AuxiliaryProcessProxy::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 52
44  WebKit                        	       0x150148e11 WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 49
45  WebKit                        	       0x14fa0ba6a IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 634
46  WebKit                        	       0x14fa0c66b IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 603
47  WebKit                        	       0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67
48  WebKit                        	       0x14fa05d78 IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) + 632
49  WebKit                        	       0x14fa1dcbc IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_5::operator()() + 44
50  WebKit                        	       0x14fa1dbe9 WTF::Detail::CallableWrapper<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_5, void>::call() + 25
51  JavaScriptCore                	       0x11aad6bb2 WTF::Function<void ()>::operator()() const + 130
52  JavaScriptCore                	       0x11ab66472 WTF::RunLoop::performWork() + 322
53  JavaScriptCore                	       0x11ab69d9e WTF::RunLoop::performWork(void*) + 30
54  CoreFoundation                	    0x7ff800384fe9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
55  CoreFoundation                	    0x7ff800384f28 __CFRunLoopDoSource0 + 157
56  CoreFoundation                	    0x7ff800384725 __CFRunLoopDoSources0 + 212
57  CoreFoundation                	    0x7ff80037eedf __CFRunLoopRun + 927
58  CoreFoundation                	    0x7ff80037e763 CFRunLoopRunSpecific + 560
59  Foundation                    	    0x7ff800c5e268 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213
60  WebKitTestRunnerApp           	       0x102881f02 WTR::TestController::platformRunUntil(bool&, WTF::Seconds) + 290
61  WebKitTestRunnerApp           	       0x1028423bf WTR::TestController::runUntil(bool&, WTF::Seconds) + 79
62  WebKitTestRunnerApp           	       0x102899946 WTR::TestInvocation::invoke() + 406
63  WebKitTestRunnerApp           	       0x10284a675 WTR::TestController::runTest(char const*) + 581
64  WebKitTestRunnerApp           	       0x10284aa91 WTR::TestController::runTestingServerLoop() + 225
65  WebKitTestRunnerApp           	       0x102842df7 WTR::TestController::run() + 39
66  WebKitTestRunnerApp           	       0x102842740 WTR::TestController::TestController(int, char const**) + 864
67  WebKitTestRunnerApp           	       0x102842ec3 WTR::TestController::TestController(int, char const**) + 35
68  WebKitTestRunnerApp           	       0x102811a1c -[WebKitTestRunnerApp _runTestController] + 44
69  Foundation                    	    0x7ff800c877cb __NSThreadPerformPerform + 179
70  CoreFoundation                	    0x7ff800384fe9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
71  CoreFoundation                	    0x7ff800384f28 __CFRunLoopDoSource0 + 157
72  CoreFoundation                	    0x7ff800384785 __CFRunLoopDoSources0 + 308
73  CoreFoundation                	    0x7ff80037eedf __CFRunLoopRun + 927
74  CoreFoundation                	    0x7ff80037e763 CFRunLoopRunSpecific + 560
75  GraphicsServices              	    0x7ff80a00d28e GSEventRunModal + 139
76  UIKitCore                     	       0x110a1b884 -[UIApplication _run] + 994
77  UIKitCore                     	       0x110a20760 UIApplicationMain + 123
78  WebKitTestRunnerApp           	       0x102811ba4 main + 84
79  dyld_sim                      	       0x102f242bf start_sim + 10
80  dyld                          	       0x1098d051e start + 462
Comment 1 Robert Jenner 2022-07-15 23:10:08 PDT 
<rdar://problem/97085794>
Comment 2 Robert Jenner 2022-07-15 23:15:17 PDT 
I reverted 252070@main locally and then manually triggered a test build locally. Doing so resolved the issue, and the crash no longer occurred.
Comment 3 Robert Jenner 2022-07-15 23:32:20 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/2484
Comment 4 Fujii Hironori 2022-07-16 05:26:07 PDT 
https://github.com/WebKit/WebKit/blob/cdb0c4a68794035df705609ca0ec8c7fb373091b/Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm#L188

> ASSERT(m_isWaitingForDidUpdateGeometry);

Did this assertion failed?

bug#237557 also reported the assertion failure. I think this is a latent bug.

And, your PR has a problem. It will create an unnecessary clipping mask layer.
Comment 5 Robert Jenner 2022-07-18 09:58:00 PDT 
(In reply to Fujii Hironori from comment #4)
> https://github.com/WebKit/WebKit/blob/
> cdb0c4a68794035df705609ca0ec8c7fb373091b/Source/WebKit/UIProcess/
> RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm#L188
> 
> > ASSERT(m_isWaitingForDidUpdateGeometry);
> 
> Did this assertion failed?
> 
> bug#237557 also reported the assertion failure. I think this is a latent bug.
> 
> And, your PR has a problem. It will create an unnecessary clipping mask
> layer.


I'm not certain if it's the same reported assertion failure. I think this is the assertion that I am seeing with it. But I'm uncertain if it's the same:

void RemoteLayerTreeDrawingAreaProxy::didUpdateGeometry()
{
    ASSERT(m_isWaitingForDidUpdateGeometry);

    m_isWaitingForDidUpdateGeometry = false;

    // If the WKView was resized while we were waiting for a DidUpdateGeometry reply from the web process,
    // we need to resend the new size here.
    if (m_lastSentSize != m_size)
        sendUpdateGeometry();
}
Comment 6 Simon Fraser (smfr) 2022-07-18 10:57:23 PDT 
It is interesting that the test just before the assertion is `compositing/clipping/border-radius-async-overflow-clipping-layer.html`
Comment 7 Simon Fraser (smfr) 2022-07-18 20:40:13 PDT 
I filed bug 242884 on the assertion. It's unrelated.
Comment 8 Simon Fraser (smfr) 2022-07-18 20:40:46 PDT 
The test run stopping appears to be caused by ImageDiff crashing, possible a config issue.
Comment 9 Simon Fraser (smfr) 2022-07-19 19:43:25 PDT 
This turned out to be an issue where the bundle being tested had a copy of ImageDiff built for the iOS simulator, so tried to run that and it failed.