Bug 250318

Summary: SHOULD NEVER BE REACHED in IPC::StreamClientConnection::trySendDestinationIDIfNeeded
Product: WebKit Reporter: Kimmo Kinnunen <kkinnunen>
Component: WebKit2Assignee: Kimmo Kinnunen <kkinnunen>
Status: RESOLVED FIXED    
Severity: Normal CC: kkinnunen, seokho, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=248929
https://bugs.webkit.org/show_bug.cgi?id=250386

Description Kimmo Kinnunen 2023-01-09 05:10:54 PST 
SHOULD NEVER BE REACHED in IPC::StreamClientConnection::trySendDestinationIDIfNeeded

https://build.webkit.org/results/Apple-Ventura-Debug-WK2-GPUProcess-Tests/257729@main%20(600)/results.html
https://build.webkit.org/results/Apple-Ventura-Debug-WK2-GPUProcess-Tests/258556@main%20(823)/results.html


SHOULD NEVER BE REACHED
/Volumes/Data/worker/Apple-Ventura-Debug-Build/build/Source/WebKit/Platform/IPC/StreamClientConnection.h(273) : bool IPC::StreamClientConnection::trySendDestinationIDIfNeeded(uint64_t, IPC::Timeout)
1   0x5283f9c69 WTFCrash
2   0x512e3842b WTFCrashWithInfo(int, char const*, char const*, int)
3   0x5146bb77c IPC::StreamClientConnection::trySendDestinationIDIfNeeded(unsigned long long, IPC::Timeout)
4   0x514eb42c6 bool IPC::StreamClientConnection::send<Messages::RemoteDisplayListRecorder::Save, WebCore::RenderingResourceIdentifierType>(Messages::RemoteDisplayListRecorder::Save&&, WTF::ObjectIdentifier<WebCore::RenderingResourceIdentifierType>, IPC::Timeout)
5   0x514e519b9 void WebKit::RemoteDisplayListRecorderProxy::send<Messages::RemoteDisplayListRecorder::Save>(Messages::RemoteDisplayListRecorder::Save&&)
6   0x514e518c1 WebKit::RemoteDisplayListRecorderProxy::recordSave()
7   0x4f05c9af6 WebCore::DisplayList::Recorder::save()
8   0x513b7a046 WebCore::GraphicsContextStateSaver::GraphicsContextStateSaver(WebCore::GraphicsContext&, bool)
9   0x513b64d3c WebCore::GraphicsContextStateSaver::GraphicsContextStateSaver(WebCore::GraphicsContext&, bool)
10  0x513b641a0 WebKit::RemoteLayerBackingStore::drawInContext(WebCore::GraphicsContext&)
11  0x513b64152 WebKit::RemoteLayerBackingStore::paintContents()
12  0x513b666f2 WebKit::RemoteLayerBackingStoreCollection::paintReachableBackingStoreContents()
13  0x5148779ee WebKit::RemoteLayerTreeContext::buildTransaction(WebKit::RemoteLayerTreeTransaction&, WebCore::PlatformCALayer&)
14  0x5135087b5 WebKit::RemoteLayerTreeDrawingArea::updateRendering()
15  0x51350a774 WebKit::RemoteLayerTreeDrawingArea::forceRepaint()
16  0x51568c3f2 WebKit::WebPage::forceRepaintWithoutCallback()
17  0x51514546d WKBundlePageForceRepaint
18  0x4e8e3b6e5 WTR::InjectedBundlePage::dump()
19  0x4e8e3fa38 WTR::dumpAfterWaitAttributeIsRemoved(OpaqueWKBundlePage const*)
20  0x4e8e3af3f WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*)
21  0x4e8e39192 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*)
22  0x4e8e37df5 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*)
23  0x515134633 WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage&, WebKit::WebFrame&, WTF::RefPtr<API::Object, WTF::RawPtrTraits<API::Object>, WTF::DefaultRefDerefTraits<API::Object> >&)
24  0x515327b47 WebKit::WebFrameLoaderClient::dispatchDidFinishLoad()
25  0x4efb70035 WebCore::FrameLoader::checkLoadCompleteForThisFrame()
26  0x4efb615c4 WebCore::FrameLoader::checkLoadComplete()
27  0x4efaf0daf WebCore::DocumentLoader::finishedLoading()
28  0x4efaf078f WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&)
29  0x4efcd1f58 WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&)
30  0x4efccd094 WebCore::CachedResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&)
31  0x4efcccd58 WebCore::CachedRawResource::finishLoading(WebCore::FragmentedSharedBuffer const*, WebCore::NetworkLoadMetrics const&)
com.apple.WebKit.WebContent.Development terminated (pid 64385) for reason: crash
LEAK: 1 WebPageProxy
Comment 1 Radar WebKit Bug Importer 2023-01-09 05:11:20 PST 
<rdar://problem/104027243>
Comment 2 Simon Fraser (smfr) 2023-01-09 15:59:54 PST 
Happens when running layout tests with `--use-gpu-process --remote-layer-tree`
Comment 3 Alex Christensen 2023-01-10 09:37:33 PST 
Pull request: https://github.com/WebKit/WebKit/pull/8463
Comment 4 Kimmo Kinnunen 2023-01-11 23:35:13 PST 
This bug is about fixing this:
> https://build.webkit.org/results/Apple-Ventura-Debug-WK2-GPUProcess-Tests/257729@main%20(600)/results.html

This bug is due to minimum message size being defined as too small. It is supposed to be minimum of "SetStreamDestinationID" message, sizeof(MessageName) + sizeof(uint64_t) == 12. However, the message format is actually { MessageName, 6 bytes padding, uint64_t } due to uint64_t alignment needs.

> https://build.webkit.org/results/Apple-Ventura-Debug-WK2-GPUProcess-Tests/258556@main%20(823)/results.html

Bug 250386 fixed the above, e.g. using UInt128 as message destination id caused increased amount of these assertions.

Will post a change for this shortly.
Comment 5 Kimmo Kinnunen 2023-01-18 06:24:04 PST 
Pull request: https://github.com/WebKit/WebKit/pull/8762
Comment 6 EWS 2023-01-19 00:02:03 PST 
Committed 259069@main (da8b5ed3e46e): <https://commits.webkit.org/259069@main>

Reviewed commits have been landed. Closing PR #8762 and removing active labels.
Comment 7 Kimmo Kinnunen 2023-01-19 08:04:42 PST 
*** Bug 250062 has been marked as a duplicate of this bug. ***
Comment 8 Kimmo Kinnunen 2023-02-22 04:22:29 PST 
This should now be testable in the public iOS 16.4 beta.