Changes to WebCore::RenderLayerBacking::updateGeometry committed at 252070@main https://commits.webkit.org/252070@main have caused testing on iOS16 Debug beta to crash and exit early. CRASHLOG TEXT: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Codes: 0x0000000000000001, 0x00000000bbadbeef VM Region Info: 0xbbadbeef is not in any region. Bytes before following region: 1188204817 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 102805000-10292c000 [ 1180K] r-x/r-x SM=COW ...TestRunnerApp Exception Note: EXC_CORPSE_NOTIFY Termination Reason: SIGNAL 11 Segmentation fault: 11 Terminating Process: exc handler [9467] Triggered by Thread: 0 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 JavaScriptCore 0x11aaaae1e WTFCrash + 14 1 WebKit 0x14e4ed8bb WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 WebKit 0x14fbd3e18 WebKit::RemoteLayerTreeDrawingAreaProxy::didUpdateGeometry() + 104 3 WebKit 0x14e5d257b void IPC::callMemberFunctionImpl<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<> >(WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<>&&, std::__1::integer_sequence<unsigned long>) + 123 4 WebKit 0x14e5d24ed void IPC::callMemberFunction<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<>, std::__1::integer_sequence<unsigned long> >(std::__1::tuple<>&&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)()) + 109 5 WebKit 0x14e5cce7c void IPC::handleMessage<Messages::DrawingAreaProxy::DidUpdateGeometry, WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)()>(IPC::Connection&, IPC::Decoder&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)()) + 204 6 WebKit 0x14e5cc8ca WebKit::DrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 426 7 WebKit 0x14eafad16 WebKit::RemoteLayerTreeDrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 294 8 WebKit 0x14fa41653 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 387 9 WebKit 0x14ff667ac WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 44 10 WebKit 0x150148d19 WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 41 11 WebKit 0x14fa0bf90 IPC::Connection::dispatchMessage(IPC::Decoder&) + 544 12 WebKit 0x14fa0c685 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 629 13 WebKit 0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67 14 WebKit 0x14fa057b6 IPC::Connection::SyncMessageState::dispatchMessages(WTF::Function<void (IPC::MessageName, unsigned long long)>&&) + 550 15 WebKit 0x14fa0ba3a IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 586 16 WebKit 0x14fa0c66b IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 603 17 WebKit 0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67 18 WebKit 0x14fa057b6 IPC::Connection::SyncMessageState::dispatchMessages(WTF::Function<void (IPC::MessageName, unsigned long long)>&&) + 550 19 WebKit 0x14fa097ac IPC::Connection::waitForSyncReply(WTF::ObjectIdentifier<IPC::Connection::SyncRequestIDType>, IPC::MessageName, IPC::Timeout, WTF::OptionSet<IPC::SendSyncOption>) + 236 20 WebKit 0x14fa08798 IPC::Connection::sendSyncMessage(WTF::ObjectIdentifier<IPC::Connection::SyncRequestIDType>, WTF::UniqueRef<IPC::Encoder>&&, IPC::Timeout, WTF::OptionSet<IPC::SendSyncOption>) + 680 21 WebKit 0x14fa07ef4 IPC::Connection::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<WTF::Thread::QOS>) + 628 22 WebKit 0x14ff6633c WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity) + 1068 23 WebKit 0x14ff6a999 WebKit::DrawingAreaProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&) + 89 24 WebKit 0x14fbe4440 bool IPC::MessageSender::send<Messages::DrawingArea::UpdateGeometry>(Messages::DrawingArea::UpdateGeometry&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 192 25 WebKit 0x14fbd3eab bool IPC::MessageSender::send<Messages::DrawingArea::UpdateGeometry>(Messages::DrawingArea::UpdateGeometry&&, WTF::OptionSet<IPC::SendOption>) + 75 26 WebKit 0x14fbd3c7b WebKit::RemoteLayerTreeDrawingAreaProxy::sendUpdateGeometry() + 123 27 WebKit 0x14fbd3bf6 WebKit::RemoteLayerTreeDrawingAreaProxy::sizeDidChange() + 70 28 WebKit 0x14ff6a7ce WebKit::DrawingAreaProxy::setSize(WebCore::IntSize const&, WebCore::IntSize const&) + 126 29 WebKit 0x14f995ccb -[WKWebView(WKViewInternalIOS) _frameOrBoundsChanged] + 1083 30 WebKit 0x14f9810f7 -[WKWebView(WKViewInternalIOS) setFrame:] + 311 31 WebKitTestRunnerApp 0x102813e1f WTR::PlatformWebView::setWindowFrame(WKRect, WTR::PlatformWebView::WebViewSizingMode) + 287 32 WebKitTestRunnerApp 0x102813c50 WTR::PlatformWebView::resizeTo(unsigned int, unsigned int, WTR::PlatformWebView::WebViewSizingMode) + 160 33 WebKitTestRunnerApp 0x10289d597 WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle(OpaqueWKString const*, void const*) + 1207 34 WebKitTestRunnerApp 0x10284bad7 WTR::TestController::didReceiveSynchronousMessageFromInjectedBundle(OpaqueWKString const*, void const*, OpaqueWKMessageListener const*) + 2903 35 WebKitTestRunnerApp 0x102844791 WTR::TestController::didReceiveSynchronousPageMessageFromInjectedBundleWithListener(OpaqueWKPage const*, OpaqueWKString const*, void const*, OpaqueWKMessageListener const*, void const*) + 49 36 WebKit 0x1500d86db WebKit::WebPageInjectedBundleClient::didReceiveSynchronousMessageFromInjectedBundle(WebKit::WebPageProxy*, WTF::String const&, API::Object*, WTF::CompletionHandler<void (WTF::RefPtr<API::Object, WTF::RawPtrTraits<API::Object>, WTF::DefaultRefDerefTraits<API::Object> >)>&&) + 475 37 WebKit 0x1500e1a3f WebKit::WebPageProxy::handleSynchronousMessage(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&) + 431 38 WebKit 0x150ff3518 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), void (WebKit::UserData&&), std::__1::tuple<WTF::String, WebKit::UserData>, 0ul, 1ul>(IPC::Connection&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), WTF::CompletionHandler<void (WebKit::UserData&&)>&&, std::__1::tuple<WTF::String, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 216 39 WebKit 0x150ff33db void IPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), void (WebKit::UserData&&), std::__1::tuple<WTF::String, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(IPC::Connection&, std::__1::tuple<WTF::String, WebKit::UserData>&&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)) + 203 40 WebKit 0x150ebd41a bool IPC::handleMessageSynchronousWantsConnection<Messages::WebPageProxy::HandleSynchronousMessage, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)>(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)) + 410 41 WebKit 0x150eb8b48 WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 4536 42 WebKit 0x14fa41920 IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 400 43 WebKit 0x14ff667f4 WebKit::AuxiliaryProcessProxy::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 52 44 WebKit 0x150148e11 WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 49 45 WebKit 0x14fa0ba6a IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 634 46 WebKit 0x14fa0c66b IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 603 47 WebKit 0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67 48 WebKit 0x14fa05d78 IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) + 632 49 WebKit 0x14fa1dcbc IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_5::operator()() + 44 50 WebKit 0x14fa1dbe9 WTF::Detail::CallableWrapper<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_5, void>::call() + 25 51 JavaScriptCore 0x11aad6bb2 WTF::Function<void ()>::operator()() const + 130 52 JavaScriptCore 0x11ab66472 WTF::RunLoop::performWork() + 322 53 JavaScriptCore 0x11ab69d9e WTF::RunLoop::performWork(void*) + 30 54 CoreFoundation 0x7ff800384fe9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 55 CoreFoundation 0x7ff800384f28 __CFRunLoopDoSource0 + 157 56 CoreFoundation 0x7ff800384725 __CFRunLoopDoSources0 + 212 57 CoreFoundation 0x7ff80037eedf __CFRunLoopRun + 927 58 CoreFoundation 0x7ff80037e763 CFRunLoopRunSpecific + 560 59 Foundation 0x7ff800c5e268 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213 60 WebKitTestRunnerApp 0x102881f02 WTR::TestController::platformRunUntil(bool&, WTF::Seconds) + 290 61 WebKitTestRunnerApp 0x1028423bf WTR::TestController::runUntil(bool&, WTF::Seconds) + 79 62 WebKitTestRunnerApp 0x102899946 WTR::TestInvocation::invoke() + 406 63 WebKitTestRunnerApp 0x10284a675 WTR::TestController::runTest(char const*) + 581 64 WebKitTestRunnerApp 0x10284aa91 WTR::TestController::runTestingServerLoop() + 225 65 WebKitTestRunnerApp 0x102842df7 WTR::TestController::run() + 39 66 WebKitTestRunnerApp 0x102842740 WTR::TestController::TestController(int, char const**) + 864 67 WebKitTestRunnerApp 0x102842ec3 WTR::TestController::TestController(int, char const**) + 35 68 WebKitTestRunnerApp 0x102811a1c -[WebKitTestRunnerApp _runTestController] + 44 69 Foundation 0x7ff800c877cb __NSThreadPerformPerform + 179 70 CoreFoundation 0x7ff800384fe9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 71 CoreFoundation 0x7ff800384f28 __CFRunLoopDoSource0 + 157 72 CoreFoundation 0x7ff800384785 __CFRunLoopDoSources0 + 308 73 CoreFoundation 0x7ff80037eedf __CFRunLoopRun + 927 74 CoreFoundation 0x7ff80037e763 CFRunLoopRunSpecific + 560 75 GraphicsServices 0x7ff80a00d28e GSEventRunModal + 139 76 UIKitCore 0x110a1b884 -[UIApplication _run] + 994 77 UIKitCore 0x110a20760 UIApplicationMain + 123 78 WebKitTestRunnerApp 0x102811ba4 main + 84 79 dyld_sim 0x102f242bf start_sim + 10 80 dyld 0x1098d051e start + 462
<rdar://problem/97085794>
I reverted 252070@main locally and then manually triggered a test build locally. Doing so resolved the issue, and the crash no longer occurred.
Pull request: https://github.com/WebKit/WebKit/pull/2484
https://github.com/WebKit/WebKit/blob/cdb0c4a68794035df705609ca0ec8c7fb373091b/Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm#L188 > ASSERT(m_isWaitingForDidUpdateGeometry); Did this assertion failed? bug#237557 also reported the assertion failure. I think this is a latent bug. And, your PR has a problem. It will create an unnecessary clipping mask layer.
(In reply to Fujii Hironori from comment #4) > https://github.com/WebKit/WebKit/blob/ > cdb0c4a68794035df705609ca0ec8c7fb373091b/Source/WebKit/UIProcess/ > RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm#L188 > > > ASSERT(m_isWaitingForDidUpdateGeometry); > > Did this assertion failed? > > bug#237557 also reported the assertion failure. I think this is a latent bug. > > And, your PR has a problem. It will create an unnecessary clipping mask > layer. I'm not certain if it's the same reported assertion failure. I think this is the assertion that I am seeing with it. But I'm uncertain if it's the same: void RemoteLayerTreeDrawingAreaProxy::didUpdateGeometry() { ASSERT(m_isWaitingForDidUpdateGeometry); m_isWaitingForDidUpdateGeometry = false; // If the WKView was resized while we were waiting for a DidUpdateGeometry reply from the web process, // we need to resend the new size here. if (m_lastSentSize != m_size) sendUpdateGeometry(); }
It is interesting that the test just before the assertion is `compositing/clipping/border-radius-async-overflow-clipping-layer.html`
I filed bug 242884 on the assertion. It's unrelated.
The test run stopping appears to be caused by ImageDiff crashing, possible a config issue.
This turned out to be an issue where the bundle being tested had a copy of ImageDiff built for the iOS simulator, so tried to run that and it failed.