204725 2019-12-01 06:33:32 -0800 Regression (r252893): loader/stateobjects/pushstate-size.html is crashing on mac debug 2019-12-01 07:51:18 -0800 1 1 1 Unclassified WebKit New Bugs Other Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=204613 InRadar P2 Normal --- 1 aakash_jain koivisto aakash_jain ap commit-queue esprehn+autocc ews-watchlist glenn jbedard koivisto kondapallykalyan pdr webkit-bot-watchers-bugzilla webkit-bug-importer zalan oldest_to_newest 1594401 0 aakash_jain 2019-12-01 06:33:32 -0800 loader/stateobjects/pushstate-size.html is consistently crashing on mac Debug. Flakiness dashboard: https://results.webkit.org/?suite=layout-tests&test=loader%2Fstateobjects%2Fpushstate-size.html e.g.: Mojave: https://build.webkit.org/results/Apple%20Mojave%20Debug%20WK2%20(Tests)/r252893%20(6061)/results.html high sierra: https://build.webkit.org/results/Apple%20High%20Sierra%20Debug%20WK1%20(Tests)/r252893%20(11984)/results.html Catalina: https://build.webkit.org/results/Apple-Catalina-Debug-WK2-Tests/r252893%20(863)/results.html on EWS: https://ews-build.webkit.org/results/macOS-High-Sierra-Debug-WK1-Tests-EWS/r384569-7537-clean-tree/results.html 1594402 1 aakash_jain 2019-12-01 06:34:48 -0800 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [199] VM Regions Near 0xbbadbeef: --> __TEXT 0000000106852000-0000000106853000 [ 4K] r-x/r-x SM=COW /Volumes/VOLUME/*/*.Development Application Specific Information: CRASHING TEST: loader/stateobjects/pushstate-size.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000012eca831e WTFCrash + 14 (Assertions.cpp:305) 1 com.apple.WebCore 0x00000001142a6d9b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x0000000117fb87a6 WebCore::RenderBlockFlow::inlineSelectionGaps(WebCore::RenderBlock&, WebCore::LayoutPoint const&, WebCore::LayoutSize const&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LogicalSelectionOffsetCaches const&, WebCore::PaintInfo const*) + 198 (RenderBlockFlow.cpp:3141) 3 com.apple.WebCore 0x0000000117f93209 WebCore::RenderBlock::selectionGaps(WebCore::RenderBlock&, WebCore::LayoutPoint const&, WebCore::LayoutSize const&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LogicalSelectionOffsetCaches const&, WebCore::PaintInfo const*) + 1065 (RenderBlock.cpp:1548) 4 com.apple.WebCore 0x0000000117f9414e WebCore::RenderBlock::blockSelectionGaps(WebCore::RenderBlock&, WebCore::LayoutPoint const&, WebCore::LayoutSize const&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LogicalSelectionOffsetCaches const&, WebCore::PaintInfo const*) + 2302 (RenderBlock.cpp:1629) 5 com.apple.WebCore 0x0000000117f93294 WebCore::RenderBlock::selectionGaps(WebCore::RenderBlock&, WebCore::LayoutPoint const&, WebCore::LayoutSize const&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LogicalSelectionOffsetCaches const&, WebCore::PaintInfo const*) + 1204 (RenderBlock.cpp:1550) 6 com.apple.WebCore 0x0000000117f9172f WebCore::RenderBlock::paintSelection(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 319 (RenderBlock.cpp:1460) 7 com.apple.WebCore 0x0000000117f90fb7 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1079 (RenderBlock.cpp:1297) 8 com.apple.WebCore 0x0000000117f8f7de WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 238 (RenderBlock.cpp:1115) 9 com.apple.WebCore 0x0000000117f9057a WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 1002 (RenderBlock.cpp:1192) 10 com.apple.WebCore 0x0000000117f90161 WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 129 (RenderBlock.cpp:1155) 11 com.apple.WebCore 0x0000000117f900ab WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 379 (RenderBlock.cpp:1150) 12 com.apple.WebCore 0x0000000117f90f74 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1012 13 com.apple.WebCore 0x0000000117f8f7de WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 238 (RenderBlock.cpp:1115) 14 com.apple.WebCore 0x00000001180ea4f3 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) + 691 (RenderLayer.cpp:5035) 15 com.apple.WebCore 0x00000001180e808a WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) + 1466 (RenderLayer.cpp:5011) 16 com.apple.WebCore 0x00000001180e450a WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3466 (RenderLayer.cpp:4606) 17 com.apple.WebCore 0x00000001180e3711 WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 417 (RenderLayer.cpp:4328) 18 com.apple.WebCore 0x00000001180e26c5 WebCore::RenderLayer::paintLayerWithEffects(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 1221 (RenderLayer.cpp:4310) 19 com.apple.WebCore 0x00000001180e18ed WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 365 (RenderLayer.cpp:4249) 20 com.apple.WebCore 0x00000001180e7aa4 WebCore::RenderLayer::paintList(WebCore::RenderLayer::LayerList, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 196 (RenderLayer.cpp:4730) 21 com.apple.WebCore 0x00000001180e4616 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3734 (RenderLayer.cpp:4622) 22 com.apple.WebCore 0x0000000118103d2c WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*)::$_10::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const + 396 (RenderLayerBacking.cpp:2823) 23 com.apple.WebCore 0x0000000118103717 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*) + 375 (RenderLayerBacking.cpp:2838) 24 com.apple.WebCore 0x0000000118104ed2 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 738 (RenderLayerBacking.cpp:3045) 25 com.apple.WebCore 0x0000000117b74c30 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 224 (GraphicsLayer.cpp:517) 26 com.apple.WebCore 0x0000000117be90cd WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 509 (GraphicsLayerCA.cpp:1700) 27 com.apple.WebCore 0x00000001159b2714 WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&, unsigned int) + 884 (PlatformCALayerCocoa.mm:1199) 28 com.apple.WebCore 0x0000000117c32fb8 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 344 (TileGrid.cpp:734) 29 com.apple.WebCore 0x0000000115b84ca6 -[WebSimpleLayer drawInContext:] + 454 (WebLayer.mm:135) 1594404 2 aakash_jain 2019-12-01 06:37:47 -0800 Seems likes a regression from r252893. Failed on r252893 in https://build.webkit.org/builders/Apple%20Mojave%20Debug%20WK2%20%28Tests%29/builds/6061 Passed on r252892 in https://build.webkit.org/builders/Apple%20Mojave%20Debug%20WK2%20%28Tests%29/builds/6060 1594405 3 aakash_jain 2019-12-01 06:44:54 -0800 Actually this is very flaky (rather than consistent). This causes a lot of false positives on EWS, e.g.: https://ews-build.webkit.org/#/builders/17/builds/7521 https://ews-build.webkit.org/#/builders/17/builds/7522 https://ews-build.webkit.org/#/builders/17/builds/7523 1594413 4 384571 koivisto 2019-12-01 07:38:42 -0800 Created attachment 384571 patch 1594414 5 koivisto 2019-12-01 07:50:45 -0800 https://trac.webkit.org/changeset/252968/webkit 1594415 6 webkit-bug-importer 2019-12-01 07:51:18 -0800 <rdar://problem/57544563> 384571 2019-12-01 07:38:42 -0800 2019-12-01 07:49:08 -0800 patch layout-path-bitfield-fix.patch text/plain 1266 koivisto ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCAyNDBlNzQ3ZTUxMi4uYTAzYTY1YjRjOGYgMTAwNjQ0Ci0tLSBhL1NvdXJj ZS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNCBAQAorMjAxOS0xMi0wMSAgQW50dGkgS29pdmlzdG8gIDxhbnR0aUBhcHBsZS5jb20+ CisKKyAgICAgICAgUmVncmVzc2lvbiAocjI1Mjg5Myk6IGxvYWRlci9zdGF0ZW9iamVjdHMvcHVz aHN0YXRlLXNpemUuaHRtbCBpcyBjcmFzaGluZyBvbiBtYWMgZGVidWcKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNDcyNQorCisgICAgICAgIFVucmV2 aWV3ZWQgZm9sbG93dXAgdG8gcjI1Mjg5My4KKworICAgICAgICAqIHJlbmRlcmluZy9SZW5kZXJF bGVtZW50Lmg6CisKKyAgICAgICAgSW5jcmVhc2UgYml0ZmllbGQgc2l6ZSB0byBmaXQgdGhlIGVu dW0uCisKIDIwMTktMTEtMzAgIEFudG9pbmUgUXVpbnQgIDxncmFvdXRzQGFwcGxlLmNvbT4KIAog ICAgICAgICBbV2ViIEFuaW1hdGlvbnNdIEltcGxlbWVudCBBbmltYXRpb24uY29tbWl0U3R5bGVz KCkKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJFbGVtZW50Lmgg Yi9Tb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyRWxlbWVudC5oCmluZGV4IDBhMTk3ZTMy YzBhLi41NzJhNWE0MzdlNiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcmVuZGVyaW5nL1Jl bmRlckVsZW1lbnQuaAorKysgYi9Tb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyRWxlbWVu dC5oCkBAIC0zNDUsNyArMzQ1LDcgQEAgcHJpdmF0ZToKICAgICB1bnNpZ25lZCBtX3JlbmRlckJs b2NrSGFzTWFyZ2luQWZ0ZXJRdWlyayA6IDE7CiAgICAgdW5zaWduZWQgbV9yZW5kZXJCbG9ja1No b3VsZEZvcmNlUmVsYXlvdXRDaGlsZHJlbiA6IDE7CiAgICAgdW5zaWduZWQgbV9yZW5kZXJCbG9j a0Zsb3dIYXNNYXJrdXBUcnVuY2F0aW9uIDogMTsKLSAgICB1bnNpZ25lZCBtX3JlbmRlckJsb2Nr Rmxvd0xpbmVMYXlvdXRQYXRoIDogMjsKKyAgICB1bnNpZ25lZCBtX3JlbmRlckJsb2NrRmxvd0xp bmVMYXlvdXRQYXRoIDogMzsKIAogICAgIHVuc2lnbmVkIG1faXNSZWdpc3RlcmVkRm9yVmlzaWJs ZUluVmlld3BvcnRDYWxsYmFjayA6IDE7CiAgICAgdW5zaWduZWQgbV92aXNpYmxlSW5WaWV3cG9y dFN0YXRlIDogMjsK