Bug 242832

Summary: REGRESSION(252070@main): [ iOS16 Debug ] Updates to WebCore::RenderLayerBacking::updateGeometry cause testing to exit early and not complete
Product: WebKit Reporter: Robert Jenner <jenner>
Component: New BugsAssignee: Robert Jenner <jenner>
Status: RESOLVED INVALID    
Severity: Normal CC: darin, Hironori.Fujii, simon.fraser, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=242209
https://bugs.webkit.org/show_bug.cgi?id=242884

Robert Jenner
Reported 2022-07-15 23:06:06 PDT
Changes to WebCore::RenderLayerBacking::updateGeometry committed at 252070@main https://commits.webkit.org/252070@main have caused testing on iOS16 Debug beta to crash and exit early. CRASHLOG TEXT: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Codes: 0x0000000000000001, 0x00000000bbadbeef VM Region Info: 0xbbadbeef is not in any region. Bytes before following region: 1188204817 REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL UNUSED SPACE AT START ---> __TEXT 102805000-10292c000 [ 1180K] r-x/r-x SM=COW ...TestRunnerApp Exception Note: EXC_CORPSE_NOTIFY Termination Reason: SIGNAL 11 Segmentation fault: 11 Terminating Process: exc handler [9467] Triggered by Thread: 0 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 JavaScriptCore 0x11aaaae1e WTFCrash + 14 1 WebKit 0x14e4ed8bb WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 WebKit 0x14fbd3e18 WebKit::RemoteLayerTreeDrawingAreaProxy::didUpdateGeometry() + 104 3 WebKit 0x14e5d257b void IPC::callMemberFunctionImpl<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<> >(WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<>&&, std::__1::integer_sequence<unsigned long>) + 123 4 WebKit 0x14e5d24ed void IPC::callMemberFunction<WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)(), std::__1::tuple<>, std::__1::integer_sequence<unsigned long> >(std::__1::tuple<>&&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)()) + 109 5 WebKit 0x14e5cce7c void IPC::handleMessage<Messages::DrawingAreaProxy::DidUpdateGeometry, WebKit::DrawingAreaProxy, void (WebKit::DrawingAreaProxy::*)()>(IPC::Connection&, IPC::Decoder&, WebKit::DrawingAreaProxy*, void (WebKit::DrawingAreaProxy::*)()) + 204 6 WebKit 0x14e5cc8ca WebKit::DrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 426 7 WebKit 0x14eafad16 WebKit::RemoteLayerTreeDrawingAreaProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 294 8 WebKit 0x14fa41653 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 387 9 WebKit 0x14ff667ac WebKit::AuxiliaryProcessProxy::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 44 10 WebKit 0x150148d19 WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 41 11 WebKit 0x14fa0bf90 IPC::Connection::dispatchMessage(IPC::Decoder&) + 544 12 WebKit 0x14fa0c685 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 629 13 WebKit 0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67 14 WebKit 0x14fa057b6 IPC::Connection::SyncMessageState::dispatchMessages(WTF::Function<void (IPC::MessageName, unsigned long long)>&&) + 550 15 WebKit 0x14fa0ba3a IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 586 16 WebKit 0x14fa0c66b IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 603 17 WebKit 0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67 18 WebKit 0x14fa057b6 IPC::Connection::SyncMessageState::dispatchMessages(WTF::Function<void (IPC::MessageName, unsigned long long)>&&) + 550 19 WebKit 0x14fa097ac IPC::Connection::waitForSyncReply(WTF::ObjectIdentifier<IPC::Connection::SyncRequestIDType>, IPC::MessageName, IPC::Timeout, WTF::OptionSet<IPC::SendSyncOption>) + 236 20 WebKit 0x14fa08798 IPC::Connection::sendSyncMessage(WTF::ObjectIdentifier<IPC::Connection::SyncRequestIDType>, WTF::UniqueRef<IPC::Encoder>&&, IPC::Timeout, WTF::OptionSet<IPC::SendSyncOption>) + 680 21 WebKit 0x14fa07ef4 IPC::Connection::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<WTF::Thread::QOS>) + 628 22 WebKit 0x14ff6633c WebKit::AuxiliaryProcessProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&, WebKit::AuxiliaryProcessProxy::ShouldStartProcessThrottlerActivity) + 1068 23 WebKit 0x14ff6a999 WebKit::DrawingAreaProxy::sendMessage(WTF::UniqueRef<IPC::Encoder>&&, WTF::OptionSet<IPC::SendOption>, std::__1::optional<std::__1::pair<WTF::CompletionHandler<void (IPC::Decoder*)>, unsigned long long> >&&) + 89 24 WebKit 0x14fbe4440 bool IPC::MessageSender::send<Messages::DrawingArea::UpdateGeometry>(Messages::DrawingArea::UpdateGeometry&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 192 25 WebKit 0x14fbd3eab bool IPC::MessageSender::send<Messages::DrawingArea::UpdateGeometry>(Messages::DrawingArea::UpdateGeometry&&, WTF::OptionSet<IPC::SendOption>) + 75 26 WebKit 0x14fbd3c7b WebKit::RemoteLayerTreeDrawingAreaProxy::sendUpdateGeometry() + 123 27 WebKit 0x14fbd3bf6 WebKit::RemoteLayerTreeDrawingAreaProxy::sizeDidChange() + 70 28 WebKit 0x14ff6a7ce WebKit::DrawingAreaProxy::setSize(WebCore::IntSize const&, WebCore::IntSize const&) + 126 29 WebKit 0x14f995ccb -[WKWebView(WKViewInternalIOS) _frameOrBoundsChanged] + 1083 30 WebKit 0x14f9810f7 -[WKWebView(WKViewInternalIOS) setFrame:] + 311 31 WebKitTestRunnerApp 0x102813e1f WTR::PlatformWebView::setWindowFrame(WKRect, WTR::PlatformWebView::WebViewSizingMode) + 287 32 WebKitTestRunnerApp 0x102813c50 WTR::PlatformWebView::resizeTo(unsigned int, unsigned int, WTR::PlatformWebView::WebViewSizingMode) + 160 33 WebKitTestRunnerApp 0x10289d597 WTR::TestInvocation::didReceiveSynchronousMessageFromInjectedBundle(OpaqueWKString const*, void const*) + 1207 34 WebKitTestRunnerApp 0x10284bad7 WTR::TestController::didReceiveSynchronousMessageFromInjectedBundle(OpaqueWKString const*, void const*, OpaqueWKMessageListener const*) + 2903 35 WebKitTestRunnerApp 0x102844791 WTR::TestController::didReceiveSynchronousPageMessageFromInjectedBundleWithListener(OpaqueWKPage const*, OpaqueWKString const*, void const*, OpaqueWKMessageListener const*, void const*) + 49 36 WebKit 0x1500d86db WebKit::WebPageInjectedBundleClient::didReceiveSynchronousMessageFromInjectedBundle(WebKit::WebPageProxy*, WTF::String const&, API::Object*, WTF::CompletionHandler<void (WTF::RefPtr<API::Object, WTF::RawPtrTraits<API::Object>, WTF::DefaultRefDerefTraits<API::Object> >)>&&) + 475 37 WebKit 0x1500e1a3f WebKit::WebPageProxy::handleSynchronousMessage(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&) + 431 38 WebKit 0x150ff3518 void IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), void (WebKit::UserData&&), std::__1::tuple<WTF::String, WebKit::UserData>, 0ul, 1ul>(IPC::Connection&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), WTF::CompletionHandler<void (WebKit::UserData&&)>&&, std::__1::tuple<WTF::String, WebKit::UserData>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 216 39 WebKit 0x150ff33db void IPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&), void (WebKit::UserData&&), std::__1::tuple<WTF::String, WebKit::UserData>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(IPC::Connection&, std::__1::tuple<WTF::String, WebKit::UserData>&&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)) + 203 40 WebKit 0x150ebd41a bool IPC::handleMessageSynchronousWantsConnection<Messages::WebPageProxy::HandleSynchronousMessage, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)>(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(IPC::Connection&, WTF::String const&, WebKit::UserData const&, WTF::CompletionHandler<void (WebKit::UserData&&)>&&)) + 410 41 WebKit 0x150eb8b48 WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 4536 42 WebKit 0x14fa41920 IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 400 43 WebKit 0x14ff667f4 WebKit::AuxiliaryProcessProxy::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 52 44 WebKit 0x150148e11 WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) + 49 45 WebKit 0x14fa0ba6a IPC::Connection::dispatchSyncMessage(IPC::Decoder&) + 634 46 WebKit 0x14fa0c66b IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 603 47 WebKit 0x14fa05ae3 IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() + 67 48 WebKit 0x14fa05d78 IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) + 632 49 WebKit 0x14fa1dcbc IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_5::operator()() + 44 50 WebKit 0x14fa1dbe9 WTF::Detail::CallableWrapper<IPC::Connection::SyncMessageState::processIncomingMessage(IPC::Connection&, std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >&)::$_5, void>::call() + 25 51 JavaScriptCore 0x11aad6bb2 WTF::Function<void ()>::operator()() const + 130 52 JavaScriptCore 0x11ab66472 WTF::RunLoop::performWork() + 322 53 JavaScriptCore 0x11ab69d9e WTF::RunLoop::performWork(void*) + 30 54 CoreFoundation 0x7ff800384fe9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 55 CoreFoundation 0x7ff800384f28 __CFRunLoopDoSource0 + 157 56 CoreFoundation 0x7ff800384725 __CFRunLoopDoSources0 + 212 57 CoreFoundation 0x7ff80037eedf __CFRunLoopRun + 927 58 CoreFoundation 0x7ff80037e763 CFRunLoopRunSpecific + 560 59 Foundation 0x7ff800c5e268 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213 60 WebKitTestRunnerApp 0x102881f02 WTR::TestController::platformRunUntil(bool&, WTF::Seconds) + 290 61 WebKitTestRunnerApp 0x1028423bf WTR::TestController::runUntil(bool&, WTF::Seconds) + 79 62 WebKitTestRunnerApp 0x102899946 WTR::TestInvocation::invoke() + 406 63 WebKitTestRunnerApp 0x10284a675 WTR::TestController::runTest(char const*) + 581 64 WebKitTestRunnerApp 0x10284aa91 WTR::TestController::runTestingServerLoop() + 225 65 WebKitTestRunnerApp 0x102842df7 WTR::TestController::run() + 39 66 WebKitTestRunnerApp 0x102842740 WTR::TestController::TestController(int, char const**) + 864 67 WebKitTestRunnerApp 0x102842ec3 WTR::TestController::TestController(int, char const**) + 35 68 WebKitTestRunnerApp 0x102811a1c -[WebKitTestRunnerApp _runTestController] + 44 69 Foundation 0x7ff800c877cb __NSThreadPerformPerform + 179 70 CoreFoundation 0x7ff800384fe9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 71 CoreFoundation 0x7ff800384f28 __CFRunLoopDoSource0 + 157 72 CoreFoundation 0x7ff800384785 __CFRunLoopDoSources0 + 308 73 CoreFoundation 0x7ff80037eedf __CFRunLoopRun + 927 74 CoreFoundation 0x7ff80037e763 CFRunLoopRunSpecific + 560 75 GraphicsServices 0x7ff80a00d28e GSEventRunModal + 139 76 UIKitCore 0x110a1b884 -[UIApplication _run] + 994 77 UIKitCore 0x110a20760 UIApplicationMain + 123 78 WebKitTestRunnerApp 0x102811ba4 main + 84 79 dyld_sim 0x102f242bf start_sim + 10 80 dyld 0x1098d051e start + 462
Attachments
Add attachment proposed patch, testcase, etc.
Robert Jenner
Comment 1 2022-07-15 23:10:08 PDT
<rdar://problem/97085794>
Robert Jenner
Comment 2 2022-07-15 23:15:17 PDT
I reverted 252070@main locally and then manually triggered a test build locally. Doing so resolved the issue, and the crash no longer occurred.
Robert Jenner
Comment 3 2022-07-15 23:32:20 PDT
Pull request: https://github.com/WebKit/WebKit/pull/2484
Fujii Hironori
Comment 4 2022-07-16 05:26:07 PDT
https://github.com/WebKit/WebKit/blob/cdb0c4a68794035df705609ca0ec8c7fb373091b/Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm#L188 > ASSERT(m_isWaitingForDidUpdateGeometry); Did this assertion failed? bug#237557 also reported the assertion failure. I think this is a latent bug. And, your PR has a problem. It will create an unnecessary clipping mask layer.
Robert Jenner
Comment 5 2022-07-18 09:58:00 PDT
(In reply to Fujii Hironori from comment #4) > https://github.com/WebKit/WebKit/blob/ > cdb0c4a68794035df705609ca0ec8c7fb373091b/Source/WebKit/UIProcess/ > RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm#L188 > > > ASSERT(m_isWaitingForDidUpdateGeometry); > > Did this assertion failed? > > bug#237557 also reported the assertion failure. I think this is a latent bug. > > And, your PR has a problem. It will create an unnecessary clipping mask > layer. I'm not certain if it's the same reported assertion failure. I think this is the assertion that I am seeing with it. But I'm uncertain if it's the same: void RemoteLayerTreeDrawingAreaProxy::didUpdateGeometry() { ASSERT(m_isWaitingForDidUpdateGeometry); m_isWaitingForDidUpdateGeometry = false; // If the WKView was resized while we were waiting for a DidUpdateGeometry reply from the web process, // we need to resend the new size here. if (m_lastSentSize != m_size) sendUpdateGeometry(); }
Simon Fraser (smfr)
Comment 6 2022-07-18 10:57:23 PDT
It is interesting that the test just before the assertion is `compositing/clipping/border-radius-async-overflow-clipping-layer.html`
Simon Fraser (smfr)
Comment 7 2022-07-18 20:40:13 PDT
I filed bug 242884 on the assertion. It's unrelated.
Simon Fraser (smfr)
Comment 8 2022-07-18 20:40:46 PDT
The test run stopping appears to be caused by ImageDiff crashing, possible a config issue.
Simon Fraser (smfr)
Comment 9 2022-07-19 19:43:25 PDT
This turned out to be an issue where the bundle being tested had a copy of ImageDiff built for the iOS simulator, so tried to run that and it failed.
Note You need to log in before you can comment on or make changes to this bug.