Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [199] VM Regions Near 0xbbadbeef: --> __TEXT 0000000106852000-0000000106853000 [ 4K] r-x/r-x SM=COW /Volumes/VOLUME/*/*.Development Application Specific Information: CRASHING TEST: loader/stateobjects/pushstate-size.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000012eca831e WTFCrash + 14 (Assertions.cpp:305) 1 com.apple.WebCore 0x00000001142a6d9b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x0000000117fb87a6 WebCore::RenderBlockFlow::inlineSelectionGaps(WebCore::RenderBlock&, WebCore::LayoutPoint const&, WebCore::LayoutSize const&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LogicalSelectionOffsetCaches const&, WebCore::PaintInfo const*) + 198 (RenderBlockFlow.cpp:3141) 3 com.apple.WebCore 0x0000000117f93209 WebCore::RenderBlock::selectionGaps(WebCore::RenderBlock&, WebCore::LayoutPoint const&, WebCore::LayoutSize const&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LogicalSelectionOffsetCaches const&, WebCore::PaintInfo const*) + 1065 (RenderBlock.cpp:1548) 4 com.apple.WebCore 0x0000000117f9414e WebCore::RenderBlock::blockSelectionGaps(WebCore::RenderBlock&, WebCore::LayoutPoint const&, WebCore::LayoutSize const&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LogicalSelectionOffsetCaches const&, WebCore::PaintInfo const*) + 2302 (RenderBlock.cpp:1629) 5 com.apple.WebCore 0x0000000117f93294 WebCore::RenderBlock::selectionGaps(WebCore::RenderBlock&, WebCore::LayoutPoint const&, WebCore::LayoutSize const&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LayoutUnit&, WebCore::LogicalSelectionOffsetCaches const&, WebCore::PaintInfo const*) + 1204 (RenderBlock.cpp:1550) 6 com.apple.WebCore 0x0000000117f9172f WebCore::RenderBlock::paintSelection(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 319 (RenderBlock.cpp:1460) 7 com.apple.WebCore 0x0000000117f90fb7 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1079 (RenderBlock.cpp:1297) 8 com.apple.WebCore 0x0000000117f8f7de WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 238 (RenderBlock.cpp:1115) 9 com.apple.WebCore 0x0000000117f9057a WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) + 1002 (RenderBlock.cpp:1192) 10 com.apple.WebCore 0x0000000117f90161 WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) + 129 (RenderBlock.cpp:1155) 11 com.apple.WebCore 0x0000000117f900ab WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 379 (RenderBlock.cpp:1150) 12 com.apple.WebCore 0x0000000117f90f74 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1012 13 com.apple.WebCore 0x0000000117f8f7de WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 238 (RenderBlock.cpp:1115) 14 com.apple.WebCore 0x00000001180ea4f3 WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) + 691 (RenderLayer.cpp:5035) 15 com.apple.WebCore 0x00000001180e808a WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) + 1466 (RenderLayer.cpp:5011) 16 com.apple.WebCore 0x00000001180e450a WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3466 (RenderLayer.cpp:4606) 17 com.apple.WebCore 0x00000001180e3711 WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 417 (RenderLayer.cpp:4328) 18 com.apple.WebCore 0x00000001180e26c5 WebCore::RenderLayer::paintLayerWithEffects(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 1221 (RenderLayer.cpp:4310) 19 com.apple.WebCore 0x00000001180e18ed WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 365 (RenderLayer.cpp:4249) 20 com.apple.WebCore 0x00000001180e7aa4 WebCore::RenderLayer::paintList(WebCore::RenderLayer::LayerList, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 196 (RenderLayer.cpp:4730) 21 com.apple.WebCore 0x00000001180e4616 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) + 3734 (RenderLayer.cpp:4622) 22 com.apple.WebCore 0x0000000118103d2c WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*)::$_10::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const + 396 (RenderLayerBacking.cpp:2823) 23 com.apple.WebCore 0x0000000118103717 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*) + 375 (RenderLayerBacking.cpp:2838) 24 com.apple.WebCore 0x0000000118104ed2 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 738 (RenderLayerBacking.cpp:3045) 25 com.apple.WebCore 0x0000000117b74c30 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 224 (GraphicsLayer.cpp:517) 26 com.apple.WebCore 0x0000000117be90cd WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 509 (GraphicsLayerCA.cpp:1700) 27 com.apple.WebCore 0x00000001159b2714 WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&, unsigned int) + 884 (PlatformCALayerCocoa.mm:1199) 28 com.apple.WebCore 0x0000000117c32fb8 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 344 (TileGrid.cpp:734) 29 com.apple.WebCore 0x0000000115b84ca6 -[WebSimpleLayer drawInContext:] + 454 (WebLayer.mm:135)

Seems likes a regression from r252893. Failed on r252893 in https://build.webkit.org/builders/Apple%20Mojave%20Debug%20WK2%20%28Tests%29/builds/6061 Passed on r252892 in https://build.webkit.org/builders/Apple%20Mojave%20Debug%20WK2%20%28Tests%29/builds/6060

Actually this is very flaky (rather than consistent). This causes a lot of false positives on EWS, e.g.: https://ews-build.webkit.org/#/builders/17/builds/7521 https://ews-build.webkit.org/#/builders/17/builds/7522 https://ews-build.webkit.org/#/builders/17/builds/7523

Created attachment 384571 [details] patch

<rdar://problem/57544563>