[SR-16006] EXC_BAD_ACCESS with async let on iOS 15.4 and macOS 12.3

[swift-ci]

Previous ID	SR-16006
Radar	None
Original Reporter	matejbart (JIRA User)
Type	Bug

Additional Detail from JIRA

| | | |------------------|-----------------| |Votes | 0 | |Component/s | | |Labels | Bug | |Assignee | None | |Priority | Medium | md5: a180b45c64f8fa62f2f64bec092d2247

Issue Description:

I have recently encountered issues with the usage of `async let` on iOS 15.4 (sim and physical devices) and macOS 12.3 (M1 mac mini) - tested with both xcode 13.3 and 13.2.1

The issue is reproducible with the following rudimentary sample with xcode's default project settings:

import SwiftUI

struct ContentView: View {
    var body: some View {
        Text("Hello, world!")
            .padding()
            .task {
                async let testModel = TestModel()
                _ = await testModel
            }
    }
}

struct TestModel {
    let a: String? = nil
    let b: String? = nil
    let c: String? = nil
    let d: String? = nil
    let e: String? = nil
    let f: String? = nil
    let g: String? = nil
    let h: String? = nil
    let i: String? = nil
    let j: String? = nil
    let k: String? = nil
    let l: String? = nil
    let m: String? = nil
    let n: String? = nil
}

struct ContentView_Previews: PreviewProvider {
    static var previews: some View {
        ContentView()
    }
}

Some notes on what I have noticed during testing:

• The number of `TestModel`'s properties has to be exactly 14 to reproduce the crash.

• If the code optimization (`-Os/-O`) is used, then the crash doesn't occur anymore.

• If `= TestModel()` is encapsulated in a closure `= {TestModel()}` then the crash also doesn't occur anymore.

The full stacktrace of the `EXC_BAD_ACCESS`

libswift_Concurrency.dylib`swift::_swift_task_dealloc_specific:
    0x2296226f0 <+0>:   pacibsp 
    0x2296226f4 <+4>:   sub    sp, sp, #&#8203;0x30
    0x2296226f8 <+8>:   stp    x20, x19, [sp, #&#8203;0x10]
    0x2296226fc <+12>:  stp    x29, x30, [sp, #&#8203;0x20]
    0x229622700 <+16>:  add    x29, sp, #&#8203;0x20
    0x229622704 <+20>:  cbz    x0, 0x229622710           ; <+32>
    0x229622708 <+24>:  add    x19, x0, #&#8203;0x60
    0x22962270c <+28>:  b      0x229622728               ; <+56>
    0x229622710 <+32>:  adrp   x8, 55402
    0x229622714 <+36>:  add    x8, x8, #&#8203;0x448            ; guard variable for allocator(swift::AsyncTask*)::global
    0x229622718 <+40>:  ldaprb w8, [x8]
    0x22962271c <+44>:  tbz    w8, #&#8203;0x0, 0x229622770     ; <+128>
    0x229622720 <+48>:  adrp   x19, 55402
    0x229622724 <+52>:  add    x19, x19, #&#8203;0x230          ; allocator(swift::AsyncTask*)::global
    0x229622728 <+56>:  ldr    x8, [x19]
    0x22962272c <+60>:  cmp    x8, #&#8203;0x0
    0x229622730 <+64>:  add    x9, x8, #&#8203;0x10
    0x229622734 <+68>:  ccmp   x9, x1, #&#8203;0x0, ne
    0x229622738 <+72>:  b.ne   0x229622760               ; <+112>
    0x22962273c <+76>:  ldp    x9, x10, [x8]
    0x229622740 <+80>:  sub    w8, w8, w10
    0x229622744 <+84>:  sub    w8, w8, #&#8203;0x20
->  0x229622748 <+88>:  str    w8, [x10, #&#8203;0x14]
    0x22962274c <+92>:  str    x9, [x19]
    0x229622750 <+96>:  ldp    x29, x30, [sp, #&#8203;0x20]
    0x229622754 <+100>: ldp    x20, x19, [sp, #&#8203;0x10]
    0x229622758 <+104>: add    sp, sp, #&#8203;0x30
    0x22962275c <+108>: retab  
    0x229622760 <+112>: adrp   x1, 6
    0x229622764 <+116>: add    x1, x1, #&#8203;0xad0            ; "freed pointer was not the last allocation"
    0x229622768 <+120>: mov    w0, #&#8203;0x0
    0x22962276c <+124>: bl     0x22961facc               ; swift::swift_Concurrency_fatalError(unsigned int, char const*, ...)
    0x229622770 <+128>: str    x1, [sp, #&#8203;0x8]
    0x229622774 <+132>: adrp   x0, 55402
    0x229622778 <+136>: add    x0, x0, #&#8203;0x448            ; guard variable for allocator(swift::AsyncTask*)::global
    0x22962277c <+140>: bl     0x229627ab0               ; symbol stub for: __cxa_guard_acquire
    0x229622780 <+144>: adrp   x19, 55402
    0x229622784 <+148>: add    x19, x19, #&#8203;0x230          ; allocator(swift::AsyncTask*)::global
    0x229622788 <+152>: cbz    w0, 0x2296227e8           ; <+248>
    0x22962278c <+156>: str    wzr, [x19, #&#8203;0x10]
    0x229622790 <+160>: add    x8, x19, #&#8203;0x27
    0x229622794 <+164>: and    x8, x8, #&#8203;0xfffffffffffffff0
    0x229622798 <+168>: adrp   x9, 55402
    0x22962279c <+172>: add    x9, x9, #&#8203;0x628            ; swift::TaskAllocatorSlabMetadata
    0x2296227a0 <+176>: stp    x9, xzr, [x8]
    0x2296227a4 <+180>: sub    w9, w19, w8
    0x2296227a8 <+184>: add    w9, w9, #&#8203;0x1f8
    0x2296227ac <+188>: stp    w9, wzr, [x8, #&#8203;0x10]
    0x2296227b0 <+192>: stp    xzr, x8, [x19]
    0x2296227b4 <+196>: mov    w8, #&#8203;0x1
    0x2296227b8 <+200>: strb   w8, [x19, #&#8203;0x14]
    0x2296227bc <+204>: adrp   x2, -64
    0x2296227c0 <+208>: add    x2, x2, #&#8203;0x0
    0x2296227c4 <+212>: adrp   x16, 0
    0x2296227c8 <+216>: add    x16, x16, #&#8203;0x7f0          ; (anonymous namespace)::GlobalAllocator::~GlobalAllocator()
    0x2296227cc <+220>: paciza x16
    0x2296227d0 <+224>: mov    x0, x16
    0x2296227d4 <+228>: mov    x1, x19
    0x2296227d8 <+232>: bl     0x229627aa0               ; symbol stub for: __cxa_atexit
    0x2296227dc <+236>: adrp   x0, 55402
    0x2296227e0 <+240>: add    x0, x0, #&#8203;0x448            ; guard variable for allocator(swift::AsyncTask*)::global
    0x2296227e4 <+244>: bl     0x229627ac0               ; symbol stub for: __cxa_guard_release
    0x2296227e8 <+248>: ldr    x1, [sp, #&#8203;0x8]
    0x2296227ec <+252>: b      0x229622728               ; <+56>

[cameronehrlich]

We're seeing this too. It appears to only occur when we build with Xcode 16+.