282944 2024-11-11 11:09:09 -0800 LAYER_POSITIONS_ASSERT(m_repaintContainer == repaintContainer) on bbc.com 2024-11-15 00:33:44 -0800 1 1 1 Unclassified WebKit Compositing WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 simon.fraser mattwoodrow mattwoodrow simon.fraser webkit-bug-importer oldest_to_newest 2074319 0 simon.fraser 2024-11-11 11:09:09 -0800 Reloading bbc.com a few times in a Safari private window (not sure if relevant), I hit: LAYER_POSITIONS_ASSERT(m_repaintContainer == repaintContainer); frame #0: 0x0000000300002ef8 WebCore`WTFCrashWithInfo(line=1219, file="/Volumes/Data/Development/system/webkit/OpenSource/Source/WebCore/rendering/RenderLayer.cpp", function="auto WebCore::RenderLayer::recursiveUpdateLayerPositions(RenderElement::LayoutIdentifier, OptionSet<UpdateLayerPositionsFlag>, CanUseSimplifiedRepaintPass)::(anonymous class)::operator()(bool) const", counter=4526) at Assertions.h:901:5 * frame #1: 0x0000000306bfd930 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000016f920880, checkForRepaint=true)::'lambda'(bool)::operator()(bool) const at RenderLayer.cpp:1219:13 frame #2: 0x0000000306bfca54 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000035b758230, layoutIdentifier=0, flags={ size = 2 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1271:5 frame #3: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000035b7580c0, layoutIdentifier=0, flags={ size = 2 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #4: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000035b74fe90, layoutIdentifier=0, flags={ size = 2 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #5: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000035b74fbb0, layoutIdentifier=0, flags={ size = 1 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #6: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000014e002010, layoutIdentifier=0, flags={ size = 1 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #7: 0x0000000306bfd160 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)1>(this=0x000000014e000e80, layoutIdentifier=0, flags={ size = 1 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1322:20 frame #8: 0x0000000306bc7ae0 WebCore`void WebCore::RenderLayer::recursiveUpdateLayerPositions<(WebCore::RenderLayer::UpdateLayerPositionsMode)0>(this=0x000000014e000e80, layoutIdentifier=0, flags={ size = 1 }, canUseSimplifiedRepaintPass=No) at RenderLayer.cpp:1132:9 frame #9: 0x0000000306bc78a4 WebCore`WebCore::RenderLayer::updateLayerPositionsAfterStyleChange(this=0x000000014e000e80) at RenderLayer.cpp:1045:5 frame #10: 0x0000000305d0202c WebCore`WebCore::LocalFrameView::updateCompositingLayersAfterStyleChange(this=0x000000014e000110) at LocalFrameView.cpp:775:26 frame #11: 0x0000000304a90ee4 WebCore`WebCore::Document::resolveStyle(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }, type=Normal) at Document.cpp:2605:47 frame #12: 0x0000000304a91a64 WebCore`WebCore::Document::updateStyleIfNeeded(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }) at Document.cpp:2703:5 frame #13: 0x0000000304a91e68 WebCore`WebCore::Document::updateLayout(this={ origin = , url = , inMainFrame = Detached, backForwardCacheState = NotInBackForwardCache }, layoutOptions={ size = 1 }, context=0x0000000000000000) at Document.cpp:2747:13 frame #14: 0x0000000305d1a5a4 WebCore`WebCore::LocalFrameView::updateLayoutAndStyleIfNeededRecursive(this=0x000000014e000110, layoutOptions={ size = 0 }) at LocalFrameView.cpp:4914:44 frame #15: 0x0000000305d8c41c WebCore`WebCore::Page::layoutIfNeeded(this=0x0000000115051300, layoutOptions={ size = 0 }) at Page.cpp:1829:15 frame #16: 0x0000000305d8d1bc WebCore`WebCore::Page::updateRendering(this=0x0000000115051300) at Page.cpp:1991:5 frame #17: 0x000000011ac1224c WebKit`WebKit::WebPage::updateRendering(this=0x000000015c00b808) at WebPage.cpp:4998:13 frame #18: 0x0000000117d50038 WebKit`WebKit::RemoteLayerTreeDrawingArea::updateRendering(this=0x0000000115048840) at RemoteLayerTreeDrawingArea.mm:343:14 frame #19: 0x0000000117d56ea4 WebKit`WebCore::Timer::Timer<WebKit::RemoteLayerTreeDrawingArea, WebKit::RemoteLayerTreeDrawingArea>(this=0x00000001150957e8)())::'lambda'()::operator()() const at Timer.h:162:13 frame #20: 0x0000000117d56d9c WebKit`WTF::Detail::CallableWrapper<WebCore::Timer::Timer<WebKit::RemoteLayerTreeDrawingArea, WebKit::RemoteLayerTreeDrawingArea>(WebKit::RemoteLayerTreeDrawingArea&, void (WebKit::RemoteLayerTreeDrawingArea::*)())::'lambda'(), void>::call(this=0x00000001150957e0) at Function.h:53:39 frame #21: 0x0000000116f89704 WebKit`WTF::Function<void ()>::operator()(this=0x0000000115048940) const at Function.h:82:35 frame #22: 0x0000000117d5529c WebKit`WebCore::Timer::fired(this=0x0000000115048908) at Timer.h:194:9 frame #23: 0x00000003060b3a58 WebCore`WebCore::ThreadTimers::sharedTimerFiredInternal(this=0x0000000115028810) at ThreadTimers.cpp:128:23 frame #24: 0x00000003060bdf68 WebCore`WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()(this=0x0000000115014a98) const at ThreadTimers.cpp:68:80 frame #25: 0x00000003060bdf0c WebCore`WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call(this=0x0000000115014a90) at Function.h:53:39 frame #26: 0x0000000300033614 WebCore`WTF::Function<void ()>::operator()(this=0x000000030a8a3d00) const at Function.h:82:35 frame #27: 0x0000000306056cb0 WebCore`WebCore::MainThreadSharedTimer::fired(this=0x000000030a8a3cf8) at MainThreadSharedTimer.cpp:86:5 frame #28: 0x0000000306179644 WebCore`WebCore::timerFired((null)=0x0000600000360600, (null)=0x0000000000000000) at MainThreadSharedTimerCF.cpp:85:40 frame #29: 0x000000018ceda7a4 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32 2074320 1 simon.fraser 2024-11-11 11:09:40 -0800 I was at 286195@main 2074639 2 mattwoodrow 2024-11-12 14:37:16 -0800 Looks like a bug in RenderLayerBacking::setBackingSharingLayers. We call `compositingStatusChanged` on layers that no longer share to recompute their repaint rects, but we haven't yet called `clearBackingSharingLayerProviders` to disconnect them. This results in the repaint rects being computed with the sharing layer as the repaint container still. The RenderLayer mutation assertions catch this now, which is nice. 2075261 3 webkit-bug-importer 2024-11-14 18:26:31 -0800 <rdar://problem/139930342> 2075262 4 mattwoodrow 2024-11-14 18:29:19 -0800 Pull request: https://github.com/WebKit/WebKit/pull/36675 2075308 5 ews-feeder 2024-11-15 00:33:42 -0800 Committed 286633@main (9a66248c727c): <https://commits.webkit.org/286633@main> Reviewed commits have been landed. Closing PR #36675 and removing active labels.