Bug 230105

Summary: [ BigSur arm64 EWS ] ASSERTION FAILED: !needsLayout() ./rendering/RenderView.cpp(306) : virtual void WebCore::RenderView::paint(WebCore::PaintInfo &, const WebCore::LayoutPoint &)
Product: WebKit Reporter: ayumi_kojima
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: ben_schwartz, bfulgham, cdumez, simon.fraser, webkit-bot-watchers-bugzilla, webkit-bug-importer, youennf, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Mac (Apple Silicon)   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=229671
Attachments:
Description Flags
Crash log none

ayumi_kojima
Reported 2021-09-09 09:40:20 PDT
imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-iframe-percentage.html imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-fixed.html Are flaky crashing on macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS. The flaky crash is showing up in the open source directory: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Frendering%2Freplaced-elements%2Fsvg-embedded-sizing%2Fsvg-in-img-fixed.html&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Frendering%2Freplaced-elements%2Fsvg-embedded-sizing%2Fsvg-in-iframe-percentage.html The first crash seen in the open source is at r281673 (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-fixed.html) and at r281926 (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-iframe-percentage.html). The tests started appearing in the EWS as flaky tests at: https://ews-build.webkit.org/#/builders/60/builds/10537 (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-iframe-percentage.html) https://ews-build.webkit.org/#/builders/60/builds/10536 (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-fixed.html) Result page: https://ews-build.s3-us-west-2.amazonaws.com/macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS/r437709-11578/results.html Stderr: ASSERTION FAILED: !needsLayout() ./rendering/RenderView.cpp(306) : virtual void WebCore::RenderView::paint(WebCore::PaintInfo &, const WebCore::LayoutPoint &) 1 0x13980759c WTFCrash 2 0x1192ad8d0 WTFCrashWithInfo(int, char const*, char const*, int) 3 0x11cd04428 WebCore::RenderView::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 4 0x11cb9a65c WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*) 5 0x11cb96ff4 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) 6 0x11cbb8050 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*)::$_24::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const 7 0x11cbb7a54 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*) 8 0x11cbb8d2c WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) 9 0x11c446c70 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) 10 0x11c50d498 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) 11 0x119c90a1c WebCore::PlatformCALayer::drawLayerContents(WebCore::GraphicsContext&, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned int) 12 0x11c553b58 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) 13 0x119e2e054 -[WebSimpleLayer drawInContext:] 14 0x18713f7ac CABackingStoreUpdate_ 15 0x18719c4b4 invocation function for block in CA::Layer::display_() 16 0x18713ea34 -[CALayer _display] 17 0x119e2dd98 -[WebSimpleLayer display] 18 0x18713db2c CA::Layer::display_if_needed(CA::Transaction*) 19 0x187269b64 CA::Context::commit_transaction(CA::Transaction*, double, double*) 20 0x18711fab8 CA::Transaction::commit() 21 0x1837f4470 __62+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayLink]_block_invoke 22 0x183f4923c ___NSRunLoopObserverCreateWithHandler_block_invoke 23 0x180e89cc8 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ 24 0x180e89b14 __CFRunLoopDoObservers 25 0x180e8905c __CFRunLoopRun 26 0x180e885e8 CFRunLoopRunSpecific 27 0x181c31688 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 28 0x181cc3b70 -[NSRunLoop(NSRunLoop) run] 29 0x180aff768 _xpc_objc_main 30 0x180afef94 xpc_main 31 0x10583c4c8 WebKit::XPCServiceMain(int, char const**) com.apple.WebKit.WebContent.Development terminated (pid 68539) because the process crashed LEAK: 1 WebPageProxy
Attachments
Crash log (94.58 KB, text/plain)
2021-09-09 09:40 PDT, ayumi_kojima 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
ayumi_kojima
Comment 1 2021-09-09 09:40:57 PDT
Created attachment 437753 [details] Crash log
ayumi_kojima
Comment 2 2021-09-09 09:42:00 PDT
This might be related to Bug 229671. The crash log and test name are very similar.
Radar WebKit Bug Importer
Comment 3 2021-09-09 09:42:14 PDT
<rdar://problem/82929153>
ayumi_kojima
Comment 4 2021-09-09 09:48:44 PDT
Marked test expectations to speed up EWS: https://trac.webkit.org/changeset/282219/webkit
ayumi_kojima
Comment 5 2021-09-10 13:42:46 PDT
imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-percentage.html is also flaky crashing on EWS and open source. Updated expectations: https://trac.webkit.org/changeset/282291/webkit
ayumi_kojima
Comment 6 2021-09-10 15:50:23 PDT
I was not able to reproduce the crash on BigSur AS using --iterations 1000 --clobber-old-results --exit-after-n-crashes-or-timeouts 1 --force --debug imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-fixed.html The test timed out instead and hanged with --no-timeout flag.
Alexey Proskuryakov
Comment 7 2021-09-12 14:12:37 PDT
This time, it's not plug-ins.
Simon Fraser (smfr)
Comment 8 2021-09-13 08:17:45 PDT
This one is about SVG.
Ben Schwartz
Comment 9 2024-05-29 16:59:17 PDT
This no longer appears to be occurring. Removing test expectations. Please file a new bug if issues persist.
EWS
Comment 10 2024-05-29 17:06:00 PDT
Test gardening commit 279476@main (b0034a2f582a): <https://commits.webkit.org/279476@main> Reviewed commits have been landed. Closing PR #29265 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.