Bug 230105

Summary:

[ BigSur arm64 EWS ] ASSERTION FAILED: !needsLayout() ./rendering/RenderView.cpp(306) : virtual void WebCore::RenderView::paint(WebCore::PaintInfo &, const WebCore::LayoutPoint &)

Product:

WebKit

Reporter:

ayumi_kojima

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED WORKSFORME

Severity:

Normal

CC:

ben_schwartz, bfulgham, cdumez, simon.fraser, webkit-bot-watchers-bugzilla, webkit-bug-importer, youennf, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Mac (Apple Silicon)

OS:

Unspecified

See Also:

https://bugs.webkit.org/show_bug.cgi?id=229671

Attachments:

Description	Flags
Crash log	none

Description ayumi_kojima 2021-09-09 09:40:20 PDT

imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-iframe-percentage.html
imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-fixed.html

Are flaky crashing on macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS.

The flaky crash is showing up in the open source directory: https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Frendering%2Freplaced-elements%2Fsvg-embedded-sizing%2Fsvg-in-img-fixed.html&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Frendering%2Freplaced-elements%2Fsvg-embedded-sizing%2Fsvg-in-iframe-percentage.html

The first crash seen in the open source is at r281673 (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-fixed.html) and at r281926 (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-iframe-percentage.html).

The tests started appearing in the EWS as flaky tests at:
https://ews-build.webkit.org/#/builders/60/builds/10537 (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-iframe-percentage.html)
https://ews-build.webkit.org/#/builders/60/builds/10536 (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-fixed.html)

Result page: 

https://ews-build.s3-us-west-2.amazonaws.com/macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS/r437709-11578/results.html

Stderr:

ASSERTION FAILED: !needsLayout()
./rendering/RenderView.cpp(306) : virtual void WebCore::RenderView::paint(WebCore::PaintInfo &, const WebCore::LayoutPoint &)
1   0x13980759c WTFCrash
2   0x1192ad8d0 WTFCrashWithInfo(int, char const*, char const*, int)
3   0x11cd04428 WebCore::RenderView::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
4   0x11cb9a65c WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*)
5   0x11cb96ff4 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>)
6   0x11cbb8050 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*)::$_24::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const
7   0x11cbb7a54 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*)
8   0x11cbb8d2c WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
9   0x11c446c70 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
10  0x11c50d498 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
11  0x119c90a1c WebCore::PlatformCALayer::drawLayerContents(WebCore::GraphicsContext&, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned int)
12  0x11c553b58 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
13  0x119e2e054 -[WebSimpleLayer drawInContext:]
14  0x18713f7ac CABackingStoreUpdate_
15  0x18719c4b4 invocation function for block in CA::Layer::display_()
16  0x18713ea34 -[CALayer _display]
17  0x119e2dd98 -[WebSimpleLayer display]
18  0x18713db2c CA::Layer::display_if_needed(CA::Transaction*)
19  0x187269b64 CA::Context::commit_transaction(CA::Transaction*, double, double*)
20  0x18711fab8 CA::Transaction::commit()
21  0x1837f4470 __62+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayLink]_block_invoke
22  0x183f4923c ___NSRunLoopObserverCreateWithHandler_block_invoke
23  0x180e89cc8 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
24  0x180e89b14 __CFRunLoopDoObservers
25  0x180e8905c __CFRunLoopRun
26  0x180e885e8 CFRunLoopRunSpecific
27  0x181c31688 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
28  0x181cc3b70 -[NSRunLoop(NSRunLoop) run]
29  0x180aff768 _xpc_objc_main
30  0x180afef94 xpc_main
31  0x10583c4c8 WebKit::XPCServiceMain(int, char const**)
com.apple.WebKit.WebContent.Development terminated (pid 68539) because the process crashed
LEAK: 1 WebPageProxy

Comment 1 ayumi_kojima 2021-09-09 09:40:57 PDT

Created attachment 437753 [details]
Crash log

Comment 2 ayumi_kojima 2021-09-09 09:42:00 PDT

This might be related to Bug 229671. The crash log and test name are very similar.

Comment 3 Radar WebKit Bug Importer 2021-09-09 09:42:14 PDT

<rdar://problem/82929153>

Comment 4 ayumi_kojima 2021-09-09 09:48:44 PDT

Marked test expectations to speed up EWS: https://trac.webkit.org/changeset/282219/webkit

Comment 5 ayumi_kojima 2021-09-10 13:42:46 PDT

imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-percentage.html is also flaky crashing on EWS and open source. Updated expectations: https://trac.webkit.org/changeset/282291/webkit

Comment 6 ayumi_kojima 2021-09-10 15:50:23 PDT

I was not able to reproduce the crash on BigSur AS using --iterations 1000 --clobber-old-results --exit-after-n-crashes-or-timeouts 1 --force --debug imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-fixed.html 

The test timed out instead and hanged with --no-timeout flag.

Comment 7 Alexey Proskuryakov 2021-09-12 14:12:37 PDT

This time, it's not plug-ins.

Comment 8 Simon Fraser (smfr) 2021-09-13 08:17:45 PDT

This one is about SVG.

Comment 9 Ben Schwartz 2024-05-29 16:59:17 PDT

This no longer appears to be occurring. Removing test expectations. Please file a new bug if issues persist.

Comment 10 EWS 2024-05-29 17:06:00 PDT

Test gardening commit 279476@main (b0034a2f582a): <https://commits.webkit.org/279476@main>

Reviewed commits have been landed. Closing PR #29265 and removing active labels.