Bug 241879

Summary: REGRESSION (251257@main): [ macOS wk1 ] fast/replaced/encrypted-pdf-as-object-and-embed.html is a flaky crash
Product: WebKit Reporter: Karl Rackler <rackler>
Component: New BugsAssignee: Karl Rackler <rackler>
Status: RESOLVED FIXED    
Severity: Normal CC: graouts, koivisto, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Crash Log
none
Patch none

Description Karl Rackler 2022-06-22 15:31:15 PDT 
Description:
fast/replaced/encrypted-pdf-as-object-and-embed.html

The first failure that I saw on the dashboard was on 6/3/2022 at 251265@main.

REPRODUCTION STEPS
I can reproduce this on 251257@main, but unable to reproduce it on 251256@main or earlier.

Command: 
run-webkit-tests -1 --exit-after-n-failures 1 --exit-after-n-crashes-or-timeouts 1 --iterations 50 -f --no-retry fast/replaced/encrypted-pdf-as-object-and-embed.html

Result: 
Unexpected flakiness: crashes (1)
  fast/replaced/encrypted-pdf-as-object-and-embed.html [ Crash Pass ]

History:
https://results.webkit.org/?suite=layout-tests&test=fast%2Freplaced%2Fencrypted-pdf-as-object-and-embed.html&platform=mac&flavor=wk1&limit=50000

Crash Log:
Thread 0 Crashed::   Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	       0x11737e1a6    WebCore::Style::Scope::updateQueryContainerState(WebCore::Style::Scope::QueryContainerUpdateContext&)
1   com.apple.WebCore             	       0x116d83acc    WebCore::FrameViewLayoutContext::layout()
2   com.apple.WebCore             	       0x11728abf6    WebCore::RenderWidget::updateWidgetPosition()
3   com.apple.WebCore             	       0x116d77fbe    WebCore::FrameView::updateWidgetPositions()
4   com.apple.WebCore             	       0x116d79cfe    WebCore::FrameView::performPostLayoutTasks()
5   com.apple.WebCore             	       0x116d84442    WebCore::FrameViewLayoutContext::runOrScheduleAsynchronousTasks()
Comment 1 Radar WebKit Bug Importer 2022-06-22 15:31:34 PDT 
<rdar://problem/95728601>
Comment 2 Karl Rackler 2022-06-22 15:34:18 PDT 
Created attachment 460430 [details]
Crash Log
Comment 3 Karl Rackler 2022-06-22 15:42:14 PDT 
I have marked this test as a flaky crash while this issue is investigated.
Comment 4 Karl Rackler 2022-06-22 15:45:03 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/1698
Comment 5 EWS 2022-06-22 15:48:52 PDT 
Test gardening commit r295753 (251758@main): <https://commits.webkit.org/251758@main>

Reviewed commits have been landed. Closing PR #1698 and removing active labels.
Comment 6 Antti Koivisto 2022-06-23 02:13:31 PDT 
Created attachment 460441 [details]
Patch
Comment 7 Antoine Quint 2022-06-23 03:47:34 PDT 
Comment on attachment 460441 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=460441&action=review

> Source/WebCore/style/StyleScope.cpp:799
> -    ASSERT(m_document.renderView());
> +
> +    if (!m_document.renderView())
> +        return false;

Would be nice to explain whether this assertion was always incorrect or if it changed to no longer be correct. Either way, would be good to know why this change was required.
Comment 8 Antti Koivisto 2022-06-23 03:48:44 PDT 
It was just a wrong assumption that no one could get here without a view.
Comment 9 EWS 2022-06-23 05:40:52 PDT 
Committed r295775 (251780@main): <https://commits.webkit.org/251780@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 460441 [details].