Bug 258325
| Summary: | REGRESSION (265043@main): ASSERTION FAILED: foundContainer on media/modern-media-controls/pip-support/pip-support-click.html | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Robert Jenner <jenner> |
| Component: | Media | Assignee: | Matt Woodrow <mattwoodrow> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | achristensen, ap, brandonstewart, eric.carlson, jer.noble, megan_gardner, pascoe, thorton, webkit-bot-watchers-bugzilla, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | All | ||
| OS: | All | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=257916 | ||
Robert Jenner
media/modern-media-controls/pip-support/pip-support-click.html
is hitting a constant assertion on Mac Debug WK2.
HISTORY:
https://results.webkit.org/?suite=layout-tests&test=media%2Fmodern-media-controls%2Fpip-support%2Fpip-support-click.html
STDERR URL:
https://build.webkit.org/results/Apple-Ventura-Debug-AppleSilicon-WK2-Tests/265331@main%20(2850)/media/modern-media-controls/pip-support/pip-support-click-crash-log.txt
STDERR TEXT:
ASSERTION FAILED: foundContainer
/Volumes/Data/worker/Apple-Ventura-Debug-Build/build/Source/WebCore/rendering/RenderGeometryMap.cpp(97) : void WebCore::RenderGeometryMap::mapToContainer(WebCore::TransformState &, const WebCore::RenderLayerModelObject *) const
1 0x1534de900 WTFCrash
2 0x1096d7800 WebCore::NetworkResourcesData::ResourceData::hasContent() const
3 0x10a75f8f8 WebCore::RenderGeometryMap::mapToContainer(WebCore::TransformState&, WebCore::RenderLayerModelObject const*) const
4 0x10a75fefc WebCore::RenderGeometryMap::mapToContainer(WebCore::FloatRect const&, WebCore::RenderLayerModelObject const*) const
5 0x10a6aea9c WebCore::RenderBox::outlineBoundsForRepaint(WebCore::RenderLayerModelObject const*, WebCore::RenderGeometryMap const*) const
6 0x10a791048 WebCore::RenderLayer::computeRepaintRects(WebCore::RenderLayerModelObject const*, WebCore::RenderGeometryMap const*)
7 0x10a78f91c WebCore::RenderLayer::recursiveUpdateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>)
8 0x10a7901d8 WebCore::RenderLayer::updateLayerPositionsAfterLayout(bool, bool)
9 0x109c54e98 WebCore::LocalFrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement, WTF::DefaultWeakPtrImpl>)
10 0x109c6dd90 WebCore::LocalFrameViewLayoutContext::performLayout()
11 0x109c4c460 WebCore::LocalFrameViewLayoutContext::layout()
12 0x108dc8054 WebCore::Document::updateLayout()
13 0x108dc9624 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)
14 0x108a0924c WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::ComputedStyleExtractor::UpdateLayout, WebCore::ComputedStyleExtractor::PropertyValueType)
15 0x1088c9d28 WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID, WebCore::ComputedStyleExtractor::UpdateLayout) const
16 0x1088c9e40 WebCore::CSSComputedStyleDeclaration::getPropertyValue(WebCore::CSSPropertyID) const
17 0x1088ca774 WebCore::CSSComputedStyleDeclaration::getPropertyValueInternal(WebCore::CSSPropertyID)
18 0x1089c0908 WebCore::CSSStyleDeclaration::propertyValueForCamelCasedIDLAttribute(WTF::AtomString const&)
19 0x1060a184c WebCore::jsCSSStyleDeclaration_propertyValueForCamelCasedIDLAttributeGetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName)
20 0x106005d14 long long WebCore::IDLAttribute<WebCore::JSCSSStyleDeclaration>::getPassingPropertyName<&WebCore::jsCSSStyleDeclaration_propertyValueForCamelCasedIDLAttributeGetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, JSC::PropertyName)
21 0x106005bd8 WebCore::jsCSSStyleDeclaration_propertyValueForCamelCasedIDLAttribute(JSC::JSGlobalObject*, long long, JSC::PropertyName)
22 0x1550df72c WTF::FunctionPtr<(WTF::PtrTag)57072, long long (JSC::JSGlobalObject*, long long, JSC::PropertyName), (WTF::FunctionAttributes)1>::operator()(JSC::JSGlobalObject*, long long, JSC::PropertyName) const
23 0x15533d17c JSC::PropertySlot::customGetter(JSC::VM&, JSC::PropertyName) const
24 0x153b25894 JSC::PropertySlot::getValue(JSC::JSGlobalObject*, JSC::PropertyName) const
25 0x1554cd9c8 JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) const
26 0x154e41588 JSC::LLInt::performLLIntGetByID(JSC::BytecodeIndex, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&)
27 0x154e41388 llint_slow_path_get_by_id
28 0x153b85118 llint_entry
29 0x153b9f170 llint_entry
30 0x153b9f170 llint_entry
31 0x153b790cc vmEntryToJavaScript
com.apple.WebKit.WebContent.Development terminated (pid 66397) for reason: crash
LEAK: 2 WebPageProxy
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/111065468>
Robert Jenner
I was able to reproduce this assertion at Ventura Debug ToT running the test as follows:
run-webkit-tests media/modern-media-controls/pip-support/pip-support-click.html
I was also able to bisect to a specific regression point. This reproduced at 265041@main, but not at 265040@main. So it looks like https://commits.webkit.org/265041@main is what caused this regression.
EWS
Test gardening commit 265335@main (73c3f3ee0350): <https://commits.webkit.org/265335@main>
Reviewed commits have been landed. Closing PR #15120 and removing active labels.
Alex Christensen
This can't have been caused by a rename. https://commits.webkit.org/265043@main seems more relevant.
Brandon
Regression point occurred at the change 265043.
Brandon
Just to add this test was already marked as failing in WK1 before the regression in 265043.
Matt Woodrow
Pull request: https://github.com/WebKit/WebKit/pull/18041
EWS
Committed 268304@main (f20a3ce20e86): <https://commits.webkit.org/268304@main>
Reviewed commits have been landed. Closing PR #18041 and removing active labels.