229820 – [ BigSur arm64 EWS ] ASSERTION FAILED: !needsLayout() ./rendering/RenderView.cpp(305) : virtual void WebCore::RenderView::paint(WebCore::PaintInfo &, const WebCore::LayoutPoint &)

Bug 229820 - [ BigSur arm64 EWS ] ASSERTION FAILED: !needsLayout() ./rendering/RenderView.cpp(305) : virtual void WebCore::RenderView::paint(WebCore::PaintInfo &, const WebCore::LayoutPoint &)

Summary: [ BigSur arm64 EWS ] ASSERTION FAILED: !needsLayout() ./rendering/RenderView....

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Mac (Apple Silicon) Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-09-02 12:03 PDT by ayumi_kojima
Modified:	2021-09-10 16:58 PDT (History)
CC List:	8 users (show)

See Also:	207303 229671

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ayumi_kojima 2021-09-02 12:03:17 PDT

loader/stateobjects/pushstate-size.html

Is flaky crashing on macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS

The crash is not seen in the open source director: https://results.webkit.org/?suite=layout-tests&test=loader/stateobjects/pushstate-size.html

The test started being flaky at https://ews-build.webkit.org/#/builders/60/builds/6813

Crash log:

ASSERTION FAILED: !needsLayout()
./rendering/RenderView.cpp(305) : virtual void WebCore::RenderView::paint(WebCore::PaintInfo &, const WebCore::LayoutPoint &)
1   0x13981406c WTFCrash
2   0x117e98ff0 JSC::JSValue::isUndefined() const
3   0x11c53a248 WebCore::RenderView::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
4   0x11c3cb678 WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::RenderObject*)
5   0x11c3c7fd0 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>)
6   0x11c3e8fdc WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*)::$_24::operator()(WebCore::RenderLayer&, WTF::OptionSet<WebCore::RenderLayer::PaintLayerFlag>) const
7   0x11c3e89e0 WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, WTF::OptionSet<WebCore::PaintBehavior>, WebCore::EventRegionContext*)
8   0x11c3e9cb8 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
9   0x11bc8506c WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
10  0x11bd467b8 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
11  0x1192c2cac WebCore::PlatformCALayer::drawLayerContents(WebCore::GraphicsContext&, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, unsigned int)
12  0x11bd8c47c WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int)
13  0x1194eaf78 -[WebSimpleLayer drawInContext:]
14  0x1893ef7ac CABackingStoreUpdate_
15  0x18944c4b4 invocation function for block in CA::Layer::display_()
16  0x1893eea34 -[CALayer _display]
17  0x1194eacbc -[WebSimpleLayer display]
18  0x1893edb2c CA::Layer::display_if_needed(CA::Transaction*)
19  0x189519b64 CA::Context::commit_transaction(CA::Transaction*, double, double*)
20  0x1893cfab8 CA::Transaction::commit()
21  0x185aa4470 __62+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayLink]_block_invoke
22  0x1861f923c ___NSRunLoopObserverCreateWithHandler_block_invoke
23  0x183139cc8 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
24  0x183139b14 __CFRunLoopDoObservers
25  0x18313905c __CFRunLoopRun
26  0x1831385e8 CFRunLoopRunSpecific
27  0x183ee1688 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
28  0x183f73b70 -[NSRunLoop(NSRunLoop) run]
29  0x182daf768 _xpc_objc_main
30  0x182daef94 xpc_main
31  0x105899730 WebKit::XPCServiceMain(int, char const**)
com.apple.WebKit.WebContent.Development terminated (pid 5635) because the process crashed
LEAK: 3 WebPageProxy

Comment 1 ayumi_kojima 2021-09-02 12:04:41 PDT

Might be related 229671 since the crash log are very similar (imported/w3c/web-platform-tests/html/rendering/replaced-elements/svg-embedded-sizing/svg-in-img-auto.html)

Comment 2 Radar WebKit Bug Importer 2021-09-02 12:06:06 PDT

<rdar://problem/82687248>

Comment 3 ayumi_kojima 2021-09-02 12:15:29 PDT

Marked test expectations https://trac.webkit.org/changeset/281945/webkit

Comment 4 ayumi_kojima 2021-09-10 16:56:41 PDT

I was not able to reproduce the crash on BigSur AS using run-webkit-tests --iterations 100 --clobber-old-results --exit-after-n-crashes-or-timeouts 1 --force --debug loader/stateobjects/pushstate-size.html