Bug 258325

Summary: REGRESSION (265043@main): ASSERTION FAILED: foundContainer on media/modern-media-controls/pip-support/pip-support-click.html
Product: WebKit Reporter: Robert Jenner <jenner>
Component: MediaAssignee: Matt Woodrow <mattwoodrow>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, brandonstewart, eric.carlson, jer.noble, megan_gardner, pascoe, thorton, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
See Also: https://bugs.webkit.org/show_bug.cgi?id=257916

Description Robert Jenner 2023-06-20 15:01:51 PDT 
media/modern-media-controls/pip-support/pip-support-click.html

is hitting a constant assertion on Mac Debug WK2. 

HISTORY:
https://results.webkit.org/?suite=layout-tests&test=media%2Fmodern-media-controls%2Fpip-support%2Fpip-support-click.html

STDERR URL:
https://build.webkit.org/results/Apple-Ventura-Debug-AppleSilicon-WK2-Tests/265331@main%20(2850)/media/modern-media-controls/pip-support/pip-support-click-crash-log.txt

STDERR TEXT:
ASSERTION FAILED: foundContainer
/Volumes/Data/worker/Apple-Ventura-Debug-Build/build/Source/WebCore/rendering/RenderGeometryMap.cpp(97) : void WebCore::RenderGeometryMap::mapToContainer(WebCore::TransformState &, const WebCore::RenderLayerModelObject *) const
1   0x1534de900 WTFCrash
2   0x1096d7800 WebCore::NetworkResourcesData::ResourceData::hasContent() const
3   0x10a75f8f8 WebCore::RenderGeometryMap::mapToContainer(WebCore::TransformState&, WebCore::RenderLayerModelObject const*) const
4   0x10a75fefc WebCore::RenderGeometryMap::mapToContainer(WebCore::FloatRect const&, WebCore::RenderLayerModelObject const*) const
5   0x10a6aea9c WebCore::RenderBox::outlineBoundsForRepaint(WebCore::RenderLayerModelObject const*, WebCore::RenderGeometryMap const*) const
6   0x10a791048 WebCore::RenderLayer::computeRepaintRects(WebCore::RenderLayerModelObject const*, WebCore::RenderGeometryMap const*)
7   0x10a78f91c WebCore::RenderLayer::recursiveUpdateLayerPositions(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsFlag>)
8   0x10a7901d8 WebCore::RenderLayer::updateLayerPositionsAfterLayout(bool, bool)
9   0x109c54e98 WebCore::LocalFrameView::didLayout(WTF::WeakPtr<WebCore::RenderElement, WTF::DefaultWeakPtrImpl>)
10  0x109c6dd90 WebCore::LocalFrameViewLayoutContext::performLayout()
11  0x109c4c460 WebCore::LocalFrameViewLayoutContext::layout()
12  0x108dc8054 WebCore::Document::updateLayout()
13  0x108dc9624 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)
14  0x108a0924c WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::ComputedStyleExtractor::UpdateLayout, WebCore::ComputedStyleExtractor::PropertyValueType)
15  0x1088c9d28 WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID, WebCore::ComputedStyleExtractor::UpdateLayout) const
16  0x1088c9e40 WebCore::CSSComputedStyleDeclaration::getPropertyValue(WebCore::CSSPropertyID) const
17  0x1088ca774 WebCore::CSSComputedStyleDeclaration::getPropertyValueInternal(WebCore::CSSPropertyID)
18  0x1089c0908 WebCore::CSSStyleDeclaration::propertyValueForCamelCasedIDLAttribute(WTF::AtomString const&)
19  0x1060a184c WebCore::jsCSSStyleDeclaration_propertyValueForCamelCasedIDLAttributeGetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName)
20  0x106005d14 long long WebCore::IDLAttribute<WebCore::JSCSSStyleDeclaration>::getPassingPropertyName<&WebCore::jsCSSStyleDeclaration_propertyValueForCamelCasedIDLAttributeGetter(JSC::JSGlobalObject&, WebCore::JSCSSStyleDeclaration&, JSC::PropertyName), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, JSC::PropertyName)
21  0x106005bd8 WebCore::jsCSSStyleDeclaration_propertyValueForCamelCasedIDLAttribute(JSC::JSGlobalObject*, long long, JSC::PropertyName)
22  0x1550df72c WTF::FunctionPtr<(WTF::PtrTag)57072, long long (JSC::JSGlobalObject*, long long, JSC::PropertyName), (WTF::FunctionAttributes)1>::operator()(JSC::JSGlobalObject*, long long, JSC::PropertyName) const
23  0x15533d17c JSC::PropertySlot::customGetter(JSC::VM&, JSC::PropertyName) const
24  0x153b25894 JSC::PropertySlot::getValue(JSC::JSGlobalObject*, JSC::PropertyName) const
25  0x1554cd9c8 JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) const
26  0x154e41588 JSC::LLInt::performLLIntGetByID(JSC::BytecodeIndex, JSC::CodeBlock*, JSC::JSGlobalObject*, JSC::JSValue, JSC::Identifier const&, JSC::GetByIdModeMetadata&)
27  0x154e41388 llint_slow_path_get_by_id
28  0x153b85118 llint_entry
29  0x153b9f170 llint_entry
30  0x153b9f170 llint_entry
31  0x153b790cc vmEntryToJavaScript
com.apple.WebKit.WebContent.Development terminated (pid 66397) for reason: crash
LEAK: 2 WebPageProxy
Comment 1 Radar WebKit Bug Importer 2023-06-20 15:02:12 PDT 
<rdar://problem/111065468>
Comment 2 Robert Jenner 2023-06-20 15:19:35 PDT 
I was able to reproduce this assertion at Ventura Debug ToT running the test as follows:

run-webkit-tests media/modern-media-controls/pip-support/pip-support-click.html

I was also able to bisect to a specific regression point. This reproduced at 265041@main, but not at 265040@main. So it looks like https://commits.webkit.org/265041@main is what caused this regression.
Comment 3 EWS 2023-06-20 15:31:02 PDT 
Test gardening commit 265335@main (73c3f3ee0350): <https://commits.webkit.org/265335@main>

Reviewed commits have been landed. Closing PR #15120 and removing active labels.
Comment 4 Alex Christensen 2023-06-21 10:31:07 PDT 
This can't have been caused by a rename.  https://commits.webkit.org/265043@main seems more relevant.
Comment 5 Brandon 2023-07-10 08:13:16 PDT 
Regression point occurred at the change 265043.
Comment 6 Brandon 2023-07-10 08:16:44 PDT 
Just to add this test was already marked as failing in WK1 before the regression in 265043.
Comment 7 Matt Woodrow 2023-09-21 14:01:46 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/18041
Comment 8 EWS 2023-09-22 02:08:54 PDT 
Committed 268304@main (f20a3ce20e86): <https://commits.webkit.org/268304@main>

Reviewed commits have been landed. Closing PR #18041 and removing active labels.