Bug 265537

Summary: REGRESSION: ASSERTION FAILED: m_repaintRectsValid => m_repaintRects.clippedOverflowRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint().renderer.get())
Product: WebKit Reporter: Fujii Hironori <Hironori.Fujii>
Component: CompositingAssignee: Fujii Hironori <Hironori.Fujii>
Status: RESOLVED FIXED    
Severity: Normal CC: simon.fraser
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=188122
Attachments:
Description Flags
Patch to enable ForceCompositingMode for WinCairo none

Description Fujii Hironori 2023-11-29 12:27:32 PST 
271260@main: good
271263@main: bad

Buildbot: builder WinCairo-64-bit-Debug-Tests build 21402 : 271263@main
https://build.webkit.org/#/builders/727/builds/21402

Regressions: Unexpected crashes (3)
  compositing/geometry/fixed-position-composited-page-scale-scroll.html [ Crash ]
  fast/visual-viewport/zoomed-scroll-into-view-fixed.html [ Crash ]
  fast/visual-viewport/zoomed-scroll-to-anchor-in-position-fixed.html [ Crash ]


https://build.webkit.org/results/WinCairo-64-bit-Debug-Tests/271263@main%20(21402)/compositing/geometry/fixed-position-composited-page-scale-scroll-stderr.txt

ASSERTION FAILED: m_repaintRectsValid => m_repaintRects.clippedOverflowRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint().renderer.get())
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\rendering/RenderLayer.cpp(1275) : recursiveUpdateLayerPositionsAfterScroll
1   00007FF8F5DF1B99 WTFCrash
2   00007FF8DC981EB0 WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll
3   00007FF8DC9821E3 WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll
4   00007FF8DC19B645 WebCore::LocalFrameView::updateLayerPositionsAfterScrolling
5   00007FF8DC39AC21 WebCore::ScrollView::completeUpdatesAfterScrollTo
6   00007FF8DC39AF07 WebCore::ScrollView::scrollTo
7   00007FF8DC1A1274 WebCore::LocalFrameView::scrollTo
8   00007FF8DC39A735 WebCore::ScrollView::setScrollOffset
9   00007FF8DC3A1B9E WebCore::ScrollableArea::scrollPositionChanged
10  00007FF8DC3A20E4 WebCore::ScrollableArea::setScrollPositionFromAnimation
11  00007FF8DC38B5F9 WebCore::ScrollAnimator::notifyPositionChanged
12  00007FF8DC38AC45 WebCore::ScrollAnimator::setCurrentPosition
13  00007FF8DC38AB9C WebCore::ScrollAnimator::scrollToPositionWithoutAnimation
14  00007FF8DC3A153B WebCore::ScrollableArea::scrollToPositionWithoutAnimation
15  00007FF8DC39BD66 WebCore::ScrollView::updateScrollbars::<lambda_0>::operator()
16  00007FF8DC398B84 WebCore::ScrollView::updateScrollbars
17  00007FF8DC39B56B WebCore::ScrollView::setScrollPosition
18  00007FF8DC18B214 WebCore::LocalFrameView::setScrollPosition
19  00007FF8DC398F7B WebCore::ScrollView::setContentsScrollPosition
20  00007FF8DC17E6A3 WebCore::LocalDOMWindow::scrollTo
21  00007FF8DC17E777 WebCore::LocalDOMWindow::scrollTo
22  00007FF8D998DC0C WebCore::jsLocalDOMWindowInstanceFunction_scrollTo2Body::<lambda_1>::operator()
23  00007FF8D998DBBF WebCore::toJS<WebCore::IDLUndefined,`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WebCore\DerivedSources\JSLocalDOMWindow.cpp:27186:5'>
24  00007FF8D998DA4C WebCore::jsLocalDOMWindowInstanceFunction_scrollTo2Body
25  00007FF8D998D382 WebCore::jsLocalDOMWindowInstanceFunction_scrollToOverloadDispatcher
26  00007FF8D998D110 WebCore::IDLOperation<WebCore::JSLocalDOMWindow>::call<&WebCore::jsLocalDOMWindowInstanceFunction_scrollToOverloadDispatcher,0>
27  00007FF8D997DDA4 WebCore::jsLocalDOMWindowInstanceFunction_scrollTo
28  00000207B11F115E (null)
ERROR: 0000019D0029DED0 - [PID=5684] WebProcessProxy::didClose (web process crash)
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1098) : didClose
ERROR: 0000019D0029DED0 - [PID=5684] WebProcessProxy::processDidTerminateOrFailedToLaunch: reason=Crash
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1106) : processDidTerminateOrFailedToLaunch
ERROR: 0000019D001CA240 - [pageProxyID=181, webPageID=182, PID=5684] WebPageProxy::processDidTerminate: (pid 5684), reason=Crash
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(9138) : resetStateAfterProcessTermination
ERROR: 0000019D001CA240 - [pageProxyID=181, webPageID=182, PID=5684] WebPageProxy::dispatchProcessDidTerminate: reason=Crash
C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(9196) : dispatchProcessDidTerminate
WebProcess terminated (pid 5684) for reason: crash
Comment 1 Fujii Hironori 2023-11-30 17:03:54 PST 
GTK port is also crashing.

Buildbot: builder GTK-Linux-64-bit-Debug-Tests build 11839 : 271261@main
https://build.webkit.org/#/builders/63/builds/11839

ASSERTION FAILED: m_repaintRectsValid => m_repaintRects.clippedOverflowRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint().renderer.get())
/app/webkit/Source/WebCore/rendering/RenderLayer.cpp(1275) : void WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<UpdateLayerPositionsAfterScrollFlag>)
1   0x7efeca54f773 WTFCrash
2   0x7efedb362a88 WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>)
3   0x7efedb3625ff WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll()
4   0x7efeda78fd97 WebCore::LocalFrameView::updateLayerPositionsAfterScrolling()
5   0x7efedaa32feb WebCore::ScrollView::completeUpdatesAfterScrollTo(WebCore::IntSize const&)
6   0x7efedaa32f9f WebCore::ScrollView::scrollTo(WebCore::IntPoint const&)
7   0x7efeda79529e WebCore::LocalFrameView::scrollTo(WebCore::IntPoint const&)
8   0x7efedaa32947 WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&)
9   0x7efedaa3a6c7 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&)
10  0x7efedaa3ac1b WebCore::ScrollableArea::setScrollPositionFromAnimation(WebCore::IntPoint const&)
11  0x7efedaa25737 WebCore::ScrollAnimator::notifyPositionChanged(WebCore::FloatSize const&)
12  0x7efedaa25682 WebCore::ScrollAnimator::setCurrentPosition(WebCore::FloatPoint const&, WebCore::ScrollAnimator::NotifyScrollableArea)
13  0x7efedaa24d8d WebCore::ScrollAnimator::scrollToPositionWithoutAnimation(WebCore::FloatPoint const&, WebCore::ScrollClamping)
14  0x7efedaa3a065 WebCore::ScrollableArea::scrollToPositionWithoutAnimation(WebCore::FloatPoint const&, WebCore::ScrollClamping)
15  0x7efedaa337fd operator()
16  0x7efedaa34b33 WebCore::ScrollView::updateScrollbars(WebCore::IntPoint const&)
17  0x7efedaa33380 WebCore::ScrollView::setScrollPosition(WebCore::IntPoint const&, WebCore::ScrollPositionChangeOptions const&)
18  0x7efeda78d660 WebCore::LocalFrameView::setScrollPosition(WebCore::IntPoint const&, WebCore::ScrollPositionChangeOptions const&)
19  0x7efedaa315cf WebCore::ScrollView::setContentsScrollPosition(WebCore::IntPoint const&, WebCore::ScrollPositionChangeOptions const&)
20  0x7efeda77660e WebCore::LocalDOMWindow::scrollTo(WebCore::ScrollToOptions const&, WebCore::ScrollClamping, WebCore::ScrollSnapPointSelectionMethod, std::optional<WebCore::FloatSize>) const
21  0x7efeda77617a WebCore::LocalDOMWindow::scrollTo(double, double, WebCore::ScrollClamping) const
22  0x7efed7618a37 operator()
23  0x7efed768600c toJS<WebCore::IDLUndefined, WebCore::jsLocalDOMWindowInstanceFunction_scrollTo2Body(JSC::JSGlobalObject*, JSC::CallFrame*, IDLOperation<JSLocalDOMWindow>::ClassParameter)::<lambda()> >
24  0x7efed7618dab jsLocalDOMWindowInstanceFunction_scrollTo2Body
25  0x7efed7619046 jsLocalDOMWindowInstanceFunction_scrollToOverloadDispatcher
26  0x7efed768629c call<WebCore::jsLocalDOMWindowInstanceFunction_scrollToOverloadDispatcher>
27  0x7efed76190b8 jsLocalDOMWindowInstanceFunction_scrollTo
28  0x7efe74408038 ???
WebKitWebProcess terminated (pid 5332) for reason: crash
Comment 2 Fujii Hironori 2023-12-03 22:03:55 PST 
Created attachment 468858 [details]
Patch to enable ForceCompositingMode for WinCairo

Enabling ForceCompositingMode for WinCairo resovles the assertion failure.
This seems to be the reason why Mac WK2 and WPE don't crash.
Comment 3 Fujii Hironori 2023-12-03 22:10:35 PST 
Mac WK1 doensn't crash because it skips the assertions. See bug#188122.
GTK and WinCairo should do the same.
Comment 4 Fujii Hironori 2023-12-03 22:26:22 PST 
Pull request: https://github.com/WebKit/WebKit/pull/21254
Comment 5 Simon Fraser (smfr) 2023-12-04 10:25:33 PST 
I am removing this assertion in https://github.com/WebKit/WebKit/pull/21241