265537 2023-11-29 12:27:32 -0800 REGRESSION: ASSERTION FAILED: m_repaintRectsValid => m_repaintRects.clippedOverflowRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint().renderer.get()) 2023-12-04 14:16:46 -0800 1 1 1 Unclassified WebKit Compositing WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=188122 P2 Normal --- 1 fujii fujii simon.fraser oldest_to_newest 1995679 0 fujii 2023-11-29 12:27:32 -0800 271260@main: good 271263@main: bad Buildbot: builder WinCairo-64-bit-Debug-Tests build 21402 : 271263@main https://build.webkit.org/#/builders/727/builds/21402 Regressions: Unexpected crashes (3) compositing/geometry/fixed-position-composited-page-scale-scroll.html [ Crash ] fast/visual-viewport/zoomed-scroll-into-view-fixed.html [ Crash ] fast/visual-viewport/zoomed-scroll-to-anchor-in-position-fixed.html [ Crash ] https://build.webkit.org/results/WinCairo-64-bit-Debug-Tests/271263@main%20(21402)/compositing/geometry/fixed-position-composited-page-scale-scroll-stderr.txt ASSERTION FAILED: m_repaintRectsValid => m_repaintRects.clippedOverflowRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint().renderer.get()) C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebCore\rendering/RenderLayer.cpp(1275) : recursiveUpdateLayerPositionsAfterScroll 1 00007FF8F5DF1B99 WTFCrash 2 00007FF8DC981EB0 WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll 3 00007FF8DC9821E3 WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll 4 00007FF8DC19B645 WebCore::LocalFrameView::updateLayerPositionsAfterScrolling 5 00007FF8DC39AC21 WebCore::ScrollView::completeUpdatesAfterScrollTo 6 00007FF8DC39AF07 WebCore::ScrollView::scrollTo 7 00007FF8DC1A1274 WebCore::LocalFrameView::scrollTo 8 00007FF8DC39A735 WebCore::ScrollView::setScrollOffset 9 00007FF8DC3A1B9E WebCore::ScrollableArea::scrollPositionChanged 10 00007FF8DC3A20E4 WebCore::ScrollableArea::setScrollPositionFromAnimation 11 00007FF8DC38B5F9 WebCore::ScrollAnimator::notifyPositionChanged 12 00007FF8DC38AC45 WebCore::ScrollAnimator::setCurrentPosition 13 00007FF8DC38AB9C WebCore::ScrollAnimator::scrollToPositionWithoutAnimation 14 00007FF8DC3A153B WebCore::ScrollableArea::scrollToPositionWithoutAnimation 15 00007FF8DC39BD66 WebCore::ScrollView::updateScrollbars::<lambda_0>::operator() 16 00007FF8DC398B84 WebCore::ScrollView::updateScrollbars 17 00007FF8DC39B56B WebCore::ScrollView::setScrollPosition 18 00007FF8DC18B214 WebCore::LocalFrameView::setScrollPosition 19 00007FF8DC398F7B WebCore::ScrollView::setContentsScrollPosition 20 00007FF8DC17E6A3 WebCore::LocalDOMWindow::scrollTo 21 00007FF8DC17E777 WebCore::LocalDOMWindow::scrollTo 22 00007FF8D998DC0C WebCore::jsLocalDOMWindowInstanceFunction_scrollTo2Body::<lambda_1>::operator() 23 00007FF8D998DBBF WebCore::toJS<WebCore::IDLUndefined,`lambda at C:\BW\WinCairo-64-bit-Debug-Build\build\WebKitBuild\Debug\WebCore\DerivedSources\JSLocalDOMWindow.cpp:27186:5'> 24 00007FF8D998DA4C WebCore::jsLocalDOMWindowInstanceFunction_scrollTo2Body 25 00007FF8D998D382 WebCore::jsLocalDOMWindowInstanceFunction_scrollToOverloadDispatcher 26 00007FF8D998D110 WebCore::IDLOperation<WebCore::JSLocalDOMWindow>::call<&WebCore::jsLocalDOMWindowInstanceFunction_scrollToOverloadDispatcher,0> 27 00007FF8D997DDA4 WebCore::jsLocalDOMWindowInstanceFunction_scrollTo 28 00000207B11F115E (null) ERROR: 0000019D0029DED0 - [PID=5684] WebProcessProxy::didClose (web process crash) C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1098) : didClose ERROR: 0000019D0029DED0 - [PID=5684] WebProcessProxy::processDidTerminateOrFailedToLaunch: reason=Crash C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebProcessProxy.cpp(1106) : processDidTerminateOrFailedToLaunch ERROR: 0000019D001CA240 - [pageProxyID=181, webPageID=182, PID=5684] WebPageProxy::processDidTerminate: (pid 5684), reason=Crash C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(9138) : resetStateAfterProcessTermination ERROR: 0000019D001CA240 - [pageProxyID=181, webPageID=182, PID=5684] WebPageProxy::dispatchProcessDidTerminate: reason=Crash C:\BW\WinCairo-64-bit-Debug-Build\build\Source\WebKit\UIProcess/WebPageProxy.cpp(9196) : dispatchProcessDidTerminate WebProcess terminated (pid 5684) for reason: crash 1996069 1 fujii 2023-11-30 17:03:54 -0800 GTK port is also crashing. Buildbot: builder GTK-Linux-64-bit-Debug-Tests build 11839 : 271261@main https://build.webkit.org/#/builders/63/builds/11839 ASSERTION FAILED: m_repaintRectsValid => m_repaintRects.clippedOverflowRect == renderer().clippedOverflowRectForRepaint(renderer().containerForRepaint().renderer.get()) /app/webkit/Source/WebCore/rendering/RenderLayer.cpp(1275) : void WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<UpdateLayerPositionsAfterScrollFlag>) 1 0x7efeca54f773 WTFCrash 2 0x7efedb362a88 WebCore::RenderLayer::recursiveUpdateLayerPositionsAfterScroll(WebCore::RenderGeometryMap*, WTF::OptionSet<WebCore::RenderLayer::UpdateLayerPositionsAfterScrollFlag>) 3 0x7efedb3625ff WebCore::RenderLayer::updateLayerPositionsAfterDocumentScroll() 4 0x7efeda78fd97 WebCore::LocalFrameView::updateLayerPositionsAfterScrolling() 5 0x7efedaa32feb WebCore::ScrollView::completeUpdatesAfterScrollTo(WebCore::IntSize const&) 6 0x7efedaa32f9f WebCore::ScrollView::scrollTo(WebCore::IntPoint const&) 7 0x7efeda79529e WebCore::LocalFrameView::scrollTo(WebCore::IntPoint const&) 8 0x7efedaa32947 WebCore::ScrollView::setScrollOffset(WebCore::IntPoint const&) 9 0x7efedaa3a6c7 WebCore::ScrollableArea::scrollPositionChanged(WebCore::IntPoint const&) 10 0x7efedaa3ac1b WebCore::ScrollableArea::setScrollPositionFromAnimation(WebCore::IntPoint const&) 11 0x7efedaa25737 WebCore::ScrollAnimator::notifyPositionChanged(WebCore::FloatSize const&) 12 0x7efedaa25682 WebCore::ScrollAnimator::setCurrentPosition(WebCore::FloatPoint const&, WebCore::ScrollAnimator::NotifyScrollableArea) 13 0x7efedaa24d8d WebCore::ScrollAnimator::scrollToPositionWithoutAnimation(WebCore::FloatPoint const&, WebCore::ScrollClamping) 14 0x7efedaa3a065 WebCore::ScrollableArea::scrollToPositionWithoutAnimation(WebCore::FloatPoint const&, WebCore::ScrollClamping) 15 0x7efedaa337fd operator() 16 0x7efedaa34b33 WebCore::ScrollView::updateScrollbars(WebCore::IntPoint const&) 17 0x7efedaa33380 WebCore::ScrollView::setScrollPosition(WebCore::IntPoint const&, WebCore::ScrollPositionChangeOptions const&) 18 0x7efeda78d660 WebCore::LocalFrameView::setScrollPosition(WebCore::IntPoint const&, WebCore::ScrollPositionChangeOptions const&) 19 0x7efedaa315cf WebCore::ScrollView::setContentsScrollPosition(WebCore::IntPoint const&, WebCore::ScrollPositionChangeOptions const&) 20 0x7efeda77660e WebCore::LocalDOMWindow::scrollTo(WebCore::ScrollToOptions const&, WebCore::ScrollClamping, WebCore::ScrollSnapPointSelectionMethod, std::optional<WebCore::FloatSize>) const 21 0x7efeda77617a WebCore::LocalDOMWindow::scrollTo(double, double, WebCore::ScrollClamping) const 22 0x7efed7618a37 operator() 23 0x7efed768600c toJS<WebCore::IDLUndefined, WebCore::jsLocalDOMWindowInstanceFunction_scrollTo2Body(JSC::JSGlobalObject*, JSC::CallFrame*, IDLOperation<JSLocalDOMWindow>::ClassParameter)::<lambda()> > 24 0x7efed7618dab jsLocalDOMWindowInstanceFunction_scrollTo2Body 25 0x7efed7619046 jsLocalDOMWindowInstanceFunction_scrollToOverloadDispatcher 26 0x7efed768629c call<WebCore::jsLocalDOMWindowInstanceFunction_scrollToOverloadDispatcher> 27 0x7efed76190b8 jsLocalDOMWindowInstanceFunction_scrollTo 28 0x7efe74408038 ??? WebKitWebProcess terminated (pid 5332) for reason: crash 1996635 2 468858 fujii 2023-12-03 22:03:55 -0800 Created attachment 468858 Patch to enable ForceCompositingMode for WinCairo Enabling ForceCompositingMode for WinCairo resovles the assertion failure. This seems to be the reason why Mac WK2 and WPE don't crash. 1996636 3 fujii 2023-12-03 22:10:35 -0800 Mac WK1 doensn't crash because it skips the assertions. See bug#188122. GTK and WinCairo should do the same. 1996641 4 fujii 2023-12-03 22:26:22 -0800 Pull request: https://github.com/WebKit/WebKit/pull/21254 1996772 5 simon.fraser 2023-12-04 10:25:33 -0800 I am removing this assertion in https://github.com/WebKit/WebKit/pull/21241 468858 2023-12-03 22:03:55 -0800 2023-12-03 22:03:55 -0800 Patch to enable ForceCompositingMode for WinCairo wincairo-force-compositing-mode.patch text/plain 822 fujii ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvV2ViUHJvY2Vzcy9XZWJQYWdlL3djL0RyYXdpbmdB cmVhV0MuY3BwIGIvU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL1dlYlBhZ2Uvd2MvRHJhd2luZ0Fy ZWFXQy5jcHANCmluZGV4IDI3NGJiNTA2YWJmMS4uNGU2YjJlM2Q4M2VhIDEwMDY0NA0KLS0tIGEv U291cmNlL1dlYktpdC9XZWJQcm9jZXNzL1dlYlBhZ2Uvd2MvRHJhd2luZ0FyZWFXQy5jcHANCisr KyBiL1NvdXJjZS9XZWJLaXQvV2ViUHJvY2Vzcy9XZWJQYWdlL3djL0RyYXdpbmdBcmVhV0MuY3Bw DQpAQCAtMTE5LDcgKzExOSw3IEBAIHZvaWQgRHJhd2luZ0FyZWFXQzo6dXBkYXRlUHJlZmVyZW5j ZXMoY29uc3QgV2ViUHJlZmVyZW5jZXNTdG9yZSYgc3RvcmUpDQogew0KICAgICBTZXR0aW5ncyYg c2V0dGluZ3MgPSBtX3dlYlBhZ2UtPmNvcmVQYWdlKCktPnNldHRpbmdzKCk7DQogICAgIHNldHRp bmdzLnNldEFjY2VsZXJhdGVkQ29tcG9zaXRpbmdGb3JGaXhlZFBvc2l0aW9uRW5hYmxlZChzZXR0 aW5ncy5hY2NlbGVyYXRlZENvbXBvc2l0aW5nRW5hYmxlZCgpKTsNCi0gICAgc2V0dGluZ3Muc2V0 Rm9yY2VDb21wb3NpdGluZ01vZGUoc3RvcmUuZ2V0Qm9vbFZhbHVlRm9yS2V5KFdlYlByZWZlcmVu Y2VzS2V5OjpzaXRlSXNvbGF0aW9uRW5hYmxlZEtleSgpKSk7DQorICAgIHNldHRpbmdzLnNldEZv cmNlQ29tcG9zaXRpbmdNb2RlKHRydWUpOw0KIH0NCiANCiBib29sIERyYXdpbmdBcmVhV0M6OnNo b3VsZFVzZVRpbGVkQmFja2luZ0ZvckZyYW1lVmlldyhjb25zdCBXZWJDb3JlOjpMb2NhbEZyYW1l VmlldyYgZnJhbWVWaWV3KSBjb25zdA0K