[Webkit-unassigned] [Bug 155362] New: ASSERTION FAILED: accumulation == TransformState::FlattenTransform in WebCore::GraphicsLayerCA::computeVisibleAndCoverageRect
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 11 08:19:08 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=155362
Bug ID: 155362
Summary: ASSERTION FAILED: accumulation ==
TransformState::FlattenTransform in
WebCore::GraphicsLayerCA::computeVisibleAndCoverageRec
t
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: OS X 10.11
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rhodovan.u-szeged at partner.samsung.com
CC: dino at apple.com, simon.fraser at apple.com
Blocks: 116980
Created attachment 273734
--> https://bugs.webkit.org/attachment.cgi?id=273734&action=review
Test case
Load the attached test with minibrowser:
<style>
* {
-webkit-transform-style:preserve-3d
}
* {
transform:scale3d(206.83,76,556) rotateX(0deg);
position:fixed;
clip:rect(0,+85.492ch,auto,0em)
}
</style>
OS: Mac OS X 10.11.1 (x86_64), x86_64
Checked build: ASAN debug
Checked version: ecad464
Backtrace:
ASSERTION FAILED: accumulation == TransformState::FlattenTransform
/Users/reni/work/WebKit/Source/WebCore/platform/graphics/ca/GraphicsLayerCA.cpp(1246) : GraphicsLayerCA::VisibleAndCoverageRects WebCore::GraphicsLayerCA::computeVisibleAndCoverageRect(WebCore::TransformState &, bool, ComputeVisibleRectFlags) const
1 0x10f32faa4 WTFCrash
2 0x114dcaaeb WebCore::GraphicsLayerCA::computeVisibleAndCoverageRect(WebCore::TransformState&, bool, unsigned int) const
3 0x114dc6cea WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
4 0x114dc73af WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
5 0x114dc73af WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
6 0x114dc73af WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
7 0x114dc73af WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
8 0x114dc73af WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
9 0x114dc73af WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
10 0x114dc73af WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
11 0x114dc67e7 WebCore::GraphicsLayerCA::flushCompositingState(WebCore::FloatRect const&, bool)
12 0x117d5e255 WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool)
13 0x114bd803c WebCore::FrameView::flushCompositingStateForThisFrame(WebCore::Frame const&)
14 0x114bdd9c6 WebCore::FrameView::flushCompositingStateIncludingSubframes()
15 0x1071bd47a WebKit::TiledCoreAnimationDrawingArea::flushLayers()
16 0x1071b92b1 WebKit::TiledCoreAnimationDrawingArea::forceRepaint()
17 0x1076b8fd3 WebKit::WebPage::forceRepaintWithoutCallback()
18 0x1080cf3ed WKBundlePageForceRepaint
19 0x12e3b0e3a WTR::InjectedBundlePage::dump()
20 0x12e3afd12 WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool)
21 0x12e3ac997 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*)
22 0x12e3aa938 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*)
23 0x1067a3a11 WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&)
24 0x107495422 WebKit::WebFrameLoaderClient::dispatchDidFinishLoad()
25 0x114b5903f WebCore::FrameLoader::checkLoadCompleteForThisFrame()
26 0x114b46c83 WebCore::FrameLoader::checkLoadComplete()
27 0x11425a1cd WebCore::DocumentLoader::finishedLoading(double)
28 0x114259c6b WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*)
29 0x113637857 WebCore::CachedResource::checkNotify()
30 0x113637a44 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*)
31 0x11362dddd WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*)
ASAN:SIGSEGV
=================================================================
==78164==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00010f32fadc bp 0x7fff598f7ed0 sp 0x7fff598f7ec0 T0)
#0 0x10f32fadb in WTFCrash (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2b16adb)
#1 0x114dcaaea in WebCore::GraphicsLayerCA::computeVisibleAndCoverageRect(WebCore::TransformState&, bool, unsigned int) const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9faea)
#2 0x114dc6ce9 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9bce9)
#3 0x114dc73ae in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9c3ae)
#4 0x114dc73ae in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9c3ae)
#5 0x114dc73ae in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9c3ae)
#6 0x114dc73ae in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9c3ae)
#7 0x114dc73ae in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9c3ae)
#8 0x114dc73ae in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9c3ae)
#9 0x114dc73ae in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9c3ae)
#10 0x114dc67e6 in WebCore::GraphicsLayerCA::flushCompositingState(WebCore::FloatRect const&, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1d9b7e6)
#11 0x117d5e254 in WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x4d33254)
#12 0x114bd803b in WebCore::FrameView::flushCompositingStateForThisFrame(WebCore::Frame const&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bad03b)
#13 0x114bdd9c5 in WebCore::FrameView::flushCompositingStateIncludingSubframes() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bb29c5)
#14 0x1071bd479 in WebKit::TiledCoreAnimationDrawingArea::flushLayers() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xebf479)
#15 0x1071b92b0 in WebKit::TiledCoreAnimationDrawingArea::forceRepaint() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xebb2b0)
#16 0x1076b8fd2 in WebKit::WebPage::forceRepaintWithoutCallback() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x13bafd2)
#17 0x1080cf3ec in WKBundlePageForceRepaint (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1dd13ec)
#18 0x12e3b0e39 in WTR::InjectedBundlePage::dump() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x74e39)
#19 0x12e3afd11 in WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x73d11)
#20 0x12e3ac996 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x70996)
#21 0x12e3aa937 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x6e937)
#22 0x1067a3a10 in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x4a5a10)
#23 0x107495421 in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1197421)
#24 0x114b5903e in WebCore::FrameLoader::checkLoadCompleteForThisFrame() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b2e03e)
#25 0x114b46c82 in WebCore::FrameLoader::checkLoadComplete() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b1bc82)
#26 0x11425a1cc in WebCore::DocumentLoader::finishedLoading(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x122f1cc)
#27 0x114259c6a in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x122ec6a)
#28 0x113637856 in WebCore::CachedResource::checkNotify() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60c856)
#29 0x113637a43 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60ca43)
#30 0x11362dddc in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x602ddc)
#31 0x118cbb8f0 in WebCore::SubresourceLoader::didFinishLoading(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5c908f0)
#32 0x107e139ac in WebKit::WebResourceLoader::didFinishResourceLoad(double) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b159ac)
#33 0x107e27d42 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>&&, std::index_sequence<0ul>) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b29d42)
#34 0x107e279c1 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::__1::tuple<double>, std::make_index_sequence<1ul> >(std::__1::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b299c1)
#35 0x107e23d7e in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b25d7e)
#36 0x107e20dfd in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1b22dfd)
#37 0x106b95912 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x897912)
#38 0x1064d20d0 in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d40d0)
#39 0x1064b9631 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1bb631)
#40 0x1064d2ec0 in IPC::Connection::dispatchOneMessage() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1d4ec0)
#41 0x10650260c in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x20460c)
#42 0x1065025dc in void std::__1::__invoke_void_return_wrapper<void>::__call<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&>(IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10&&&) (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2045dc)
#43 0x1065023fb in std::__1::__function::__func<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10, std::__1::allocator<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >)::$_10>, void ()>::operator()() (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x2043fb)
#44 0x10e17444a in std::__1::function<void ()>::operator()() const (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x195b44a)
#45 0x10f4082dd in WTF::RunLoop::performWork() (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bef2dd)
#46 0x10f409249 in WTF::RunLoop::performWork(void*) (/Users/reni/work/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2bf0249)
#47 0x7fff888498b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0)
#48 0x7fff888290ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab)
#49 0x7fff888285ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce)
#50 0x7fff88827fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
#51 0x7fff86540d54 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30d54)
#52 0x7fff86540b8e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30b8e)
#53 0x7fff865409ce in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x309ce)
#54 0x7fff97bc6d95 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x49d95)
#55 0x7fff97bc61c4 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x491c4)
#56 0x7fff97bbad27 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3dd27)
#57 0x7fff97b83fbd in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x6fbd)
#58 0x7fff9408b4f1 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x114f1)
#59 0x7fff94089f1d in xpc_main (/usr/lib/system/libxpc.dylib+0xff1d)
#60 0x1062ec1cb in main (/Users/reni/work/WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x1000021cb)
#61 0x7fff908b05ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#62 0x0 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 WTFCrash
==78164==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 78164)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160311/77420d00/attachment-0001.html>
More information about the webkit-unassigned
mailing list