[Webkit-unassigned] [Bug 169753] New: Should never be reached failure in WebCore::PlatformCAFilters::setBlendingFiltersOnLayer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 16 08:19:08 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=169753

            Bug ID: 169753
           Summary: Should never be reached failure in
                    WebCore::PlatformCAFilters::setBlendingFiltersOnLayer
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: hodovan at inf.u-szeged.hu

Created attachment 304640
  --> https://bugs.webkit.org/attachment.cgi?id=304640&action=review
Test

Load the attached test with debug WebKitTestRunner:

Checked version: c9b0459
OS: macOS Sierra (10.12.3)

<style>
#id_0 {
    mix-blend-mode:saturation;
}
* {
    will-change:opacity;
}
</style>
<a id="id_0"></a>

Backtrace:

SHOULD NEVER BE REACHED
WebKit/Source/WebCore/platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm(589) : static void WebCore::PlatformCAFilters::setBlendingFiltersOnLayer(PlatformLayer *, const WebCore::BlendMode)
1   0x12cda8521 WTFCrash
2   0x116f825ef WebCore::PlatformCAFilters::setBlendingFiltersOnLayer(CALayer*, WebCore::BlendMode)
3   0x116f93be3 WebCore::PlatformCALayerCocoa::setBlendMode(WebCore::BlendMode)
4   0x1138138c5 WebCore::GraphicsLayerCA::updateBlendMode()
5   0x1138049e4 WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers(WebCore::GraphicsLayerCA::CommitState&, float, WebCore::FloatPoint const&)
6   0x1138022a1 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
7   0x1138026b5 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
8   0x1138026b5 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
9   0x1138026b5 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
10  0x1138026b5 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
11  0x1138026b5 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
12  0x1138026b5 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
13  0x1138026b5 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
14  0x1138026b5 WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool)
15  0x113800f24 WebCore::GraphicsLayerCA::flushCompositingState(WebCore::FloatRect const&)
16  0x117646d8f WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool)
17  0x1135aa7e9 WebCore::FrameView::flushCompositingStateForThisFrame(WebCore::Frame const&)
18  0x1135b4936 WebCore::FrameView::flushCompositingStateIncludingSubframes()
19  0x102cbe1b7 WebKit::TiledCoreAnimationDrawingArea::flushLayers()
20  0x102cb9266 WebKit::TiledCoreAnimationDrawingArea::forceRepaint()
21  0x1034214ed WebKit::WebPage::forceRepaintWithoutCallback()
22  0x103fde63d WKBundlePageForceRepaint
23  0x13419a98d WTR::InjectedBundlePage::dump()
24  0x1341997a2 WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool)
25  0x1341962a7 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*)
26  0x1341941f8 WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*)
27  0x1022001b5 WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&)
28  0x1030faea6 WebKit::WebFrameLoaderClient::dispatchDidFinishLoad()
29  0x11353168a WebCore::FrameLoader::checkLoadCompleteForThisFrame()
30  0x11351becb WebCore::FrameLoader::checkLoadComplete()
31  0x112cdf7e7 WebCore::DocumentLoader::finishedLoading()
ASAN:DEADLYSIGNAL
=================================================================
==42487==ERROR: AddressSanitizer: SEGV on unknown address 0x0000bbadbeef (pc 0x00012cda8559 bp 0x7fff5de9a7d0 sp 0x7fff5de9a7c0 T0)
    #0 0x12cda8558 in WTFCrash (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x36db558)
    #1 0x116f825ee in WebCore::PlatformCAFilters::setBlendingFiltersOnLayer(CALayer*, WebCore::BlendMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x55975ee)
    #2 0x116f93be2 in WebCore::PlatformCALayerCocoa::setBlendMode(WebCore::BlendMode) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x55a8be2)
    #3 0x1138138c4 in WebCore::GraphicsLayerCA::updateBlendMode() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e288c4)
    #4 0x1138049e3 in WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers(WebCore::GraphicsLayerCA::CommitState&, float, WebCore::FloatPoint const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e199e3)
    #5 0x1138022a0 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e172a0)
    #6 0x1138026b4 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e176b4)
    #7 0x1138026b4 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e176b4)
    #8 0x1138026b4 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e176b4)
    #9 0x1138026b4 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e176b4)
    #10 0x1138026b4 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e176b4)
    #11 0x1138026b4 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e176b4)
    #12 0x1138026b4 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e176b4)
    #13 0x1138026b4 in WebCore::GraphicsLayerCA::recursiveCommitChanges(WebCore::GraphicsLayerCA::CommitState const&, WebCore::TransformState const&, float, WebCore::FloatPoint const&, bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e176b4)
    #14 0x113800f23 in WebCore::GraphicsLayerCA::flushCompositingState(WebCore::FloatRect const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1e15f23)
    #15 0x117646d8e in WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x5c5bd8e)
    #16 0x1135aa7e8 in WebCore::FrameView::flushCompositingStateForThisFrame(WebCore::Frame const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bbf7e8)
    #17 0x1135b4935 in WebCore::FrameView::flushCompositingStateIncludingSubframes() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1bc9935)
    #18 0x102cbe1b6 in WebKit::TiledCoreAnimationDrawingArea::flushLayers() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xf4b1b6)
    #19 0x102cb9265 in WebKit::TiledCoreAnimationDrawingArea::forceRepaint() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0xf46265)
    #20 0x1034214ec in WebKit::WebPage::forceRepaintWithoutCallback() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x16ae4ec)
    #21 0x103fde63c in WKBundlePageForceRepaint (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x226b63c)
    #22 0x13419a98c in WTR::InjectedBundlePage::dump() (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x6b98c)
    #23 0x1341997a1 in WTR::InjectedBundlePage::frameDidChangeLocation(OpaqueWKBundleFrame const*, bool) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x6a7a1)
    #24 0x1341962a6 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundleFrame const*) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x672a6)
    #25 0x1341941f7 in WTR::InjectedBundlePage::didFinishLoadForFrame(OpaqueWKBundlePage const*, OpaqueWKBundleFrame const*, void const**, void const*) (WebKit/WebKitBuild/Debug/WebKitTestRunnerInjectedBundle.bundle/Contents/MacOS/WebKitTestRunnerInjectedBundle+0x651f7)
    #26 0x1022001b4 in WebKit::InjectedBundlePageLoaderClient::didFinishLoadForFrame(WebKit::WebPage*, WebKit::WebFrame*, WTF::RefPtr<API::Object>&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x48d1b4)
    #27 0x1030faea5 in WebKit::WebFrameLoaderClient::dispatchDidFinishLoad() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1387ea5)
    #28 0x113531689 in WebCore::FrameLoader::checkLoadCompleteForThisFrame() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b46689)
    #29 0x11351beca in WebCore::FrameLoader::checkLoadComplete() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x1b30eca)
    #30 0x112cdf7e6 in WebCore::DocumentLoader::finishedLoading() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12f47e6)
    #31 0x112cdf172 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x12f4172)
    #32 0x112003273 in WebCore::CachedResource::checkNotify() (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x618273)
    #33 0x112003903 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x618903)
    #34 0x111ff5198 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x60a198)
    #35 0x11857c4c9 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebCore.framework/Versions/A/WebCore+0x6b914c9)
    #36 0x103c87ac5 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f14ac5)
    #37 0x103c97989 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f24989)
    #38 0x103c97594 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(std::__1::tuple<WebCore::NetworkLoadMetrics>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f24594)
    #39 0x103c94648 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f21648)
    #40 0x103c927fa in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1f1f7fa)
    #41 0x10268b040 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x918040)
    #42 0x101f8e56a in IPC::Connection::dispatchMessage(IPC::Decoder&) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x21b56a)
    #43 0x101f72b94 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x1ffb94)
    #44 0x101f8f255 in IPC::Connection::dispatchOneMessage() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x21c255)
    #45 0x101fcfeac in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x25ceac)
    #46 0x101fcfdd8 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/WebKit+0x25cdd8)
    #47 0x12ce2c470 in WTF::Function<void ()>::operator()() const (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x375f470)
    #48 0x12ce7b1a0 in WTF::RunLoop::performWork() (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x37ae1a0)
    #49 0x12ce7c1d1 in WTF::RunLoop::performWork(void*) (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x37af1d1)
    #50 0x7fff79d43980 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xa7980)
    #51 0x7fff79d24a7c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88a7c)
    #52 0x7fff79d23f75 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87f75)
    #53 0x7fff79d23973 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x87973)
    #54 0x7fff792afa5b in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30a5b)
    #55 0x7fff792af890 in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30890)
    #56 0x7fff792af6c5 in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x306c5)
    #57 0x7fff778555b3 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x475b3)
    #58 0x7fff77fcfd6a in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7c1d6a)
    #59 0x7fff77849f34 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3bf34)
    #60 0x7fff7781484f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x684f)
    #61 0x7fff8f4df8c6 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x108c6)
    #62 0x7fff8f4de2e3 in xpc_main (/usr/lib/system/libxpc.dylib+0xf2e3)
    #63 0x101d59fb2 in main (WebKit/WebKitBuild/Debug/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001fb2)
    #64 0x7fff8f27b254 in start (/usr/lib/system/libdyld.dylib+0x5254)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (WebKit/WebKitBuild/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x36db558) in WTFCrash
==42487==ABORTING
#CRASHED - com.apple.WebKit.WebContent.Development (pid 42487)
LEAK: 1 WebProcessPool
LEAK: 1 WebPageProxy

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170316/4255c1ee/attachment-0001.html>

More information about the webkit-unassigned mailing list