[Webkit-unassigned] [Bug 215209] New: [GTK][WPE] Debug crashes in backdrop filter tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Aug 5 20:49:30 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=215209

            Bug ID: 215209
           Summary: [GTK][WPE] Debug crashes in backdrop filter tests
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: lmoura at igalia.com

Created attachment 406071

  --> https://bugs.webkit.org/attachment.cgi?id=406071&action=review

Backtrace

After r264968 enabled backdrop-filter support, several tests are asserting in debug mode, both GTK and WPE:

css3/filters/backdrop/backdrop-filter-does-not-size-properly-absolute.html
css3/filters/backdrop/backdrop-filter-does-not-size-properly-border-and-padding.html
css3/filters/backdrop/backdrop-filter-with-cliprect.html
css3/filters/backdrop/backdrop-filter-with-mask.html
css3/filters/backdrop/backdrop-with-visibility-hidden-changing.html
css3/filters/backdrop/backdrop-with-visibility-hidden.html
css3/filters/backdrop/resource-use-add-more-layers.html
css3/filters/backdrop/resource-use-excessive.html
css3/filters/backdrop/resource-use-ok.html
css3/filters/backdrop/resource-use-remove-some-layers.html

All but two of them fail with a similar backtrace (full backtrace attached):

Thread 1 (Thread 0x7f590c3da2c0 (LWP 12435)):
#0  0x00007f5915256a2a in WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295
#1  0x00007f59236af332 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#2  0x00007f592781c721 in WebCore::RenderLayerCompositor::scheduleRenderingUpdate() (this=0x7f5874629500) at ../../Source/WebCore/rendering/RenderLayerCompositor.cpp:521
#3  0x00007f592781ab4a in WebCore::RenderLayerBacking::notifyFlushRequired(WebCore::GraphicsLayer const*) (this=0x7f58b019b7e0) at ../../Source/WebCore/rendering/RenderLayerBacking.cpp:3638
#4  0x00007f5924e30c5d in WebCore::CoordinatedGraphicsLayer::notifyFlushRequired() (this=0x7f58b1e92800) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:69
#5  0x00007f5924e30cf2 in WebCore::CoordinatedGraphicsLayer::didChangeFilters() (this=0x7f58b1e92800) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:87
#6  0x00007f5924e32399 in WebCore::CoordinatedGraphicsLayer::setFilters(WebCore::FilterOperations const&) (this=0x7f58b1e92800, newFilters=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:512
#7  0x00007f5924e337b7 in WebCore::CoordinatedGraphicsLayer::<lambda(Nicosia::CompositionLayer::LayerState&)>::operator()(Nicosia::CompositionLayer::LayerState &) const (__closure=0x7ffcd5812d40, state=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:947
#8  0x00007f5924e369bf in Nicosia::CompositionLayer::updateState<WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly()::<lambda(Nicosia::CompositionLayer::LayerState&)> >(const WebCore::CoordinatedGraphicsLayer::<lambda(Nicosia::CompositionLayer::LayerState&)> &) (this=0x7f58c9481d00, functor=...) at ../../Source/WebCore/platform/graphics/nicosia/NicosiaPlatformLayer.h:207
#9  0x00007f5924e34526 in WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly() (this=0x7f58b1e0f000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:895
#10 0x00007f5924e32c9d in WebCore::CoordinatedGraphicsLayer::flushCompositingState(WebCore::FloatRect const&) (this=0x7f58b1e0f000, rect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:685
#11 0x00007f5924e32d3e in WebCore::CoordinatedGraphicsLayer::flushCompositingState(WebCore::FloatRect const&) (this=0x7f58b1e49800, rect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:691
#12 0x00007f5924e32d3e in WebCore::CoordinatedGraphicsLayer::flushCompositingState(WebCore::FloatRect const&) (this=0x7f58b209c000, rect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:691
#13 0x00007f5924e32d3e in WebCore::CoordinatedGraphicsLayer::flushCompositingState(WebCore::FloatRect const&) (this=0x7f58b208d000, rect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:691
#14 0x00007f5924e32d3e in WebCore::CoordinatedGraphicsLayer::flushCompositingState(WebCore::FloatRect const&) (this=0x7f58b208d800, rect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:691
#15 0x00007f5924e32d3e in WebCore::CoordinatedGraphicsLayer::flushCompositingState(WebCore::FloatRect const&) (this=0x7f58b20aa800, rect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:691
#16 0x00007f592781cb20 in WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool) (this=0x7f5874629500, isFlushRoot=true) at ../../Source/WebCore/rendering/RenderLayerCompositor.cpp:569
#17 0x00007f592782497d in WebCore::RenderLayerCompositor::layerTreeAsText(unsigned int) (this=0x7f5874629500, flags=32) at ../../Source/WebCore/rendering/RenderLayerCompositor.cpp:2181
#18 0x00007f59270ac8dc in WebCore::Frame::layerTreeAsText(unsigned int) const (this=0x7f590ba80000, flags=32) at ../../Source/WebCore/page/Frame.cpp:909
#19 0x00007f58c883fff2 in WebCore::Internals::layerTreeAsText(WebCore::Document&, unsigned short) const (this=0x7f58b2088b40, document=..., flags=16) at ../../Source/WebCore/testing/Internals.cpp:2837
#20 0x00007f58c873b2f7 in WebCore::jsInternalsPrototypeFunctionLayerTreeAsTextBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::IDLOperation<WebCore::JSInternals>::ClassParameter) (lexicalGlobalObject=0x7f58543a3080, callFrame=0x7ffcd5813300, castedThis=0x7f5854334000) at DerivedSources/WebCore/JSInternals.cpp:7193
#21 0x00007f58c877b100 in WebCore::IDLOperation<WebCore::JSInternals>::call<WebCore::jsInternalsPrototypeFunctionLayerTreeAsTextBody>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (lexicalGlobalObject=..., callFrame=..., operationName=0x7f58c897233f "layerTreeAsText") at ../../Source/WebCore/bindings/js/JSDOMOperation.h:53
#22 0x00007f58c873b39a in WebCore::jsInternalsPrototypeFunctionLayerTreeAsText(JSC::JSGlobalObject*, JSC::CallFrame*) (lexicalGlobalObject=0x7f58543a3080, callFrame=0x7ffcd5813300) at DerivedSources/WebCore/JSInternals.cpp:7198
#23 0x00007f58cb787178 in  ()
#24 0x00007ffcd5813390 in  ()
#25 0x00007f59139e8886 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1047
#26 0x0000000000000000 in  ()

The first exception is css3/filters/backdrop/backdrop-with-visibility-hidden.html, which crash in CGL::setContentsVisible(bool) instead of setFilters.

The second exception is css3/filters/backdrop/backdrop-filter-does-not-size-properly-absolute.html failing due an unhandled value (AnimatedPropertyWebKitBackdropFilter?) in Animation::applyInternal. I tried reproducing locally but this test only ended with the backtrace above.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200806/678f7dcf/attachment.htm>

More information about the webkit-unassigned mailing list