151031 – [GTK]ASSERTION FAILED: m_cachedInverseTransform == m_layerTransform.combined().inverse().valueOr(TransformationMatrix()) in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect

Bug 151031 - [GTK]ASSERTION FAILED: m_cachedInverseTransform == m_layerTransform.combined().inverse().valueOr(TransformationMatrix()) in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect

Summary: [GTK]ASSERTION FAILED: m_cachedInverseTransform == m_layerTransform.combined(...

Status:	REOPENED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2015-11-09 09:13 PST by Renata Hodovan
Modified:	2017-03-11 11:10 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Test (223 bytes, text/html) 2015-11-09 09:13 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2015-11-09 09:13:39 PST

Created attachment 265058 [details]
Test

Load the attached test with debug MiniBrowser:

<style>
* {
    transform: matrix3d(-30,0,0,-91,854,0,-68,-262,9304,0,-15,-74,-964,-454,-74,-957) skew(-473turn,180deg) skewY(270deg)
}
</style>
<pre>
<object align="left">
    <p>
        <input></input>
    </p>
</object>


OS: Ubuntu 14.10 x86_64
Checked build: debug EFL
Checked version: 9fa8210


Backtrace:

ASSERTION FAILED: m_cachedInverseTransform == m_layerTransform.combined().inverse()
../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp(916) : WebCore::IntRect WebCore::CoordinatedGraphicsLayer::transformedVisibleRect()
1   0x7f1d9d8e1e17 WTFCrash
2   0x7f1da46704cc WebCore::CoordinatedGraphicsLayer::transformedVisibleRect()
3   0x7f1da4670bd4 WebCore::CoordinatedGraphicsLayer::updateContentBuffers()
4   0x7f1da4670a22 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
5   0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
6   0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
7   0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
8   0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
9   0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
10  0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
11  0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
12  0x7f1da4670a73 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
13  0x7f1da4663275 WebCore::CompositingCoordinator::flushPendingLayerChanges()
14  0x7f1da378dd56 WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush()
15  0x7f1da378de0e WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired()
16  0x7f1da378f657 void std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const
17  0x7f1da378f509 void std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>)
18  0x7f1da378f381 void std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>()
19  0x7f1da378f0da std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&)
20  0x7f1da31f2ac2 std::function<void ()>::operator()() const
21  0x7f1da329f2da WebCore::Timer::fired()
22  0x7f1da4096a0d WebCore::ThreadTimers::sharedTimerFiredInternal()
23  0x7f1da40965fb
24  0x7f1da4096c1e
25  0x7f1da31f2ac2 std::function<void ()>::operator()() const
26  0x7f1da4e2a063 WebCore::MainThreadSharedTimer::fired()
27  0x7f1da503810e
28  0x7f1d9bc57fde
29  0x7f1d9bc5812b
30  0x7f1d9bc53e01
31  0x7f1d9bc54287 ecore_main_loop_begin
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f1d9d8e1e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007f1d9d8e1e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007f1da46704cc in WebCore::CoordinatedGraphicsLayer::transformedVisibleRect (this=0x7f1d8b85c040) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:916
#2  0x00007f1da4670bd4 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x7f1d8b85c040) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:995
#3  0x00007f1da4670a22 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b85c040) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:967
#4  0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b84ff00) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#5  0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b84f6c0) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#6  0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b84ee80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#7  0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b84e640) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#8  0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b82f080) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#9  0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b82e840) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#10 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b82e000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#11 0x00007f1da4670a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f1d8b81d140) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#12 0x00007f1da4663275 in WebCore::CompositingCoordinator::flushPendingLayerChanges (this=0x7f1d8bae1000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:99
#13 0x00007f1da378dd56 in WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush (this=0x7f1d8bbe0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:212
#14 0x00007f1da378de0e in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired (this=0x7f1d8bbe0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:227
#15 0x00007f1da378f657 in std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const (this=0x1ad1fe0, __object=0x7f1d8bbe0210) at /usr/include/c++/4.9/functional:569
#16 0x00007f1da378f509 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x1ad1fe0, __args=<unknown type in /home/renifuzz/data/REPOS/fuzztargets/webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x10384fe3, DIE 0x104f431c>) at /usr/include/c++/4.9/functional:1264
#17 0x00007f1da378f381 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>() (this=0x1ad1fe0) at /usr/include/c++/4.9/functional:1323
#18 0x00007f1da378f0da in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.9/functional:2039
#19 0x00007f1da31f2ac2 in std::function<void ()>::operator()() const (this=0x7f1d8bbe0280) at /usr/include/c++/4.9/functional:2439
#20 0x00007f1da329f2da in WebCore::Timer::fired (this=0x7f1d8bbe0248) at ../../Source/WebCore/platform/Timer.h:133
#21 0x00007f1da4096a0d in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7f1d8bbd4230) at ../../Source/WebCore/platform/ThreadTimers.cpp:121
#22 0x00007f1da40965fb in WebCore::ThreadTimers::<lambda()>::operator()(void) const (__closure=0x1ac84d0) at ../../Source/WebCore/platform/ThreadTimers.cpp:73
#23 0x00007f1da4096c1e in std::_Function_handler<void(), WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.9/functional:2039
#24 0x00007f1da31f2ac2 in std::function<void ()>::operator()() const (this=0x7f1da8f5b9e8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>) at /usr/include/c++/4.9/functional:2439
#25 0x00007f1da4e2a063 in WebCore::MainThreadSharedTimer::fired (this=0x7f1da8f5b9e0 <WebCore::MainThreadSharedTimer::singleton()::instance>) at ../../Source/WebCore/platform/MainThreadSharedTimer.cpp:52
#26 0x00007f1da503810e in WebCore::timerEvent () at ../../Source/WebCore/platform/efl/MainThreadSharedTimerEfl.cpp:44
#27 0x00007f1d9bc57fde in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:336
#28 _ecore_timer_expired_call (when=26002.99624945) at lib/ecore/ecore_timer.c:733
#29 0x00007f1d9bc5812b in _ecore_timer_expired_timers_call (when=26002.99624945) at lib/ecore/ecore_timer.c:686
#30 0x00007f1d9bc53e01 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1812
#31 0x00007f1d9bc54287 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:983
#32 0x00007f1d9d93cd03 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49
#33 0x00007f1da3792fad in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7ffe3c115b08) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#34 0x00007f1da3792bbb in WebKit::WebProcessMainUnix (argc=2, argv=0x7ffe3c115b08) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161
#35 0x00000000004008fa in main (argc=2, argv=0x7ffe3c115b08) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Comment 1 Brent Fulgham 2016-08-04 17:45:25 PDT

This does not reproduce under r204037. If you believe there is still a problem, please reopen the bug with a revised test case.

Comment 2 Renata Hodovan 2016-08-05 09:59:10 PDT

Using the attached test case the issue still seems valid in r204165 with debug EFL and GTK builds.

Comment 3 Brent Fulgham 2016-08-05 10:00:42 PDT

Ah! That makes sense. CoordinatedGraphics -> EFL/GTK. It's not used in iOS/Mac. I should have done a better job reviewing that.