151083 – ARGUMENT BAD: repaintContainer, !repaintContainer || repaintContainer == this in WebCore::RenderView::mapLocalToContainer

Bug 151083 - ARGUMENT BAD: repaintContainer, !repaintContainer || repaintContainer == this in WebCore::RenderView::mapLocalToContainer

Summary: ARGUMENT BAD: repaintContainer, !repaintContainer || repaintContainer == this...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2015-11-10 00:45 PST by Renata Hodovan
Modified:	2016-08-04 18:09 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Test (124 bytes, text/html) 2015-11-10 00:45 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2015-11-10 00:45:32 PST

Created attachment 265152 [details]
Test

Load the attached test with debug MiniBrowser:

<style>
* {
    outline-style: auto;
    opacity: -80.284761;
}
</style>
<b>
    <video controls></video>
    <h2></h2>
</b>


OS: Ubuntu 14.10 x86_64
Checked build: debug EFL
Checked version: 9fa8210


Backtrace:

ARGUMENT BAD: repaintContainer, !repaintContainer || repaintContainer == this
../../Source/WebCore/rendering/RenderView.cpp(441) : virtual void WebCore::RenderView::mapLocalToContainer(const WebCore::RenderLayerModelObject*, WebCore::TransformState&, WebCore::MapCoordinatesFlags, bool*) const
1   0x7f8f75926e17 WTFCrash
2   0x7f8f7c4239d5 WebCore::RenderView::mapLocalToContainer(WebCore::RenderLayerModelObject const*, WebCore::TransformState&, unsigned int, bool*) const
3   0x7f8f7c27dd63 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderLayerModelObject const*, WebCore::TransformState&, unsigned int, bool*) const
4   0x7f8f7c27dd63 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderLayerModelObject const*, WebCore::TransformState&, unsigned int, bool*) const
5   0x7f8f7c27dd63 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderLayerModelObject const*, WebCore::TransformState&, unsigned int, bool*) const
6   0x7f8f7c27dd63 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderLayerModelObject const*, WebCore::TransformState&, unsigned int, bool*) const
7   0x7f8f7c3b40f5 WebCore::RenderObject::localToContainerPoint(WebCore::FloatPoint const&, WebCore::RenderLayerModelObject const*, unsigned int, bool*) const
8   0x7f8f7c21ec48 WebCore::RenderBlock::addFocusRingRects(WTF::Vector<WebCore::IntRect, 0ul, WTF::CrashOnOverflow, 16ul>&, WebCore::LayoutPoint const&, WebCore::RenderLayerModelObject const*)
9   0x7f8f7c31f363 WebCore::RenderInline::addFocusRingRects(WTF::Vector<WebCore::IntRect, 0ul, WTF::CrashOnOverflow, 16ul>&, WebCore::LayoutPoint const&, WebCore::RenderLayerModelObject const*)
10  0x7f8f7c2c5ea0 WebCore::RenderElement::paintFocusRing(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::RenderStyle const&)
11  0x7f8f7c31f44f WebCore::RenderInline::paintOutline(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
12  0x7f8f7c37bc03 WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const
13  0x7f8f7c31b50e WebCore::RenderInline::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&)
14  0x7f8f7c33a561 WebCore::RenderLayer::paintOutlineForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*)
15  0x7f8f7c33815d WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int)
16  0x7f8f7c35ea1c WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int)
17  0x7f8f7c35ed86 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&)
18  0x7f8f7c14b4a4 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&)
19  0x7f8f7c6b51e1 WebCore::CoordinatedGraphicsLayer::tiledBackingStorePaint(WebCore::GraphicsContext&, WebCore::IntRect const&)
20  0x7f8f7d08a450 WebCore::Tile::paintToSurfaceContext(WebCore::GraphicsContext&)
21  0x7f8f7c6bff59 WebCore::UpdateAtlasSurfaceClient::paintToSurfaceContext(WebCore::GraphicsContext&)
22  0x7f8f7b71ff5b WebKit::WebCoordinatedSurface::paintToSurface(WebCore::IntRect const&, WebCore::CoordinatedSurface::Client*)
23  0x7f8f7c6bfc99 WebCore::UpdateAtlas::paintOnAvailableBuffer(WebCore::IntSize const&, unsigned int&, WebCore::IntPoint&, WebCore::CoordinatedSurface::Client*)
24  0x7f8f7c6a997c WebCore::CompositingCoordinator::paintToSurface(WebCore::IntSize const&, unsigned int, unsigned int&, WebCore::IntPoint&, WebCore::CoordinatedSurface::Client*)
25  0x7f8f7c6b56c2 WebCore::CoordinatedGraphicsLayer::paintToSurface(WebCore::IntSize const&, unsigned int&, WebCore::IntPoint&, WebCore::CoordinatedSurface::Client*)
26  0x7f8f7d08a1f8 WebCore::Tile::updateBackBuffer()
27  0x7f8f7c6ba847 WebCore::TiledBackingStore::updateTileBuffers()
28  0x7f8f7c6bb182 WebCore::TiledBackingStore::createTiles(WebCore::IntRect const&, WebCore::IntRect const&)
29  0x7f8f7c6ba539 WebCore::TiledBackingStore::createTilesIfNeeded(WebCore::IntRect const&, WebCore::IntRect const&)
30  0x7f8f7c6b5c04 WebCore::CoordinatedGraphicsLayer::updateContentBuffers()
31  0x7f8f7c6b5a22 WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers()
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f8f75926e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007f8f75926e1c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007f8f7c4239d5 in WebCore::RenderView::mapLocalToContainer (this=0x7f8f63ade228, repaintContainer=0x7f8f63be1a28, transformState=..., mode=2, wasFixed=0x0) at ../../Source/WebCore/rendering/RenderView.cpp:441
#2  0x00007f8f7c27dd63 in WebCore::RenderBox::mapLocalToContainer (this=0x7f8f63bb7398, repaintContainer=0x7f8f63be1a28, transformState=..., mode=2, wasFixed=0x0) at ../../Source/WebCore/rendering/RenderBox.cpp:2026
#3  0x00007f8f7c27dd63 in WebCore::RenderBox::mapLocalToContainer (this=0x7f8f63bb7450, repaintContainer=0x7f8f63be1a28, transformState=..., mode=2, wasFixed=0x0) at ../../Source/WebCore/rendering/RenderBox.cpp:2026
#4  0x00007f8f7c27dd63 in WebCore::RenderBox::mapLocalToContainer (this=0x7f8f63bb7f18, repaintContainer=0x7f8f63be1a28, transformState=..., mode=2, wasFixed=0x0) at ../../Source/WebCore/rendering/RenderBox.cpp:2026
#5  0x00007f8f7c27dd63 in WebCore::RenderBox::mapLocalToContainer (this=0x7f8f63bb7e60, repaintContainer=0x7f8f63be1a28, transformState=..., mode=2, wasFixed=0x0) at ../../Source/WebCore/rendering/RenderBox.cpp:2026
#6  0x00007f8f7c3b40f5 in WebCore::RenderObject::localToContainerPoint (this=0x7f8f63bb7e60, localPoint=..., repaintContainer=0x7f8f63be1a28, mode=2, wasFixed=0x0) at ../../Source/WebCore/rendering/RenderObject.cpp:1370
#7  0x00007f8f7c21ec48 in WebCore::RenderBlock::addFocusRingRects (this=0x7f8f63bb7f18, rects=..., additionalOffset=..., paintContainer=0x7f8f63be1a28) at ../../Source/WebCore/rendering/RenderBlock.cpp:3449
#8  0x00007f8f7c31f363 in WebCore::RenderInline::addFocusRingRects (this=0x7f8f63be1a28, rects=..., additionalOffset=..., paintContainer=0x7f8f63be1a28) at ../../Source/WebCore/rendering/RenderInline.cpp:1552
#9  0x00007f8f7c2c5ea0 in WebCore::RenderElement::paintFocusRing (this=0x7f8f63be1a28, paintInfo=..., paintOffset=..., style=...) at ../../Source/WebCore/rendering/RenderElement.cpp:2055
#10 0x00007f8f7c31f44f in WebCore::RenderInline::paintOutline (this=0x7f8f63be1a28, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderInline.cpp:1564
#11 0x00007f8f7c37bc03 in WebCore::RenderLineBoxList::paint (this=0x7f8f63be1a80, renderer=0x7f8f63be1a28, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderLineBoxList.cpp:279
#12 0x00007f8f7c31b50e in WebCore::RenderInline::paint (this=0x7f8f63be1a28, paintInfo=..., paintOffset=...) at ../../Source/WebCore/rendering/RenderInline.cpp:608
#13 0x00007f8f7c33a561 in WebCore::RenderLayer::paintOutlineForFragments (this=0x7f8f63a89000, layerFragments=..., context=..., localPaintingInfo=..., paintBehavior=0, subtreePaintRootForRenderer=0x0) at ../../Source/WebCore/rendering/RenderLayer.cpp:4752
#14 0x00007f8f7c33815d in WebCore::RenderLayer::paintLayerContents (this=0x7f8f63a89000, originalContext=..., paintingInfo=..., paintFlags=96) at ../../Source/WebCore/rendering/RenderLayer.cpp:4332
#15 0x00007f8f7c35ea1c in WebCore::RenderLayerBacking::paintIntoLayer (this=0x7f8f63b2b2a0, graphicsLayer=0x7f8f6394cdc0, context=..., paintDirtyRect=..., paintBehavior=0, paintingPhase=3) at ../../Source/WebCore/rendering/RenderLayerBacking.cpp:2303
#16 0x00007f8f7c35ed86 in WebCore::RenderLayerBacking::paintContents (this=0x7f8f63b2b2a0, graphicsLayer=0x7f8f6394cdc0, context=..., paintingPhase=3, clip=...) at ../../Source/WebCore/rendering/RenderLayerBacking.cpp:2341
#17 0x00007f8f7c14b4a4 in WebCore::GraphicsLayer::paintGraphicsLayerContents (this=0x7f8f6394cdc0, context=..., clip=...) at ../../Source/WebCore/platform/graphics/GraphicsLayer.cpp:413
#18 0x00007f8f7c6b51e1 in WebCore::CoordinatedGraphicsLayer::tiledBackingStorePaint (this=0x7f8f6394cdc0, context=..., rect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:876
#19 0x00007f8f7d08a450 in WebCore::Tile::paintToSurfaceContext (this=0xa8dc20, context=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/Tile.cpp:100
#20 0x00007f8f7c6bff59 in WebCore::UpdateAtlasSurfaceClient::paintToSurfaceContext (this=0x7fff0db5bf20, context=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/UpdateAtlas.cpp:50
#21 0x00007f8f7b71ff5b in WebKit::WebCoordinatedSurface::paintToSurface (this=0x7f8f63b11140, rect=..., client=0x7fff0db5bf20) at ../../Source/WebKit2/Shared/CoordinatedGraphics/WebCoordinatedSurface.cpp:190
#22 0x00007f8f7c6bfc99 in WebCore::UpdateAtlas::paintOnAvailableBuffer (this=0x83cba0, size=..., atlasID=@0x7fff0db5c080: 2, offset=..., client=0xa8dc20) at ../../Source/WebCore/platform/graphics/texmap/coordinated/UpdateAtlas.cpp:110
#23 0x00007f8f7c6a997c in WebCore::CompositingCoordinator::paintToSurface (this=0x7f8f63ae1000, size=..., flags=1, atlasID=@0x7fff0db5c080: 2, offset=..., client=0xa8dc20) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:375
#24 0x00007f8f7c6b56c2 in WebCore::CoordinatedGraphicsLayer::paintToSurface (this=0x7f8f6394cdc0, size=..., atlas=@0x7fff0db5c080: 2, offset=..., client=0xa8dc20) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:926
#25 0x00007f8f7d08a1f8 in WebCore::Tile::updateBackBuffer (this=0xa8dc20) at ../../Source/WebCore/platform/graphics/texmap/coordinated/Tile.cpp:75
#26 0x00007f8f7c6ba847 in WebCore::TiledBackingStore::updateTileBuffers (this=0x7f8f63b29ab0) at ../../Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp:100
#27 0x00007f8f7c6bb182 in WebCore::TiledBackingStore::createTiles (this=0x7f8f63b29ab0, visibleRect=..., scaledContentsRect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp:234
#28 0x00007f8f7c6ba539 in WebCore::TiledBackingStore::createTilesIfNeeded (this=0x7f8f63b29ab0, unscaledVisibleRect=..., contentsRect=...) at ../../Source/WebCore/platform/graphics/texmap/coordinated/TiledBackingStore.cpp:64
#29 0x00007f8f7c6b5c04 in WebCore::CoordinatedGraphicsLayer::updateContentBuffers (this=0x7f8f6394cdc0) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:995
#30 0x00007f8f7c6b5a22 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f8f6394cdc0) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:967
#31 0x00007f8f7c6b5a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f8f63968000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#32 0x00007f8f7c6b5a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f8f63855c80) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#33 0x00007f8f7c6b5a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f8f6382e840) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#34 0x00007f8f7c6b5a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f8f6382e000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#35 0x00007f8f7c6b5a73 in WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers (this=0x7f8f6381d140) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:970
#36 0x00007f8f7c6a8275 in WebCore::CompositingCoordinator::flushPendingLayerChanges (this=0x7f8f63ae1000) at ../../Source/WebCore/platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:99
#37 0x00007f8f7b7d2d56 in WebKit::CoordinatedLayerTreeHost::performScheduledLayerFlush (this=0x7f8f63be0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:212
#38 0x00007f8f7b7d2e0e in WebKit::CoordinatedLayerTreeHost::layerFlushTimerFired (this=0x7f8f63be0210) at ../../Source/WebKit2/WebProcess/WebPage/CoordinatedGraphics/CoordinatedLayerTreeHost.cpp:227
#39 0x00007f8f7b7d4657 in std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()>::operator()<, void>(WebKit::CoordinatedLayerTreeHost*) const (this=0x7a3e00, __object=0x7f8f63be0210) at /usr/include/c++/4.9/functional:569
#40 0x00007f8f7b7d4509 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x7a3e00, __args=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x10384fe3, DIE 0x104f431c>) at /usr/include/c++/4.9/functional:1264
#41 0x00007f8f7b7d4381 in std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)>::operator()<, void>() (this=0x7a3e00) at /usr/include/c++/4.9/functional:1323
#42 0x00007f8f7b7d40da in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebKit::CoordinatedLayerTreeHost::*)()> (WebKit::CoordinatedLayerTreeHost*)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.9/functional:2039
#43 0x00007f8f7b237ac2 in std::function<void ()>::operator()() const (this=0x7f8f63be0280) at /usr/include/c++/4.9/functional:2439
#44 0x00007f8f7b2e42da in WebCore::Timer::fired (this=0x7f8f63be0248) at ../../Source/WebCore/platform/Timer.h:133
#45 0x00007f8f7c0dba0d in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7f8f63bd4230) at ../../Source/WebCore/platform/ThreadTimers.cpp:121
#46 0x00007f8f7c0db5fb in WebCore::ThreadTimers::<lambda()>::operator()(void) const (__closure=0x7abfc0) at ../../Source/WebCore/platform/ThreadTimers.cpp:73
#47 0x00007f8f7c0dbc1e in std::_Function_handler<void(), WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.9/functional:2039
#48 0x00007f8f7b237ac2 in std::function<void ()>::operator()() const (this=0x7f8f80fa09e8 <WebCore::MainThreadSharedTimer::singleton()::instance+8>) at /usr/include/c++/4.9/functional:2439
#49 0x00007f8f7ce6f063 in WebCore::MainThreadSharedTimer::fired (this=0x7f8f80fa09e0 <WebCore::MainThreadSharedTimer::singleton()::instance>) at ../../Source/WebCore/platform/MainThreadSharedTimer.cpp:52
#50 0x00007f8f7d07d10e in WebCore::timerEvent () at ../../Source/WebCore/platform/efl/MainThreadSharedTimerEfl.cpp:44
#51 0x00007f8f73c9cfde in _ecore_call_task_cb (data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:336
#52 _ecore_timer_expired_call (when=37595.478703458997) at lib/ecore/ecore_timer.c:733
#53 0x00007f8f73c9d12b in _ecore_timer_expired_timers_call (when=37595.478703458997) at lib/ecore/ecore_timer.c:686
#54 0x00007f8f73c98e01 in _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1812
#55 0x00007f8f73c99287 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:983
#56 0x00007f8f75981d03 in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49
#57 0x00007f8f7b7d7fad in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fff0db5ca98) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#58 0x00007f8f7b7d7bbb in WebKit::WebProcessMainUnix (argc=2, argv=0x7fff0db5ca98) at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161
#59 0x00000000004008fa in main (argc=2, argv=0x7fff0db5ca98) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Comment 1 Brent Fulgham 2016-08-04 18:09:06 PDT

This reproduces in r204037.

Comment 2 Radar WebKit Bug Importer 2016-08-04 18:09:23 PDT

<rdar://problem/27711531>