Bug 127344

Summary: ASSERTION FAILED: input == AnimationStateInputPlayStateRunning || input == AnimationStateInputStartTimeSet || input == AnimationStateInputStyleAvailable || input == AnimationStateInputStartAnimation WebCore::AnimationBase::updateStateMachine
Product: WebKit Reporter: Renata Hodovan <rhodovan.u-szeged>
Component: AnimationsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: bfulgham, dino, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116980    
Attachments:
Description Flags
Test case none

Description Renata Hodovan 2014-01-21 06:33:19 PST
Created attachment 221739 [details]
Test case

The failing test:

<style>
	* {
	 -webkit-animation-play-state: running,running,running,paused,paused,paused,paused;
	 -webkit-animation: none,backwards,both 1ms paused,paused;
	} 
</style>


The backtrace:

ASSERTION FAILED: input == AnimationStateInputPlayStateRunning || input == AnimationStateInputStartTimeSet || input == AnimationStateInputStyleAvailable || input == AnimationStateInputStartAnimation
/home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/animation/AnimationBase.cpp(371) : void WebCore::AnimationBase::updateStateMachine(WebCore::AnimationBase::AnimStateInput, double)
1   0x7ffff5c172a1 WTFCrash
2   0x7ffff0f75357 WebCore::AnimationBase::updateStateMachine(WebCore::AnimationBase::AnimStateInput, double)
3   0x7ffff0f75b2d WebCore::AnimationBase::updatePlayState(WebCore::EAnimPlayState)
4   0x7ffff0f91fc1 WebCore::CompositeAnimation::updateKeyframeAnimations(WebCore::RenderElement*, WebCore::RenderStyle*, WebCore::RenderStyle*)
5   0x7ffff0f926b7 WebCore::CompositeAnimation::animate(WebCore::RenderElement&, WebCore::RenderStyle*, WebCore::RenderStyle&)
6   0x7ffff0f78d22 WebCore::AnimationController::updateAnimations(WebCore::RenderElement&, WTF::PassRef<WebCore::RenderStyle>)
7   0x7ffff147602f
8   0x7ffff14770bb
9   0x7ffff1477862
10  0x7ffff1477e0b
11  0x7ffff1478293 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change)
12  0x7ffff096e0d7 WebCore::Document::recalcStyle(WebCore::Style::Change)
13  0x7ffff0972f8b WebCore::Document::styleResolverChanged(WebCore::StyleResolverUpdateFlag)
14  0x7ffff09717f5 WebCore::Document::didRemoveAllPendingStylesheet()
15  0x7ffff09b8004 WebCore::DocumentStyleSheetCollection::removePendingSheet(WebCore::DocumentStyleSheetCollection::RemovePendingSheetNotificationType)
16  0x7ffff09ec3b0 WebCore::InlineStyleSheetOwner::sheetLoaded(WebCore::Document&)
17  0x7ffff0bdc713 WebCore::HTMLStyleElement::sheetLoaded()
18  0x7ffff092aeea WebCore::StyleSheetContents::checkLoaded()
19  0x7ffff09ec2b0 WebCore::InlineStyleSheetOwner::createSheet(WebCore::Element&, WTF::String const&)
20  0x7ffff09ebd1e WebCore::InlineStyleSheetOwner::createSheetFromTextContents(WebCore::Element&)
21  0x7ffff09ebcdb WebCore::InlineStyleSheetOwner::finishParsingChildren(WebCore::Element&)
22  0x7ffff0bdc333 WebCore::HTMLStyleElement::finishParsingChildren()
23  0x7ffff0c7ae62 WebCore::HTMLElementStack::popCommon()
24  0x7ffff0c7986e WebCore::HTMLElementStack::pop()
25  0x7ffff0ca2883 WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken*)
26  0x7ffff0c98ee8 WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken*)
27  0x7ffff0c98cfa WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken*)
28  0x7ffff0c7312a WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLToken&)
29  0x7ffff0c72da9 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
30  0x7ffff0c725a7 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
31  0x7ffff0c73670 WebCore::HTMLDocumentParser::append(WTF::PassRefPtr<WTF::StringImpl>)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5c172a6 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff0f75357 in WebCore::AnimationBase::updateStateMachine (this=0x11b7650, input=WebCore::AnimationBase::AnimationStateInputPlayStatePaused, 
    param=-1) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/animation/AnimationBase.cpp:371
#2  0x00007ffff0f75b2d in WebCore::AnimationBase::updatePlayState (this=0x11b7650, playState=WebCore::AnimPlayStatePaused)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/animation/AnimationBase.cpp:514
#3  0x00007ffff0f91fc1 in WebCore::CompositeAnimation::updateKeyframeAnimations (this=0x110adc0, renderer=0x11b7060, currentStyle=0x0, targetStyle=0x1109440)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/animation/CompositeAnimation.cpp:254
#4  0x00007ffff0f926b7 in WebCore::CompositeAnimation::animate (this=0x110adc0, renderer=..., currentStyle=0x0, targetStyle=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/animation/CompositeAnimation.cpp:304
#5  0x00007ffff0f78d22 in WebCore::AnimationController::updateAnimations (this=0x6b1280, renderer=..., newStyle=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/animation/AnimationController.cpp:514
#6  0x00007ffff147602f in WebCore::Style::createRendererIfNeeded (element=..., resolvedStyle=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:259
#7  0x00007ffff14770bb in WebCore::Style::attachRenderTree (current=..., resolvedStyle=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:544
#8  0x00007ffff1477862 in WebCore::Style::resolveLocal (current=..., inheritedChange=WebCore::Style::Force)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:684
#9  0x00007ffff1477e0b in WebCore::Style::resolveTree (current=..., change=WebCore::Style::Force)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:838
#10 0x00007ffff1478293 in WebCore::Style::resolveTree (document=..., change=WebCore::Style::Force)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:912
#11 0x00007ffff096e0d7 in WebCore::Document::recalcStyle (this=0x11c7d00, change=WebCore::Style::Force)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1752
#12 0x00007ffff0972f8b in WebCore::Document::styleResolverChanged (this=0x11c7d00, updateFlag=WebCore::RecalcStyleIfNeeded)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:3246
#13 0x00007ffff09717f5 in WebCore::Document::didRemoveAllPendingStylesheet (this=0x11c7d00)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2799
#14 0x00007ffff09b8004 in WebCore::DocumentStyleSheetCollection::removePendingSheet (this=0x11c81a0, 
    notification=WebCore::DocumentStyleSheetCollection::RemovePendingSheetNotifyImmediately)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DocumentStyleSheetCollection.cpp:219
#15 0x00007ffff09ec3b0 in WebCore::InlineStyleSheetOwner::sheetLoaded (this=0x115b328, document=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/InlineStyleSheetOwner.cpp:167
#16 0x00007ffff0bdc713 in WebCore::HTMLStyleElement::sheetLoaded (this=0x115b2c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLStyleElement.h:62
#17 0x00007ffff092aeea in WebCore::StyleSheetContents::checkLoaded (this=0x11589d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/css/StyleSheetContents.cpp:360
#18 0x00007ffff09ec2b0 in WebCore::InlineStyleSheetOwner::createSheet (this=0x115b328, element=..., text=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/InlineStyleSheetOwner.cpp:152
#19 0x00007ffff09ebd1e in WebCore::InlineStyleSheetOwner::createSheetFromTextContents (this=0x115b328, element=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/InlineStyleSheetOwner.cpp:97
#20 0x00007ffff09ebcdb in WebCore::InlineStyleSheetOwner::finishParsingChildren (this=0x115b328, element=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/InlineStyleSheetOwner.cpp:91
#21 0x00007ffff0bdc333 in WebCore::HTMLStyleElement::finishParsingChildren (this=0x115b2c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLStyleElement.cpp:90
#22 0x00007ffff0c7ae62 in WebCore::HTMLElementStack::popCommon (this=0x10be4b8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLElementStack.cpp:578
#23 0x00007ffff0c7986e in WebCore::HTMLElementStack::pop (this=0x10be4b8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLElementStack.cpp:214
#24 0x00007ffff0ca2883 in WebCore::HTMLTreeBuilder::processEndTag (this=0x10be480, token=0x7fffffffc210)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2220
#25 0x00007ffff0c98ee8 in WebCore::HTMLTreeBuilder::processToken (this=0x10be480, token=0x7fffffffc210)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:405
#26 0x00007ffff0c98cfa in WebCore::HTMLTreeBuilder::constructTree (this=0x10be480, token=0x7fffffffc210)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:373
---Type <return> to continue, or q <return> to quit---
#27 0x00007ffff0c7312a in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x73ed90, rawToken=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:352
#28 0x00007ffff0c72da9 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x73ed90, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:309
#29 0x00007ffff0c725a7 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x73ed90, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:189
#30 0x00007ffff0c73670 in WebCore::HTMLDocumentParser::append (this=0x73ed90, inputSource=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:428
#31 0x00007ffff09659dd in WebCore::DecodedDataDocumentParser::flush (this=0x73ed90, writer=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#32 0x00007ffff0de93f3 in WebCore::DocumentWriter::end (this=0x1136290) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245
#33 0x00007ffff0dd4a7f in WebCore::DocumentLoader::finishedLoading (this=0x11361f0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:440
#34 0x00007ffff0dd47e8 in WebCore::DocumentLoader::notifyFinished (this=0x11361f0, resource=0x114d180)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:374
#35 0x00007ffff0e79d94 in WebCore::CachedResource::checkNotify (this=0x114d180)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:336
#36 0x00007ffff0e79e72 in WebCore::CachedResource::finishLoading (this=0x114d180)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:352
#37 0x00007ffff0e768fe in WebCore::CachedRawResource::finishLoading (this=0x114d180, data=0x721780)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#38 0x00007ffff0e33049 in WebCore::SubresourceLoader::didFinishLoading (this=0x114d6b0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:309
#39 0x00007ffff0e2f375 in WebCore::ResourceLoader::didFinishLoading (this=0x114d6b0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:517
#40 0x00007ffff1ba90fd in WebCore::readCallback (asyncResult=0x11511c0, data=0x8bd5c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1336
#41 0x00007fffe79f0bc9 in async_ready_callback_wrapper (source_object=0x877c00, res=0x11511c0, user_data=0x8bd5c0) at ginputstream.c:530
#42 0x00007fffe7a12ccb in g_task_return_now (task=0x11511c0) at gtask.c:1105
#43 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114
#44 0x00007fffed10d473 in g_main_dispatch (context=0x1150c10) at gmain.c:3054
#45 g_main_context_dispatch (context=0x1150c10) at gmain.c:3630
#46 0x00007ffff7581aee in _ecore_glib_select__locked (ecore_timeout=0x1150c10, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=1, 
    ctx=<optimized out>) at ecore_glib.c:171
#47 _ecore_glib_select (ecore_fds=1, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x1150c10) at ecore_glib.c:205
#48 0x00007ffff757bcb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466
#49 0x00007ffff757c789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860
#50 0x00007ffff757cb47 in ecore_main_loop_begin () at ecore_main.c:956
#51 0x0000000000406c88 in main (argc=2, argv=0x7fffffffddf8) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1026
Comment 1 Brent Fulgham 2016-08-03 13:56:10 PDT
This issue no longer occurs under GuardMalloc or ASAN as of r204037. If you believe there is still a bug, please reopen this issue with a revised test case.