Bug 187530

Summary: Flaky crash in AnimationTimeline::cancelOrRemoveDeclarativeAnimation
Product: WebKit Reporter: Truitt Savell <tsavell>
Component: Tools / TestsAssignee: Antoine Quint <graouts>
Status: RESOLVED FIXED    
Severity: Normal CC: dexxenon, dino, ews-watchlist, graouts, lforschler, realdawei, ryanhaddad, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Crash Log:
none
Patch
dino: review+, ews-watchlist: commit-queue-
Archive of layout-test-results from ews122 for ios-simulator-wk2 none

Truitt Savell
Reported 2018-07-10 11:22:33 PDT
The following layout test is failing on MacOS WK2 imported/blink/compositing/squashing/squash-above-fixed-subpixel-1.html Probable cause: I do not know. Issue seems to have bee around a while. Crashes are only occurring on WK2 Flakiness Dashboard: https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=imported%2Fblink%2Fcompositing%2Fsquashing%2Fsquash-above-fixed-subpixel-1.html
Attachments
Crash Log: (101.09 KB, text/plain)
2018-07-11 09:36 PDT, Truitt Savell 		no flags
Details
Patch (9.76 KB, patch)
2018-07-19 15:09 PDT, Antoine Quint 		dino: review+
ews-watchlist: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews122 for ios-simulator-wk2 (2.34 MB, application/zip)
2018-07-19 16:58 PDT, EWS Watchlist 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Truitt Savell
Comment 1 2018-07-11 09:36:34 PDT
Created attachment 344765 [details] Crash Log: Crash Log Excerpt: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000011457415c WTF::DumbPtrTraits<WebCore::AnimationEffectReadOnly>::unwrap(WebCore::AnimationEffectReadOnly* const&) + 12 (DumbPtrTraits.h:41) 1 com.apple.WebCore 0x00000001152ff925 WTF::RefPtr<WebCore::AnimationEffectReadOnly, WTF::DumbPtrTraits<WebCore::AnimationEffectReadOnly> >::get() const + 21 (RefPtr.h:72) 2 com.apple.WebCore 0x00000001152ff70c WebCore::WebAnimation::effect() const + 28 (WebAnimation.h:64) 3 com.apple.WebCore 0x0000000115a99038 WebCore::AnimationTimeline::cancelOrRemoveDeclarativeAnimation(WTF::RefPtr<WebCore::DeclarativeAnimation, WTF::DumbPtrTraits<WebCore::DeclarativeAnimation> >) + 40 (AnimationTimeline.cpp:452) 4 com.apple.WebCore 0x0000000115a98bf0 WebCore::AnimationTimeline::updateCSSAnimationsForElement(WebCore::Element&, WebCore::RenderStyle const*, WebCore::RenderStyle const&) + 1728 (AnimationTimeline.cpp:251) 5 com.apple.WebCore 0x00000001174c5902 WebCore::Style::TreeResolver::createAnimatedElementUpdate(std::__1::unique_ptr<WebCore::RenderStyle, std::__1::default_delete<WebCore::RenderStyle> >, WebCore::Element&, WebCore::Style::Change) + 578 (StyleTreeResolver.cpp:300) 6 com.apple.WebCore 0x00000001174c4bc5 WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) + 1285 (StyleTreeResolver.cpp:213) 7 com.apple.WebCore 0x00000001174c7619 WebCore::Style::TreeResolver::resolveComposedTree() + 1561 (StyleTreeResolver.cpp:504) 8 com.apple.WebCore 0x00000001174c8d8d WebCore::Style::TreeResolver::resolve() + 1885 (StyleTreeResolver.cpp:562) 9 com.apple.WebCore 0x0000000115fedc38 WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) + 1224 (Document.cpp:1850) 10 com.apple.WebCore 0x0000000115fef7a9 WebCore::Document::updateStyleIfNeeded() + 425 (Document.cpp:1969) 11 com.apple.WebCore 0x0000000115fe9fc5 WebCore::Document::updateLayout() + 325 (Document.cpp:1989) 12 com.apple.WebCore 0x0000000115fef97e WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) + 94 (Document.cpp:2011) 13 com.apple.WebCore 0x00000001160930c9 WebCore::Element::offsetTop() + 41 (Element.cpp:824) 14 com.apple.WebCore 0x0000000114b3207d WebCore::jsHTMLElementOffsetTopGetter(JSC::ExecState&, WebCore::JSHTMLElement&, JSC::ThrowScope&) + 61 (JSHTMLElement.cpp:946) 15 com.apple.WebCore 0x0000000114ae85f0 long long WebCore::IDLAttribute<WebCore::JSHTMLElement>::get<&(WebCore::jsHTMLElementOffsetTopGetter(JSC::ExecState&, WebCore::JSHTMLElement&, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)3>(JSC::ExecState&, long long, char const*) + 224 (JSDOMAttribute.h:69) 16 com.apple.WebCore 0x0000000114ae84fb WebCore::jsHTMLElementOffsetTop(JSC::ExecState*, long long, JSC::PropertyName) + 43 (JSHTMLElement.cpp:952) 17 com.apple.JavaScriptCore 0x000000010fc5bcad JSC::PropertySlot::customGetter(JSC::ExecState*, JSC::PropertyName) const + 461 (PropertySlot.cpp:50) 18 com.apple.JavaScriptCore 0x000000010e9a1cc2 JSC::PropertySlot::getValue(JSC::ExecState*, JSC::PropertyName) const + 178 (PropertySlot.h:410) 19 com.apple.JavaScriptCore 0x000000010f1cf1ff JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const + 319 (JSCJSValueInlines.h:825) 20 com.apple.JavaScriptCore 0x000000010f8b12c4 llint_slow_path_get_by_id + 372 (LLIntSlowPaths.cpp:752) 21 com.apple.JavaScriptCore 0x000000010e96f768 llint_entry + 13719
Radar WebKit Bug Importer
Comment 2 2018-07-11 16:28:52 PDT
<rdar://problem/42095186>
Ryan Haddad
Comment 3 2018-07-18 10:29:19 PDT
Just saw this on an EWS run: https://webkit-queues.webkit.org/results/8575669 Is this reproducible? If we can identify a single test that causes this, we should skip it.
Truitt Savell
Comment 4 2018-07-18 10:54:17 PDT
It looks like the crash logs blame: imported/blink/compositing/squashing/remove-from-grouped-mapping-on-reassignment.html When I run imported/blink/compositing/squashing/squash-above-fixed-subpixel-1.html by itself It passes 100%. if I run them both together using the below command: run-webkit-tests --root testbuild-233910 imported/blink/compositing/squashing/remove-from-grouped-mapping-on-reassignment.html imported/blink/compositing/squashing/squash-above-fixed-subpixel-1.html --iterations 2000 -f Then I will get crashes from both tests. If you run imported/blink/compositing/squashing/remove-from-grouped-mapping-on-reassignment.html by itself it will have crashes.
Antoine Quint
Comment 5 2018-07-19 15:09:14 PDT
Created attachment 345389 [details] Patch
Dean Jackson
Comment 6 2018-07-19 15:11:16 PDT
Comment on attachment 345389 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=345389&action=review > Source/WebCore/animation/AnimationTimeline.cpp:199 > +static bool shouldConsiderAnimation(Element& element, const Animation& animation) const Element&
EWS Watchlist
Comment 7 2018-07-19 16:58:06 PDT
Comment on attachment 345389 [details] Patch Attachment 345389 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/8592119 New failing tests: animations/keyframes-dynamic.html
EWS Watchlist
Comment 8 2018-07-19 16:58:08 PDT
Created attachment 345401 [details] Archive of layout-test-results from ews122 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews122 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.4
Antoine Quint
Comment 9 2018-07-19 17:06:15 PDT
Committed r234017: <https://trac.webkit.org/changeset/234017>
Alexey Proskuryakov
Comment 10 2018-08-04 13:49:19 PDT
*** Bug 188253 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.