178510 – fast/images/animated-gif-paint-after-animation.html flaky crash

RESOLVED FIXED 178510

fast/images/animated-gif-paint-after-animation.html flaky crash

https://bugs.webkit.org/show_bug.cgi?id=178510

Summary fast/images/animated-gif-paint-after-animation.html flaky crash

Fujii Hironori

Reported 2017-10-19 03:30:18 PDT

[WinCairo] fast/images/animated-gif-paint-after-animation.html crash WinCairo port, trunk@223596, 64 bit Release build Callstack: > WebKit.dll!GIFFrameContext::addLzwBlock(unsigned __int64 position, unsigned __int64 size) Line 198 C++ > WebKit.dll!GIFImageReader::parse(unsigned __int64 dataPosition, unsigned __int64 len, bool parseSizeOnly) Line 424 C++ > WebKit.dll!GIFImageReader::decode(WebCore::GIFImageDecoder::GIFQuery query, unsigned int haltAtFrame) Line 360 C++ > WebKit.dll!WebCore::GIFImageDecoder::decode(unsigned int haltAtFrame, WebCore::GIFImageDecoder::GIFQuery query, bool allDataReceived) Line 349 C++ > WebKit.dll!WebCore::GIFImageDecoder::frameBufferAtIndex(unsigned __int64 index) Line 144 C++ > WebKit.dll!WebCore::ScalableImageDecoder::createFrameImageAtIndex(unsigned __int64 index, WebCore::SubsamplingLevel __formal, const WebCore::DecodingOptions & __formal) Line 224 C++ > WebKit.dll!WebCore::ImageFrameCache::startAsyncDecodingQueue::__l2::<lambda>() Line 295 C++ > WTF.dll!WTF::WorkQueue::performWorkOnRegisteredWorkThread() Line 60 C++ > WTF.dll!WTF::WorkQueue::workThreadCallback(void * context) Line 43 C++ > [External Code] Callstack: > WebKit.dll!GIFFrameContext::addLzwBlock(unsigned __int64 position, unsigned __int64 size) Line 198 C++ > WebKit.dll!GIFImageReader::parse(unsigned __int64 dataPosition, unsigned __int64 len, bool parseSizeOnly) Line 424 C++ > WebKit.dll!GIFImageReader::decode(WebCore::GIFImageDecoder::GIFQuery query, unsigned int haltAtFrame) Line 360 C++ > WebKit.dll!WebCore::GIFImageDecoder::decode(unsigned int haltAtFrame, WebCore::GIFImageDecoder::GIFQuery query, bool allDataReceived) Line 349 C++ > WebKit.dll!WebCore::GIFImageDecoder::frameBufferAtIndex(unsigned __int64 index) Line 144 C++ > WebKit.dll!WebCore::ScalableImageDecoder::createFrameImageAtIndex(unsigned __int64 index, WebCore::SubsamplingLevel __formal, const WebCore::DecodingOptions & __formal) Line 224 C++ > WebKit.dll!WebCore::ImageFrameCache::startAsyncDecodingQueue::__l2::<lambda>() Line 295 C++ > WTF.dll!WTF::WorkQueue::performWorkOnRegisteredWorkThread() Line 60 C++ > WTF.dll!WTF::WorkQueue::workThreadCallback(void * context) Line 43 C++ > [External Code] Callstack: > WebKit.dll!WebCore::SharedBuffer::data() Line 100 C++ > WebKit.dll!GIFImageReader::parse(unsigned __int64 dataPosition, unsigned __int64 len, bool parseSizeOnly) Line 416 C++ > WebKit.dll!GIFImageReader::decode(WebCore::GIFImageDecoder::GIFQuery query, unsigned int haltAtFrame) Line 360 C++ > WebKit.dll!WebCore::GIFImageDecoder::decode(unsigned int haltAtFrame, WebCore::GIFImageDecoder::GIFQuery query, bool allDataReceived) Line 349 C++ > WebKit.dll!WebCore::GIFImageDecoder::frameBufferAtIndex(unsigned __int64 index) Line 144 C++ > WebKit.dll!WebCore::ScalableImageDecoder::createFrameImageAtIndex(unsigned __int64 index, WebCore::SubsamplingLevel __formal, const WebCore::DecodingOptions & __formal) Line 224 C++ > WebKit.dll!WebCore::ImageFrameCache::frameAtIndexCacheIfNeeded(unsigned __int64 index, WebCore::ImageFrame::Caching caching, const std::optional<enum WebCore::SubsamplingLevel> & subsamplingLevel) Line 381 C++ > WebKit.dll!WebCore::ImageFrameCache::frameImageAtIndexCacheIfNeeded(unsigned __int64 index, WebCore::SubsamplingLevel subsamplingLevel) Line 573 C++ > WebKit.dll!WebCore::ImageSource::frameImageAtIndexCacheIfNeeded(unsigned __int64 index, WebCore::SubsamplingLevel subsamplingLevel, const WebCore::GraphicsContext * targetContext) Line 193 C++ > WebKit.dll!WebCore::BitmapImage::draw(WebCore::GraphicsContext & context, const WebCore::FloatRect & destRect, const WebCore::FloatRect & srcRect, WebCore::CompositeOperator op, WebCore::BlendMode mode, WebCore::DecodingMode decodingMode, WebCore::ImageOrientationDescription description) Line 250 C++ > WebKit.dll!WebCore::GraphicsContext::drawImage(WebCore::Image & image, const WebCore::FloatRect & destination, const WebCore::FloatRect & source, const WebCore::ImagePaintingOptions & imagePaintingOptions) Line 731 C++ > WebKit.dll!WebCore::GraphicsContext::drawImage(WebCore::Image & image, const WebCore::FloatRect & destination, const WebCore::ImagePaintingOptions & imagePaintingOptions) Line 718 C++ > WebKit.dll!WebCore::RenderImage::paintIntoRect(WebCore::PaintInfo & paintInfo, const WebCore::FloatRect & rect) Line 588 C++ > WebKit.dll!WebCore::RenderImage::paintReplaced(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 480 C++ > WebKit.dll!WebCore::RenderReplaced::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 218 C++ > WebKit.dll!WebCore::RenderImage::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 495 C++ > WebKit.dll!WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & childPoint) Line 1214 C++ > WebKit.dll!WebCore::InlineElementBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit __formal, WebCore::LayoutUnit __formal) Line 78 C++ > WebKit.dll!WebCore::InlineFlowBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit lineTop, WebCore::LayoutUnit lineBottom) Line 1202 C++ > WebKit.dll!WebCore::RootInlineBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit lineTop, WebCore::LayoutUnit lineBottom) Line 167 C++ > WebKit.dll!WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject * renderer, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 230 C++ > WebKit.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1584 C++ > WebKit.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1724 C++ > WebKit.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1563 C++ > WebKit.dll!WebCore::RenderBlock::paintChild(WebCore::RenderBox & child, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect, WebCore::RenderBlock::PaintBlockType paintType) Line 1643 C++ > WebKit.dll!WebCore::RenderBlock::paintChildren(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect) Line 1603 C++ > WebKit.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1598 C++ > WebKit.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1724 C++ > WebKit.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1563 C++ > WebKit.dll!WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase phase, const WTF::Vector<WebCore::LayerFragment,1,WTF::CrashOnOverflow,16,WTF::FastMalloc> & layerFragments, WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & localPaintingInfo, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRootForRenderer) Line 4784 C++ > WebKit.dll!WebCore::RenderLayer::paintForegroundForFragments(const WTF::Vector<WebCore::LayerFragment,1,WTF::CrashOnOverflow,16,WTF::FastMalloc> & layerFragments, WebCore::GraphicsContext & context, WebCore::GraphicsContext & contextForTransparencyLayer, const WebCore::LayoutRect & transparencyPaintDirtyRect, bool haveTransparency, const WebCore::RenderLayer::LayerPaintingInfo & localPaintingInfo, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRootForRenderer) Line 4760 C++ > WebKit.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4366 C++ > WebKit.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4021 C++ > WebKit.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4379 C++ > WebKit.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4021 C++ > WebKit.dll!WebCore::RenderLayer::paint(WebCore::GraphicsContext & context, const WebCore::LayoutRect & damageRect, const WebCore::LayoutSize & subpixelOffset, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRoot, unsigned int paintFlags, WebCore::RenderLayer::SecurityOriginPaintPolicy paintPolicy) Line 3839 C++ > WebKit.dll!WebCore::FrameView::paintContents(WebCore::GraphicsContext & context, const WebCore::IntRect & dirtyRect, WebCore::Widget::SecurityOriginPaintPolicy securityOriginPaintPolicy) Line 4487 C++ > WebKit.dll!WebCore::ScrollView::paint(WebCore::GraphicsContext & context, const WebCore::IntRect & rect, WebCore::Widget::SecurityOriginPaintPolicy securityOriginPaintPolicy) Line 1195 C++ > WebKit.dll!WebView::paintIntoBackingStore(WebCore::FrameView * frameView, HDC__ * bitmapDC, const WebCore::IntRect & dirtyRectPixels, WebView::WindowsToPaint windowsToPaint) Line 1424 C++ > WebKit.dll!WebView::updateBackingStore(WebCore::FrameView * frameView, HDC__ * dc, bool backingStoreCompletelyDirty, WebView::WindowsToPaint windowsToPaint) Line 1172 C++ > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1336 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2569 C++ > [External Code] > DumpRenderTreeLib.dll!displayCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned __int64 argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 526 C++ > JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 64 C++ > JavaScriptCore.dll!JSC::LLInt::handleHostCall(JSC::ExecState * execCallee, JSC::Instruction * pc, JSC::JSValue callee, JSC::CodeSpecializationKind kind) Line 1305 C++ > JavaScriptCore.dll!JSC::LLInt::setUpCall(JSC::ExecState * execCallee, JSC::Instruction * pc, JSC::CodeSpecializationKind kind, JSC::JSValue calleeAsValue, JSC::LLIntCallLinkInfo * callLinkInfo) Line 1354 C++ > JavaScriptCore.dll!llint_slow_path_call(JSC::ExecState * exec, JSC::Instruction * pc) Line 1428 C++ > [External Code] > ntdll.dll!00007ff980d98363() Unknown > ntdll.dll!00007ff980d98cba() Unknown > ntdll.dll!00007ff980d45b6a() Unknown > ntdll.dll!00007ff980cdc8b5() Unknown > WTF.dll!_free_base(void * block) Line 112 C++ > WebKit.dll!WTF::Vector<WTF::StringView,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::reserveCapacity(unsigned __int64 newCapacity) Line 1157 C++ > WebKit.dll!WTF::Vector<WTF::StringView,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::expandCapacity(unsigned __int64 newMinCapacity, WTF::StringView * ptr) Line 1022 C++ > WebKit.dll!GIFFrameContext::addLzwBlock(unsigned __int64 position, unsigned __int64 size) Line 198 C++ > WebKit.dll!GIFImageReader::parse(unsigned __int64 dataPosition, unsigned __int64 len, bool parseSizeOnly) Line 424 C++ > WebKit.dll!GIFImageReader::decode(WebCore::GIFImageDecoder::GIFQuery query, unsigned int haltAtFrame) Line 360 C++ > WebKit.dll!WebCore::GIFImageDecoder::decode(unsigned int haltAtFrame, WebCore::GIFImageDecoder::GIFQuery query, bool allDataReceived) Line 349 C++ > WebKit.dll!WebCore::GIFImageDecoder::frameBufferAtIndex(unsigned __int64 index) Line 144 C++ > WebKit.dll!WebCore::ScalableImageDecoder::frameIsCompleteAtIndex(unsigned __int64 index) Line 179 C++ > WebKit.dll!WebCore::ImageFrameCache::cacheMetadataAtIndex(unsigned __int64 index, WebCore::SubsamplingLevel subsamplingLevel, WebCore::DecodingStatus decodingStatus) Line 205 C++ > WebKit.dll!WebCore::ImageFrameCache::cacheNativeImageAtIndex(WTF::RefPtr<_cairo_surface> && nativeImage, unsigned __int64 index, WebCore::SubsamplingLevel subsamplingLevel, const WebCore::DecodingOptions & decodingOptions, WebCore::DecodingStatus decodingStatus) Line 246 C++ > WebKit.dll!WebCore::ImageFrameCache::frameAtIndexCacheIfNeeded(unsigned __int64 index, WebCore::ImageFrame::Caching caching, const std::optional<enum WebCore::SubsamplingLevel> & subsamplingLevel) Line 382 C++ > WebKit.dll!WebCore::ImageFrameCache::frameImageAtIndexCacheIfNeeded(unsigned __int64 index, WebCore::SubsamplingLevel subsamplingLevel) Line 573 C++ > WebKit.dll!WebCore::ImageSource::frameImageAtIndexCacheIfNeeded(unsigned __int64 index, WebCore::SubsamplingLevel subsamplingLevel, const WebCore::GraphicsContext * targetContext) Line 193 C++ > WebKit.dll!WebCore::BitmapImage::draw(WebCore::GraphicsContext & context, const WebCore::FloatRect & destRect, const WebCore::FloatRect & srcRect, WebCore::CompositeOperator op, WebCore::BlendMode mode, WebCore::DecodingMode decodingMode, WebCore::ImageOrientationDescription description) Line 250 C++ > WebKit.dll!WebCore::GraphicsContext::drawImage(WebCore::Image & image, const WebCore::FloatRect & destination, const WebCore::FloatRect & source, const WebCore::ImagePaintingOptions & imagePaintingOptions) Line 731 C++ > WebKit.dll!WebCore::GraphicsContext::drawImage(WebCore::Image & image, const WebCore::FloatRect & destination, const WebCore::ImagePaintingOptions & imagePaintingOptions) Line 718 C++ > WebKit.dll!WebCore::RenderImage::paintIntoRect(WebCore::PaintInfo & paintInfo, const WebCore::FloatRect & rect) Line 588 C++ > WebKit.dll!WebCore::RenderImage::paintReplaced(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 480 C++ > WebKit.dll!WebCore::RenderReplaced::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 218 C++ > WebKit.dll!WebCore::RenderImage::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 495 C++ > WebKit.dll!WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & childPoint) Line 1214 C++ > WebKit.dll!WebCore::InlineElementBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit __formal, WebCore::LayoutUnit __formal) Line 78 C++ > WebKit.dll!WebCore::InlineFlowBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit lineTop, WebCore::LayoutUnit lineBottom) Line 1202 C++ > WebKit.dll!WebCore::RootInlineBox::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::LayoutUnit lineTop, WebCore::LayoutUnit lineBottom) Line 167 C++ > WebKit.dll!WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject * renderer, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 230 C++ > WebKit.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1584 C++ > WebKit.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1724 C++ > WebKit.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1563 C++ > WebKit.dll!WebCore::RenderBlock::paintChild(WebCore::RenderBox & child, WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect, WebCore::RenderBlock::PaintBlockType paintType) Line 1643 C++ > WebKit.dll!WebCore::RenderBlock::paintChildren(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset, WebCore::PaintInfo & paintInfoForChild, bool usePrintRect) Line 1603 C++ > WebKit.dll!WebCore::RenderBlock::paintContents(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1598 C++ > WebKit.dll!WebCore::RenderBlock::paintObject(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1724 C++ > WebKit.dll!WebCore::RenderBlock::paint(WebCore::PaintInfo & paintInfo, const WebCore::LayoutPoint & paintOffset) Line 1563 C++ > WebKit.dll!WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase phase, const WTF::Vector<WebCore::LayerFragment,1,WTF::CrashOnOverflow,16,WTF::FastMalloc> & layerFragments, WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & localPaintingInfo, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRootForRenderer) Line 4784 C++ > WebKit.dll!WebCore::RenderLayer::paintForegroundForFragments(const WTF::Vector<WebCore::LayerFragment,1,WTF::CrashOnOverflow,16,WTF::FastMalloc> & layerFragments, WebCore::GraphicsContext & context, WebCore::GraphicsContext & contextForTransparencyLayer, const WebCore::LayoutRect & transparencyPaintDirtyRect, bool haveTransparency, const WebCore::RenderLayer::LayerPaintingInfo & localPaintingInfo, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRootForRenderer) Line 4760 C++ > WebKit.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4366 C++ > WebKit.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4021 C++ > WebKit.dll!WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4379 C++ > WebKit.dll!WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext & context, const WebCore::RenderLayer::LayerPaintingInfo & paintingInfo, unsigned int paintFlags) Line 4021 C++ > WebKit.dll!WebCore::RenderLayer::paint(WebCore::GraphicsContext & context, const WebCore::LayoutRect & damageRect, const WebCore::LayoutSize & subpixelOffset, unsigned int paintBehavior, WebCore::RenderObject * subtreePaintRoot, unsigned int paintFlags, WebCore::RenderLayer::SecurityOriginPaintPolicy paintPolicy) Line 3839 C++ > WebKit.dll!WebCore::FrameView::paintContents(WebCore::GraphicsContext & context, const WebCore::IntRect & dirtyRect, WebCore::Widget::SecurityOriginPaintPolicy securityOriginPaintPolicy) Line 4487 C++ > WebKit.dll!WebCore::ScrollView::paint(WebCore::GraphicsContext & context, const WebCore::IntRect & rect, WebCore::Widget::SecurityOriginPaintPolicy securityOriginPaintPolicy) Line 1195 C++ > WebKit.dll!WebView::paintIntoBackingStore(WebCore::FrameView * frameView, HDC__ * bitmapDC, const WebCore::IntRect & dirtyRectPixels, WebView::WindowsToPaint windowsToPaint) Line 1424 C++ > WebKit.dll!WebView::updateBackingStore(WebCore::FrameView * frameView, HDC__ * dc, bool backingStoreCompletelyDirty, WebView::WindowsToPaint windowsToPaint) Line 1172 C++ > WebKit.dll!WebView::paint(HDC__ * dc, __int64 options) Line 1336 C++ > WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 2569 C++ > [External Code] > DumpRenderTreeLib.dll!displayCallback(const OpaqueJSContext * context, OpaqueJSValue * function, OpaqueJSValue * thisObject, unsigned __int64 argumentCount, const OpaqueJSValue * const * arguments, const OpaqueJSValue * * exception) Line 526 C++ > JavaScriptCore.dll!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState * exec) Line 64 C++ > JavaScriptCore.dll!JSC::LLInt::handleHostCall(JSC::ExecState * execCallee, JSC::Instruction * pc, JSC::JSValue callee, JSC::CodeSpecializationKind kind) Line 1305 C++ > JavaScriptCore.dll!JSC::LLInt::setUpCall(JSC::ExecState * execCallee, JSC::Instruction * pc, JSC::CodeSpecializationKind kind, JSC::JSValue calleeAsValue, JSC::LLIntCallLinkInfo * callLinkInfo) Line 1354 C++ > JavaScriptCore.dll!llint_slow_path_call(JSC::ExecState * exec, JSC::Instruction * pc) Line 1428 C++ > [External Code]

Attachments
WIP patch (753 bytes, patch) 2017-10-20 03:37 PDT, Fujii Hironori	buildbot: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews100 for mac-elcapitan (1.02 MB, application/zip) 2017-10-20 04:39 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews113 for mac-elcapitan (1.80 MB, application/zip) 2017-10-20 04:54 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews106 for mac-elcapitan-wk2 (1.21 MB, application/zip) 2017-10-20 12:13 PDT, Build Bot	no flags	Details
Patch (4.59 KB, patch) 2017-10-22 19:55 PDT, Fujii Hironori	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Fujii Hironori

Comment 1 2017-10-20 01:51:27 PDT

Following GTK ports's BuildBots show the same flaky-crashes. GTK Linux 64-bit Release (Tests) GTK Linux 64-bit Release Wayland (Tests) https://build.webkit.org/results/GTK%20Linux%2064-bit%20Release%20(Tests)/r223736%20(3755)/results.html > Thread 1 (Thread 0x7fdda31d5a80 (LWP 18161)): > #0 0x00007fddb208f320 in WebCore::SharedBuffer::data() const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #1 0x00007fddb28f5d49 in GIFImageReader::parse(unsigned long, unsigned long, bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #2 0x00007fddb28f6813 in GIFImageReader::decode(WebCore::GIFImageDecoder::GIFQuery, unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #3 0x00007fddb28f40ce in WebCore::GIFImageDecoder::decode(unsigned int, WebCore::GIFImageDecoder::GIFQuery, bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #4 0x00007fddb28f45ef in WebCore::GIFImageDecoder::frameCount() const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #5 0x00007fddb28f4615 in WebCore::GIFImageDecoder::frameBufferAtIndex(unsigned long) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #6 0x00007fddb28eee71 in WebCore::ScalableImageDecoder::createFrameImageAtIndex(unsigned long, WebCore::SubsamplingLevel, WebCore::DecodingOptions const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #7 0x00007fddb2106fe0 in WebCore::ImageFrameCache::frameAtIndexCacheIfNeeded(unsigned long, WebCore::ImageFrame::Caching, std::optional<WebCore::SubsamplingLevel> const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #8 0x00007fddb21075ff in WebCore::ImageFrameCache::frameImageAtIndexCacheIfNeeded(unsigned long, WebCore::SubsamplingLevel) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #9 0x00007fddb2108c93 in WebCore::ImageSource::frameImageAtIndexCacheIfNeeded(unsigned long, WebCore::SubsamplingLevel, WebCore::GraphicsContext const*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #10 0x00007fddb20c9086 in WebCore::BitmapImage::frameImageAtIndexCacheIfNeeded(unsigned long, WebCore::SubsamplingLevel, WebCore::GraphicsContext const*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #11 0x00007fddb20c9e90 in WebCore::BitmapImage::draw(WebCore::GraphicsContext&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::CompositeOperator, WebCore::BlendMode, WebCore::DecodingMode, WebCore::ImageOrientationDescription) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #12 0x00007fddb20f5d30 in WebCore::GraphicsContext::drawImage(WebCore::Image&, WebCore::FloatRect const&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #13 0x00007fddb20f5f51 in WebCore::GraphicsContext::drawImage(WebCore::Image&, WebCore::FloatRect const&, WebCore::ImagePaintingOptions const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #14 0x00007fddb225ccfc in WebCore::RenderImage::paintIntoRect(WebCore::PaintInfo&, WebCore::FloatRect const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #15 0x00007fddb225d30e in WebCore::RenderImage::paintReplaced(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #16 0x00007fddb22d30cc in WebCore::RenderReplaced::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #17 0x00007fddb22608f2 in WebCore::RenderImage::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #18 0x00007fddb2227684 in WebCore::RenderElement::paintAsInlineBlock(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #19 0x00007fddb2833dd2 in WebCore::InlineElementBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #20 0x00007fddb21a47ca in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #21 0x00007fddb233915c in WebCore::RootInlineBox::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::LayoutUnit, WebCore::LayoutUnit) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #22 0x00007fddb22a8b2f in WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, WebCore::LayoutPoint const&) const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #23 0x00007fddb21b40c1 in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #24 0x00007fddb21c1433 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #25 0x00007fddb21b11ab in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #26 0x00007fddb21b4347 in WebCore::RenderBlock::paintChild(WebCore::RenderBox&, WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool, WebCore::RenderBlock::PaintBlockType) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #27 0x00007fddb21b4566 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, WebCore::LayoutPoint const&, WebCore::PaintInfo&, bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #28 0x00007fddb21b40af in WebCore::RenderBlock::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #29 0x00007fddb21c1433 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #30 0x00007fddb21b11ab in WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #31 0x00007fddb22770a9 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #32 0x00007fddb227cfaa in WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #33 0x00007fddb228991c in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #34 0x00007fddb228a800 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #35 0x00007fddb228ab15 in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #36 0x00007fddb228954d in WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #37 0x00007fddb228a800 in WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #38 0x00007fddb228a95d in WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, unsigned int, WebCore::RenderObject*, unsigned int, WebCore::RenderLayer::SecurityOriginPaintPolicy) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #39 0x00007fddb1fe0386 in WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #40 0x00007fddb208a02a in WebCore::ScrollView::paint(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #41 0x00007fddb186552d in WebKit::WebPage::drawRect(WebCore::GraphicsContext&, WebCore::IntRect const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #42 0x00007fddb19f3a39 in WebKit::DrawingAreaImpl::display(WebKit::UpdateInfo&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #43 0x00007fddb19f592f in WebKit::DrawingAreaImpl::display() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #44 0x00007fddb19f5be8 in WebKit::DrawingAreaImpl::forceRepaint() [clone .part.57] () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #45 0x00007fdd58cbf259 in WTR::JSTestRunner::display(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**) () from /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/Release/lib/libTestRunnerInjectedBundle.so > #46 0x00007fddaea02bfb in long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #47 0x00007fddaf016f4c in JSC::LLInt::handleHostCall(JSC::ExecState*, JSC::Instruction*, JSC::JSValue, JSC::CodeSpecializationKind) [clone .isra.130] () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #48 0x00007fddaf01ff72 in llint_slow_path_call () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #49 0x00007fddaf01552f in llint_entry () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #50 0x00007fddaf00e440 in vmEntryToJavaScript () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #51 0x00007fddaefb67a6 in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #52 0x00007fddaef860ae in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #53 0x00007fddaf153e04 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #54 0x00007fddaf153e27 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #55 0x00007fddaf154049 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #56 0x00007fddb256cd8c in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #57 0x00007fddb1c41c41 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener>, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #58 0x00007fddb1c41fb1 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #59 0x00007fddb2705dd5 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #60 0x00007fddb1c3e41e in WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #61 0x00007fddb1d7e928 in WebCore::HTMLImageLoader::dispatchLoadEvent() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #62 0x00007fddb1ef46ae in WebCore::ImageLoader::dispatchPendingLoadEvent() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #63 0x00007fddb1ef47f8 in WebCore::ImageLoader::dispatchPendingEvent(WebCore::EventSender<WebCore::ImageLoader>*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #64 0x00007fddb1ef4ba7 in WebCore::ImageLoader::dispatchPendingLoadEvents() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #65 0x00007fddb1c01c01 in WebCore::Document::implicitClose() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #66 0x00007fddb1ee94f6 in WebCore::FrameLoader::checkCompleted() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #67 0x00007fddb1f7d13c in WebCore::CachedResourceLoader::loadDone(bool) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #68 0x00007fddb1f3361f in WebCore::SubresourceLoader::notifyDone() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #69 0x00007fddb1f3538f in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #70 0x00007fddb1a5cf55 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #71 0x00007fddb1a5cb7f in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #72 0x00007fddb1611c6b in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #73 0x00007fddb1612b9c in IPC::Connection::dispatchOneMessage() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #74 0x00007fddaf49856c in WTF::RunLoop::performWork() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #75 0x00007fddaf4ce3d9 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #76 0x00007fddac93a5ca in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212 > #77 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865 > #78 0x00007fddac93a948 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938 > #79 0x00007fddac93ac62 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134 > #80 0x00007fddaf4ced80 in WTF::RunLoop::run() () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 > #81 0x00007fddb19fb202 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) () from /home/slave/webkitgtk/gtk-linux-64-release/build/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.2 > #82 0x00007fdda82f02b1 in __libc_start_main (main=0x7fddb4070d40 <main>, argc=2, argv=0x7ffe545bac18, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe545bac08) at ../csu/libc-start.c:291 > #83 0x00007fddb4070dca in _start ()

Fujii Hironori

Comment 2 2017-10-20 01:52:48 PDT

This looks like a data race issue of async image decoding.

Fujii Hironori

Comment 3 2017-10-20 03:37:27 PDT

Created attachment 324380 [details] WIP patch I created a WIP patch to stop sync decoding while async decoding is running. This patch apparently looks a incorrect fix. But, I don't know how to fix this bug correctly.

Build Bot

Comment 4 2017-10-20 04:39:30 PDT

Comment on attachment 324380 [details] WIP patch Attachment 324380 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/4931520 New failing tests: fast/images/animated-image-different-dest-size.html

Build Bot

Comment 5 2017-10-20 04:39:31 PDT

Created attachment 324384 [details] Archive of layout-test-results from ews100 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 6 2017-10-20 04:54:39 PDT

Comment on attachment 324380 [details] WIP patch Attachment 324380 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4931531 New failing tests: fast/images/animated-image-different-dest-size.html

Build Bot

Comment 7 2017-10-20 04:54:40 PDT

Created attachment 324386 [details] Archive of layout-test-results from ews113 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews113 Port: mac-elcapitan Platform: Mac OS X 10.11.6

Build Bot

Comment 8 2017-10-20 12:13:22 PDT

Comment on attachment 324380 [details] WIP patch Attachment 324380 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/4935106 New failing tests: fast/images/animated-image-different-dest-size.html

Build Bot

Comment 9 2017-10-20 12:13:24 PDT

Created attachment 324425 [details] Archive of layout-test-results from ews106 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6

Said Abou-Hallawa

Comment 10 2017-10-20 13:08:26 PDT

(In reply to Fujii Hironori from comment #3) > Created attachment 324380 [details] > WIP patch > > I created a WIP patch to stop sync decoding while async decoding is running. > This patch apparently looks a incorrect fix. But, I don't know how to fix > this bug correctly. You need to make all the functions that access or change the saved data such as ScalableImageDecoder::m_data and m_frameBufferCache be thread safe. Ideally we should allow multiple decoding at time but synchronize the shared data only when they are accessed or changed. But this might difficult to do. As a simple and naive fix, you can do the following: In ScalableImageDecoder.h, define: Lock m_mutex; Add the following statement: LockHolder lockHolder(m_mutex); At the beginning in the functions: ScalableImageDecoder::setData() ScalableImageDecoder::frameIsCompleteAtIndex() ScalableImageDecoder::frameHasAlphaAtIndex() ScalableImageDecoder::frameBytesAtIndex() ScalableImageDecoder::frameDurationAtIndex() ScalableImageDecoder::createFrameImageAtIndex() I am not sure how much this is going to affect the performance.

Fujii Hironori

Comment 11 2017-10-22 19:47:13 PDT

Thank you for your comment, Said. It sounds nice. I'll create a patch.

Fujii Hironori

Comment 12 2017-10-22 19:55:43 PDT

Created attachment 324537 [details] Patch

Fujii Hironori

Comment 13 2017-10-22 22:11:51 PDT

tables/mozilla/bugs/bug78162.html are also flaky-crash in below bots: GTK Linux 64-bit Release (Tests) GTK Linux 64-bit Release Wayland (Tests)

Said Abou-Hallawa

Comment 14 2017-10-24 15:20:52 PDT

Comment on attachment 324537 [details] Patch Did this change fix the crashes in the animated image tests? Did you do any performance analysis for this change? You can profile WebKit while displaying many animated images and see if acquiring the lock is shown in the profile with a significant percentage or not?

Fujii Hironori

Comment 15 2017-10-24 23:30:01 PDT

I confirmed it solves the crashes. I'll take the profile. Thank you.

Fujii Hironori

Comment 16 2017-10-25 04:02:52 PDT

I took profiling with WinCairo port. In web pages which has a lot of animated GIF, such like https://tenor.com/, painting is more dominant than decoding. Then, I created an animated GIF which has 100 frames. > for i in $(seq 100 200);do convert -size 1000x1000 -gravity center label:$i out-$i.png;done > convert -delay 1 -loop 1 out-*.png a.gif And, I took profiling during showing the GIF. In this time, decoding takes large portion of the time. But, locking mutex is still neglectable.

WebKit Commit Bot

Comment 17 2017-10-25 11:55:01 PDT

Comment on attachment 324537 [details] Patch Clearing flags on attachment: 324537 Committed r223968: <https://trac.webkit.org/changeset/223968>

WebKit Commit Bot

Comment 18 2017-10-25 11:55:03 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 19 2017-11-15 13:03:27 PST

<rdar://problem/35568697>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Images

Assignee

Fujii Hironori

Reported

2017-10-19 03:30 PDT

Modified

2017-11-15 13:03 PST History

CC List

5 users Show

URL

Keywords InRadar

Depends on

Blocks