Bug 186207

Summary:

[ASan / StressGC] DumpRenderTree crashed in com.apple.WebCore: WebCore::EventTarget::ref + 16

Product:

WebKit

Reporter:

Antoine Quint <graouts>

Component:

Animations

Assignee:

Antoine Quint <graouts>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, dino, ews-watchlist, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari Technology Preview

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Archive of layout-test-results from ews102 for mac-sierra	none
Archive of layout-test-results from ews107 for mac-sierra-wk2	none
Archive of layout-test-results from ews116 for mac-sierra	none
Archive of layout-test-results from ews126 for ios-simulator-wk2	none
Patch	dino: review+

Antoine Quint

Reported 2018-06-01 13:40:39 PDT

26/05/2018 00:53 Ryan Haddad: DumpRenderTree crashed in com.apple.WebCore: WebCore::EventTarget::ref + 16 Symbolicated crash log: Process: DumpRenderTree [3780] Path: /Volumes/VOLUME/*/DumpRenderTree Identifier: DumpRenderTree Version: 0 Code Type: X86-64 (Native) Parent Process: Python [3779] Responsible: DumpRenderTree [3780] User ID: 501 Date/Time: 2018-05-25 13:00:47.282 -0700 OS Version: Mac OS X 10.12.6 (16G1114) Report Version: 12 Anonymous UUID: 32510A61-59F0-C206-6B0D-24BFA3B1C5CC Time Awake Since Boot: 5600000 seconds System Integrity Protection: enabled Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000002fd2aef90 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] Application Specific Information: This process is running with libgmalloc.dylib (GuardMalloc) which may have forced the crash due to a memory access error. CRASHING TEST: compositing/reflections/nested-reflection.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001181313c0 WebCore::EventTarget::ref() + 16 1 com.apple.WebCore 0x0000000119937b74 WTF::Ref<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::Ref(WebCore::EventTarget&) + 36 2 com.apple.WebCore 0x000000011992fd6d WTF::Ref<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::Ref(WebCore::EventTarget&) + 29 3 com.apple.WebCore 0x000000011993c17a WebCore::GenericEventQueue::dispatchOneEvent() + 106 4 com.apple.WebCore 0x00000001199440ad WTF::Function<void ()>::CallableWrapper<std::__1::__bind<void (WebCore::GenericEventQueue::*)(), WebCore::GenericEventQueue*> >::call() + 221 5 com.apple.WebCore 0x0000000117abcd3b WTF::Function<void ()>::operator()() const + 139 6 com.apple.WebCore 0x00000001181dea89 WebCore::GenericTaskQueue<WebCore::Timer>::enqueueTask(WTF::Function<void ()>&&)::'lambda'()::operator()() const + 137 7 com.apple.WebCore 0x00000001181de869 WTF::Function<void ()>::CallableWrapper<WebCore::GenericTaskQueue<WebCore::Timer>::enqueueTask(WTF::Function<void ()>&&)::'lambda'()>::call() + 25 8 com.apple.WebCore 0x0000000117abcd3b WTF::Function<void ()>::operator()() const + 139 9 com.apple.WebCore 0x000000011a3beff7 WebCore::TaskDispatcher<WebCore::Timer>::dispatchOneTask() + 119 10 com.apple.WebCore 0x000000011a3bedaf WebCore::TaskDispatcher<WebCore::Timer>::sharedTimerFired() + 255 11 com.apple.WebCore 0x000000011a3c31f1 WebCore::TaskDispatcher<WebCore::Timer>::sharedTimer()::$_1::operator()() const + 17 12 com.apple.WebCore 0x000000011a3c31b9 WTF::Function<void ()>::CallableWrapper<WebCore::TaskDispatcher<WebCore::Timer>::sharedTimer()::$_1>::call() + 25 13 com.apple.WebCore 0x0000000117abcd3b WTF::Function<void ()>::operator()() const + 139 14 com.apple.WebCore 0x0000000117b0e3a9 WebCore::Timer::fired() + 25 15 com.apple.WebCore 0x000000011a3f7820 WebCore::ThreadTimers::sharedTimerFiredInternal() + 480 16 com.apple.WebCore 0x000000011a40d3d1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 17 com.apple.WebCore 0x000000011a40d389 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() + 25 18 com.apple.WebCore 0x0000000117abcd3b WTF::Function<void ()>::operator()() const + 139 19 com.apple.WebCore 0x000000011a3cf7e5 WebCore::MainThreadSharedTimer::fired() + 101 20 com.apple.WebCore 0x000000011a473f69 WebCore::timerFired(__CFRunLoopTimer*, void*) + 41 21 com.apple.CoreFoundation 0x00007fff8cf9ae04 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 22 com.apple.CoreFoundation 0x00007fff8cf9aa93 __CFRunLoopDoTimer + 1075 23 com.apple.CoreFoundation 0x00007fff8cf9a5ea __CFRunLoopDoTimers + 298 24 com.apple.CoreFoundation 0x00007fff8cf91fc1 __CFRunLoopRun + 2081 25 com.apple.CoreFoundation 0x00007fff8cf91544 CFRunLoopRunSpecific + 420 26 DumpRenderTree 0x000000010c6a90ae runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 6958 (DumpRenderTree.mm:2003) 27 DumpRenderTree 0x000000010c6a74dd runTestingServerLoop() + 349 (DumpRenderTree.mm:1163) 28 DumpRenderTree 0x000000010c6a6a8d dumpRenderTree(int, char const**) + 1437 (DumpRenderTree.mm:1265) 29 DumpRenderTree 0x000000010c6a9b12 DumpRenderTreeMain(int, char const**) + 146 (DumpRenderTree.mm:1383) 30 DumpRenderTree 0x000000010c727c92 main + 34 (DumpRenderTreeMain.mm:34) 31 libdyld.dylib 0x00007fffa2b51235 start + 1

Attachments
Patch (4.24 KB, patch) 2018-06-01 13:42 PDT, Antoine Quint	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews102 for mac-sierra (2.28 MB, application/zip) 2018-06-01 14:49 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews107 for mac-sierra-wk2 (2.88 MB, application/zip) 2018-06-01 15:00 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews116 for mac-sierra (3.00 MB, application/zip) 2018-06-01 15:22 PDT, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews126 for ios-simulator-wk2 (20.88 MB, application/zip) 2018-06-01 15:31 PDT, EWS Watchlist	no flags	Details
Patch (5.62 KB, patch) 2018-06-07 05:30 PDT, Antoine Quint	dino: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Antoine Quint

Comment 1 2018-06-01 13:40:48 PDT

<rdar://problem/40568747>

Antoine Quint

Comment 2 2018-06-01 13:42:21 PDT

Created attachment 341782 [details] Patch

EWS Watchlist

Comment 3 2018-06-01 14:49:41 PDT

Comment on attachment 341782 [details] Patch Attachment 341782 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/7931300 New failing tests: imported/mozilla/css-animations/test_event-dispatch.html imported/mozilla/css-transitions/test_event-dispatch.html

EWS Watchlist

Comment 4 2018-06-01 14:49:42 PDT

Created attachment 341787 [details] Archive of layout-test-results from ews102 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-sierra Platform: Mac OS X 10.12.6

EWS Watchlist

Comment 5 2018-06-01 15:00:36 PDT

Comment on attachment 341782 [details] Patch Attachment 341782 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/7931370 New failing tests: imported/mozilla/css-animations/test_event-dispatch.html imported/mozilla/css-transitions/test_event-dispatch.html

EWS Watchlist

Comment 6 2018-06-01 15:00:38 PDT

Created attachment 341788 [details] Archive of layout-test-results from ews107 for mac-sierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6

EWS Watchlist

Comment 7 2018-06-01 15:22:04 PDT

Comment on attachment 341782 [details] Patch Attachment 341782 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/7931416 New failing tests: imported/mozilla/css-animations/test_event-dispatch.html imported/mozilla/css-transitions/test_event-dispatch.html

EWS Watchlist

Comment 8 2018-06-01 15:22:05 PDT

Created attachment 341795 [details] Archive of layout-test-results from ews116 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews116 Port: mac-sierra Platform: Mac OS X 10.12.6

EWS Watchlist

Comment 9 2018-06-01 15:31:28 PDT

Comment on attachment 341782 [details] Patch Attachment 341782 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/7931471 New failing tests: imported/mozilla/css-animations/test_event-dispatch.html

EWS Watchlist

Comment 10 2018-06-01 15:31:30 PDT

Created attachment 341796 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.4

Antoine Quint

Comment 11 2018-06-07 05:30:56 PDT

Created attachment 342152 [details] Patch

Antoine Quint

Comment 12 2018-06-07 12:51:50 PDT

Committed r232596: <https://trac.webkit.org/changeset/232596>

Note You need to log in before you can comment on or make changes to this bug.