Bug 186207

Summary:

[ASan / StressGC] DumpRenderTree crashed in com.apple.WebCore: WebCore::EventTarget::ref + 16

Product:

WebKit

Reporter:

Antoine Quint <graouts>

Component:

Animations

Assignee:

Antoine Quint <graouts>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, dino, ews-watchlist, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Safari Technology Preview

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Archive of layout-test-results from ews102 for mac-sierra	none
Archive of layout-test-results from ews107 for mac-sierra-wk2	none
Archive of layout-test-results from ews116 for mac-sierra	none
Archive of layout-test-results from ews126 for ios-simulator-wk2	none
Patch	dino: review+

Description Antoine Quint 2018-06-01 13:40:39 PDT

26/05/2018 00:53 Ryan Haddad:
DumpRenderTree crashed in com.apple.WebCore:  WebCore::EventTarget::ref + 16

Symbolicated crash log:

Process:               DumpRenderTree [3780]
Path:                  /Volumes/VOLUME/*/DumpRenderTree
Identifier:            DumpRenderTree
Version:               0
Code Type:             X86-64 (Native)
Parent Process:        Python [3779]
Responsible:           DumpRenderTree [3780]
User ID:               501

Date/Time:             2018-05-25 13:00:47.282 -0700
OS Version:            Mac OS X 10.12.6 (16G1114)
Report Version:        12
Anonymous UUID:        32510A61-59F0-C206-6B0D-24BFA3B1C5CC


Time Awake Since Boot: 5600000 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x00000002fd2aef90
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

Application Specific Information:
This process is running with libgmalloc.dylib (GuardMalloc) which may have forced the crash due to a memory access error.
 
CRASHING TEST: compositing/reflections/nested-reflection.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x00000001181313c0 WebCore::EventTarget::ref() + 16
1   com.apple.WebCore             	0x0000000119937b74 WTF::Ref<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::Ref(WebCore::EventTarget&) + 36
2   com.apple.WebCore             	0x000000011992fd6d WTF::Ref<WebCore::EventTarget, WTF::DumbPtrTraits<WebCore::EventTarget> >::Ref(WebCore::EventTarget&) + 29
3   com.apple.WebCore             	0x000000011993c17a WebCore::GenericEventQueue::dispatchOneEvent() + 106
4   com.apple.WebCore             	0x00000001199440ad WTF::Function<void ()>::CallableWrapper<std::__1::__bind<void (WebCore::GenericEventQueue::*)(), WebCore::GenericEventQueue*> >::call() + 221
5   com.apple.WebCore             	0x0000000117abcd3b WTF::Function<void ()>::operator()() const + 139
6   com.apple.WebCore             	0x00000001181dea89 WebCore::GenericTaskQueue<WebCore::Timer>::enqueueTask(WTF::Function<void ()>&&)::'lambda'()::operator()() const + 137
7   com.apple.WebCore             	0x00000001181de869 WTF::Function<void ()>::CallableWrapper<WebCore::GenericTaskQueue<WebCore::Timer>::enqueueTask(WTF::Function<void ()>&&)::'lambda'()>::call() + 25
8   com.apple.WebCore             	0x0000000117abcd3b WTF::Function<void ()>::operator()() const + 139
9   com.apple.WebCore             	0x000000011a3beff7 WebCore::TaskDispatcher<WebCore::Timer>::dispatchOneTask() + 119
10  com.apple.WebCore             	0x000000011a3bedaf WebCore::TaskDispatcher<WebCore::Timer>::sharedTimerFired() + 255
11  com.apple.WebCore             	0x000000011a3c31f1 WebCore::TaskDispatcher<WebCore::Timer>::sharedTimer()::$_1::operator()() const + 17
12  com.apple.WebCore             	0x000000011a3c31b9 WTF::Function<void ()>::CallableWrapper<WebCore::TaskDispatcher<WebCore::Timer>::sharedTimer()::$_1>::call() + 25
13  com.apple.WebCore             	0x0000000117abcd3b WTF::Function<void ()>::operator()() const + 139
14  com.apple.WebCore             	0x0000000117b0e3a9 WebCore::Timer::fired() + 25
15  com.apple.WebCore             	0x000000011a3f7820 WebCore::ThreadTimers::sharedTimerFiredInternal() + 480
16  com.apple.WebCore             	0x000000011a40d3d1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33
17  com.apple.WebCore             	0x000000011a40d389 WTF::Function<void ()>::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>::call() + 25
18  com.apple.WebCore             	0x0000000117abcd3b WTF::Function<void ()>::operator()() const + 139
19  com.apple.WebCore             	0x000000011a3cf7e5 WebCore::MainThreadSharedTimer::fired() + 101
20  com.apple.WebCore             	0x000000011a473f69 WebCore::timerFired(__CFRunLoopTimer*, void*) + 41
21  com.apple.CoreFoundation      	0x00007fff8cf9ae04 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
22  com.apple.CoreFoundation      	0x00007fff8cf9aa93 __CFRunLoopDoTimer + 1075
23  com.apple.CoreFoundation      	0x00007fff8cf9a5ea __CFRunLoopDoTimers + 298
24  com.apple.CoreFoundation      	0x00007fff8cf91fc1 __CFRunLoopRun + 2081
25  com.apple.CoreFoundation      	0x00007fff8cf91544 CFRunLoopRunSpecific + 420
26  DumpRenderTree                	0x000000010c6a90ae runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) + 6958 (DumpRenderTree.mm:2003)
27  DumpRenderTree                	0x000000010c6a74dd runTestingServerLoop() + 349 (DumpRenderTree.mm:1163)
28  DumpRenderTree                	0x000000010c6a6a8d dumpRenderTree(int, char const**) + 1437 (DumpRenderTree.mm:1265)
29  DumpRenderTree                	0x000000010c6a9b12 DumpRenderTreeMain(int, char const**) + 146 (DumpRenderTree.mm:1383)
30  DumpRenderTree                	0x000000010c727c92 main + 34 (DumpRenderTreeMain.mm:34)
31  libdyld.dylib                 	0x00007fffa2b51235 start + 1

Comment 1 Antoine Quint 2018-06-01 13:40:48 PDT

<rdar://problem/40568747>

Comment 2 Antoine Quint 2018-06-01 13:42:21 PDT

Created attachment 341782 [details]
Patch

Comment 3 EWS Watchlist 2018-06-01 14:49:41 PDT

Comment on attachment 341782 [details]
Patch

Attachment 341782 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/7931300

New failing tests:
imported/mozilla/css-animations/test_event-dispatch.html
imported/mozilla/css-transitions/test_event-dispatch.html

Comment 4 EWS Watchlist 2018-06-01 14:49:42 PDT

Created attachment 341787 [details]
Archive of layout-test-results from ews102 for mac-sierra

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102  Port: mac-sierra  Platform: Mac OS X 10.12.6

Comment 5 EWS Watchlist 2018-06-01 15:00:36 PDT

Comment on attachment 341782 [details]
Patch

Attachment 341782 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/7931370

New failing tests:
imported/mozilla/css-animations/test_event-dispatch.html
imported/mozilla/css-transitions/test_event-dispatch.html

Comment 6 EWS Watchlist 2018-06-01 15:00:38 PDT

Created attachment 341788 [details]
Archive of layout-test-results from ews107 for mac-sierra-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews107  Port: mac-sierra-wk2  Platform: Mac OS X 10.12.6

Comment 7 EWS Watchlist 2018-06-01 15:22:04 PDT

Comment on attachment 341782 [details]
Patch

Attachment 341782 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/7931416

New failing tests:
imported/mozilla/css-animations/test_event-dispatch.html
imported/mozilla/css-transitions/test_event-dispatch.html

Comment 8 EWS Watchlist 2018-06-01 15:22:05 PDT

Created attachment 341795 [details]
Archive of layout-test-results from ews116 for mac-sierra

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews116  Port: mac-sierra  Platform: Mac OS X 10.12.6

Comment 9 EWS Watchlist 2018-06-01 15:31:28 PDT

Comment on attachment 341782 [details]
Patch

Attachment 341782 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/7931471

New failing tests:
imported/mozilla/css-animations/test_event-dispatch.html

Comment 10 EWS Watchlist 2018-06-01 15:31:30 PDT

Created attachment 341796 [details]
Archive of layout-test-results from ews126 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126  Port: ios-simulator-wk2  Platform: Mac OS X 10.13.4

Comment 11 Antoine Quint 2018-06-07 05:30:56 PDT

Created attachment 342152 [details]
Patch

Comment 12 Antoine Quint 2018-06-07 12:51:50 PDT

Committed r232596: <https://trac.webkit.org/changeset/232596>