[Webkit-unassigned] [Bug 178415] New: [Win] Null pointer crash under AutoscrollController::stopAutoscrollTimer.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 17 16:31:24 PDT 2017
https://bugs.webkit.org/show_bug.cgi?id=178415
Bug ID: 178415
Summary: [Win] Null pointer crash under
AutoscrollController::stopAutoscrollTimer.
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: pvollan at apple.com
0:000:x86> !analyze -vv
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for COMCTL32.dll -
*** WARNING: Unable to verify checksum for DumpRenderTreeLib.dll
*** WARNING: Unable to verify checksum for JavaScriptCore.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for CFNetwork.dll -
*** WARNING: Unable to verify checksum for C:\cygwin\home\buildbot\slave\win-release-tests\build\WebKitBuild\release\bin32\DumpRenderTree.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for KERNEL32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\SYSTEM32\ntdll.dll -
***** OS symbols are WRONG. Please fix symbols to do analysis.
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: ntdll!_PEB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Either you specified an unqualified symbol, or your debugger ***
*** doesn't have full symbol information. Unqualified symbol ***
*** resolution is turned off by default. Please either specify a ***
*** fully qualified symbol module!symbolname, or enable resolution ***
*** of unqualified symbols by typing ".symopt- 100". Note that ***
*** enabling unqualified symbol resolution with network symbol ***
*** server shares in the symbol path may cause the debugger to ***
*** appear to hang for long periods of time when an incorrect ***
*** symbol name is typed or the network symbol server is down. ***
*** ***
*** For some commands to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!IMAGE_NT_HEADERS32 ***
*** ***
*************************************************************************
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ole32.dll -
************* Symbol Loading Error Summary **************
Module name Error
ole32 PDB not found : c:\cygwin\home\buildbot\slave\win-release-tests\build\webkitbuild\release\bin32\symbols\dll\ole32.pdb
You can troubleshoot most symbol related issues by turning on symbol loading diagnostics (!sym noisy) and repeating the command that caused symbols to be loaded.
You should also verify that your symbol search path (.sympath) is correct.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for CoreFoundation.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for pthreadVC2.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for MSVCR100.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for libdispatch.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for atiudx.exe -
*** WARNING: Unable to verify checksum for WTF.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for CoreMedia.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for MSVCR120.dll -
FAULTING_IP:
WebKit!WebCore::AutoscrollController::stopAutoscrollTimer+29 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\page\autoscrollcontroller.cpp @ 96]
6b54a339 8b4004 mov eax,dword ptr [eax+4]
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 000000006b54a339 (WebKit!WebCore::AutoscrollController::stopAutoscrollTimer+0x0000000000000029)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000000
Parameter[1]: 0000000000000004
Attempt to read from address 0000000000000004
CONTEXT: 0000000000000000 -- (.cxr 0x0;r)
.cxr 0x0;r
eax=00000000 ebx=00000001 ecx=9bca943e edx=0a95b288 esi=090b48e8 edi=051e6f08
eip=6b54a339 esp=0037d6bc ebp=0037d6c8 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210202
WebKit!WebCore::AutoscrollController::stopAutoscrollTimer+0x29:
6b54a339 8b4004 mov eax,dword ptr [eax+4] ds:002b:00000004=????????
.cxr
FAULTING_THREAD: 0000000000000eb0
DEFAULT_BUCKET_ID: WRONG_SYMBOLS
PROCESS_NAME: DumpRenderTree.exe
ADDITIONAL_DEBUG_TEXT:
You can run '.symfix; .reload' to try to fix the symbol path and load symbols.
MODULE_NAME: WebKit
FAULTING_MODULE: 0000000076ce0000 ntdll
DEBUG_FLR_IMAGE_TIMESTAMP: 59e67a28
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.
EXCEPTION_CODE_STR: c0000005
EXCEPTION_PARAMETER1: 0000000000000000
EXCEPTION_PARAMETER2: 0000000000000004
READ_ADDRESS: 0000000000000004
FOLLOWUP_IP:
WebKit!WebCore::AutoscrollController::stopAutoscrollTimer+29 [c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\page\autoscrollcontroller.cpp @ 96]
6b54a339 8b4004 mov eax,dword ptr [eax+4]
WATSON_BKT_PROCSTAMP: 59e67a4e
WATSON_BKT_MODULE: WebKit.dll
WATSON_BKT_MODVER: 7603.1030.4006.1
WATSON_BKT_MODSTAMP: 59e67a28
WATSON_BKT_MODOFFSET: 7ca339
BUILD_VERSION_STRING: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
APP: dumprendertree.exe
ANALYSIS_SESSION_HOST: BOT511
ANALYSIS_SESSION_TIME: 10-17-2017 15:39:26.0695
ANALYSIS_VERSION: 6.3.9600.16384 (debuggers(dbg).130821-1623) amd64fre
THREAD_ATTRIBUTES:
[ GLOBAL ]
Global PID: [6112]
Global Thread_Count: [138]
Global PageSize: [4096]
Global ModList_SHA1_Hash: [72e07e4273fa3eacf6c86968385a0d594dc0f5a2]
Global CommandLine
Global ProcessName: [dumprendertree.exe]
Global Debugger_CPU_Architecture: [X64]
Global CPU_ProcessorCount: [8]
Global CPU_MHZ: [3401]
Global CPU_Architecture: [X64]
Global CPU_Family: [6]
Global CPU_Model: [10]
Global CPU_Stepping: [7]
Global CPU_VendorString: []
Global LoadedModule_Count: [116]
Global SystemUpTime: [28 days 4:58:36.000]
Global SystemUpTime: [2437116]
Global ProcessUpTime: [0 days 0:00:10.000]
Global ProcessUpTime: [10]
Global CurrentTimeDate: [Tue Oct 17 15:39:27.000 2017 (UTC - 7:00)]
Global CurrentTimeDate: [1508279967]
Global ApplicationName: [dumprendertree.exe]
Global ASLR_Enabled
Global SafeSEH_Enabled
Global SafeSEH_NotApplicable
[ THREAD ]
00 Id: 17e0.eb0
Frame[00] Is_OriginalExceptionThread
Frame[00] Stack_Frames_Extraction_Time_(ms): [0x10]
Frame[00] ThreadStartAddress: [DumpRenderTree!mainCRTStartup]
Frame[00] ThreadStartAddress: [0x00000000012c3337]
Frame[00] Number_of_Unique_Stack_Modules: [0x8]
Frame[03] Is_UIThread
Frame[03] Is_WndProc
Frame[11] NotSafeDuringShutdown
Frame[45] CompleteStackWalk
Frame[00] Near_NullReadAddress: [0x0000000000000004]
Frame[04] near_null_READ
Frame[00] Number_of_Stack_Frames: [0x48]
Frame[00] Bad_Frame_Count: [0x0]
Frame[00] Ignored_Frame_Count: [0x0]
Frame[00] Frames_not_in_stack_range: [0x0]
Frame[00] NotSysEnter
Frame[00] null_Arch_AX
Frame[00] null_Arch_BX
Frame[00] null_Arch_CX
Frame[00] null_Arch_DX
Frame[00] null_Arch_SI
Frame[00] null_Arch_DI
Frame[00] null_Arch_SP
Frame[00] null_Arch_BP
Frame[00] null_Arch_IP
Frame[00] NULL_msr_r8
Frame[00] NULL_msr_r9
Frame[00] NULL_msr_r10
Frame[00] NULL_msr_r11
Frame[00] NULL_msr_r12
Frame[00] NULL_msr_r13
Frame[00] NULL_msr_r14
Frame[00] NULL_msr_r15
Frame[00] Instruction_Pointer: [0x0000000000000000]
Frame[00] NULL_Context_Record
Frame[00] MissingCriticalSymbol: [0x0000000076ce0000]
Frame[00] Stack_Attribute_Extraction_Time_(ms): [0xf]
PROBLEM_CLASSES:
WRONG_SYMBOLS
Tid [0xeb0]
Frame [0x00]: webkit!WebCore::AutoscrollController::stopAutoscrollTimer
String []
PRIMARY_PROBLEM_CLASS: WRONG_SYMBOLS
BUGCHECK_STR: APPLICATION_FAULT_WRONG_SYMBOLS
LAST_CONTROL_TRANSFER: from 000000006b1d6123 to 000000006b54a339
STACK_TEXT:
0037d6c8 6b1d6123 00000000 0000000e 91436a9f WebKit!WebCore::AutoscrollController::stopAutoscrollTimer+0x29
0037d880 6ae3de6b 0037d8a4 0055000d 004ebb08 WebKit!WebCore::EventHandler::handleMousePressEvent+0x343
0037d8f0 6ae44448 00000207 00000000 0055000d WebKit!WebView::handleMouseEvent+0x37b
0037d93c 766b62fa 66fd0ad8 00000207 00000000 WebKit!WebView::WebViewWndProc+0x5e8
WARNING: Stack unwind information not available. Following frames may be wrong.
0037d968 766b6d3a 6ae43e60 66fd0ad8 00000207 USER32!gapfnScSendMessage+0x332
0037d9e0 766c0d3f 00000000 6ae43e60 66fd0ad8 USER32!GetThreadDesktop+0xd7
0037da18 766c0d65 6ae43e60 66fd0ad8 00000207 USER32!GetClientRect+0xc5
0037da38 6e7ff453 6ae43e60 66fd0ad8 00000207 USER32!CallWindowProcW+0x1b
0037da54 6e7ff5fe 66fd0ad8 00000207 00000000 COMCTL32!DPA_Sort+0x2aa
0037dab8 6e7ff5b2 05200fd0 66fd0ad8 00000207 COMCTL32!DefSubclassProc+0x92
0037dadc 6e7fb65f 66fd0ad8 00000207 00000000 COMCTL32!DefSubclassProc+0x46
0037daf8 6e7ff5fe 66fd0ad8 00000207 00000000 COMCTL32!ImageList_GetIcon+0x71d
0037db5c 6e7ff4a0 05200fd0 66fd0ad8 00000207 COMCTL32!DefSubclassProc+0x92
0037dbbc 766b62fa 66fd0ad8 00000207 00000000 COMCTL32!DPA_Sort+0x2f7
0037dbe8 766b6d3a 6e7ff45c 66fd0ad8 00000207 USER32!gapfnScSendMessage+0x332
0037dc60 766b77c4 00000000 6e7ff45c 66fd0ad8 USER32!GetThreadDesktop+0xd7
0037dcc0 766b788a 6e7ff45c 00000000 0037dd30 USER32!CharPrevW+0x138
0037dcd0 70d2086e 0037dd0c 00000001 0561af88 USER32!DispatchMessageW+0xf
0037dd30 6d7872e6 0037def8 0525b6c0 0525b740 DumpRenderTreeLib!mouseDownCallback+0x12e
0037ddec 6dabb6a8 00000000 0525b6c0 0037df68 JavaScriptCore!JSC::APICallbackFunction::call<JSC::JSCallbackFunction>+0x196
0037de18 6dabc09e 0037def8 0bd5e28c 0525b6c0 JavaScriptCore!JSC::LLInt::handleHostCall+0x88
0037de68 6dabb5e7 0037def8 0bd5e28c 00000000 JavaScriptCore!JSC::LLInt::setUpCall+0x26e
0037de94 6dab9055 0037df68 0bd5e28c 00000000 JavaScriptCore!JSC::LLInt::genericCall+0x67
0037dea8 6dd1777d 0037df68 0bd5e28c 0c35db08 JavaScriptCore!llint_slow_path_call+0x25
0037df68 6dd1778f 0a4743a0 0561af88 0c34a740 JavaScriptCore!llint_entry+0x4d41
0037dfb8 6dd128a1 0a474220 0037e670 0c34a760 JavaScriptCore!llint_entry+0x4d53
0037e010 6da71d22 0292b3c0 0561af88 0037e638 JavaScriptCore!llintPCRangeStart+0x111
0037e03c 6da53bf6 0037e6f4 0561af88 0037e638 JavaScriptCore!JSC::JITCode::execute+0x52
0037e750 6db9dce0 0037e78c 0037e914 0a7fb1d0 JavaScriptCore!JSC::Interpreter::executeProgram+0x2c26
0037e7a0 6db9dd97 0037e880 0a7fb1d0 0037e914 JavaScriptCore!JSC::evaluate+0x100
0037e7f4 6b225ef0 0037e880 0a7fb1d0 00000002 JavaScriptCore!JSC::profiledEvaluate+0x47
0037e834 6b1fac13 0037e880 0a7fb1d0 00000002 WebKit!WebCore::JSMainThreadExecState::profiledEvaluate+0x50
0037e8a0 6b1fab0c 0037e8f0 0037e910 05659e58 WebKit!WebCore::ScriptController::evaluateInWorld+0xf3
0037e8bc 6aed170a 0037e8f0 0037e910 00000000 WebKit!WebCore::ScriptController::evaluate+0x1c
0037e8f8 6aed152b 05573910 0c3a5a60 0a65f388 WebKit!WebCore::ScriptElement::executeClassicScript+0x13a
0037e97c 6b662c61 0037eaa4 00000000 0a6c1b38 WebKit!WebCore::ScriptElement::prepareScript+0x48b
0037ea70 6b6626b2 0a65f388 0037eaa4 00000000 WebKit!WebCore::HTMLScriptRunner::runScript+0x51
0037ea88 6b475f88 0037eaa0 0037eaa4 00000000 WebKit!WebCore::HTMLScriptRunner::execute+0x22
0037eab4 6b475b7a 0c06e010 0a6c1b38 70ac80e0 WebKit!WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder+0xd8
0037eb14 6b475a0a 00000000 00000000 0037eb34 WebKit!WebCore::HTMLDocumentParser::pumpTokenizerLoop+0x4a
0037eb58 6b4754b7 00000000 08eb5b20 0a6c1b38 WebKit!WebCore::HTMLDocumentParser::pumpTokenizer+0x6a
0037ebb4 6aecc7a5 00000000 08eb5ac8 0560db98 WebKit!WebCore::HTMLDocumentParser::append+0x197
0037ebd4 6b44c62c 08eb5b20 060aeea0 00000559 WebKit!WebCore::DecodedDataDocumentParser::appendBytes+0x65
0037ebe8 6af21e9a 060aeea0 00000559 08eb5ac8 WebKit!WebCore::DocumentWriter::addData+0x2c
0037ec3c 6ae637f0 060aeea0 00000559 05573910 WebKit!WebCore::DocumentLoader::commitData+0x1ca
0037ec9c 6af22aa5 08eb5ac8 060aeea0 00000559 WebKit!WebFrameLoaderClient::committedLoad+0x20
0037ecbc 6af23b91 060aeea0 00000559 00000559 WebKit!WebCore::DocumentLoader::commitLoad+0x75
0037ece0 6af23591 060aeea0 00000559 0037ed2c WebKit!WebCore::DocumentLoader::dataReceived+0x91
0037ecf0 6b4ac62a 0bce0668 060aeea0 00000559 WebKit!WebCore::DocumentLoader::dataReceived+0x11
0037ed2c 6b4ac067 060aeea0 00000559 0037eda4 WebKit!WebCore::CachedRawResource::notifyClientsDataWasReceived+0x4a
0037ed60 6af39e53 051f1d18 0a7ef360 0c38d370 WebKit!WebCore::CachedRawResource::updateBuffer+0xa7
0037ed78 6af39778 00000000 00000000 00000000 WebKit!WebCore::SubresourceLoader::didReceiveDataOrBuffer+0x93
0037ed9c 6af34ad4 051f1d18 00000559 00000000 WebKit!WebCore::SubresourceLoader::didReceiveBuffer+0x28
0037edb8 6b4b7813 0c38c878 0037ede4 00000559 WebKit!WebCore::ResourceLoader::didReceiveBuffer+0x14
0037edd8 6b4b73e1 060aee88 00000000 0037ee2c WebKit!WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveData+0x33
0037ede8 6acdd529 060a6270 060aee88 00000559 WebKit!WebCore::ResourceHandleCFURLConnectionDelegate::didReceiveDataCallback+0x11
0037ee2c 6acdb2ba 05f07dd0 0037ee58 9bfd7b02 CFNetwork!CFHTTPCookieCreateWithResponseHeaderFields+0xc559
0037ef98 6acda470 05ea529c 00000001 00000000 CFNetwork!CFHTTPCookieCreateWithResponseHeaderFields+0xa2ea
0037efbc 6acdb8d3 6acdb880 0037eff4 766b62fa CFNetwork!CFHTTPCookieCreateWithResponseHeaderFields+0x94a0
0037efc8 766b62fa 217e0ac2 000004cf 060a6270 CFNetwork!CFHTTPCookieCreateWithResponseHeaderFields+0xa903
0037eff4 766b6d3a 6acdb880 217e0ac2 000004cf USER32!gapfnScSendMessage+0x332
0037f06c 766b77c4 00000000 6acdb880 217e0ac2 USER32!GetThreadDesktop+0xd7
0037f0cc 766b788a 6acdb880 00000000 0037f204 USER32!CharPrevW+0x138
0037f0dc 70d1dede 0037f168 004a2300 008f5368 USER32!DispatchMessageW+0xf
0037f204 70d19caa 0037f21c 012d6df0 004a2300 DumpRenderTreeLib!runTest+0x6de
0037fa7c 70d19e7e 00000002 004a2300 0037fd54 DumpRenderTreeLib!main+0x43a
0037fa8c 012c16c9 00000002 004a2300 012d6dec DumpRenderTreeLib!dllLauncherEntryPoint+0xe
0037fd54 012c32ba 00000002 004a2300 004a5b10 DumpRenderTree!main+0x469
0037fda0 759a336a 7efde000 0037fdec 76ef9902 DumpRenderTree!__scrt_common_main_seh+0xff
0037fdac 76ef9902 7efde000 e7889555 00000000 KERNEL32!BaseThreadInitThunk+0x12
0037fdec 76ef98d5 012c3337 7efde000 00000000 ntdll_76ec0000!RtlInitializeExceptionChain+0x63
0037fe04 00000000 012c3337 7efde000 00000000 ntdll_76ec0000!RtlInitializeExceptionChain+0x36
STACK_COMMAND: .cxr 0x0 ; kb
FAULT_INSTR_CODE: 8b04408b
FAULTING_SOURCE_LINE: c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\page\autoscrollcontroller.cpp
FAULTING_SOURCE_FILE: c:\cygwin\home\buildbot\slave\win-release\build\source\webcore\page\autoscrollcontroller.cpp
FAULTING_SOURCE_LINE_NUMBER: 96
FAULTING_SOURCE_CODE:
92:
93: if (!scrollable)
94: return;
95:
> 96: Frame& frame = scrollable->frame();
97: if (autoscrollInProgress() && frame.eventHandler().mouseDownWasInSubframe()) {
98: if (Frame* subframe = frame.eventHandler().subframeForTargetNode(frame.eventHandler().mousePressNode()))
99: subframe->eventHandler().stopAutoscrollTimer(rendererIsBeingDestroyed);
100: return;
101: }
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: webkit!WebCore::AutoscrollController::stopAutoscrollTimer+29
FOLLOWUP_NAME: MachineOwner
IMAGE_NAME: WebKit.dll
BUCKET_ID: WRONG_SYMBOLS
FAILURE_BUCKET_ID: WRONG_SYMBOLS_c0000005_WebKit.dll!WebCore::AutoscrollController::stopAutoscrollTimer
ANALYSIS_SESSION_ELAPSED_TIME: 69e
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:wrong_symbols_c0000005_webkit.dll!webcore::autoscrollcontroller::stopautoscrolltimer
FAILURE_ID_HASH: {06a6ebe7-60c9-664a-a4b0-ffbadf33f336}
Followup: MachineOwner
---------
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171017/cd76d753/attachment-0001.html>
More information about the webkit-unassigned
mailing list