[Webkit-unassigned] [Bug 193253] New: CRASH: WebCore::IntersectionObserver::notify at 0xffffffff00000297 while debugging

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 8 13:15:30 PST 2019 

https://bugs.webkit.org/show_bug.cgi?id=193253

            Bug ID: 193253
           Summary: CRASH: WebCore::IntersectionObserver::notify at
                    0xffffffff00000297 while debugging
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: ajuma at chromium.org, simon.fraser at apple.com

I was debugging Web Inspector (which was using IntersectionObservers) and soon after saw this crash.

WebKit @ r239704 with this patch <https://bugs.webkit.org/attachment.cgi?id=358179>.

Notes:
- I was pausing and continuing inside of an IntersectionObserver callback, not sure if that was related

Crash:
Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0xffffffff00000297
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [1715]    

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x00000001095e557f WebCore::IntersectionObserver::notify() + 15 (Vector.h:694)
1   com.apple.WebCore                   0x0000000109127a37 WebCore::Document::notifyIntersectionObserversTimerFired() + 71 (Document.cpp:7926)
2   com.apple.WebCore                   0x0000000109691b40 WebCore::ThreadTimers::sharedTimerFiredInternal() + 176 (ThreadTimers.cpp:120)
3   com.apple.WebCore                   0x00000001096b347f WebCore::timerFired(__CFRunLoopTimer*, void*) + 31 (MainThreadSharedTimerCF.cpp:75)
4   com.apple.CoreFoundation            0x00007fff488b20d0 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
5   com.apple.CoreFoundation            0x00007fff488b1c7c __CFRunLoopDoTimer + 851
6   com.apple.CoreFoundation            0x00007fff488b17c2 __CFRunLoopDoTimers + 330
7   com.apple.CoreFoundation            0x00007fff488929be __CFRunLoopRun + 2130
8   com.apple.CoreFoundation            0x00007fff48891f1a CFRunLoopRunSpecific + 455
9   com.apple.Foundation                0x00007fff4abbbc2f -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 280
10  com.apple.Foundation                0x00007fff4abbbb04 -[NSRunLoop(NSRunLoop) run] + 76
11  libxpc.dylib                        0x00007fff751f91e3 _xpc_objc_main + 552
12  libxpc.dylib                        0x00007fff751f8ce5 xpc_main + 433
13  com.apple.WebKit.WebContent         0x0000000106fff6e2 WebKit::XPCServiceMain(int, char const**) + 547
14  com.apple.WebKit.WebContent         0x0000000106fff867 main + 9 (XPCServiceMain.mm:46)
15  libdyld.dylib                       0x00007fff74fc43ed start + 1

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190108/9c5266bc/attachment-0001.html>

More information about the webkit-unassigned mailing list