[Webkit-unassigned] [Bug 225399] New: [GTK] ASAN crashes while loading the minibrowser home page

Wed May 5 11:44:51 PDT 2021

https://bugs.webkit.org/show_bug.cgi?id=225399

            Bug ID: 225399
           Summary: [GTK] ASAN crashes while loading the minibrowser home
                    page
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: aboya at igalia.com
                CC: bugs-noreply at webkitgtk.org

I built WebKitGTK in Release mode with --cmakeargs="-DENABLE_SANITIZERS=address". It crashed consistently while loading the home page.

Gtk-Message: 11:35:11.660: Failed to load module "canberra-gtk-module"
Gtk-Message: 11:35:11.660: Failed to load module "pk-gtk-module"
Gtk-Message: 11:35:11.664: Failed to load module "canberra-gtk-module"
Gtk-Message: 11:35:11.664: Failed to load module "pk-gtk-module"
WARNING: ASAN interferes with JSC signal handlers; useWebAssemblyFastMemory and useSharedArrayBuffer will be disabled.
WARNING: ASAN interferes with JSC signal handlers; useWebAssemblyFastMemory and useSharedArrayBuffer will be disabled.
Gtk-Message: 11:35:12.381: Failed to load module "canberra-gtk-module"
Gtk-Message: 11:35:12.382: Failed to load module "pk-gtk-module"
Gtk-Message: 11:35:12.392: Failed to load module "canberra-gtk-module"
Gtk-Message: 11:35:12.392: Failed to load module "pk-gtk-module"
WARNING: ASAN interferes with JSC signal handlers; useWebAssemblyFastMemory and useSharedArrayBuffer will be disabled.
==34==AddressSanitizer CHECK failed: ../../../../libsanitizer/asan/asan_poisoning.cpp:38 "((AddrIsInMem(addr + size - (1ULL << kDefaultShadowScale)))) != (0)" (0x0, 0x0)
    #0 0x7f30461ac9b8 in AsanCheckFailed ../../../../libsanitizer/asan/asan_rtl.cpp:73
    #1 0x7f30461cc86e in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) ../../../../libsanitizer/sanitizer_common/sanitizer_termination.cpp:78
    #2 0x7f30461a6b84 in __asan::PoisonShadow(unsigned long, unsigned long, unsigned char) ../../../../libsanitizer/asan/asan_poisoning.cpp:38
    #3 0x7f30461a8dfd in __sanitizer_annotate_contiguous_container ../../../../libsanitizer/asan/asan_poisoning.cpp:397
    #4 0x7f303b802d87 in WTF::HashTableAddResult<WTF::HashTableIterator<WTF::HashTable<WebCore::FontDescriptionKey, WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> >, WebCore::FontDescriptionKeyHash, WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey> >, WebCore::FontDescriptionKey, WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> >, WebCore::FontDescriptionKeyHash, WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey> > > WTF::HashTable<WebCore::FontDescriptionKey, WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WebCore::FontDescriptionKey, WebCore::FontRanges> >, WebCore::FontDescriptionKeyHash, WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges>, WTF::HashTableTraits>::KeyValuePairTraits, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey> >::add<WTF::HashMapTranslator<WTF::HashMap<WebCore::FontDescriptionKey, WebCore::FontRanges, WebCore::FontDescriptionKeyHash, WTF::SimpleClassHashTraits<WebCore::FontDescriptionKey>, WTF::HashTraits<WebCore::FontRanges>, WTF::HashTableTraits>::KeyValuePairTraits, WebCore::FontDescriptionKeyHash>, WebCore::FontDescriptionKey, WebCore::FontRanges>(WebCore::FontDescriptionKey&&, WebCore::FontRanges&&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x7af2d87)
    #5 0x7f303b7e761c in WebCore::CSSSegmentedFontFace::fontRanges(WebCore::FontDescription const&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x7ad761c)
    #6 0x7f303b6eddb1 in WebCore::CSSFontSelector::fontRangesForFamily(WebCore::FontDescription const&, WTF::AtomString const&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x79dddb1)
    #7 0x7f303e4b5cee in WebCore::realizeNextFallback(WebCore::FontCascadeDescription const&, unsigned int&, WebCore::FontSelector*) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xa7a5cee)
    #8 0x7f303e4b6bf8 in WebCore::FontCascadeFonts::realizeFallbackRangesAt(WebCore::FontCascadeDescription const&, unsigned int) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xa7a6bf8)
    #9 0x7f303facab7e in WebCore::RenderStyle::fontMetrics() const (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xbdbab7e)
    #10 0x7f303b7954cd in WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble(WebCore::CSSToLengthConversionData const&, WebCore::CSSUnitType, double) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x7a854cd)
    #11 0x7f303b796040 in WebCore::Length WebCore::CSSPrimitiveValue::computeLength<WebCore::Length>(WebCore::CSSToLengthConversionData const&) const (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x7a86040)
    #12 0x7f3039dd29e0 in WebCore::Style::BuilderConverter::convertLength(WebCore::Style::BuilderState const&, WebCore::CSSValue const&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x60c29e0)
    #13 0x7f3039e1b768 in WebCore::Style::BuilderFunctions::applyValueMarginBottom(WebCore::Style::BuilderState&, WebCore::CSSValue&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x610b768)
    #14 0x7f3039d6b9ac in WebCore::Style::BuilderGenerated::applyProperty(WebCore::CSSPropertyID, WebCore::Style::BuilderState&, WebCore::CSSValue&, bool, bool, WebCore::CSSRegisteredCustomProperty const*) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x605b9ac)
    #15 0x7f303fe4d1d6 in WebCore::Style::Builder::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue&, WebCore::SelectorChecker::LinkMatchMask) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc13d1d6)
    #16 0x7f303fe53186 in WebCore::Style::Builder::applyProperties(int, int) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc143186)
    #17 0x7f303fe548bf in WebCore::Style::Builder::applyLowPriorityProperties() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc1448bf)
    #18 0x7f303fe8290b in WebCore::Style::Resolver::applyMatchedProperties(WebCore::Style::Resolver::State&, WebCore::Style::MatchResult const&, WebCore::Style::Resolver::UseMatchedDeclarationsCache) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc17290b)
    #19 0x7f303fe96b30 in WebCore::Style::Resolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::SelectorFilter const*) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc186b30)
    #20 0x7f303feddf6d in WebCore::Style::TreeResolver::styleForStyleable(WebCore::Styleable const&, WebCore::RenderStyle const&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc1cdf6d)
    #21 0x7f303ff03e33 in WebCore::Style::TreeResolver::resolveElement(WebCore::Element&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc1f3e33)
    #22 0x7f303ff091fb in WebCore::Style::TreeResolver::resolveComposedTree() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc1f91fb)
    #23 0x7f303ff0e5f7 in WebCore::Style::TreeResolver::resolve() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0xc1fe5f7)
    #24 0x7f303bdb7d52 in WebCore::Document::resolveStyle(WebCore::Document::ResolveStyleType) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x80a7d52)
    #25 0x7f303bdb9747 in WebCore::Document::updateStyleIfNeeded() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x80a9747)
    #26 0x7f303bdd130f in WebCore::Document::implicitClose() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x80c130f)
    #27 0x7f303d75f9ac in WebCore::FrameLoader::checkCallImplicitClose() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x9a4f9ac)
    #28 0x7f303d7be73a in WebCore::FrameLoader::checkCompleted() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x9aae73a)
    #29 0x7f303d7c4d73 in WebCore::FrameLoader::loadDone(WebCore::LoadCompletionType) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x9ab4d73)
    #30 0x7f303d9d17cf in WebCore::CachedResourceLoader::loadDone(WebCore::LoadCompletionType, bool) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x9cc17cf)
    #31 0x7f303d8be40e in WebCore::SubresourceLoader::notifyDone(WebCore::LoadCompletionType) [clone .part.0] (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x9bae40e)
    #32 0x7f303d9131f2 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x9c031f2)
    #33 0x7f3037021776 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x3311776)
    #34 0x7f3035642a7a in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x1932a7a)
    #35 0x7f3035632fe3 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x1922fe3)
    #36 0x7f303703cc58 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x332cc58)
    #37 0x7f3035ed9807 in IPC::Connection::dispatchMessage(IPC::Decoder&) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x21c9807)
    #38 0x7f3035edf98c in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x21cf98c)
    #39 0x7f3035ee63bb in IPC::Connection::dispatchOneIncomingMessage() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x21d63bb)
    #40 0x7f3035eea3fc in WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >)::{lambda()#1}, void>::call() (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x21da3fc)
    #41 0x7f3031f90161 in WTF::RunLoop::performWork() (/app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0+0x59b2161)
    #42 0x7f303212dde8 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) (/app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0+0x5b4fde8)
    #43 0x7f3032130d2b in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) (/app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0+0x5b52d2b)
    #44 0x7f302a27bdbe in g_main_dispatch ../glib/gmain.c:3337
    #45 0x7f302a27bdbe in g_main_context_dispatch ../glib/gmain.c:4055
    #46 0x7f302a27c167 in g_main_context_iterate ../glib/gmain.c:4131
    #47 0x7f302a27c482 in g_main_loop_run ../glib/gmain.c:4329
    #48 0x7f3032131395 in WTF::RunLoop::run() (/app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0+0x5b53395)
    #49 0x7f3037410a89 in WebKit::WebProcessMain(int, char**) (/app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0+0x3700a89)
    #50 0x5599a74b3948 in main (/app/webkit/WebKitBuild/Release/bin/WebKitWebProcess+0x948)
    #51 0x7f3029c40061 in __libc_start_main ../csu/libc-start.c:308
    #52 0x5599a74b398d in _start (/app/webkit/WebKitBuild/Release/bin/WebKitWebProcess+0x98d)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210505/dcec7024/attachment-0001.htm>