Fund: ASAN issue when running with #787 applied

Excerpt of the CI Logs for 758f488:
==49832==ERROR: AddressSanitizer: use-after-poison on address 0x7f8bdcc91048 at pc 0x55e0a6b9c4ab bp 0x7ffd69d01ad0 sp 0x7ffd69d01ac8
READ of size 8 at 0x7f8bdcc91048 thread T0
    #0 0x55e0a6b9c4aa in operator! /home/runner/work/ladybird/ladybird/AK/RefPtr.h:226:38
    #1 0x55e0a6b9c4aa in AK::ErrorOr<AK::WeakPtr<WebContent::WebContentConsoleClient>, AK::Error> AK::Weakable<JS::Cell>::try_make_weak_ptr<WebContent::WebContentConsoleClient>() const /home/runner/work/ladybird/ladybird/AK/WeakPtr.h:180:9
    #2 0x55e0a6b9bdd1 in AK::WeakPtr<WebContent::WebContentConsoleClient> AK::Weakable<JS::Cell>::make_weak_ptr<WebContent::WebContentConsoleClient>() const /home/runner/work/ladybird/ladybird/AK/Weakable.h:64:16
    #3 0x55e0a6b8bd07 in AK::WeakPtr<WebContent::WebContentConsoleClient>& AK::WeakPtr<WebContent::WebContentConsoleClient>::operator=<WebContent::WebContentConsoleClient>(WebContent::WebContentConsoleClient const&) requires IsBaseOf<WebContent::WebContentConsoleClient, TL0_> /home/runner/work/ladybird/ladybird/AK/WeakPtr.h:102:34
    #4 0x55e0a6b7a79c in WebContent::PageClient::page_did_change_active_document_in_top_level_browsing_context(Web::DOM::Document&) /home/runner/work/ladybird/ladybird/Userland/Services/WebContent/PageClient.cpp:348:41
    #5 0x7f8bf81fbea8 in Web::DOM::Document::make_active() /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/DOM/Document.cpp:3616:25
    #6 0x7f8bf8b76c16 in operator() /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/HTML/TraversableNavigable.cpp:722:28
    #7 0x7f8bf8b76c16 in AK::Function<void ()>::CallableWrapper<Web::HTML::TraversableNavigable::apply_the_history_step(int, bool, AK::Optional<Web::HTML::SourceSnapshotParams>, JS::GCPtr<Web::HTML::Navigable>, AK::Optional<Web::HTML::UserNavigationInvolvement>, AK::Optional<Web::Bindings::NavigationType>, Web::HTML::TraversableNavigable::SynchronousNavigation)::$_4>::call() /home/runner/work/ladybird/ladybird/AK/Function.h:187:20
    #8 0x7f8bf7c14ecc in AK::Function<void ()>::operator()() const /home/runner/work/ladybird/ladybird/AK/Function.h:120:25
    #9 0x7f8bf7c14ecc in AK::Function<void ()>::operator()() const /home/runner/work/ladybird/ladybird/AK/Function.h:120:25
    #10 0x7f8bf86b6df7 in operator() /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.cpp:124:23
    #11 0x7f8bf86b6df7 in JS::SafeFunction<bool ()>::CallableWrapper<Web::HTML::EventLoop::spin_processing_tasks_with_source_until(Web::HTML::Task::Source, JS::SafeFunction<bool ()>)::$_0>::call() /home/runner/work/ladybird/ladybird/Userland/Libraries/LibJS/SafeFunction.h:133:20
    #12 0x7f8bf86b8a18 in JS::SafeFunction<bool ()>::operator()() const /home/runner/work/ladybird/ladybird/Userland/Libraries/LibJS/SafeFunction.h:85:25
    #13 0x7f8bf5aeb07c in AK::Function<bool ()>::operator()() const /home/runner/work/ladybird/ladybird/AK/Function.h:120:25
    #14 0x7f8bf5ae9540 in Core::EventLoop::spin_until(AK::Function<bool ()>) /home/runner/work/ladybird/ladybird/Userland/Libraries/LibCore/EventLoop.cpp:94:46
    #15 0x7f8bf8ff2a1e in Web::Platform::EventLoopPluginSerenity::spin_until(JS::SafeFunction<bool ()>) /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/Platform/EventLoopPluginSerenity.cpp:19:32
    #16 0x7f8bf86aee4d in Web::HTML::EventLoop::spin_processing_tasks_with_source_until(Web::HTML::Task::Source, JS::SafeFunction<bool ()>) /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/HTML/EventLoop/EventLoop.cpp:114:38
    #17 0x7f8bf8b625e4 in Web::HTML::TraversableNavigable::apply_the_history_step(int, bool, AK::Optional<Web::HTML::SourceSnapshotParams>, JS::GCPtr<Web::HTML::Navigable>, AK::Optional<Web::HTML::UserNavigationInvolvement>, AK::Optional<Web::Bindings::NavigationType>, Web::HTML::TraversableNavigable::SynchronousNavigation) /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/HTML/TraversableNavigable.cpp:762:30
    #18 0x7f8bf8b68547 in Web::HTML::TraversableNavigable::apply_the_push_or_replace_history_step(int, Web::HTML::HistoryHandlingBehavior, Web::HTML::TraversableNavigable::SynchronousNavigation) /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/HTML/TraversableNavigable.cpp:1020:12
    #19 0x7f8bf8942954 in Web::HTML::finalize_a_cross_document_navigation(JS::NonnullGCPtr<Web::HTML::Navigable>, Web::HTML::HistoryHandlingBehavior, JS::NonnullGCPtr<Web::HTML::SessionHistoryEntry>) /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/HTML/Navigable.cpp:1891:18
    #20 0x7f8bf895bcce in operator() /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/HTML/Navigable.cpp:1459:17
    #21 0x7f8bf895bcce in AK::Function<void ()>::CallableWrapper<Web::HTML::Navigable::navigate(Web::HTML::Navigable::NavigateParams)::$_0::operator()() const::'lambda0'()::operator()() const::'lambda'()>::call() /home/runner/work/ladybird/ladybird/AK/Function.h:187:20
    #22 0x7f8bf7c14ecc in AK::Function<void ()>::operator()() const /home/runner/work/ladybird/ladybird/AK/Function.h:120:25
    #23 0x7f8bf8aef181 in operator() /home/runner/work/ladybird/ladybird/Userland/Libraries/LibWeb/HTML/SessionHistoryTraversalQueue.cpp:37:20
    #24 0x7f8bf8aef181 in AK::Function<void ()>::CallableWrapper<Web::HTML::SessionHistoryTraversalQueue::SessionHistoryTraversalQueue()::$_0>::call() /home/runner/work/ladybird/ladybird/AK/Function.h:187:20
    #25 0x7f8bf5b0c55c in AK::Function<void ()>::operator()() const /home/runner/work/ladybird/ladybird/AK/Function.h:120:25
    #26 0x7f8bf5b08e8e in Core::EventReceiver::dispatch_event(Core::Event&, Core::EventReceiver*) /home/runner/work/ladybird/ladybird/Userland/Libraries/LibCore/EventReceiver.cpp:162:17
    #27 0x55e0a69d2aa0 in qt_timer_fired /home/runner/work/ladybird/ladybird/Ladybird/Qt/EventLoopImplementationQt.cpp:219:12
    #28 0x55e0a69d2aa0 in operator() /home/runner/work/ladybird/ladybird/Ladybird/Qt/EventLoopImplementationQt.cpp:233:9
    #29 0x55e0a69d2aa0 in call /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:146:13
    #30 0x55e0a69d2aa0 in call<QtPrivate::List<>, void> /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:256:13
    #31 0x55e0a69d2aa0 in QtPrivate::QFunctorSlotObject<Ladybird::EventLoopManagerQt::register_timer(Core::EventReceiver&, int, bool, Core::TimerShouldFireWhenNotVisible)::$_0, 0, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) /usr/include/x86_64-linux-gnu/qt6/QtCore/qobjectdefs_impl.h:420:17
    #32 0x7f8bfd9ac022  (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x1ac022) (BuildId: 10c2c7ccc13f5d4a41be5530fed7514a09239f8d)
    #33 0x7f8bfd9ba4bd in QTimer::timeout(QTimer::QPrivateSignal) (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x1ba4bd) (BuildId: 10c2c7ccc13f5d4a41be5530fed7514a09239f8d)
    #34 0x7f8bfd9a062e in QObject::event(QEvent*) (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x1a062e) (BuildId: 10c2c7ccc13f5d4a41be5530fed7514a09239f8d)
    #35 0x7f8bfd953a2c in QCoreApplication::notifyInternal2(QObject*, QEvent*) (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x153a2c) (BuildId: 10c2c7ccc13f5d4a41be5530fed7514a09239f8d)
    #36 0x7f8bfdabc202 in QTimerInfoList::activateTimers() (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x2bc202) (BuildId: 10c2c7ccc13f5d4a41be5530fed7514a09239f8d)
    #37 0x7f8bfdb7bc43  (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x37bc43) (BuildId: 10c2c7ccc13f5d4a41be5530fed7514a09239f8d)
    #38 0x7f8bf091bd3a in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x55d3a) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
    #39 0x7f8bf09712b7  (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0xab2b7) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
    #40 0x7f8bf09193e2 in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x533e2) (BuildId: 224ac2a88b72bc8e2fe8566ee28fae789fc69241)
    #41 0x7f8bfdb7bead in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x37bead) (BuildId: 10c2c7ccc13f5d4a41be5530fed7514a09239f8d)
    #42 0x7f8bfd960ada in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/lib/x86_64-linux-gnu/libQt6Core.so.6+0x160ada) (BuildId: 10c2c7ccc13f5d4a41be5530fed7514a09239f8d)
    #43 0x7f8bf5ae938f in Core::EventLoop::exec() /home/runner/work/ladybird/ladybird/Userland/Libraries/LibCore/EventLoop.cpp:88:20
    #44 0x55e0a6a0d072 in serenity_main(Main::Arguments) /home/runner/work/ladybird/ladybird/Ladybird/WebContent/main.cpp:193:23
    #45 0x55e0a6cac4a8 in main /home/runner/work/ladybird/ladybird/Userland/Libraries/LibMain/Main.cpp:39:19
    #46 0x7f8bf0229d8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
    #47 0x7f8bf0229e3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 490fef8403240c91833978d494d39e537409b92e)
    #48 0x55e0a68f1e84 in _start (/home/runner/work/ladybird/ladybird/Build/libexec/WebContent+0x16de84) (BuildId: 408b0afd2316b945d9f159f5bdd7adc5e99110db)

Address 0x7f8bdcc91048 is a wild pointer inside of access range of size 0x000000000008.
SUMMARY: AddressSanitizer: use-after-poison /home/runner/work/ladybird/ladybird/AK/RefPtr.h:226:38 in operator!
Shadow bytes around the buggy address:
  0x7f8bdcc90d80: f7 f7 f7 f7 f7 00 00 00 00 f7 f7 f7 f7 f7 f7 f7
  0x7f8bdcc90e00: f7 f7 00 00 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 00
  0x7f8bdcc90e80: 00 00 00 f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00
  0x7f8bdcc90f00: f7 f7 f7 f7 f7 f7 f7 f7 f7 00 00 00 00 f7 f7 f7
  0x7f8bdcc90f80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
=>0x7f8bdcc91000: f7 f7 f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7
  0x7f8bdcc91080: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x7f8bdcc91100: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x7f8bdcc91180: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x7f8bdcc91200: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
  0x7f8bdcc91280: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==49832==ABORTING
I'm now reverting that PR, but leaving this here for reference. cc @trflynn89
Ladybird/ladybird

ASAN issue when running with #787 applied

How does funding with Polar work?

Backer

Contributor

Maintainer

Ladybird/ladybird

ASAN issue when running with #787 applied

How does funding with Polar work?

Backer

Why does "Fund on completion" require GitHub login?

When is the invoice due for "Fund on completion"?

What happens if the issue is never completed?

Do I get any extra benefits by funding?

Do I get progress updates?

Contributor

Do I get a reward?

Is rewards guaranteed?

Maintainer

How can I get funding like this for my open source initiatives?
