256290 2023-05-03 18:49:18 -0700 Regression(262252@main) Flaky crash under ~CanMakeCheckedPtrBase() for ScriptExecutionContext 2023-05-03 23:32:05 -0700 1 1 1 Unclassified WebKit WebCore Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=254347 InRadar P2 Normal --- 1 cdumez cdumez chirag_m_shah fujii rniwa webkit-bug-importer oldest_to_newest 1952808 0 cdumez 2023-05-03 18:49:18 -0700 Flaky crash under ~CanMakeCheckedPtrBase() for ScriptExecutionContext: ASSERTION FAILED: !m_count /Volumes/Data/worker/macOS-AppleSilicon-Ventura-Debug-Build-EWS/build/WebKitBuild/Debug/usr/local/include/wtf/CheckedRef.h(242) : WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::~CanMakeCheckedPtrBase() [StorageType = WTF::SingleThreadIntegralWrapper<unsigned int>, PtrCounterType = unsigned int] 1 0x1352bfb44 WTFCrash 2 0x2806fdf20 JSC::VMTraps::maybeNeedHandling() const 3 0x2836e05b0 WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::~CanMakeCheckedPtrBase() 4 0x2837b320c WebCore::ScriptExecutionContext::~ScriptExecutionContext() 5 0x2835a7228 WebCore::Document::~Document() 6 0x283a8ca08 WebCore::HTMLDocument::~HTMLDocument() 7 0x283a8ca34 WebCore::HTMLDocument::~HTMLDocument() 8 0x283a8cb08 WebCore::HTMLDocument::~HTMLDocument() 9 0x2835a9718 WebCore::Document::decrementReferencingNodeCount() 10 0x283762ea0 WebCore::Node::~Node() 11 0x28354dabc WebCore::ContainerNode::~ContainerNode() 12 0x283683f88 WebCore::Element::~Element() 13 0x283811a8c WebCore::StyledElement::~StyledElement() 14 0x2805fad08 WebCore::HTMLElement::~HTMLElement() 15 0x283b87aec WebCore::HTMLSpanElement::~HTMLSpanElement() 16 0x283b7b764 WebCore::HTMLSpanElement::~HTMLSpanElement() 17 0x283b7b790 WebCore::HTMLSpanElement::~HTMLSpanElement() 18 0x28376e444 WebCore::Node::removedLastRef() 19 0x2807623f0 WebCore::Node::deref() const 20 0x2810902e0 WebCore::EventTarget::deref() 21 0x280796904 WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>>::~Ref() 22 0x28062717c WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>>::~Ref() 23 0x280c17580 WebCore::JSDOMWrapper<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>>::~JSDOMWrapper() 24 0x280c17550 WebCore::JSEventTarget::~JSEventTarget() 25 0x280ba17d0 WebCore::JSEventTarget::~JSEventTarget() 26 0x280b74114 WebCore::JSEventTarget::destroy(JSC::JSCell*) 27 0x136e660c8 JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const 28 0x136e775b8 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'(void*)::operator()(void*) const 29 0x136e77638 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const 30 0x136e70824 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) 31 0x136e66058 void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&) com.apple.WebKit.WebContent.Development terminated (pid 5793) for reason: crash LEAK: 1 WebPageProxy 1952809 1 cdumez 2023-05-03 18:56:36 -0700 Pull request: https://github.com/WebKit/WebKit/pull/13431 1952826 2 ews-feeder 2023-05-03 22:20:55 -0700 Committed 263662@main (1116cdd2710a): <https://commits.webkit.org/263662@main> Reviewed commits have been landed. Closing PR #13431 and removing active labels. 1952827 3 webkit-bug-importer 2023-05-03 22:21:23 -0700 <rdar://problem/108876874> 1952838 4 fujii 2023-05-03 23:32:05 -0700 *** Bug 255381 has been marked as a duplicate of this bug. ***