Bug 165097 - ASSERTION FAILED: !m_mayBeExecuting in JSC::GCAwareJITStubRoutine::deleteFromGC()
Summary: ASSERTION FAILED: !m_mayBeExecuting in JSC::GCAwareJITStubRoutine::deleteFrom...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-11-28 10:32 PST by Ryan Haddad
Modified: 2016-12-01 12:43 PST (History)
3 users (show)

See Also:

Attachments
Crash log (116.96 KB, text/plain)
2016-11-28 10:32 PST, Ryan Haddad 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Haddad 2016-11-28 10:32:06 PST 
Created attachment 295498 [details]
Crash log

ASSERTION FAILED: !m_mayBeExecuting
/Volumes/Data/slave/elcapitan-debug/build/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp(75) : void JSC::GCAwareJITStubRoutine::deleteFromGC()
1   0x10b371a00 WTFCrash
2   0x10ab25901 JSC::GCAwareJITStubRoutine::deleteFromGC()
3   0x10acdd76d JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines()
4   0x10ab37e9a JSC::Heap::deleteUnmarkedCompiledCode()
5   0x10ab3a98d JSC::Heap::finalize()
6   0x10ab3a4d8 JSC::Heap::handleNeedFinalize(unsigned int)
7   0x10ab3a2ff JSC::Heap::stopIfNecessarySlow(unsigned int)
8   0x10ab3a276 JSC::Heap::stopIfNecessarySlow()
9   0x10ab3fdde JSC::Heap::stopIfNecessary()
10  0x10ab343bb JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*)
11  0x10ab3b8af JSC::Heap::decrementDeferralDepthAndGCIfNeeded()
12  0x10a2b79a8 JSC::DeferGC::~DeferGC()
13  0x10a2b5185 JSC::DeferGC::~DeferGC()
14  0x10b16ed39 JSC::Structure::materializePropertyTable(JSC::VM&, bool)
15  0x10b16f77e JSC::Structure::takePropertyTableOrCloneIfPinned(JSC::VM&)
16  0x10b16f4d9 JSC::Structure::addNewPropertyTransition(JSC::VM&, JSC::Structure*, JSC::PropertyName, unsigned int, int&, JSC::PutPropertySlot::Context, JSC::DeferredStructureTransitionWatchpointFire*)
17  0x10a2cb652 bool JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)1>(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int, JSC::PutPropertySlot&)
18  0x10a2c736d JSC::JSObject::putDirect(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int)
19  0x10ad3daa3 JSC::JSFunction::finishCreation(JSC::VM&, JSC::NativeExecutable*, int, WTF::String const&)
20  0x10ad3d933 JSC::JSFunction::create(JSC::VM&, JSC::JSGlobalObject*, int, WTF::String const&, long long (*)(JSC::ExecState*), JSC::Intrinsic, long long (*)(JSC::ExecState*), JSC::DOMJIT::Signature const*)
21  0x10ab1efc6 JSC::FunctionPrototype::addFunctionProperties(JSC::ExecState*, JSC::JSGlobalObject*, JSC::JSFunction**, JSC::JSFunction**, JSC::JSFunction**)
22  0x10ad5c903 JSC::JSGlobalObject::init(JSC::VM&)
23  0x111aa346c JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*)
24  0x111aa2c3a WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*)
25  0x111bcdd88 WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*)
26  0x111b10b86 WebCore::JSDOMWindow::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*)
27  0x111bf158c WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, WTF::Ref<WebCore::DOMWindow>&&, WebCore::JSDOMWindowShell*)
28  0x111bf0f19 WebCore::JSDOMWindowShell::setWindow(WTF::RefPtr<WebCore::DOMWindow>&&)
29  0x112c98432 WebCore::ScriptController::clearWindowShell(WebCore::DOMWindow*, bool)
30  0x1112f59fe WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool)
31  0x111014f74 WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*)

Seen with LayoutTest http/tests/cache/cache-redirections.html
https://build.webkit.org/results/Apple%20El%20Capitan%20Debug%20WK1%20(Tests)/r208998%20(9936)/results.html
Comment 1 Radar WebKit Bug Importer 2016-12-01 12:43:01 PST 
<rdar://problem/29464762>