RESOLVED DUPLICATE of bug 168354 167955
DOMPromise is sometimes crashing at destruction time. 
https://bugs.webkit.org/show_bug.cgi?id=167955
Summary DOMPromise is sometimes crashing at destruction time.
youenn fablet
Reported 2017-02-07 13:42:28 PST
Trace is something like: ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id() /Users/youenn/dev/Apple/OpenSource/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/JSCellInlines.h(283) : const JSC::ClassInfo *JSC::JSCell::classInfo(JSC::VM &) const 1 0x114699abd WTFCrash 2 0x116fd1348 JSC::JSCell::classInfo(JSC::VM&) const 3 0x116fd11d1 JSC::JSCell::inherits(JSC::VM&, JSC::ClassInfo const*) const 4 0x116fd7984 WebCore::JSDOMGlobalObject* JSC::jsCast<WebCore::JSDOMGlobalObject*, JSC::JSCell>(JSC::JSCell*) 5 0x116fd77cc JSC::Weak<WebCore::JSDOMGlobalObject>::operator->() const 6 0x1181ac4d7 WebCore::DeferredPromise::clear() 7 0x1181ac3d7 WebCore::DeferredPromise::~DeferredPromise() 8 0x1181ac5c5 WebCore::DeferredPromise::~DeferredPromise() 9 0x1181ac5e9 WebCore::DeferredPromise::~DeferredPromise() 10 0x116fd6c2f WTF::RefCounted<WebCore::DeferredPromise>::deref() const 11 0x11707f851 WTF::Ref<WebCore::DeferredPromise>::~Ref() 12 0x11707f815 WTF::Ref<WebCore::DeferredPromise>::~Ref() 13 0x11707f7f5 WebCore::DOMPromiseBase::~DOMPromiseBase() 14 0x1178f3fb5 WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> >::~DOMPromise() 15 0x1178f3f75 WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> >::~DOMPromise() 16 0x1178f3f3d std::optional_base<WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> > >::~optional_base() 17 0x1178f3f05 std::optional<WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> > >::~optional() 18 0x1178f2cb5 std::optional<WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> > >::~optional() 19 0x1178f2c55 WebCore::FontFace::~FontFace() 20 0x1178f2d15 WebCore::FontFace::~FontFace() 21 0x1178f2d39 WebCore::FontFace::~FontFace() 22 0x1173ecc6f WTF::RefCounted<WebCore::FontFace>::deref() const 23 0x1173ecc19 WebCore::FontFace::deref() 24 0x1173ecbfa WTF::Ref<WebCore::FontFace>::~Ref() 25 0x1173e5055 WTF::Ref<WebCore::FontFace>::~Ref() 26 0x118342619 WebCore::JSDOMWrapper<WebCore::FontFace>::~JSDOMWrapper() 27 0x1183425f5 WebCore::JSFontFace::~JSFontFace() 28 0x11833f605 WebCore::JSFontFace::~JSFontFace() 29 0x11833f0fd WebCore::JSFontFace::destroy(JSC::JSCell*) 30 0x1140f927a JSC::(anonymous namespace)::DestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const 31 0x1140fb8a5 JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const This happens when playing with the GC
Attachments
Add attachment proposed patch, testcase, etc.
Sam Weinig
Comment 1 2017-02-08 17:43:12 PST
Can you attach a full stack trace? I am curious what is going on with the other threads.
youenn fablet
Comment 2 2017-02-16 20:27:56 PST
*** This bug has been marked as a duplicate of bug 168354 ***
Alexey Proskuryakov
Comment 3 2017-02-16 21:54:04 PST
Bug 168354 is specific to detaching the debugger, so it cannot be the same issue. Bug 168406 may be the correct original, or this could be a separate bug. Keith, what do you think?
Note You need to log in before you can comment on or make changes to this bug.