RESOLVED FIXED 218455
REGRESSION (r269227): Crash in WebCore::WorkerOrWorkletGlobalScope::prepareForDestruction 
https://bugs.webkit.org/show_bug.cgi?id=218455
Summary REGRESSION (r269227): Crash in WebCore::WorkerOrWorkletGlobalScope::prepareFo...
Ryan Haddad
Reported 2020-11-02 13:09:16 PST
The following two tests are consistently crashing on iOS and macOS debug bots after https://trac.webkit.org/changeset/269227/webkit fast/css-custom-paint/constructor.html fast/css-custom-paint/registerPaintBindings.html https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=fast%2Fcss-custom-paint%2Fconstructor.html&test=fast%2Fcss-custom-paint%2FregisterPaintBindings.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000020f36df8e WTFCrash + 14 (Assertions.cpp:295) 1 com.apple.WebCore 0x00000001ee5e65eb WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x00000001f383bdb5 WebCore::WorkerOrWorkletGlobalScope::prepareForDestruction() + 181 (WorkerOrWorkletGlobalScope.cpp:53) 3 com.apple.WebCore 0x00000001f39b6abf WebCore::WorkletGlobalScope::prepareForDestruction() + 31 (WorkletGlobalScope.cpp:95) 4 com.apple.WebCore 0x00000001f16be46e WebCore::PaintWorkletGlobalScope::prepareForDestruction() + 78 (PaintWorkletGlobalScope.h:73) 5 com.apple.WebCore 0x00000001f16bd7c2 WebCore::Document::willBeRemovedFromFrame() + 1714 (Document.cpp:2621) 6 com.apple.WebCore 0x00000001f25f78d3 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::RawPtrTraits<WebCore::FrameView>, WTF::DefaultRefDerefTraits<WebCore::FrameView> >&&) + 195 7 com.apple.WebCore 0x00000001f25fc49d WebCore::Frame::createView(WebCore::IntSize const&, WTF::Optional<WebCore::Color> const&, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) + 253 (Frame.cpp:870) 8 com.apple.WebKit 0x00000001e19a33c7 WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() + 887 (WebFrameLoaderClient.cpp:1524) 9 com.apple.WebCore 0x00000001f23d3cde WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 1982 (FrameLoader.cpp:2211) 10 com.apple.WebCore 0x00000001f23d2987 WebCore::FrameLoader::commitProvisionalLoad() + 1191 (FrameLoader.cpp:2022) 11 com.apple.WebCore 0x00000001f2356fbc WebCore::DocumentLoader::commitIfReady() + 60 (DocumentLoader.cpp:377) 12 com.apple.WebCore 0x00000001f2357720 WebCore::DocumentLoader::finishedLoading() + 304 (DocumentLoader.cpp:442) 13 com.apple.WebCore 0x00000001f2363154 WebCore::DocumentLoader::maybeLoadEmpty() + 1076 (DocumentLoader.cpp:1831) 14 com.apple.WebCore 0x00000001f23632e5 WebCore::DocumentLoader::startLoadingMainResource() + 357 (DocumentLoader.cpp:1844) 15 com.apple.WebCore 0x00000001f23fc83c WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, WebCore::NavigationPolicyDecision, WebCore::AllowNavigationToInvalidURL)::$_11::operator()() + 1612
Attachments
Patch (2.93 KB, patch)
2020-11-02 13:42 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-11-02 13:09:44 PST
<rdar://problem/70963191>
Chris Dumez
Comment 2 2020-11-02 13:10:00 PST
Looking.
Chris Dumez
Comment 3 2020-11-02 13:42:53 PST
Created attachment 412966 [details] Patch
Geoffrey Garen
Comment 4 2020-11-02 14:15:08 PST
Comment on attachment 412966 [details] Patch r=me
EWS
Comment 5 2020-11-02 14:24:18 PST
Committed r269275: <https://trac.webkit.org/changeset/269275> All reviewed patches have been landed. Closing bug and clearing flags on attachment 412966 [details].
Note You need to log in before you can comment on or make changes to this bug.