WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
256290
Regression(
262252@main
) Flaky crash under ~CanMakeCheckedPtrBase() for ScriptExecutionContext
https://bugs.webkit.org/show_bug.cgi?id=256290
Summary
Regression(262252@main) Flaky crash under ~CanMakeCheckedPtrBase() for Script...
Chris Dumez
Reported
2023-05-03 18:49:18 PDT
Flaky crash under ~CanMakeCheckedPtrBase() for ScriptExecutionContext: ASSERTION FAILED: !m_count /Volumes/Data/worker/macOS-AppleSilicon-Ventura-Debug-Build-EWS/build/WebKitBuild/Debug/usr/local/include/wtf/CheckedRef.h(242) : WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::~CanMakeCheckedPtrBase() [StorageType = WTF::SingleThreadIntegralWrapper<unsigned int>, PtrCounterType = unsigned int] 1 0x1352bfb44 WTFCrash 2 0x2806fdf20 JSC::VMTraps::maybeNeedHandling() const 3 0x2836e05b0 WTF::CanMakeCheckedPtrBase<WTF::SingleThreadIntegralWrapper<unsigned int>, unsigned int>::~CanMakeCheckedPtrBase() 4 0x2837b320c WebCore::ScriptExecutionContext::~ScriptExecutionContext() 5 0x2835a7228 WebCore::Document::~Document() 6 0x283a8ca08 WebCore::HTMLDocument::~HTMLDocument() 7 0x283a8ca34 WebCore::HTMLDocument::~HTMLDocument() 8 0x283a8cb08 WebCore::HTMLDocument::~HTMLDocument() 9 0x2835a9718 WebCore::Document::decrementReferencingNodeCount() 10 0x283762ea0 WebCore::Node::~Node() 11 0x28354dabc WebCore::ContainerNode::~ContainerNode() 12 0x283683f88 WebCore::Element::~Element() 13 0x283811a8c WebCore::StyledElement::~StyledElement() 14 0x2805fad08 WebCore::HTMLElement::~HTMLElement() 15 0x283b87aec WebCore::HTMLSpanElement::~HTMLSpanElement() 16 0x283b7b764 WebCore::HTMLSpanElement::~HTMLSpanElement() 17 0x283b7b790 WebCore::HTMLSpanElement::~HTMLSpanElement() 18 0x28376e444 WebCore::Node::removedLastRef() 19 0x2807623f0 WebCore::Node::deref() const 20 0x2810902e0 WebCore::EventTarget::deref() 21 0x280796904 WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>>::~Ref() 22 0x28062717c WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>>::~Ref() 23 0x280c17580 WebCore::JSDOMWrapper<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>>::~JSDOMWrapper() 24 0x280c17550 WebCore::JSEventTarget::~JSEventTarget() 25 0x280ba17d0 WebCore::JSEventTarget::~JSEventTarget() 26 0x280b74114 WebCore::JSEventTarget::destroy(JSC::JSCell*) 27 0x136e660c8 JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const 28 0x136e775b8 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'(void*)::operator()(void*) const 29 0x136e77638 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const 30 0x136e70824 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) 31 0x136e66058 void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&) com.apple.WebKit.WebContent.Development terminated (pid 5793) for reason: crash LEAK: 1 WebPageProxy
Attachments
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2023-05-03 18:56:36 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/13431
EWS
Comment 2
2023-05-03 22:20:55 PDT
Committed
263662@main
(1116cdd2710a): <
https://commits.webkit.org/263662@main
> Reviewed commits have been landed. Closing PR #13431 and removing active labels.
Radar WebKit Bug Importer
Comment 3
2023-05-03 22:21:23 PDT
<
rdar://problem/108876874
>
Fujii Hironori
Comment 4
2023-05-03 23:32:05 PDT
***
Bug 255381
has been marked as a duplicate of this bug. ***
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug