[Webkit-unassigned] [Bug 167955] New: DOMPromise is sometimes crashing at destruction time.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 7 13:42:28 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=167955
Bug ID: 167955
Summary: DOMPromise is sometimes crashing at destruction time.
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: youennf at gmail.com
Trace is something like:
ASSERTION FAILED: vm.heap.mutatorState() == MutatorState::Running || vm.apiLock().ownerThread() != std::this_thread::get_id()
/Users/youenn/dev/Apple/OpenSource/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/JSCellInlines.h(283) : const JSC::ClassInfo *JSC::JSCell::classInfo(JSC::VM &) const
1 0x114699abd WTFCrash
2 0x116fd1348 JSC::JSCell::classInfo(JSC::VM&) const
3 0x116fd11d1 JSC::JSCell::inherits(JSC::VM&, JSC::ClassInfo const*) const
4 0x116fd7984 WebCore::JSDOMGlobalObject* JSC::jsCast<WebCore::JSDOMGlobalObject*, JSC::JSCell>(JSC::JSCell*)
5 0x116fd77cc JSC::Weak<WebCore::JSDOMGlobalObject>::operator->() const
6 0x1181ac4d7 WebCore::DeferredPromise::clear()
7 0x1181ac3d7 WebCore::DeferredPromise::~DeferredPromise()
8 0x1181ac5c5 WebCore::DeferredPromise::~DeferredPromise()
9 0x1181ac5e9 WebCore::DeferredPromise::~DeferredPromise()
10 0x116fd6c2f WTF::RefCounted<WebCore::DeferredPromise>::deref() const
11 0x11707f851 WTF::Ref<WebCore::DeferredPromise>::~Ref()
12 0x11707f815 WTF::Ref<WebCore::DeferredPromise>::~Ref()
13 0x11707f7f5 WebCore::DOMPromiseBase::~DOMPromiseBase()
14 0x1178f3fb5 WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> >::~DOMPromise()
15 0x1178f3f75 WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> >::~DOMPromise()
16 0x1178f3f3d std::optional_base<WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> > >::~optional_base()
17 0x1178f3f05 std::optional<WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> > >::~optional()
18 0x1178f2cb5 std::optional<WebCore::DOMPromise<WebCore::IDLInterface<WebCore::FontFace> > >::~optional()
19 0x1178f2c55 WebCore::FontFace::~FontFace()
20 0x1178f2d15 WebCore::FontFace::~FontFace()
21 0x1178f2d39 WebCore::FontFace::~FontFace()
22 0x1173ecc6f WTF::RefCounted<WebCore::FontFace>::deref() const
23 0x1173ecc19 WebCore::FontFace::deref()
24 0x1173ecbfa WTF::Ref<WebCore::FontFace>::~Ref()
25 0x1173e5055 WTF::Ref<WebCore::FontFace>::~Ref()
26 0x118342619 WebCore::JSDOMWrapper<WebCore::FontFace>::~JSDOMWrapper()
27 0x1183425f5 WebCore::JSFontFace::~JSFontFace()
28 0x11833f605 WebCore::JSFontFace::~JSFontFace()
29 0x11833f0fd WebCore::JSFontFace::destroy(JSC::JSCell*)
30 0x1140f927a JSC::(anonymous namespace)::DestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const
31 0x1140fb8a5 JSC::FreeList JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::(anonymous namespace)::DestroyFunc>(JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::(anonymous namespace)::DestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const
This happens when playing with the GC
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170207/5f4d8b8e/attachment.html>
More information about the webkit-unassigned
mailing list