[Webkit-unassigned] [Bug 177399] New: ASSERTION FAILED: callback, Crash in: com.apple.WebCore: WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject&, JSC::JSObject*, JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, J

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 22 16:29:40 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=177399

            Bug ID: 177399
           Summary: ASSERTION FAILED: callback, Crash in:
                    com.apple.WebCore:
                    WebCore::JSCallbackData::invokeCallback(WebCore::JSDOM
                    GlobalObject&, JSC::JSObject*, JSC::JSValue,
                    JSC::MarkedArgumentBuffer&,
                    WebCore::JSCallbackData::CallbackType, J
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jlewis3 at apple.com

Created attachment 321601

  --> https://bugs.webkit.org/attachment.cgi?id=321601&action=review

Crash Log

The test imported/w3c/web-platform-tests/custom-elements/microtasks-and-constructors.html was seen crashing with the assertion failure:

ASSERTION FAILED: callback
/Volumes/Data/slave/sierra-debug/build/Source/WebCore/bindings/js/JSCallbackData.cpp(44) : static JSC::JSValue WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject &, JSC::JSObject *, JSC::JSValue, JSC::MarkedArgumentBuffer &, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, NakedPtr<JSC::Exception> &)
1   0x106d7782d WTFCrash
2   0x114a7190a WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject&, JSC::JSObject*, JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&)
3   0x115080fd2 WebCore::JSCallbackDataWeak::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&)
4   0x115080d96 WebCore::JSMutationCallback::handleEvent(WebCore::MutationObserver&, WTF::Vector<WTF::Ref<WebCore::MutationRecord>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::MutationObserver&)
5   0x115937a38 WebCore::MutationObserver::deliver()
6   0x115937fc6 WebCore::MutationObserver::notifyMutationObservers()
7   0x11593a221 WebCore::MutationObserverMicrotask::run()
8   0x11590410d WebCore::MicrotaskQueue::performMicrotaskCheckpoint()
9   0x11500e3c9 WebCore::JSMainThreadExecState::didLeaveScriptContext(JSC::ExecState*)
10  0x114a7242e WebCore::JSMainThreadExecState::~JSMainThreadExecState()
11  0x114a72285 WebCore::JSMainThreadExecState::~JSMainThreadExecState()
12  0x115f52e98 WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
13  0x115f52c78 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*)
14  0x115f52f6d WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*)
15  0x115f68682 WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&)
16  0x115f66c8f WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport)
17  0x11466abc0 WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&)
18  0x11466aa2f WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement>&&, WTF::TextPosition const&)
19  0x11457ff12 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()
20  0x114580473 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)
21  0x11457f108 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
22  0x11457ec5b WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
23  0x114581e89 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution()
24  0x11458228e WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&)
25  0x1145822ec non-virtual thunk to WebCore::HTMLDocumentParser::notifyFinished(WebCore::PendingScript&)
26  0x115a4c8e7 WebCore::PendingScript::notifyClientFinished()
27  0x115a4c949 WebCore::PendingScript::notifyFinished(WebCore::LoadableScript&)
28  0x115716839 WebCore::LoadableScript::notifyClientFinished()
29  0x115713930 WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&)
30  0x115713a5c non-virtual thunk to WebCore::LoadableClassicScript::notifyFinished(WebCore::CachedResource&)
31  0x113abf29d WebCore::CachedResource::checkNotify()



First crash was with https://build.webkit.org/builders/Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/builds/2906

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170922/5dc04a48/attachment-0001.html>

More information about the webkit-unassigned mailing list