[Webkit-unassigned] [Bug 190060] New: [iOS][WK1] ASSERTION FAILED: m_creationThread.ptr() == &Thread::current() in ServiceWorkerContainer::~ServiceWorkerContainer()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 27 15:46:32 PDT 2018


https://bugs.webkit.org/show_bug.cgi?id=190060

            Bug ID: 190060
           Summary: [iOS][WK1] ASSERTION FAILED: m_creationThread.ptr() ==
                    &Thread::current() in
                    ServiceWorkerContainer::~ServiceWorkerContainer()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: iPhone / iPad
                OS: iOS 12
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: cdumez at apple.com, youennf at gmail.com

Seen in the iPad Simulator running iOS 12 with a debug build WebKit at r236471. I was using an internal app that had a UIWebView and was about to enter a new URL when the app crashed in the WebThread due the assert m_creationThread.ptr() == &Thread::current() failing in ServiceWorkerContainer::~ServiceWorkerContainer():

WebThread (9)#0 0x000000010af33dd0 in ::WTFCrash() at /Volumes/.../OpenSource/Source/WTF/wtf/Assertions.cpp:255
#1  0x000000010f0b4adb in WTFCrashWithInfo(int, char const*, char const*, int) at /.../WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/Assertions.h:551
#2  0x00000001128aefef in WebCore::ServiceWorkerContainer::~ServiceWorkerContainer() at /Volumes/.../OpenSource/Source/WebCore/workers/service/ServiceWorkerContainer.cpp:70
#3  0x00000001128af1d5 in WebCore::ServiceWorkerContainer::~ServiceWorkerContainer() at /Volumes/.../OpenSource/Source/WebCore/workers/service/ServiceWorkerContainer.cpp:68
#4  0x00000001128af239 in WebCore::ServiceWorkerContainer::~ServiceWorkerContainer() at /Volumes/.../OpenSource/Source/WebCore/workers/service/ServiceWorkerContainer.cpp:68
#5  0x0000000111a390bf in std::__1::default_delete<WebCore::ServiceWorkerContainer>::operator()(WebCore::ServiceWorkerContainer*) const [inlined] at /Volumes/Xcode/Xcode.app/Contents/Developer/Toolchains/iOS12.0.xctoolchain/usr/include/c++/v1/memory:2285
#6  0x0000000111a390a0 in std::__1::unique_ptr<WebCore::ServiceWorkerContainer, std::__1::default_delete<WebCore::ServiceWorkerContainer> >::reset(WebCore::ServiceWorkerContainer*) [inlined] at /Volumes/Xcode/Xcode.app/Contents/Developer/Toolchains/iOS12.0.xctoolchain/usr/include/c++/v1/memory:2598
#7  0x0000000111a39053 in std::__1::unique_ptr<WebCore::ServiceWorkerContainer, std::__1::default_delete<WebCore::ServiceWorkerContainer> >::~unique_ptr() [inlined] at /Volumes/Xcode/Xcode.app/Contents/Developer/Toolchains/iOS12.0.xctoolchain/usr/include/c++/v1/memory:2552
#8  0x0000000111a39053 in std::__1::unique_ptr<WebCore::ServiceWorkerContainer, std::__1::default_delete<WebCore::ServiceWorkerContainer> >::~unique_ptr() [inlined] at /Volumes/Xcode/Xcode.app/Contents/Developer/Toolchains/iOS12.0.xctoolchain/usr/include/c++/v1/memory:2552
#9  0x0000000111a39053 in WTF::UniqueRef<WebCore::ServiceWorkerContainer>::~UniqueRef() at /.../WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/UniqueRef.h:42
#10 0x0000000111a34525 in WTF::UniqueRef<WebCore::ServiceWorkerContainer>::~UniqueRef() at /.../WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/UniqueRef.h:42
#11 0x0000000111a33511 in WebCore::NavigatorBase::~NavigatorBase() at /Volumes/.../OpenSource/Source/WebCore/page/NavigatorBase.cpp:88
#12 0x0000000111a33458 in WebCore::Navigator::~Navigator() at /Volumes/.../OpenSource/Source/WebCore/page/Navigator.cpp:58
#13 0x0000000111a33545 in WebCore::Navigator::~Navigator() at /Volumes/.../OpenSource/Source/WebCore/page/Navigator.cpp:58
#14 0x0000000111a33589 in WebCore::Navigator::~Navigator() at /Volumes/.../OpenSource/Source/WebCore/page/Navigator.cpp:58
#15 0x000000010fe1049f in WTF::RefCounted<WebCore::NavigatorBase>::deref() const at /.../WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/RefCounted.h:145
#16 0x000000010fe10423 in WTF::Ref<WebCore::Navigator, WTF::DumbPtrTraits<WebCore::Navigator> >::~Ref() at /.../WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/Ref.h:61
#17 0x000000010fe103e5 in WTF::Ref<WebCore::Navigator, WTF::DumbPtrTraits<WebCore::Navigator> >::~Ref() at /.../WebKitBuild/Debug-iphonesimulator/usr/local/include/wtf/Ref.h:55
#18 0x000000010fe103c9 in WebCore::JSDOMWrapper<WebCore::Navigator>::~JSDOMWrapper() at /Volumes/.../OpenSource/Source/WebCore/bindings/js/JSDOMWrapper.h:72
#19 0x000000010fe103a5 in WebCore::JSNavigator::~JSNavigator() at /.../WebKitBuild/Debug-iphonesimulator/DerivedSources/WebCore/JSNavigator.h:29
#20 0x000000010fe0b395 in WebCore::JSNavigator::~JSNavigator() at /.../WebKitBuild/Debug-iphonesimulator/DerivedSources/WebCore/JSNavigator.h:29
#21 0x000000010fe0a89d in WebCore::JSNavigator::destroy(JSC::JSCell*) at /.../WebKitBuild/Debug-iphonesimulator/DerivedSources/WebCore/JSNavigator.cpp:379
#22 0x000000010bee558a in JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const at /Volumes/.../OpenSource/Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp:37
#23 0x000000010bf204a5 in void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'(void*)::operator()(void*) const at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/MarkedBlockInlines.h:260
#24 0x000000010bf20514 in void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/MarkedBlockInlines.h:319
#25 0x000000010bf1b02a in void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/MarkedBlockInlines.h:341
#26 0x000000010bee5520 in void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&) at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/MarkedBlockInlines.h:439
#27 0x000000010bee53e8 in JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) at /Volumes/.../OpenSource/Source/JavaScriptCore/runtime/JSDestructibleObjectHeapCellType.cpp:52
#28 0x000000010ba55656 in JSC::Subspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/Subspace.cpp:65
#29 0x000000010ba38aab in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/MarkedBlock.cpp:432
#30 0x000000010ba0b4b8 in JSC::IncrementalSweeper::sweepNextBlock(JSC::VM&) at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/IncrementalSweeper.cpp:89
#31 0x000000010ba0b36a in JSC::IncrementalSweeper::doSweep(JSC::VM&, WTF::MonotonicTime) at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/IncrementalSweeper.cpp:59
#32 0x000000010ba0b32c in JSC::IncrementalSweeper::doWork(JSC::VM&) at /Volumes/.../OpenSource/Source/JavaScriptCore/heap/IncrementalSweeper.cpp:54
#33 0x000000010bf7c621 in JSC::JSRunLoopTimer::timerDidFire() at /Volumes/.../OpenSource/Source/JavaScriptCore/runtime/JSRunLoopTimer.cpp:307
#34 0x000000010bf7bb47 in JSC::JSRunLoopTimer::Manager::timerDidFire() at /Volumes/.../OpenSource/Source/JavaScriptCore/runtime/JSRunLoopTimer.cpp:160
#35 0x000000010bf7b5ec in JSC::JSRunLoopTimer::Manager::timerDidFireCallback(__CFRunLoopTimer*, void*) at /Volumes/.../OpenSource/Source/JavaScriptCore/runtime/JSRunLoopTimer.cpp:61
#36 0x00000001064ad344 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ ()
#37 0x00000001064acf42 in __CFRunLoopDoTimer ()
#38 0x00000001064ac7aa in __CFRunLoopDoTimers ()
#39 0x00000001064a6e2c in __CFRunLoopRun ()
#40 0x00000001064a6221 in CFRunLoopRunSpecific ()
#41 0x000000010fa2b98a in RunWebThread(void*) at /Volumes/.../OpenSource/Source/WebCore/platform/ios/wak/WebCoreThread.mm:612
#42 0x000000011e9ad33d in _pthread_body ()
#43 0x000000011e9b02a7 in _pthread_start ()
#44 0x000000011e9ac425 in thread_start ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180927/5afd9077/attachment-0001.html>


More information about the webkit-unassigned mailing list