[Webkit-unassigned] [Bug 228065] [WinCairo] Crash in WebCore::Page::setActivityState
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jul 18 17:21:17 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=228065
--- Comment #2 from Fujii Hironori <Hironori.Fujii at sony.com> ---
I reproduce the crash with CheckedPtr patch.
Callstack with attachment#433765
> WTF.dll!WTFCrash() Line 321 C++
> WebKit2.dll!WTF::in_place<0>(WTF::__in_place_private::__value_holder<0> & __formal) Line 105 C++
> [Inline Frame] WebKit2.dll!WTF::CanMakeCheckedPtr::{dtor}() Line 201 C++
> [Inline Frame] WebKit2.dll!WebCore::ActivityStateChangeObserver::{dtor}() Line 37 C++
> WebKit2.dll!WebCore::WebGLRenderingContextBase::~WebGLRenderingContextBase() Line 1064 C++
> WebKit2.dll!WebCore::WebGL2RenderingContext::`scalar deleting destructor'(unsigned int) C++
> [Inline Frame] WebKit2.dll!std::default_delete<WebCore::CanvasRenderingContext>::operator()(WebCore::CanvasRenderingContext *) Line 3120 C++
> [Inline Frame] WebKit2.dll!std::unique_ptr<WebCore::CanvasRenderingContext,std::default_delete<WebCore::CanvasRenderingContext>>::reset(WebCore::CanvasRenderingContext *) Line 3265 C++
> [Inline Frame] WebKit2.dll!std::unique_ptr<WebCore::CanvasRenderingContext,std::default_delete<WebCore::CanvasRenderingContext>>::operator=(void *) Line 3168 C++
> WebKit2.dll!WebCore::HTMLCanvasElement::~HTMLCanvasElement() Line 160 C++
> WebKit2.dll!WebCore::HTMLCanvasElement::`scalar deleting destructor'(unsigned int) C++
> [Inline Frame] WebKit2.dll!WebCore::Node::deref() Line 799 C++
> [Inline Frame] WebKit2.dll!WTF::DefaultRefDerefTraits<WebCore::Node>::derefIfNotNull(WebCore::Node *) Line 43 C++
> [Inline Frame] WebKit2.dll!WTF::RefPtr<WebCore::Node,WTF::RawPtrTraits<WebCore::Node>,WTF::DefaultRefDerefTraits<WebCore::Node>>::{dtor}() Line 75 C++
> [Inline Frame] WebKit2.dll!WTF::RefPtr<WebCore::Node,WTF::RawPtrTraits<WebCore::Node>,WTF::DefaultRefDerefTraits<WebCore::Node>>::operator=(const WTF::RefPtr<WebCore::Node,WTF::RawPtrTraits<WebCore::Node>,WTF::DefaultRefDerefTraits<WebCore::Node>> &) Line 138 C++
> WebKit2.dll!WebCore::addChildNodesToDeletionQueue(WebCore::Node * & head, WebCore::Node * & tail, WebCore::ContainerNode & container) Line 186 C++
> [Inline Frame] WebKit2.dll!WebCore::removeDetachedChildrenInContainer(WebCore::ContainerNode &) Line 225 C++
> [Inline Frame] WebKit2.dll!WebCore::ContainerNode::removeDetachedChildren() Line 282 C++
> WebKit2.dll!WebCore::ContainerNode::~ContainerNode() Line 316 C++
> WebKit2.dll!WebCore::HTMLUnknownElement::`scalar deleting destructor'(unsigned int) C++
> WebKit2.dll!WebCore::`anonymous namespace'::ChildListRecord::~ChildListRecord() C++
> WebKit2.dll!WebCore::`anonymous namespace'::ChildListRecord::`scalar deleting destructor'(unsigned int) C++
> [Inline Frame] JavaScriptCore.dll!JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM &) Line 38 C++
> [Inline Frame] JavaScriptCore.dll!JSC::MarkedBlock::Handle::specializedSweep::__l2::<lambda_9b5a43e7afa45d9559d44d5666c9d583>::operator()(void *) Line 260 C++
> JavaScriptCore.dll!JSC::MarkedBlock::Handle::specializedSweep<1,0,0,1,0,1,0,JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList * freeList, JSC::MarkedBlock::Handle::EmptyMode emptyMode, JSC::MarkedBlock::Handle::SweepMode sweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode destructionMode, JSC::MarkedBlock::Handle::ScribbleMode scribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode newlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode marksMode, const JSC::JSDestructibleObjectDestroyFunc & destroyFunc) Line 294 C++
> JavaScriptCore.dll!JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType::__l2::<lambda>() Line 394 C++
> JavaScriptCore.dll!JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList * freeList, const JSC::JSDestructibleObjectDestroyFunc & destroyFunc) Line 435 C++
> JavaScriptCore.dll!JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle & handle, JSC::FreeList * freeList) Line 54 C++
> JavaScriptCore.dll!JSC::MarkedBlock::Handle::sweep(JSC::FreeList * freeList) Line 416 C++
> [Inline Frame] JavaScriptCore.dll!JSC::IncrementalSweeper::sweepNextBlock(JSC::VM &) Line 88 C++
> [Inline Frame] JavaScriptCore.dll!JSC::IncrementalSweeper::doSweep(JSC::VM &) Line 58 C++
> JavaScriptCore.dll!JSC::IncrementalSweeper::doWork(JSC::VM & vm) Line 53 C++
> [Inline Frame] JavaScriptCore.dll!JSC::JSRunLoopTimer::timerDidFire() Line 230 C++
> JavaScriptCore.dll!JSC::JSRunLoopTimer::Manager::timerDidFire() Line 106 C++
> [Inline Frame] WTF.dll!WTF::RunLoop::TimerBase::timerFired() Line 164 C++
> [Inline Frame] WTF.dll!WTF::RunLoop::wndProc(HWND__ *) Line 59 C++
> WTF.dll!WTF::RunLoop::RunLoopWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 39 C++
> user32.dll!00007ffd46a7e858() Unknown
> user32.dll!00007ffd46a7e299() Unknown
> WTF.dll!WTF::RunLoop::run() Line 73 C++
> [Inline Frame] WebKit2.dll!WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess,1>::run(int) Line 70 C++
> [Inline Frame] WebKit2.dll!WebKit::AuxiliaryProcessMain(int) Line 96 C++
> WebKit2.dll!WebKit::WebProcessMain(int argc, char * * argv) Line 57 C++
> WebKitWebProcess.exe!main(int argc, char * * argv) Line 35 C++
> [Inline Frame] WebKitWebProcess.exe!invoke_main() Line 78 C++
> WebKitWebProcess.exe!__scrt_common_main_seh() Line 288 C++
> kernel32.dll!00007ffd45127034() Unknown
> ntdll.dll!00007ffd46f42651() Unknown
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210719/2ec9fa16/attachment.htm>
More information about the webkit-unassigned
mailing list