[Webkit-unassigned] [Bug 223838] New: Crash under FrameDestructionObserver::frame() on a GC thread
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 26 23:10:51 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=223838
Bug ID: 223838
Summary: Crash under FrameDestructionObserver::frame() on a GC
thread
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: simon.fraser at apple.com
https://ews-build.s3-us-west-2.amazonaws.com/macOS-Catalina-Debug-WK1-Tests-EWS/r424441-4414/results.html
Thread 23 Crashed:: Heap Helper Thread
0 com.apple.WebCore 0x000000012c0bf16c WebCore::Frame::WeakValueType* WTF::WeakPtrImpl<WTF::EmptyCounter>::get<WebCore::Frame>() + 12
1 com.apple.WebCore 0x000000012c0bf132 WTF::WeakPtr<WebCore::Frame, WTF::EmptyCounter>::get() const + 210
2 com.apple.WebCore 0x000000012d01feee WebCore::FrameDestructionObserver::frame() const + 30
3 com.apple.WebCore 0x000000012cfaf546 WebCore::DOMWindow::frame() const + 54
4 com.apple.WebCore 0x000000012ba93328 void WebCore::JSDOMWindow::visitAdditionalChildren<JSC::SlotVisitor>(JSC::SlotVisitor&) + 40
5 com.apple.WebCore 0x0000000129abce5a void WebCore::JSDOMWindow::visitChildrenImpl<JSC::SlotVisitor>(JSC::JSCell*, JSC::SlotVisitor&) + 442
6 com.apple.WebCore 0x0000000129a5254d WebCore::JSDOMWindow::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) + 29
7 com.apple.JavaScriptCore 0x00000001061a5d89 JSC::MethodTable::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) const + 41
8 com.apple.JavaScriptCore 0x000000010619e093 JSC::SlotVisitor::visitChildren(JSC::JSCell const*) + 403
9 com.apple.JavaScriptCore 0x00000001061a74ba JSC::SlotVisitor::drain(WTF::MonotonicTime)::$_3::operator()(JSC::MarkStackArray&) const + 218
10 com.apple.JavaScriptCore 0x000000010619e5ee JSC::IterationStatus JSC::SlotVisitor::forEachMarkStack<JSC::SlotVisitor::drain(WTF::MonotonicTime)::$_3>(JSC::SlotVisitor::drain(WTF::MonotonicTime)::$_3 const&) + 46
11 com.apple.JavaScriptCore 0x000000010619e56d JSC::SlotVisitor::drain(WTF::MonotonicTime) + 221
12 com.apple.JavaScriptCore 0x000000010619f300 JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 1664
13 com.apple.JavaScriptCore 0x000000010612557b JSC::Heap::runBeginPhase(JSC::GCConductor)::$_18::operator()() const + 219
14 com.apple.JavaScriptCore 0x00000001061253de WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_18>::run() + 30
15 com.apple.JavaScriptCore 0x0000000104e7b6a9 WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::RawPtrTraits<WTF::SharedTask<void ()> >, WTF::DefaultRefDerefTraits<WTF::SharedTask<void ()> > > const&) + 233 (ParallelHelperPool.cpp:110)
16 com.apple.JavaScriptCore 0x0000000104e7cf7a WTF::ParallelHelperPool::Thread::work() + 42 (ParallelHelperPool.cpp:198)
17 com.apple.JavaScriptCore 0x0000000104dfe2d3 WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const + 659 (AutomaticThread.cpp:229)
18 com.apple.JavaScriptCore 0x0000000104dfde9e WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() + 30 (Function.h:52)
19 com.apple.JavaScriptCore 0x0000000104e121b2 WTF::Function<void ()>::operator()() const + 130 (Function.h:83)
20 com.apple.JavaScriptCore 0x0000000104ed8d78 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 424 (Threading.cpp:182)
21 com.apple.JavaScriptCore 0x0000000104ee6be8 WTF::wtfThreadEntryPoint(void*) + 24 (ThreadingPOSIX.cpp:241)
22 libsystem_pthread.dylib 0x00007fff73020109 _pthread_start + 148
23 libsystem_pthread.dylib 0x00007fff7301bb8b thread_start + 15
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210327/11c86ed9/attachment.htm>
More information about the webkit-unassigned
mailing list