Bug 218455

Summary: REGRESSION (r269227): Crash in WebCore::WorkerOrWorkletGlobalScope::prepareForDestruction
Product: WebKit Reporter: Ryan Haddad <ryanhaddad>
Component: New BugsAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, darin, esprehn+autocc, ews-watchlist, ggaren, kangil.han, rniwa, sam, webkit-bot-watchers-bugzilla, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=218363
Attachments:
Description Flags
Patch none

Description Ryan Haddad 2020-11-02 13:09:16 PST 
The following two tests are consistently crashing on iOS and macOS debug bots after https://trac.webkit.org/changeset/269227/webkit
fast/css-custom-paint/constructor.html
fast/css-custom-paint/registerPaintBindings.html

https://results.webkit.org/?suite=layout-tests&suite=layout-tests&test=fast%2Fcss-custom-paint%2Fconstructor.html&test=fast%2Fcss-custom-paint%2FregisterPaintBindings.html

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000020f36df8e WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebCore             	0x00000001ee5e65eb WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebCore             	0x00000001f383bdb5 WebCore::WorkerOrWorkletGlobalScope::prepareForDestruction() + 181 (WorkerOrWorkletGlobalScope.cpp:53)
3   com.apple.WebCore             	0x00000001f39b6abf WebCore::WorkletGlobalScope::prepareForDestruction() + 31 (WorkletGlobalScope.cpp:95)
4   com.apple.WebCore             	0x00000001f16be46e WebCore::PaintWorkletGlobalScope::prepareForDestruction() + 78 (PaintWorkletGlobalScope.h:73)
5   com.apple.WebCore             	0x00000001f16bd7c2 WebCore::Document::willBeRemovedFromFrame() + 1714 (Document.cpp:2621)
6   com.apple.WebCore             	0x00000001f25f78d3 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::RawPtrTraits<WebCore::FrameView>, WTF::DefaultRefDerefTraits<WebCore::FrameView> >&&) + 195
7   com.apple.WebCore             	0x00000001f25fc49d WebCore::Frame::createView(WebCore::IntSize const&, WTF::Optional<WebCore::Color> const&, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) + 253 (Frame.cpp:870)
8   com.apple.WebKit              	0x00000001e19a33c7 WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() + 887 (WebFrameLoaderClient.cpp:1524)
9   com.apple.WebCore             	0x00000001f23d3cde WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 1982 (FrameLoader.cpp:2211)
10  com.apple.WebCore             	0x00000001f23d2987 WebCore::FrameLoader::commitProvisionalLoad() + 1191 (FrameLoader.cpp:2022)
11  com.apple.WebCore             	0x00000001f2356fbc WebCore::DocumentLoader::commitIfReady() + 60 (DocumentLoader.cpp:377)
12  com.apple.WebCore             	0x00000001f2357720 WebCore::DocumentLoader::finishedLoading() + 304 (DocumentLoader.cpp:442)
13  com.apple.WebCore             	0x00000001f2363154 WebCore::DocumentLoader::maybeLoadEmpty() + 1076 (DocumentLoader.cpp:1831)
14  com.apple.WebCore             	0x00000001f23632e5 WebCore::DocumentLoader::startLoadingMainResource() + 357 (DocumentLoader.cpp:1844)
15  com.apple.WebCore             	0x00000001f23fc83c WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, WebCore::NavigationPolicyDecision, WebCore::AllowNavigationToInvalidURL)::$_11::operator()() + 1612
Comment 1 Radar WebKit Bug Importer 2020-11-02 13:09:44 PST 
<rdar://problem/70963191>
Comment 2 Chris Dumez 2020-11-02 13:10:00 PST 
Looking.
Comment 3 Chris Dumez 2020-11-02 13:42:53 PST 
Created attachment 412966 [details]
Patch
Comment 4 Geoffrey Garen 2020-11-02 14:15:08 PST 
Comment on attachment 412966 [details]
Patch

r=me
Comment 5 EWS 2020-11-02 14:24:18 PST 
Committed r269275: <https://trac.webkit.org/changeset/269275>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 412966 [details].