140688 2015-01-20 11:23:00 -0800 REGRESSION(178696): Sporadic crashes while garbage collecting 2015-01-20 11:35:26 -0800 1 1 1 Unclassified WebKit JavaScriptCore 312.x All All RESOLVED FIXED P2 Normal --- 1 msaboff msaboff oldest_to_newest 1062821 0 msaboff 2015-01-20 11:23:00 -0800 After r178696 several build bots are crashing running WebKit tests. As an example: ASSERTION FAILED: heap()->m_storageSpace.contains(block) /Volumes/Data/slave/mavericks-debug/build/Source/JavaScriptCore/heap/SlotVisitorInlines.h(246) : void JSC::SlotVisitor::copyLater(JSC::JSCell *, JSC::CopyToken, void *, size_t) 1 0x109fc0860 WTFCrash 2 0x109675541 JSC::SlotVisitor::copyLater(JSC::JSCell*, JSC::CopyToken, void*, unsigned long) 3 0x109cdd65d JSC::JSObject::visitButterfly(JSC::SlotVisitor&, JSC::Butterfly*, unsigned long) 4 0x109cd015f JSC::JSObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) 5 0x109ef46d8 JSC::visitChildren(JSC::SlotVisitor&, JSC::JSCell const*) 6 0x109ef4539 JSC::SlotVisitor::drain() 7 0x109ef4c1d JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode) 8 0x109b3bc95 JSC::GCThread::gcThreadMain() 9 0x109b3bd6d JSC::GCThread::gcThreadStartFunc(void*) 10 0x10a0157b9 WTF::createThread(void (*)(void*), void*, char const*)::$_0::operator()() const 11 0x10a01578c std::__1::__function::__func<WTF::createThread(void (*)(void*), void*, char const*)::$_0, std::__1::allocator<WTF::createThread(void (*)(void*), void*, char const*)::$_0>, void ()>::operator()() 12 0x109f6ce4a std::__1::function<void ()>::operator()() const 13 0x10a01473e WTF::threadEntryPoint(void*) 14 0x10a0160d8 WTF::wtfThreadEntryPoint(void*) 15 0x7fff8e6e7899 _pthread_body 16 0x7fff8e6e772a _pthread_struct_init 17 0x7fff8e6ebfc9 thread_start and CRASHING TEST: imported/w3c/canvas/2d.composite.transparent.destination-out.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010fedd90a WTFCrash + 42 1 com.apple.JavaScriptCore 0x000000010fe9207b JSC::WeakBlock::reap() + 235 2 com.apple.JavaScriptCore 0x000000010fcba017 JSC::WeakSet::reap() + 55 3 com.apple.JavaScriptCore 0x000000010fcb6eac JSC::MarkedBlock::reapWeakSet() + 28 4 com.apple.JavaScriptCore 0x000000010fcb8b19 JSC::ReapWeakSet::operator()(JSC::MarkedBlock*) + 25 5 com.apple.JavaScriptCore 0x000000010fcb8a96 void JSC::MarkedAllocator::forEachBlock<JSC::ReapWeakSet>(JSC::ReapWeakSet&) + 86 6 com.apple.JavaScriptCore 0x000000010fcb897a JSC::ReapWeakSet::ReturnType JSC::MarkedSpace::forEachBlock<JSC::ReapWeakSet>(JSC::ReapWeakSet&) + 586 7 com.apple.JavaScriptCore 0x000000010fcb6ed9 JSC::ReapWeakSet::ReturnType JSC::MarkedSpace::forEachBlock<JSC::ReapWeakSet>() + 25 1062822 1 245004 msaboff 2015-01-20 11:25:13 -0800 Created attachment 245004 Patch 1062826 2 245004 ggaren 2015-01-20 11:33:50 -0800 Comment on attachment 245004 Patch r=me 1062827 3 msaboff 2015-01-20 11:35:26 -0800 Committed r178728: <http://trac.webkit.org/changeset/178728> 245004 2015-01-20 11:25:13 -0800 2015-01-20 11:33:50 -0800 Patch 140688.patch text/plain 1328 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTc4NzI1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBA CisyMDE1LTAxLTIwICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIFJFR1JFU1NJT04oMTc4Njk2KTogU3BvcmFkaWMgY3Jhc2hlcyB3aGlsZSBnYXJiYWdlIGNv bGxlY3RpbmcKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE0MDY4OAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IEFkZGVkIG1pc3NpbmcgdmlzaXRvci5hcHBlbmQoJnRoaXNPYmplY3QtPm1fbnVsbFNldHRlckZ1 bmN0aW9uKS4KKworICAgICAgICAqIHJ1bnRpbWUvSlNHbG9iYWxPYmplY3QuY3BwOgorICAgICAg ICAoSlNDOjpKU0dsb2JhbE9iamVjdDo6dmlzaXRDaGlsZHJlbik6CisKIDIwMTUtMDEtMTkgIEJy aWFuIEouIEJ1cmcgIDxidXJnQGNzLndhc2hpbmd0b24uZWR1PgogCiAgICAgICAgIFdlYiBSZXBs YXk6IGNvZGUgZ2VuZXJhdG9yIHNob3VsZCB0YWtlIHN1cHBsZW1lbnRhbCBzcGVjaWZpY2F0aW9u cyBhbmQgYWxsb3cgY3Jvc3MtZnJhbWV3b3JrIHJlZmVyZW5jZXMKSW5kZXg6IFNvdXJjZS9KYXZh U2NyaXB0Q29yZS9ydW50aW1lL0pTR2xvYmFsT2JqZWN0LmNwcAo9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3Vy Y2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0dsb2JhbE9iamVjdC5jcHAJKHJldmlzaW9uIDE3 ODcyNSkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTR2xvYmFsT2JqZWN0LmNw cAkod29ya2luZyBjb3B5KQpAQCAtNjU2LDYgKzY1Niw3IEBAIHZvaWQgSlNHbG9iYWxPYmplY3Q6 OnZpc2l0Q2hpbGRyZW4oSlNDZWwKICNlbmRpZgogCiAgICAgdmlzaXRvci5hcHBlbmQoJnRoaXNP YmplY3QtPm1fbnVsbEdldHRlckZ1bmN0aW9uKTsKKyAgICB2aXNpdG9yLmFwcGVuZCgmdGhpc09i amVjdC0+bV9udWxsU2V0dGVyRnVuY3Rpb24pOwogCiAgICAgdmlzaXRvci5hcHBlbmQoJnRoaXNP YmplY3QtPm1fZXZhbEZ1bmN0aW9uKTsKICAgICB2aXNpdG9yLmFwcGVuZCgmdGhpc09iamVjdC0+ bV9jYWxsRnVuY3Rpb24pOwo=