148312 2015-08-21 10:35:15 -0700 REGRESSION (r188714): Crash in JSC::Heap::incrementDeferralDepth() opening Web Inspector on daringfireball.net 2015-08-21 11:54:04 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Local Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 timothy ggaren bburg fpizlo ggaren joepeck mark.lam msaboff saam timothy ysuzuki oldest_to_newest 1119796 0 timothy 2015-08-21 10:35:15 -0700 Thread 1 Queue : com.apple.main-thread (serial) #0 0x000000010284b9cd in JSC::Heap::incrementDeferralDepth() [inlined] at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/JavaScriptCore/heap/HeapInlines.h:302 #1 0x000000010284b9cd in JSC::DeferGC::DeferGC(JSC::Heap&) [inlined] at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/JavaScriptCore/heap/DeferGC.h:41 #2 0x000000010284b9cd in JSC::DeferGC::DeferGC(JSC::Heap&) [inlined] at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/JavaScriptCore/heap/DeferGC.h:40 #3 0x000000010284b9cd in JSC::DFG::Worklist::completeAllPlansForVM(JSC::VM&) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/JavaScriptCore/dfg/DFGWorklist.cpp:205 #4 0x000000010284cdd8 in JSC::DFG::completeAllPlansForVM(JSC::VM&) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/JavaScriptCore/dfg/DFGWorklist.cpp:455 #5 0x0000000102689c6c in JSC::Debugger::recompileAllJSFunctions(JSC::VM*) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/JavaScriptCore/debugger/Debugger.cpp:353 #6 0x0000000103b713d2 in WebCore::PageScriptDebugServer::recompileAllJSFunctions() at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WebCore/inspector/PageScriptDebugServer.cpp:91 #7 0x00000001036c4e50 in WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend(Inspector::FrontendChannel*, Inspector::BackendDispatcher*) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WebCore/inspector/InspectorTimelineAgent.cpp:100 #8 0x00000001028fb2e4 in Inspector::AgentRegistry::didCreateFrontendAndBackend(Inspector::FrontendChannel*, Inspector::BackendDispatcher*) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/JavaScriptCore/inspector/InspectorAgentRegistry.cpp:55 #9 0x000000010365e623 in WebCore::InspectorController::connectFrontend(Inspector::FrontendChannel*, bool) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WebCore/inspector/InspectorController.cpp:247 #10 0x0000000101865ae1 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WebKit2/Platform/IPC/MessageReceiverMap.cpp:102 #11 0x0000000101a208b8 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WebKit2/WebProcess/WebProcess.cpp:618 #12 0x000000010181f8ec in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) [inlined] at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WebKit2/Platform/IPC/Connection.cpp:878 #13 0x000000010181f8df in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WebKit2/Platform/IPC/Connection.cpp:901 #14 0x0000000101821fd5 in IPC::Connection::dispatchOneMessage() at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WebKit2/Platform/IPC/Connection.cpp:929 #15 0x0000000102c5ff15 in std::__1::function<void ()>::operator()() const [inlined] at /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/bin/../include/c++/v1/functional:1793 #16 0x0000000102c5ff0b in WTF::RunLoop::performWork() at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WTF/wtf/RunLoop.cpp:104 #17 0x0000000102c605f2 in WTF::RunLoop::performWork(void*) at /Users/Timothy/Work/Safari-TOT.git/OpenSource/Source/WTF/wtf/cf/RunLoopCF.cpp:38 1119799 1 timothy 2015-08-21 10:36:50 -0700 Pretty much any site now crashes when opening the Web Inspector. Only about:blank seems to work. 1119814 2 timothy 2015-08-21 11:24:31 -0700 Looks like r188714 broke this. 1119820 3 259635 ggaren 2015-08-21 11:32:08 -0700 Created attachment 259635 Patch 1119821 4 259635 mark.lam 2015-08-21 11:32:57 -0700 Comment on attachment 259635 Patch r=me 1119830 5 ggaren 2015-08-21 11:39:34 -0700 Committed r188762: <http://trac.webkit.org/changeset/188762> 1119834 6 259635 joepeck 2015-08-21 11:47:26 -0700 Comment on attachment 259635 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=259635&action=review > Source/JavaScriptCore/ChangeLog:3 > + REGRESSION (r188714): RELEASE_ASSERT in JSC::Heap::incrementDeferralDepth() opening Web Inspector on daringfireball.net So this wasn't a RELEASE_ASSERT? Maybe we should retitle before landing. 259635 2015-08-21 11:32:08 -0700 2015-08-21 11:32:57 -0700 Patch bug-148312-20150821113202.patch text/plain 1409 ggaren SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTg4NzYwKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBA CisyMDE1LTA4LTIxICBHZW9mZnJleSBHYXJlbiAgPGdnYXJlbkBhcHBsZS5jb20+CisKKyAgICAg ICAgUkVHUkVTU0lPTiAocjE4ODcxNCk6IFJFTEVBU0VfQVNTRVJUIGluIEpTQzo6SGVhcDo6aW5j cmVtZW50RGVmZXJyYWxEZXB0aCgpIG9wZW5pbmcgV2ViIEluc3BlY3RvciBvbiBkYXJpbmdmaXJl YmFsbC5uZXQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE0ODMxMgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg ICogZGVidWdnZXIvRGVidWdnZXIuY3BwOgorICAgICAgICAoSlNDOjpEZWJ1Z2dlcjo6cmVjb21w aWxlQWxsSlNGdW5jdGlvbnMpOiBVc2Ugb3VyIHZtIGFyZ3VtZW50IGluc3RlYWQgb2YKKyAgICAg ICAgbV92bSBiZWNhdXNlIHNvbWV0aW1lcyB0aGV5IGFyZSBkaWZmZXJlbnQgYW5kIG1fdm0gaXMg bnVsbC4gKFRoaXMgYmVoYXZpb3IKKyAgICAgICAgaXMgdmVyeSBzdHJhbmdlLCBhbmQgd2Ugc2hv dWxkIHByb2JhYmx5IGVsaW1pbmF0ZSBpdCAtLSBidXQgd2UgbmVlZCBhIAorICAgICAgICBmaXgg Zm9yIHRoaXMgc2VyaW91cyByZWdyZXNzaW9uIHJpZ2h0IG5vdy4pCisKIDIwMTUtMDgtMjAgIFl1 c3VrZSBTdXp1a2kgIDx1dGF0YW5lLnRlYUBnbWFpbC5jb20+CiAKICAgICAgICAgW0VTNl0gcHJv dG90eXBpbmcgbW9kdWxlIGxvYWRlciBpbiBKU0Mgc2hlbGwKSW5kZXg6IFNvdXJjZS9KYXZhU2Ny aXB0Q29yZS9kZWJ1Z2dlci9EZWJ1Z2dlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFT Y3JpcHRDb3JlL2RlYnVnZ2VyL0RlYnVnZ2VyLmNwcAkocmV2aXNpb24gMTg4NzU4KQorKysgU291 cmNlL0phdmFTY3JpcHRDb3JlL2RlYnVnZ2VyL0RlYnVnZ2VyLmNwcAkod29ya2luZyBjb3B5KQpA QCAtMzUwLDcgKzM1MCw3IEBAIHZvaWQgRGVidWdnZXI6OnJlY29tcGlsZUFsbEpTRnVuY3Rpb25z KFYKICAgICB9CiAKICNpZiBFTkFCTEUoREZHX0pJVCkKLSAgICBERkc6OmNvbXBsZXRlQWxsUGxh bnNGb3JWTSgqbV92bSk7CisgICAgREZHOjpjb21wbGV0ZUFsbFBsYW5zRm9yVk0oKnZtKTsKICNl bmRpZgogCiAgICAgUmVjb21waWxlciByZWNvbXBpbGVyKHRoaXMpOwo=