149392 2015-09-20 14:59:24 -0700 Regression(r190023): fast/dom/navigation-with-sideeffects-crash.html is crashing 2015-09-20 16:24:45 -0700 1 1 1 Unclassified WebKit Bindings WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 149376 1 cdumez cdumez ap commit-queue darin rniwa sam oldest_to_newest 1127529 0 cdumez 2015-09-20 14:59:24 -0700 fast/dom/navigation-with-sideeffects-crash.html is crashing after r190023: #0 0x1108df096 in WebCore::Location::setHref(WebCore::DOMWindow&, WebCore::DOMWindow&, WTF::String const&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x19e7096) #1 0x1101e0acb in WebCore::setJSDocumentLocation(JSC::ExecState*, JSC::JSObject*, long long, long long) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x12e8acb) #2 0x10e0b5ce7 in JSC::putEntry(JSC::ExecState*, JSC::HashTableValue const*, JSC::JSObject*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xa86ce7) #3 0x10d65401f in JSC::JSObject::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x2501f) #4 0x10d8b5215 in llint_slow_path_put_by_id (/Volumes/Data/slave/yosemite-asan-production-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x286215) 1127532 1 cdumez 2015-09-20 15:09:23 -0700 I know that is happening and I have a speculative patch. I just need to confirm it works before uploading it. The good news is that I can reproduce the crash locally. 1127534 2 261616 cdumez 2015-09-20 15:20:36 -0700 Created attachment 261616 Patch 1127538 3 261616 cdumez 2015-09-20 16:24:40 -0700 Comment on attachment 261616 Patch Clearing flags on attachment: 261616 Committed r190034: <http://trac.webkit.org/changeset/190034> 1127539 4 cdumez 2015-09-20 16:24:45 -0700 All reviewed patches have been landed. Closing bug. 261616 2015-09-20 15:20:36 -0700 2015-09-20 16:24:40 -0700 Patch bug-149392-20150920152021.patch text/plain 4580 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMTkwMDMzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggZWI1ZTYwMGM5NGIyYjE1 YTZlMDNkYmVmM2RlODQyZmViMjc4YzA5NS4uZmY1NjVkMjAxN2Y4NGNkYzEyYWEyNDZlNThjNmIy OWRkNWM2ZWI0NiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIyIEBACisyMDE1LTA5LTIwICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgUmVncmVzc2lvbihyMTkwMDIz KTogZmFzdC9kb20vbmF2aWdhdGlvbi13aXRoLXNpZGVlZmZlY3RzLWNyYXNoLmh0bWwgaXMgY3Jh c2hpbmcKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0 OTM5MgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIElu IHRoZSBnZW5lcmF0ZWQgY29kZSBmb3IgW1B1dEZvcndhcmRzPXh4eF0sIG1ha2Ugc3VyZSB0aGUg Zm9yd2FyZGVkCisgICAgICAgIGltcGxlbWVudGF0aW9uIG9iamVjdCBpcyByZWYnZCBiZWZvcmUg Y2FsbGluZyB0b1N0cmluZygpIGFzIHRvU3RyaW5nKCkKKyAgICAgICAgY2FuIGJlIG92ZXJyaWRk ZW4gYnkgSlMgYW5kIGNhdXNlIHRoZSBvYmplY3QgdG8gZ2V0IGRlcmVmJ2QgLyBkZXN0cm95ZWQu CisKKyAgICAgICAgTm8gbmV3IHRlc3RzLCBhbHJlYWR5IGNvdmVyZWQgYnkgZXhpc3RpbmcgdGVz dC4KKworICAgICAgICAqIGJpbmRpbmdzL3NjcmlwdHMvQ29kZUdlbmVyYXRvckpTLnBtOgorICAg ICAgICAoR2VuZXJhdGVJbXBsZW1lbnRhdGlvbik6CisgICAgICAgICogYmluZGluZ3Mvc2NyaXB0 cy90ZXN0L0pTL0pTVGVzdE9iai5jcHA6CisgICAgICAgIChXZWJDb3JlOjpzZXRKU1Rlc3RPYmpQ dXRGb3J3YXJkc0F0dHJpYnV0ZSk6CisgICAgICAgIChXZWJDb3JlOjpzZXRKU1Rlc3RPYmpQdXRG b3J3YXJkc051bGxhYmxlQXR0cmlidXRlKToKKwogMjAxNS0wOS0xOSAgQ2hyaXMgRHVtZXogIDxj ZHVtZXpAYXBwbGUuY29tPgogCiAgICAgICAgIEdldCByaWQgb2YgY3VzdG9tIGJpbmRpbmdzIGZv ciBIVE1MTGlua0VsZW1lbnQuc2l6ZXMgc2V0dGVyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29y ZS9iaW5kaW5ncy9zY3JpcHRzL0NvZGVHZW5lcmF0b3JKUy5wbSBiL1NvdXJjZS9XZWJDb3JlL2Jp bmRpbmdzL3NjcmlwdHMvQ29kZUdlbmVyYXRvckpTLnBtCmluZGV4IGIxMThkNzAxOWUwNTI0Mzc0 MzE4NjdhM2YxYjNkOTRhYThlZTJlYjEuLmRmNDRkMmZlZGI3Y2ZmZDFlZjMzNjI5ZTg4ZTUxOGRi OGM4YmZhNDggMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2JpbmRpbmdzL3NjcmlwdHMvQ29k ZUdlbmVyYXRvckpTLnBtCisrKyBiL1NvdXJjZS9XZWJDb3JlL2JpbmRpbmdzL3NjcmlwdHMvQ29k ZUdlbmVyYXRvckpTLnBtCkBAIC0yNjUyLDE1ICsyNjUyLDE2IEBAIHN1YiBHZW5lcmF0ZUltcGxl bWVudGF0aW9uCiAgICAgICAgICAgICAgICAgICAgIG15ICRwdXRGb3J3YXJkcyA9ICRhdHRyaWJ1 dGUtPnNpZ25hdHVyZS0+ZXh0ZW5kZWRBdHRyaWJ1dGVzLT57IlB1dEZvcndhcmRzIn07CiAgICAg ICAgICAgICAgICAgICAgIGlmICgkcHV0Rm9yd2FyZHMpIHsKICAgICAgICAgICAgICAgICAgICAg ICAgIG15ICRpbXBsR2V0dGVyRnVuY3Rpb25OYW1lID0gJGNvZGVHZW5lcmF0b3ItPldLX2xjZmly c3QoJGF0dHJpYnV0ZS0+c2lnbmF0dXJlLT5leHRlbmRlZEF0dHJpYnV0ZXMtPnsiSW1wbGVtZW50 ZWRBcyJ9IHx8ICRuYW1lKTsKKyAgICAgICAgICAgICAgICAgICAgICAgIG15ICRhdHRyaWJ1dGVU eXBlID0gJGF0dHJpYnV0ZS0+c2lnbmF0dXJlLT50eXBlOwogICAgICAgICAgICAgICAgICAgICAg ICAgaWYgKCRhdHRyaWJ1dGUtPnNpZ25hdHVyZS0+aXNOdWxsYWJsZSkgewotICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHB1c2goQGltcGxDb250ZW50LCAiICAgIGF1dG8qIGZvcndhcmRlZElt cGwgPSBjYXN0ZWRUaGlzLT5pbXBsKCkuJHtpbXBsR2V0dGVyRnVuY3Rpb25OYW1lfSgpO1xuIik7 CisgICAgICAgICAgICAgICAgICAgICAgICAgICAgcHVzaChAaW1wbENvbnRlbnQsICIgICAgUmVm UHRyPCR7YXR0cmlidXRlVHlwZX0+IGZvcndhcmRlZEltcGwgPSBjYXN0ZWRUaGlzLT5pbXBsKCku JHtpbXBsR2V0dGVyRnVuY3Rpb25OYW1lfSgpO1xuIik7CiAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgcHVzaChAaW1wbENvbnRlbnQsICIgICAgaWYgKCFmb3J3YXJkZWRJbXBsKVxuIik7CiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgcHVzaChAaW1wbENvbnRlbnQsICIgICAgICAgIHJl dHVybjtcbiIpOwogICAgICAgICAgICAgICAgICAgICAgICAgICAgIHB1c2goQGltcGxDb250ZW50 LCAiICAgIGF1dG8mIGltcGwgPSAqZm9yd2FyZGVkSW1wbDtcbiIpOwogICAgICAgICAgICAgICAg ICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjIEF0dHJpYnV0 ZSBpcyBub3QgbnVsbGFibGUsIHRoZSBpbXBsZW1lbnRhdGlvbiBpcyBleHBlY3RlZCB0byByZXR1 cm4gYSByZWZlcmVuY2UuCi0gICAgICAgICAgICAgICAgICAgICAgICAgICAgbXkgJGF0dHJpYnV0 ZVR5cGUgPSAkYXR0cmlidXRlLT5zaWduYXR1cmUtPnR5cGU7Ci0gICAgICAgICAgICAgICAgICAg ICAgICAgICAgcHVzaChAaW1wbENvbnRlbnQsICIgICAgJHthdHRyaWJ1dGVUeXBlfSYgaW1wbCA9 IGNhc3RlZFRoaXMtPmltcGwoKS4ke2ltcGxHZXR0ZXJGdW5jdGlvbk5hbWV9KCk7XG4iKTsKKyAg ICAgICAgICAgICAgICAgICAgICAgICAgICBwdXNoKEBpbXBsQ29udGVudCwgIiAgICBSZWY8JHth dHRyaWJ1dGVUeXBlfT4gZm9yd2FyZGVkSW1wbCA9IGNhc3RlZFRoaXMtPmltcGwoKS4ke2ltcGxH ZXR0ZXJGdW5jdGlvbk5hbWV9KCk7XG4iKTsKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICBw dXNoKEBpbXBsQ29udGVudCwgIiAgICBhdXRvJiBpbXBsID0gZm9yd2FyZGVkSW1wbC5nZXQoKTtc biIpOwogICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgICAgICAg JGF0dHJpYnV0ZSA9ICRjb2RlR2VuZXJhdG9yLT5HZXRBdHRyaWJ1dGVGcm9tSW50ZXJmYWNlKCRp bnRlcmZhY2UsICRhdHRyaWJ1dGUtPnNpZ25hdHVyZS0+dHlwZSwgJHB1dEZvcndhcmRzKTsKICAg ICAgICAgICAgICAgICAgICAgfSBlbHNlIHsKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2Jp bmRpbmdzL3NjcmlwdHMvdGVzdC9KUy9KU1Rlc3RPYmouY3BwIGIvU291cmNlL1dlYkNvcmUvYmlu ZGluZ3Mvc2NyaXB0cy90ZXN0L0pTL0pTVGVzdE9iai5jcHAKaW5kZXggNWUzZjQxOGNkNTFiMzNk ZmU0NjE5MzExMzJiYzhhMDJhMzM1YzEzOS4uYTAyMmFmNGIyZDViMDA4N2UzMDQzMDM5NTVkNDg5 ZDkxMzAyYTVmMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvYmluZGluZ3Mvc2NyaXB0cy90 ZXN0L0pTL0pTVGVzdE9iai5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvYmluZGluZ3Mvc2NyaXB0 cy90ZXN0L0pTL0pTVGVzdE9iai5jcHAKQEAgLTMxMTAsNyArMzExMCw4IEBAIHZvaWQgc2V0SlNU ZXN0T2JqUHV0Rm9yd2FyZHNBdHRyaWJ1dGUoRXhlY1N0YXRlKiBzdGF0ZSwgSlNPYmplY3QqIGJh c2VPYmplY3QsIEVuCiAgICAgICAgICAgICB0aHJvd1NldHRlclR5cGVFcnJvcigqc3RhdGUsICJU ZXN0T2JqIiwgInB1dEZvcndhcmRzQXR0cmlidXRlIik7CiAgICAgICAgIHJldHVybjsKICAgICB9 Ci0gICAgVGVzdE5vZGUmIGltcGwgPSBjYXN0ZWRUaGlzLT5pbXBsKCkucHV0Rm9yd2FyZHNBdHRy aWJ1dGUoKTsKKyAgICBSZWY8VGVzdE5vZGU+IGZvcndhcmRlZEltcGwgPSBjYXN0ZWRUaGlzLT5p bXBsKCkucHV0Rm9yd2FyZHNBdHRyaWJ1dGUoKTsKKyAgICBhdXRvJiBpbXBsID0gZm9yd2FyZGVk SW1wbC5nZXQoKTsKICAgICBTdHJpbmcgbmF0aXZlVmFsdWUgPSB2YWx1ZS50b1N0cmluZyhzdGF0 ZSktPnZhbHVlKHN0YXRlKTsKICAgICBpZiAoVU5MSUtFTFkoc3RhdGUtPmhhZEV4Y2VwdGlvbigp KSkKICAgICAgICAgcmV0dXJuOwpAQCAtMzEzMCw3ICszMTMxLDcgQEAgdm9pZCBzZXRKU1Rlc3RP YmpQdXRGb3J3YXJkc051bGxhYmxlQXR0cmlidXRlKEV4ZWNTdGF0ZSogc3RhdGUsIEpTT2JqZWN0 KiBiYXNlT2IKICAgICAgICAgICAgIHRocm93U2V0dGVyVHlwZUVycm9yKCpzdGF0ZSwgIlRlc3RP YmoiLCAicHV0Rm9yd2FyZHNOdWxsYWJsZUF0dHJpYnV0ZSIpOwogICAgICAgICByZXR1cm47CiAg ICAgfQotICAgIGF1dG8qIGZvcndhcmRlZEltcGwgPSBjYXN0ZWRUaGlzLT5pbXBsKCkucHV0Rm9y d2FyZHNOdWxsYWJsZUF0dHJpYnV0ZSgpOworICAgIFJlZlB0cjxUZXN0Tm9kZT4gZm9yd2FyZGVk SW1wbCA9IGNhc3RlZFRoaXMtPmltcGwoKS5wdXRGb3J3YXJkc051bGxhYmxlQXR0cmlidXRlKCk7 CiAgICAgaWYgKCFmb3J3YXJkZWRJbXBsKQogICAgICAgICByZXR1cm47CiAgICAgYXV0byYgaW1w bCA9ICpmb3J3YXJkZWRJbXBsOwo=