159303 – REGRESSION(r202659?): LayoutTest inspector/model/scope-chain-node.html crashes

RESOLVED DUPLICATE of bug 158210 Bug 159303

REGRESSION(r202659?): LayoutTest inspector/model/scope-chain-node.html crashes

https://bugs.webkit.org/show_bug.cgi?id=159303

Summary REGRESSION(r202659?): LayoutTest inspector/model/scope-chain-node.html crashes

Ryan Haddad

Reported 2016-06-30 10:00:06 PDT

LayoutTest inspector/model/scope-chain-node.html crashes https://build.webkit.org/builders/Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/builds/6239 https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=inspector%2Fmodel%2Fscope-chain-node.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000106b0c51c JSC::WeakSet::heap() const + 12 (VM.h:699) 1 com.apple.JavaScriptCore 0x0000000106b0c4fc JSC::MarkedBlock::heap() const + 28 (MarkedBlock.h:245) 2 com.apple.JavaScriptCore 0x0000000106b0c42d JSC::Heap::heap(JSC::JSCell const*) + 29 (HeapInlines.h:64) 3 com.apple.JavaScriptCore 0x0000000106b12519 JSC::JSCell::structure() const + 25 (JSCellInlines.h:102) 4 com.apple.JavaScriptCore 0x0000000107585106 JSC::slowValidateCell(JSC::JSCell*) + 86 (JSCell.cpp:188) 5 com.apple.JavaScriptCore 0x0000000106b125f5 void JSC::validateCell<JSC::JSCell*>(JSC::JSCell*) + 21 (WriteBarrier.h:59) 6 com.apple.JavaScriptCore 0x0000000106c249de JSC::WriteBarrierBase<JSC::ExecutableBase>::get() const + 46 (WriteBarrier.h:95) 7 com.apple.JavaScriptCore 0x0000000106d96e6c JSC::CodeBlock::ownerScriptExecutable() const + 28 (CodeBlock.h:349) 8 com.apple.JavaScriptCore 0x0000000106e661d4 JSC::DebuggerScope::location() const + 132 (DebuggerScope.cpp:236) 9 com.apple.JavaScriptCore 0x000000010760766b Inspector::JSJavaScriptCallFrame::scopeDescriptions(JSC::ExecState*) + 603 (JSJavaScriptCallFrame.cpp:144) 10 com.apple.JavaScriptCore 0x000000010760d4ab Inspector::jsJavaScriptCallFramePrototypeFunctionScopeDescriptions(JSC::ExecState*) + 91 (JSJavaScriptCallFramePrototype.cpp:94) 11 ??? 0x00004000a2201028 0 + 70371464187944 12 com.apple.JavaScriptCore 0x000000010773547c llint_entry + 28040 13 com.apple.JavaScriptCore 0x000000010773547c llint_entry + 28040 14 com.apple.JavaScriptCore 0x00000001077357ed llint_entry + 28921 15 com.apple.JavaScriptCore 0x000000010772e4de vmEntryToJavaScript + 334 16 com.apple.JavaScriptCore 0x000000010751eb6a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 218 (JITCode.cpp:80) 17 com.apple.JavaScriptCore 0x00000001074a9cd5 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 997 (Interpreter.cpp:1015) 18 com.apple.JavaScriptCore 0x0000000106d5824e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 (CallData.cpp:40) 19 com.apple.JavaScriptCore 0x0000000106d582b3 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 83 (CallData.cpp:45) 20 com.apple.WebCore 0x000000010af845cb WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 107 (JSMainThreadExecState.h:57) 21 com.apple.WebCore 0x000000010b221f6d WebCore::functionCallHandlerFromAnyThread(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 109 (JSMainThreadExecState.cpp:44) 22 com.apple.JavaScriptCore 0x00000001079346ce Deprecated::ScriptFunctionCall::call(bool&) + 478 (ScriptFunctionCall.cpp:124) 23 com.apple.JavaScriptCore 0x00000001073fc495 Inspector::InjectedScriptBase::callFunctionWithEvalEnabled(Deprecated::ScriptFunctionCall&, bool&) const + 69 (InjectedScriptBase.cpp:75) 24 com.apple.JavaScriptCore 0x00000001073f9456 Inspector::InjectedScript::wrapCallFrames(JSC::JSValue) const + 310 (InjectedScript.cpp:221) 25 com.apple.JavaScriptCore 0x0000000107468aab Inspector::InspectorDebuggerAgent::currentCallFrames(Inspector::InjectedScript const&) + 187 (InspectorDebuggerAgent.cpp:617) 26 com.apple.JavaScriptCore 0x00000001074698e5 Inspector::InspectorDebuggerAgent::didPause(JSC::ExecState&, JSC::JSValue, JSC::JSValue) + 821 (InspectorDebuggerAgent.cpp:726) 27 com.apple.JavaScriptCore 0x0000000107469aff non-virtual thunk to Inspector::InspectorDebuggerAgent::didPause(JSC::ExecState&, JSC::JSValue, JSC::JSValue) + 63 (InspectorDebuggerAgent.cpp:680) 28 com.apple.JavaScriptCore 0x000000010792ca03 Inspector::ScriptDebugServer::dispatchDidPause(Inspector::ScriptDebugListener*) + 307 (ScriptDebugServer.cpp:138) 29 com.apple.JavaScriptCore 0x000000010792d285 Inspector::ScriptDebugServer::dispatchFunctionToListeners(WTF::HashSet<Inspector::ScriptDebugListener*, WTF::PtrHash<Inspector::ScriptDebugListener*>, WTF::HashTraits<Inspector::ScriptDebugListener*> > const&, void (Inspector::ScriptDebugServer::*)(Inspector::ScriptDebugListener*)) + 229 (ScriptDebugServer.cpp:276) 30 com.apple.JavaScriptCore 0x000000010792d187 Inspector::ScriptDebugServer::dispatchFunctionToListeners(void (Inspector::ScriptDebugServer::*)(Inspector::ScriptDebugListener*)) + 167 (ScriptDebugServer.cpp:269) 31 com.apple.JavaScriptCore 0x000000010792d599 Inspector::ScriptDebugServer::handlePause(JSC::JSGlobalObject*, JSC::Debugger::ReasonForPause) + 73 (ScriptDebugServer.cpp:311) 32 com.apple.JavaScriptCore 0x0000000106e4bd8d JSC::Debugger::pauseIfNeeded(JSC::ExecState*) + 637 (Debugger.cpp:661) 33 com.apple.JavaScriptCore 0x0000000106e4c04c JSC::Debugger::updateCallFrameAndPauseIfNeeded(JSC::ExecState*) + 60 (Debugger.cpp:613) 34 com.apple.JavaScriptCore 0x0000000106e4c4e4 JSC::Debugger::didReachBreakpoint(JSC::ExecState*) + 100 (Debugger.cpp:768) 35 com.apple.JavaScriptCore 0x00000001074aac4b JSC::Interpreter::debug(JSC::ExecState*, JSC::DebugHookID) + 347 (Interpreter.cpp:1309) 36 com.apple.JavaScriptCore 0x0000000107729104 llint_slow_path_debug + 116 (LLIntSlowPaths.cpp:1496) 37 com.apple.JavaScriptCore 0x0000000107735faa llint_entry + 30902 38 com.apple.JavaScriptCore 0x000000010773547c llint_entry + 28040 39 com.apple.JavaScriptCore 0x000000010773547c llint_entry + 28040 40 com.apple.JavaScriptCore 0x000000010772e4de vmEntryToJavaScript + 334 41 com.apple.JavaScriptCore 0x000000010751eb6a JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 218 (JITCode.cpp:80) 42 com.apple.JavaScriptCore 0x00000001074a9cd5 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 997 (Interpreter.cpp:1015) 43 com.apple.JavaScriptCore 0x0000000106d5824e JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 190 (CallData.cpp:40) 44 com.apple.JavaScriptCore 0x0000000106d582b3 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 83 (CallData.cpp:45) 45 com.apple.JavaScriptCore 0x0000000106d584ab JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 139 (CallData.cpp:64) 46 com.apple.WebCore 0x000000010aef4a8b WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 139 (JSMainThreadExecState.h:75) 47 com.apple.WebCore 0x000000010bded983 WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext&) + 563 (ScheduledAction.cpp:104) 48 com.apple.WebCore 0x000000010bded582 WebCore::ScheduledAction::execute(WebCore::Document&) + 274 (ScheduledAction.cpp:125) 49 com.apple.WebCore 0x000000010bded443 WebCore::ScheduledAction::execute(WebCore::ScriptExecutionContext&) + 67 (ScheduledAction.cpp:78) 50 com.apple.WebCore 0x000000010a685888 WebCore::DOMTimer::fired() + 952 (DOMTimer.cpp:348) 51 com.apple.WebCore 0x000000010c2d013a WebCore::ThreadTimers::sharedTimerFiredInternal() + 394 (ThreadTimers.cpp:124) 52 com.apple.WebCore 0x000000010c2d1381 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:73) 53 com.apple.WebCore 0x000000010c2d134d void std::__1::__invoke_void_return_wrapper<void>::__call<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&>(WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0&&&) + 45 (__functional_base:441) 54 com.apple.WebCore 0x000000010c2d12ec std::__1::__function::__func<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, std::__1::allocator<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0>, void ()>::operator()() + 44 (functional:1407) 55 com.apple.WebCore 0x0000000109ed8b2a std::__1::function<void ()>::operator()() const + 26 (functional:1793) 56 com.apple.WebCore 0x000000010b65235f WebCore::MainThreadSharedTimer::fired() + 111 (MainThreadSharedTimer.cpp:53) 57 com.apple.WebCore 0x000000010b652759 WebCore::timerFired(__CFRunLoopTimer*, void*) + 41 (MainThreadSharedTimerCF.cpp:74) 58 com.apple.CoreFoundation 0x00007fff8e811b94 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 59 com.apple.CoreFoundation 0x00007fff8e811823 __CFRunLoopDoTimer + 1075 60 com.apple.CoreFoundation 0x00007fff8e81137a __CFRunLoopDoTimers + 298 61 com.apple.CoreFoundation 0x00007fff8e808871 __CFRunLoopRun + 1841 62 com.apple.CoreFoundation 0x00007fff8e807ed8 CFRunLoopRunSpecific + 296 63 com.apple.HIToolbox 0x00007fff91fb2935 RunCurrentEventLoopInMode + 235 64 com.apple.HIToolbox 0x00007fff91fb276f ReceiveNextEventCommon + 432 65 com.apple.HIToolbox 0x00007fff91fb25af _BlockUntilNextEventMatchingListInModeWithFilter + 71 66 com.apple.AppKit 0x00007fff92301df6 _DPSNextEvent + 1067 67 com.apple.AppKit 0x00007fff92301226 -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454 68 com.apple.AppKit 0x00007fff922f5d80 -[NSApplication run] + 682 69 com.apple.AppKit 0x00007fff922bf368 NSApplicationMain + 1176 70 libxpc.dylib 0x00000001060a5194 _xpc_objc_main + 795 71 libxpc.dylib 0x00000001060a3bbe xpc_main + 494 72 com.apple.WebKit.WebContent.Development 0x0000000102bd7110 main + 800 73 libdyld.dylib 0x00007fff8e01d5ad start + 1

Attachments
Add attachment proposed patch, testcase, etc.

Ryan Haddad

Comment 1 2016-06-30 10:06:41 PDT

Seems to have started with <https://trac.webkit.org/changeset/202659>

Radar WebKit Bug Importer

Comment 2 2016-06-30 10:09:01 PDT

<rdar://problem/27108882>

Ryan Haddad

Comment 3 2016-06-30 15:31:19 PDT

Duping to original bug since the change was rolled out. *** This bug has been marked as a duplicate of bug 158210 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 158210

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Web Inspector

Assignee

Nobody

Reported

2016-06-30 10:00 PDT

Modified

2016-06-30 15:31 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks