[Webkit-unassigned] [Bug 198795] New: API Test [Mojave+ WK2 Debug ] TestWebKitAPI.WKAttachmentTestsMac.InsertDroppedFilePromisesAsAttachments is a flaky crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 12 11:05:33 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=198795

            Bug ID: 198795
           Summary: API Test [Mojave+ WK2 Debug ]
                    TestWebKitAPI.WKAttachmentTestsMac.InsertDroppedFilePr
                    omisesAsAttachments is a flaky crash
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit API
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sroberts at apple.com

The following API test is a flaky crash on Mojave+ WK2 Debug testers

TestWebKitAPI.WKAttachmentTestsMac.InsertDroppedFilePromisesAsAttachments

Test was added in r235137

Test appears to have been a flaky crash for quite some time now but it appears we have not noticed it.

around 6/07/2019 it started to crash more consistently and around 6/11/2019 started to crash every 3 runs or so.

https://build.webkit.org/builders/Apple%20Mojave%20Debug%20WK2%20%28Tests%29?numbuilds=200 I can see a crash back on May 31st as well. https://build.webkit.org/builders/Apple%20Mojave%20Debug%20WK2%20%28Tests%29/builds/2836/steps/run-api-tests/logs/stdio

Reproduced locally 2 ways. 

run-api-tests TestWebKitAPI.WKAttachmentTestsMac.InsertDroppedFilePromisesAsAttachments --iter 200 --debug

I can also reproduce it in guard malloc and it fails more consistently in that configuration.

I can reproduce the crash in both modes going all the way back to r235137 and it produces the same crash. I don't know if recent jsc changes in this area may have made it more consistent. 

Attaching the full crash log and the guard malloc crash log to the radar. 

0   com.apple.JavaScriptCore            0x000000010bc798cd bmalloc::SmallLine::deref(std::__1::unique_lock<bmalloc::Mutex>&) + 45
1   com.apple.JavaScriptCore            0x000000010bc795fc bmalloc::Heap::derefSmallLine(std::__1::unique_lock<bmalloc::Mutex>&, bmalloc::Object, std::__1::array<bmalloc::List<bmalloc::SmallPage>, 112ul>&) + 60
2   com.apple.JavaScriptCore            0x000000010bc79525 bmalloc::Deallocator::processObjectLog(std::__1::unique_lock<bmalloc::Mutex>&) + 165
3   com.apple.JavaScriptCore            0x000000010bc7976e bmalloc::Deallocator::deallocateSlowCase(void*) + 270
4   com.apple.JavaScriptCore            0x000000010bbe3244 bmalloc::Deallocator::deallocate(void*) + 68
5   com.apple.JavaScriptCore            0x000000010bbe31e5 bmalloc::Cache::deallocate(bmalloc::HeapKind, void*) + 165
6   com.apple.JavaScriptCore            0x000000010bbe277b bmalloc::api::free(void*, bmalloc::HeapKind) + 27
7   com.apple.JavaScriptCore            0x000000010bbe2757 WTF::fastFree(void*) + 23
8   com.apple.JavaScriptCore            0x000000010bc40737 WTF::StringWrapperCFAllocator::deallocate(void*, void*) + 103

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190612/85db8a64/attachment.html>

More information about the webkit-unassigned mailing list