[Webkit-unassigned] [Bug 242615] New: REGRESSION (252288 at main?): 10 wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js failing on JSC Debug bots

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 11 16:41:53 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=242615

            Bug ID: 242615
           Summary: REGRESSION (252288 at main?): 10
                    wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js
                    failing on JSC Debug bots
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rackler at apple.com

The following JSC tests are failing on debug bots:
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-bbqb3
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-eager-jettison
stress/gc-invocation-with-transfer.js.ftl-no-cjit-validate-sampling-profiler
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-slow-memory
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-eager
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-no-tls-context
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-air
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.default-wasm
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-b3
wasm.yaml/wasm/js-api/dont-mmap-zero-byte-memory.js.wasm-no-cjit-yes-tls-context

https://build.webkit.org/#/builders/378/builds/1339

Crash Log:
ASSERTION FAILED: currentHeapSize >= m_sizeAfterLastCollect
heap/Heap.cpp(2364) : void JSC::Heap::updateAllocationLimits()
1   0x1154fde54 WTFCrash
2   0x115b103f0 JSC::IntlListFormat::initializeListFormat(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue)
3   0x1168ef928 JSC::Heap::updateAllocationLimits()
4   0x1168ee11c JSC::Heap::runEndPhase(JSC::GCConductor)
5   0x1168ec94c JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*)
6   0x11693db7c JSC::Heap::collectInMutatorThread()::$_0::operator()(JSC::CurrentThreadState&) const
7   0x11693db10 WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_0>::implFunction(void*, JSC::CurrentThreadState&)
8   0x116999670 void WTF::ScopedLambda<void (JSC::CurrentThreadState&)>::operator()<JSC::CurrentThreadState&>(JSC::CurrentThreadState&) const
9   0x1169995f4 JSC::callWithCurrentThreadState(WTF::ScopedLambda<void (JSC::CurrentThreadState&)> const&)
10  0x1168f1418 JSC::Heap::collectInMutatorThread()
11  0x1168f11dc JSC::Heap::stopIfNecessarySlow(unsigned int)
12  0x1168f0fc8 JSC::Heap::stopIfNecessarySlow()
13  0x1168ec178 JSC::Heap::stopIfNecessary()
14  0x1168e8e48 JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*)
15  0x1168e8b94 JSC::Heap::reportExtraMemoryAllocatedSlowCase(unsigned long)
16  0x116edddc8 JSC::Heap::reportExtraMemoryAllocated(unsigned long)
17  0x117130f74 JSC::JSArrayBufferView::ConstructionContext::ConstructionContext(JSC::VM&, JSC::Structure*, unsigned long, unsigned int, JSC::JSArrayBufferView::ConstructionContext::InitializationMode)
18  0x11713113c JSC::JSArrayBufferView::ConstructionContext::ConstructionContext(JSC::VM&, JSC::Structure*, unsigned long, unsigned int, JSC::JSArrayBufferView::ConstructionContext::InitializationMode)
19  0x116735c14 JSC::JSGenericTypedArrayView<JSC::Uint8Adaptor>::create(JSC::JSGlobalObject*, JSC::Structure*, unsigned long)
20  0x116676d94 JSC::JSObject* JSC::constructGenericTypedArrayViewWithArguments<JSC::JSGenericTypedArrayView<JSC::Uint8Adaptor> >(JSC::JSGlobalObject*, JSC::Structure*, long long, unsigned long, std::__1::optional<unsigned long>)
21  0x1172bf108 long long JSC::constructGenericTypedArrayViewImpl<JSC::JSGenericTypedArrayView<JSC::Uint8Adaptor> >(JSC::JSGlobalObject*, JSC::CallFrame*)
22  0x1172bebf0 JSC::constructUint8Array(JSC::JSGlobalObject*, JSC::CallFrame*)
23  0x11e6040f0
24  0x115b6c894 llint_entry
25  0x115b46340 vmEntryToJavaScript
26  0x116b503fc JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
27  0x116b4fa14 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
28  0x116fe5908 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
29  0x102f97030 runWithOptions(GlobalObject*, CommandLine&, bool&)
30  0x102f4aac8 jscmain(int, char**)::$_12::operator()(JSC::VM&, GlobalObject*, bool&) const
31  0x102f15080 int runJSC<jscmain(int, char**)::$_12>(CommandLine const&, bool, jscmain(int, char**)::$_12 const&)
test_script_36349: line 2: 89561 Segmentation fault: 11  ( "$@" ../../.vm/JavaScriptCore.framework/Helpers/jsc --useFTLJIT\=false --useFunctionDotArguments\=true --validateExceptionChecks\=true --useDollarVM\=true --maxPerThreadStackUsage\=1572864 --validateGraph\=true --validateBCE\=true --useSamplingProfiler\=true --airForceIRCAllocator\=true --useDataICInFTL\=true --forceUnlinkedDFG\=true --useFTLJIT\=true --useConcurrentJIT\=false --thresholdForJITAfterWarmUp\=100 --scribbleFreeCells\=true gc-invocation-with-transfer.js )

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220711/6fbb73f7/attachment-0001.htm>

More information about the webkit-unassigned mailing list