Bug 278132

Summary:	REGRESSION(281900@main?): [ macOS Debug ] workers/wasm-references.html is a flaky crash
Product:	WebKit	Reporter:	Marta Darbinyan <darbinyan>
Component:	New Bugs	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED CONFIGURATION CHANGED
Severity:	Normal	CC:	darbinyan, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified
See Also:	https://bugs.webkit.org/show_bug.cgi?id=278041

Marta Darbinyan

Reported 2024-08-14 16:27:51 PDT

The following test is flaky crash on Sonoma Debug starting from 281900@main. workers/wasm-references.html Crash logs: stderr: ASSERTION FAILED: ((opcode & (1 << 24)) - 1) == opcode ./wasm/WasmOpcodeOrigin.h(56) : JSC::Wasm::OpcodeOrigin::OpcodeOrigin(JSC::Wasm::OpType, uint32_t, size_t) 1 0x11db53b5c JSC::Wasm::OpcodeOrigin::OpcodeOrigin(JSC::Wasm::OpType, unsigned int, unsigned long) 2 0x11db383e8 JSC::Wasm::OpcodeOrigin::OpcodeOrigin(JSC::Wasm::OpType, unsigned int, unsigned long) 3 0x11db11bb0 JSC::Wasm::OMGIRGenerator::origin() 4 0x11db17a50 JSC::Wasm::OMGIRGenerator::addTableFill(unsigned int, JSC::B3::Variable*, JSC::B3::Variable*, JSC::B3::Variable*) 5 0x11dbb1c8c JSC::Wasm::FunctionParser<JSC::Wasm::OMGIRGenerator>::parseExpression() 6 0x11dba309c JSC::Wasm::FunctionParser<JSC::Wasm::OMGIRGenerator>::parseBody() 7 0x11db3460c JSC::Wasm::FunctionParser<JSC::Wasm::OMGIRGenerator>::parse() 8 0x11db38770 JSC::Wasm::parseAndCompileOMG(JSC::Wasm::CompilationContext&, JSC::Wasm::OptimizingJITCallee&, JSC::Wasm::FunctionData const&, JSC::Wasm::TypeDefinition const&, WTF::Vector<JSC::Wasm::UnlinkedWasmToWasmCall, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, JSC::Wasm::CalleeGroup&, JSC::Wasm::ModuleInformation const&, JSC::MemoryMode, JSC::Wasm::CompilationMode, unsigned int, std::__1::optional<bool>, unsigned int, JSC::Wasm::TierUpCount*) 9 0x11dbfa844 JSC::Wasm::OMGPlan::work(JSC::Wasm::Plan::CompilationEffort) 10 0x11dc90690 JSC::Wasm::Worklist::Thread::work() 11 0x11b689450 WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const 12 0x11b689038 WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, void>::call() 13 0x11b6a37f8 WTF::Function<void ()>::operator()() const 14 0x11b7c7fb0 WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) 15 0x11b7d478c WTF::wtfThreadEntryPoint(void*) 16 0x18aa5bfa8 _pthread_start 17 0x18aa56da0 thread_start History: https://results.webkit.org/?platform=ios&platform=mac&style=debug&suite=layout-tests&test=workers%2Fwasm-references.html Test Result: https://build.webkit.org/results/Apple-Ventura-Debug-AppleSilicon-WK1-Tests/281900@main%20(7127)/results.html

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2024-08-14 16:32:36 PDT

<rdar://problem/133888901>

Ryan Haddad

Comment 2 2024-08-14 16:44:26 PDT

The backtrace looks very similar to https://bugs.webkit.org/show_bug.cgi?id=278041

Alexey Proskuryakov

Comment 3 2024-08-15 14:36:18 PDT

Likely fixed in https://commits.webkit.org/282247@main

Note You need to log in before you can comment on or make changes to this bug.