Bug 278738
| Summary: | [ Sonoma wk2 x86_64]: fast/canvas/image-buffer-backend-variants.html is a flaky crash. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Anfernee Viduya <aviduya> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | fujii, kkinnunen, marcus_plutowski, webkit-bot-watchers-bugzilla, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=276913 | ||
Anfernee Viduya
fast/canvas/image-buffer-backend-variants.html
has been a flaky crash.
HISTORY:
https://results.webkit.org/?platform=mac&suite=layout-tests&test=fast%2Fcanvas%2Fimage-buffer-backend-variants.html
SYMBOLICATED LOG:
0 com.apple.JavaScriptCore 0x59be75778 WTFCrashWithInfoImpl(int, char const*, char const*, int, unsigned long long)
1 com.apple.JavaScriptCore 0x59c3ccd26 JSC::LinkBuffer::linkCode(JSC::MacroAssembler&, JSC::JITCompilationEffort)
2 com.apple.JavaScriptCore 0x59cba2fa4 JSC::JIT::compileAndLinkWithoutFinalizing(JSC::JITCompilationEffort)
3 com.apple.JavaScriptCore 0x59cb8633c JSC::BaselineJITPlan::compileInThreadImpl(JSC::JITCompilationEffort)
4 com.apple.JavaScriptCore 0x59cc7aefe JSC::JITPlan::compileInThread(JSC::JITWorklistThread*)
LINK:
https://build.webkit.org/results/Apple-Sonoma-Release-WK2-Tests/282788@main%20(4335)/fast/canvas/image-buffer-backend-variants-crash-log.txt
REPRODUCIBILITY:
Currently I am setting up a machine that can reproduce this crash. Will Update bug when updated.
DESCRIPTION:
This test has been crashing on this queue for some time now. No exact regression point was determined.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/134796136>
EWS
Test gardening commit 282808@main (a1ca824c11c2): <https://commits.webkit.org/282808@main>
Reviewed commits have been landed. Closing PR #32775 and removing active labels.
Anfernee Viduya
REPRODUCIBILITY:
I was able to reproduce this issue on ToT using command.
run-webkit-test fast/canvas/image-buffer-backend-variants.html --iterations=10
Fujii Hironori
The release assertion fails in performJITMemcpy:
> RELEASE_ASSERT(runLength <= maxZeroByteRunLength, buffer);
Kimmo Kinnunen
Marcus, could you take a look. Is the added release assert exposing an older issue or is it a problem from the commit in bug 276913?
Marcus Plutowski
I'll take a look. This assert firing means that the AssemblerBuffer (where we emit code before it gets linked) contains an unexpectedly long string of 0s -- 16 or more, which should not be valid x86 ASM. A few questions:
1. Does this reproduce locally, or just on the test runner?
2. Does this reproduce when run alone, or only when run as part of a large batch of tests running in parallel?
3. Is it possible for me to see the .ips files which resulted from the crashes in the link https://results.webkit.org/?platform=mac&suite=layout-tests&test=fast%2Fcanvas%2Fimage-buffer-backend-variants.html ?
Anfernee Viduya
(In reply to Marcus Plutowski from comment #6)
> 1. Does this reproduce locally, or just on the test runner?
It reproduces locally on specified machine configurations
> 2. Does this reproduce when run alone, or only when run as part of a large
> batch of tests running in parallel?
It does reproduce on its own, not needing a test batch to crash.
> 3. Is it possible for me to see the .ips files which resulted from the
> crashes in the link
> https://results.webkit.org/?platform=mac&suite=layout-
> tests&test=fast%2Fcanvas%2Fimage-buffer-backend-variants.html ?
I'll try to get that file.