The following API test is a flaky crash on Mojave+ WK2 Debug testers TestWebKitAPI.WKAttachmentTestsMac.InsertDroppedFilePromisesAsAttachments Test was added in r235137 Test appears to have been a flaky crash for quite some time now but it appears we have not noticed it. around 6/07/2019 it started to crash more consistently and around 6/11/2019 started to crash every 3 runs or so. https://build.webkit.org/builders/Apple%20Mojave%20Debug%20WK2%20%28Tests%29?numbuilds=200 I can see a crash back on May 31st as well. https://build.webkit.org/builders/Apple%20Mojave%20Debug%20WK2%20%28Tests%29/builds/2836/steps/run-api-tests/logs/stdio Reproduced locally 2 ways. run-api-tests TestWebKitAPI.WKAttachmentTestsMac.InsertDroppedFilePromisesAsAttachments --iter 200 --debug I can also reproduce it in guard malloc and it fails more consistently in that configuration. I can reproduce the crash in both modes going all the way back to r235137 and it produces the same crash. I don't know if recent jsc changes in this area may have made it more consistent. Attaching the full crash log and the guard malloc crash log to the radar. 0 com.apple.JavaScriptCore 0x000000010bc798cd bmalloc::SmallLine::deref(std::__1::unique_lock<bmalloc::Mutex>&) + 45 1 com.apple.JavaScriptCore 0x000000010bc795fc bmalloc::Heap::derefSmallLine(std::__1::unique_lock<bmalloc::Mutex>&, bmalloc::Object, std::__1::array<bmalloc::List<bmalloc::SmallPage>, 112ul>&) + 60 2 com.apple.JavaScriptCore 0x000000010bc79525 bmalloc::Deallocator::processObjectLog(std::__1::unique_lock<bmalloc::Mutex>&) + 165 3 com.apple.JavaScriptCore 0x000000010bc7976e bmalloc::Deallocator::deallocateSlowCase(void*) + 270 4 com.apple.JavaScriptCore 0x000000010bbe3244 bmalloc::Deallocator::deallocate(void*) + 68 5 com.apple.JavaScriptCore 0x000000010bbe31e5 bmalloc::Cache::deallocate(bmalloc::HeapKind, void*) + 165 6 com.apple.JavaScriptCore 0x000000010bbe277b bmalloc::api::free(void*, bmalloc::HeapKind) + 27 7 com.apple.JavaScriptCore 0x000000010bbe2757 WTF::fastFree(void*) + 23 8 com.apple.JavaScriptCore 0x000000010bc40737 WTF::StringWrapperCFAllocator::deallocate(void*, void*) + 103
Adding Wenson who created the test. Andy who made a recent change that affected Catalina, and Saam and Keith who appear to have made some changes in the past on bmalloc::SmallLine::deref and have had recent changes in this area after the test seems to have gotten more flaky?
<rdar://problem/51674325>
(In reply to Shawn Roberts from comment #1) > Adding Wenson who created the test. Andy who made a recent change that > affected Catalina, and Saam and Keith who appear to have made some changes > in the past on bmalloc::SmallLine::deref and have had recent changes in this > area after the test seems to have gotten more flaky? I don’t think this test failure is relevant to JSC.
Disabled test in https://trac.webkit.org/r246739
Created attachment 389890 [details] Patch
Not against re-enabling this test, but what makes us think it's not flakey?
(In reply to Jonathan Bedard from comment #6) > Not against re-enabling this test, but what makes us think it's not flakey? Ah, I'd only put it in the radar: >I cannot reproduce with today’s trunk with the referenced command: >run-api-tests TestWebKitAPI.WKAttachmentTestsMac.InsertDroppedFilePromisesAsAttachments --iter 200 --debug >… or under guardmalloc. > >Seems like this righted itself at some point.
Comment on attachment 389890 [details] Patch Let's get this landed then, cq+.
The commit-queue encountered the following flaky tests while processing attachment 389890 [details]: editing/spelling/spellcheck-async-remove-frame.html bug 158401 (authors: morrita@google.com, rniwa@webkit.org, and tony@chromium.org) The commit-queue is continuing to process your patch.
Comment on attachment 389890 [details] Patch Clearing flags on attachment: 389890 Committed r257817: <https://trac.webkit.org/changeset/257817>
All reviewed patches have been landed. Closing bug.