NEW 229594
[ Win EWS] js/dfg-int16array.html is a flaky crash under WebCore::LayoutIntegration::LineLayout::constructContent 
https://bugs.webkit.org/show_bug.cgi?id=229594
Summary [ Win EWS] js/dfg-int16array.html is a flaky crash under WebCore::LayoutInteg...
Robert Jenner
Reported 2021-08-26 17:27:21 PDT
js/dfg-int16array.html is a flaky crash on Windows EWS, and it looks like it has crashed once on OpenSource. HISTORY: https://results.webkit.org/?suite=layout-tests&test=js%2Fdfg-int16array.html BUILD: https://build.webkit.org/#/builders/50/builds/2089 Unfortunately it doesn't look like any useful data about the OpenSource crash was collected. There is a crashlog from the flaky crashes occurring on EWS. EWS BUILD: https://ews-build.webkit.org/#/builders/10/builds/102590 CRASH URL: https://ews-build.s3-us-west-2.amazonaws.com/Windows-EWS/r436576-102590/js/dfg-int16array-crash-log.txt CRASH TEXT: 05 (Inline Function) --------`-------- WebKit!WTF::Vector<WebCore::LayoutIntegration::Run,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::shrinkCapacity+0x2b [C:\cygwin\home\buildbot\worker\Windows-EWS\build\WebKitBuild\Release\DerivedSources\ForwardingHeaders\wtf\Vector.h @ 1251] 06 (Inline Function) --------`-------- WebKit!WTF::Vector<WebCore::LayoutIntegration::Run,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::shrinkToFit+0x2f [C:\cygwin\home\buildbot\worker\Windows-EWS\build\WebKitBuild\Release\DerivedSources\ForwardingHeaders\wtf\Vector.h @ 769] Full crash log has been attached to this bug.
Attachments
Full crashlog from windows EWS (352.93 KB, text/plain)
2021-08-26 17:28 PDT, Robert Jenner 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Robert Jenner
Comment 1 2021-08-26 17:28:26 PDT
Created attachment 436592 [details] Full crashlog from windows EWS
Robert Jenner
Comment 2 2021-08-26 17:33:44 PDT
Set expectations to [ Pass Crash ] for Windows here: https://trac.webkit.org/changeset/281675/webkit
Radar WebKit Bug Importer
Comment 3 2021-08-26 17:34:55 PDT
<rdar://problem/82414987>
Ryan Haddad
Comment 4 2021-08-27 09:36:28 PDT
Frame[00] Triage Symbol: [WTF!abort+0x35] Frame[01] Triage Symbol: [WTF!WTF::fastMalloc+0x18] Frame[02] Triage Symbol: [WebKit!WebCore::LayoutIntegration::LineLayout::constructContent+0x1c0] Frame[03] Triage Symbol: [WebKit!WebCore::LayoutIntegration::LineLayout::layout+0x14f] Frame[04] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutModernLines+0x347] Frame[05] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlock+0x380] Frame[06] Triage Symbol: [WebKit!WebCore::RenderBlock::layout+0x80] Frame[07] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChild+0x292] Frame[08] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChildren+0x508] Frame[09] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlock+0x43f] Frame[0a] Triage Symbol: [WebKit!WebCore::RenderBlock::layout+0x80] Frame[0b] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChild+0x292] Frame[0c] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChildren+0x508] Frame[0d] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlock+0x43f] Frame[0e] Triage Symbol: [WebKit!WebCore::RenderBlock::layout+0x80] Frame[0f] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChild+0x292] Frame[10] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlockChildren+0x508] Frame[11] Triage Symbol: [WebKit!WebCore::RenderBlockFlow::layoutBlock+0x43f] Frame[12] Triage Symbol: [WebKit!WebCore::RenderBlock::layout+0x80] Frame[13] Triage Symbol: [WebKit!WebCore::RenderView::layout+0x2ed] Frame[14] Triage Symbol: [WebKit!WebCore::FrameViewLayoutContext::layout+0x5bf] Frame[15] Triage Symbol: [WebKit!WebCore::Document::implicitClose+0x35d] Frame[16] Triage Symbol: [WebKit!WebCore::FrameLoader::checkCompleted+0x13f] Frame[17] Triage Symbol: [WebKit!WebCore::CachedResourceLoader::loadDone+0x80] Frame[18] Triage Symbol: [WebKit!WebCore::SubresourceLoader::notifyDone+0x55] Frame[19] Triage Symbol: [WebKit!WebCore::SubresourceLoader::didFinishLoading+0x163] Frame[1a] Triage Symbol: [WebKit!<lambda_e7e2d454785dfeaf6199132ec807941c>::operator+0xec] Frame[1b] Triage Symbol: [WTF!WTF::RunLoop::performWork+0x23f]
Ryan Haddad
Comment 5 2021-08-27 14:06:09 PDT
Two other affected tests: https://trac.webkit.org/changeset/281719/webkit
Ryan Haddad
Comment 6 2021-08-27 14:06:14 PDT
*** Bug 229626 has been marked as a duplicate of this bug. ***
Eric Hutchison
Comment 11 2021-09-22 16:41:32 PDT
js/dfg-uint8clampedarray.html is a flaky crash on Win EWS History: https://results.webkit.org/?suite=layout-tests&test=js/dfg-uint8clampedarray.html https://ews-build.webkit.org/#/builders/10/builds/105957 Updated test expectations at https://trac.webkit.org/changeset/282892/webkit
Eric Hutchison
Comment 12 2021-09-23 15:30:17 PDT
js/dfg-float64array.html History: https://results.webkit.org/?suite=layout-tests&test=js/dfg-float64array.html Results: https://ews-build.webkit.org/#/builders/10/builds/106064, https://build.webkit.org/results/Apple-Win-10-Release-Tests/r282870%20(2511)/results.html STDIO: 11:53:48.723 5595 worker/11 worker/11 js/dfg-float64array.html crashed, (no stderr) 11:53:48.725 5595 [26997/29873] js/dfg-float64array.html failed unexpectedly (DumpRenderTree crashed [pid=8348]) 11:53:48.726 5595 worker/11 killing driver 11:53:48.726 5595 worker/11 js/dfg-float64array.html failed: 11:53:48.726 5595 worker/11 DumpRenderTree crashed [pid=8348] Updated test expectations at https://trac.webkit.org/changeset/283015/webkit
Note You need to log in before you can comment on or make changes to this bug.