157338 2016-05-04 00:12:00 -0700 REGRESSION(r200383): All layout and API tests crash in GTK+ debug bot after r200383 2016-05-04 13:02:49 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Local Build Unspecified Unspecified RESOLVED DUPLICATE 157045 https://bugs.webkit.org/show_bug.cgi?id=157340 Gtk, LayoutTestFailure, Regression P2 Normal --- 157045 1 cgarcia webkit-unassigned bugs-noreply clopez fpizlo keith_miller ossy zan oldest_to_newest 1189991 0 cgarcia 2016-05-04 00:12:00 -0700 I haven't tested it myself yet, but looking at the blame list in the bot, r200383 looks like the only change that can break the world this way. There aren't ASSERTIONS in the crash logs, so my guess is that this has to do with system malloc, because tests work in the release bot. 1190015 1 cgarcia 2016-05-04 02:52:00 -0700 Tried a release build with system malloc, and tests didn't crash, so next one to blame was the compiler. Tried a debug build with clang and tests didn't crash either, so it seems to be another GCC problem... $ g++ --version g++ (Debian 4.9.2-10) 4.9.2 1190033 2 clopez 2016-05-04 04:48:44 -0700 (In reply to comment #1) > $ g++ --version > g++ (Debian 4.9.2-10) 4.9.2 4.9 is the same version that the bots run. I wonder if this is also reproducible with GCC 5 or GCC 6 1190036 3 clopez 2016-05-04 04:53:22 -0700 Ii looks like r200383 also broke the Windows debug bot: https://build.webkit.org/builders/Apple%20Win%207%20Debug%20%28Tests%29/builds/69541 1190061 4 zan 2016-05-04 06:19:37 -0700 The callFunc functions that are instantiated must be aligned to the minimum supported value so that the two tags can be encoded into the bottom two bits of the pointer value. This isn't the case in builds with GCC that don't at least use -O2 -- -falign-functions is disabled then, and callFunc address can have the second-lowest bit always set. Lazy initialization in callFunc<>() then fails because the pointer value always seems to encode the initialization tag, returning early and not initializing anything. The simplest way to deal with this would be to slap a aligned() attribute onto the static function declaration. Only tested on x86-64. ARM Thumb2 probably suffers from the same issue, but AFAIU this is occurring even in release builds where -falign-functions should be enabled. 1190175 5 fpizlo 2016-05-04 13:02:49 -0700 *** This bug has been marked as a duplicate of bug 157045 ***