[Webkit-unassigned] [Bug 219066] New: [WebRTC] webrtc/audio-sframe.html is flaky crashing since added in r269830

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 17 20:52:11 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=219066

            Bug ID: 219066
           Summary: [WebRTC] webrtc/audio-sframe.html is flaky crashing
                    since added in r269830
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebRTC
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: lmoura at igalia.com
                CC: youennf at gmail.com

Created attachment 414407

  --> https://bugs.webkit.org/attachment.cgi?id=414407&action=review

GTK crash log

webrtc/audio-sframe.html

Crashing frequently on GTK/WPE, and less often on iOs 14 on iPhone SE 1st gen, and Catalina/Mojave Release on Mac Mini.

Full GTK crash log attached. Crashing stack below:

Thread 1 (Thread 0x7f812a10f9c0 (LWP 19256)):
#0  0x00007f8130ba1e0e in WTFCrash () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#1  0x00007f8133cecdfd in WebCore::toJSNewlyCreated(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::RTCRtpTransform, WTF::RawPtrTraits<WebCore::RTCRtpTransform> >&&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f8133cecf12 in WebCore::toJS(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WebCore::RTCRtpTransform&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f8133cb5bf1 in WebCore::jsRTCRtpReceiver_transform(JSC::JSGlobalObject*, long, JSC::PropertyName) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f813090373c in JSC::PropertySlot::customGetter(JSC::JSGlobalObject*, JSC::PropertyName) const () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#5  0x00007f81304df330 in JSC::operationGetByIdOptimize(JSC::JSGlobalObject*, JSC::StructureStubInfo*, long, unsigned long) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#6  0x00007f80e941a34e in  ()
#7  0x00007f80ac6c6d00 in  ()
#8  0x000000000000000a in  ()
#9  0x00007f80e2a00000 in  ()
#10 0x00007f81300451ba in void* JSC::allocateCell<JSC::JSLexicalEnvironment>(JSC::Heap&, unsigned long) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#11 0x00007f81307236dc in slow_path_create_lexical_environment () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#12 0xfffe000000000002 in  ()
#13 0x00007ffd0a7d1780 in  ()
#14 0x00007f812fa88503 in llint_op_call () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#15 0x00007f80ac6c3840 in  ()
#16 0x00007f80e087bde0 in  ()
#17 0x0000034c00000006 in  ()
#18 0x00007f80284c77a0 in  ()
#19 0x00007f80c4282f88 in  ()
#20 0xfffe000000000005 in  ()
#21 0x000000000000000a in  ()
#22 0xfffe000000000000 in  ()
#23 0x00007f80ac6df930 in  ()
#24 0x0000000000000000 in  ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201118/9ee98d94/attachment.htm>

More information about the webkit-unassigned mailing list