[Webkit-unassigned] [Bug 217189] [GStreamer] webaudio/Convolver/unmmodified-buffer.html is flaky timing out and crashing inside JSC since added in r267307

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 1 13:45:01 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=217189

--- Comment #2 from Lauro Moura <lmoura at igalia.com> ---
Created attachment 410265

  --> https://bugs.webkit.org/attachment.cgi?id=410265&action=review

JSC::PrivateFieldPutKind::PrivateFieldPutKind(..) fails assert on m_value

STDERR: ASSERTION FAILED: m_value == None || m_value == Set || m_value == Define

Thread 1 (Thread 0x7efc2131e9c0 (LWP 107)):
#0  WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295                                                                                                                                               
#1  0x00007efc38a81ed7 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#2  0x00007efc28d7f40f in JSC::PrivateFieldPutKind::PrivateFieldPutKind(unsigned char) (this=0x7fffd692ce17, value=226 '\342') at ../../Source/JavaScriptCore/runtime/PrivateFieldPutKind.h:57
#3  0x00007efc28d7f383 in JSC::PrivateFieldPutKind::fromByte(unsigned char) (byte=226 '\342') at ../../Source/JavaScriptCore/runtime/PrivateFieldPutKind.h:41                                  
#4  0x00007efc28dcb3ce in JSC::Fits<JSC::PrivateFieldPutKind, (JSC::OpcodeSize)1, std::integral_constant<bool, true> >::convert(unsigned char) (putMode=226 '\342') at ../../Source/JavaScriptCore/bytecode
/Fits.h:406
#5  0x00007efc28d891a1 in JSC::OpPutPrivateName::OpPutPrivateName(unsigned char const*) (this=0x7fffd692d350, stream=0x7efc1ede6481 "\351QG\342\266\031\237\373Br\f\202\332P\237\177\232u\016\276.O\220\277
\206W/\272\207M\240\273\341U\217\202\062Y/\220\210M\240*\217W\217F\336Z/e\211M\240\231<Y\217\t\212\\/;\212M\240\t\352Z\217\315\065^/\021\213M\240x\227\\\217\220\341_/\347\213M\240\347D^\217S\215a/\275\21
4M\240V\362_\217\027\071cFJ\205\225\360ޫ\001") at DerivedSources/JavaScriptCore/BytecodeStructs.h:9704 
#6  0x00007efc28d89457 in JSC::OpPutPrivateName::decode(unsigned char const*) (stream=0x7efc1ede6480 ")\351QG\342\266\031\237\373Br\f\202\332P\237\177\232u\016\276.O\220\277\206W/\272\207M\240\273\341U\2
17\202\062Y/\220\210M\240*\217W\217F\336Z/e\211M\240\231<Y\217\t\212\\/;\212M\240\t\352Z\217\315\065^/\021\213M\240x\227\\\217\220\341_/\347\213M\240\347D^\217S\215a/\275\214M\240V\362_\217\027\071cFJ\20
5\225\360ޫ\001") at DerivedSources/JavaScriptCore/BytecodeStructs.h:9738         
#7  0x00007efc28dccd8e in JSC::BaseInstruction<JSC::OpcodeID>::as<JSC::OpPutPrivateName, JSC::JSOpcodeTraits>() const (this=0x7efc1ede6480) at ../../Source/JavaScriptCore/bytecode/Instruction.h:165
#8  0x00007efc2916bccf in JSC::CodeBlock::finishCreation(JSC::VM&, JSC::ScriptExecutable*, JSC::UnlinkedCodeBlock*, JSC::JSScope*) (this=0x7efc066fb6a0, vm=..., ownerExecutable=0x7efc066ac380, unlinkedCo
deBlock=0x7efc1d450d10, scope=0x7efc1c0f4b68) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:545          
#9  0x00007efc2a1ddfc3 in JSC::FunctionCodeBlock::create(JSC::VM&, JSC::FunctionExecutable*, JSC::UnlinkedFunctionCodeBlock*, JSC::JSScope*) (vm=..., ownerExecutable=0x7efc066ac380, unlinkedCodeBlock=0x7
efc1d450d10, scope=0x7efc1c0f4b68) at ../../Source/JavaScriptCore/bytecode/FunctionCodeBlock.h:60
#10 0x00007efc2a1d904a in JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::Exception*&) (this=0x7efc066ac380, kind=JSC::CodeForCall, function=0x7e
fc066bf7e0, scope=0x7efc1c0f4b68, exception=@0x7fffd692d600: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:340
#11 0x00007efc2a1d964a in JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7efc066ac380, vm=..., function=0
x7efc066bf7e0, scope=0x7efc1c0f4b68, kind=JSC::CodeForCall, resultCodeBlock=@0x7fffd692d960: 0x7fffd692d9d0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:422
#12 0x00007efc29650bdf in JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable>(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7efc066ac38
0, vm=..., function=0x7efc066bf7e0, scope=0x7efc1c0f4b68, kind=JSC::CodeForCall, resultCodeBlock=@0x7fffd692d960: 0x7fffd692d9d0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:1086
#13 0x00007efc29d80ab3 in JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) (calleeFrame=0x7fffd692d950, kind=JSC::CodeForCall, calleeAsValue=...,
 callLinkInfo=0x7efc1c0c93b8) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1743                                                                                                                 
#14 0x00007efc29d82512 in JSC::LLInt::genericCall<JSC::OpCall>(JSC::CodeBlock*, JSC::CallFrame*, JSC::OpCall&&, JSC::CodeSpecializationKind, unsigned int) (codeBlock=0x7efc066fb440, callFrame=0x7fffd692d
9d0, bytecode=..., kind=JSC::CodeForCall, checkpointIndex=0) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1788            
#15 0x00007efc29d77a96 in JSC::LLInt::llint_slow_path_call(JSC::CallFrame*, JSC::Instruction const*) (callFrame=0x7fffd692d9d0, pc=0x7efc1c68fc03) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
1795                                                                                                                                                                                                       
#16 0x00007efc28cbd712 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:97      
#17 0x00007fffd692d9d0 in  ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201001/24f978f4/attachment-0001.htm>

More information about the webkit-unassigned mailing list