[Webkit-unassigned] [Bug 217189] [GStreamer] webaudio/Convolver/unmmodified-buffer.html is flaky timing out and crashing inside JSC since added in r267307

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 1 13:51:18 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=217189

--- Comment #4 from Lauro Moura <lmoura at igalia.com> ---
Created attachment 410267

  --> https://bugs.webkit.org/attachment.cgi?id=410267&action=review

JSC::UnlinkedMetadataTable::link() segfaults inside a memset call

Thread 1 (Thread 0x7f8534e619c0 (LWP 107)):
#0  __memset_avx2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:202
#1  0x00007f853ccc8cbc in JSC::UnlinkedMetadataTable::link() (this=0x7f84f0261210) at ../../Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h:122
#2  0x00007f853ccac4ad in JSC::CodeBlock::CodeBlock(JSC::VM&, JSC::Structure*, JSC::ScriptExecutable*, JSC::UnlinkedCodeBlock*, JSC::JSScope*) (this=0x7f84da2ee270, vm=..., structure=0x7f84f10f8d90, ownerExecutable=0x7f84da2b6a00, unlinkedCodeBlock=0x7f84f1050bb0, scope=0x7f84f1078260) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:359
#3  0x00007f853dd21062 in JSC::FunctionCodeBlock::FunctionCodeBlock(JSC::VM&, JSC::Structure*, JSC::FunctionExecutable*, JSC::UnlinkedFunctionCodeBlock*, JSC::JSScope*) (this=0x7f84da2ee270, vm=..., structure=0x7f84f10f8d90, ownerExecutable=0x7f84da2b6a00, unlinkedCodeBlock=0x7f84f1050bb0, scope=0x7f84f1078260) at ../../Source/JavaScriptCore/bytecode/FunctionCodeBlock.h:77
#4  0x00007f853dd20fa0 in JSC::FunctionCodeBlock::create(JSC::VM&, JSC::FunctionExecutable*, JSC::UnlinkedFunctionCodeBlock*, JSC::JSScope*) (vm=..., ownerExecutable=0x7f84da2b6a00, unlinkedCodeBlock=0x7f84f1050bb0, scope=0x7f84f1078260) at ../../Source/JavaScriptCore/bytecode/FunctionCodeBlock.h:59
#5  0x00007f853dd1c04a in JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::Exception*&) (this=0x7f84da2b6a00, kind=JSC::CodeForCall, function=0x7f84da2bb520, scope=0x7f84f1078260, exception=@0x7ffdc4a816e0: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:340
#6  0x00007f853dd1c64a in JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7f84da2b6a00, vm=..., function=0x7f84da2bb520, scope=0x7f84f1078260, kind=JSC::CodeForCall, resultCodeBlock=@0x7ffdc4a81a40: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:422
#7  0x00007f853d193bdf in JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable>(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7f84da2b6a00, vm=..., function=0x7f84da2bb520, scope=0x7f84f1078260, kind=JSC::CodeForCall, resultCodeBlock=@0x7ffdc4a81a40: 0x0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:1086
#8  0x00007f853d8c3ab3 in JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) (calleeFrame=0x7ffdc4a81a30, kind=JSC::CodeForCall, calleeAsValue=..., callLinkInfo=0x7f84da4933b8) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1743
#9  0x00007f853d8c5512 in JSC::LLInt::genericCall<JSC::OpCall>(JSC::CodeBlock*, JSC::CallFrame*, JSC::OpCall&&, JSC::CodeSpecializationKind, unsigned int) (codeBlock=0x7f84da2ee140, callFrame=0x7ffdc4a81ab0, bytecode=..., kind=JSC::CodeForCall, checkpointIndex=0) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1788
#10 0x00007f853d8baa96 in JSC::LLInt::llint_slow_path_call(JSC::CallFrame*, JSC::Instruction const*) (callFrame=0x7ffdc4a81ab0, pc=0x7f84f0292888) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1795
#11 0x00007f853c800712 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:97
#12 0x00007ffdc4a81ab0 in  ()
#13 0x0000000000000000 in  ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201001/91fd7f19/attachment-0001.htm>

More information about the webkit-unassigned mailing list