[Webkit-unassigned] [Bug 217956] New: [GLIB] webaudio/DynamicsCompressor/dynamicscompressor-simple.html is a flaky crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 20 08:13:03 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=217956

            Bug ID: 217956
           Summary: [GLIB]
                    webaudio/DynamicsCompressor/dynamicscompressor-simple.
                    html is a flaky crash
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Audio
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dpino at igalia.com
                CC: cdumez at apple.com

webaudio/DynamicsCompressor/dynamicscompressor-simple.html [ Crash ]

The test has been frequently flaky crashing in the last 4000 revisions.

Crash-log: https://build.webkit.org/results/GTK-Linux-64-bit-Release-Tests/r268726%20(16530)/webaudio/DynamicsCompressor/dynamicscompressor-simple-crash-log.txt

Thread 1 (Thread 0x7f916a2b89c0 (LWP 7979)):
#0  0x00007f916fedb78a in JSC::CodeBlock::unlinkIncomingCalls() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#1  0x00007f916fedb413 in JSC::CodeBlock::~CodeBlock() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#2  0x00007f917049792a in void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::DefaultDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::DefaultDestroyFunc const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#3  0x00007f91704963c8 in JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::DefaultDestroyFunc>(JSC::FreeList*, JSC::DefaultDestroyFunc const&)::{lambda()#1}::operator()() const () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#4  0x00007f9170495413 in void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::DefaultDestroyFunc>(JSC::FreeList*, JSC::DefaultDestroyFunc const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 
#5  0x00007f917048e492 in JSC::HeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#6  0x00007f91704a2510 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#7  0x00007f91704751f8 in JSC::BlockDirectory::sweep() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#8  0x00007f91704b0428 in JSC::Subspace::sweepBlocks() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#9  0x00007f9170480b46 in JSC::Heap::deleteUnmarkedCompiledCode() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#10 0x00007f9170485823 in JSC::Heap::finalize() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#11 0x00007f9170485219 in JSC::Heap::handleNeedFinalize(unsigned int) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#12 0x00007f9170481cee in JSC::Heap::finishChangingPhase(JSC::GCConductor) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#13 0x00007f9170483c02 in JSC::Heap::runEndPhase(JSC::GCConductor) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#14 0x00007f9170481b3d in JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#15 0x00007f9170487ef8 in WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_0>::implFunction(void*, JSC::CurrentThreadState&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#16 0x00007f917049d167 in JSC::callWithCurrentThreadState(WTF::ScopedLambda<void (JSC::CurrentThreadState&)> const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#17 0x00007f91704852ce in JSC::Heap::collectInMutatorThread() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#18 0x00007f9170484fe4 in JSC::Heap::stopIfNecessarySlow() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#19 0x00007f917047db5e in JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#20 0x00007f91709d82f5 in JSC::Structure::materializePropertyTable(JSC::VM&, bool) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#21 0x00007f9173c3c027 in int JSC::Structure::add<(JSC::Structure::ShouldPin)1, JSC::JSObject::prepareToPutDirectWithoutTransition(JSC::VM&, JSC::PropertyName, unsigned int, unsigned int, JSC::Structure*)::{lambda(JSC::GCSafeConcurrentJSLocker const&, int, int)#1}>(JSC::VM&, JSC::PropertyName, unsigned int, JSC::JSObject::prepareToPutDirectWithoutTransition(JSC::VM&, JSC::PropertyName, unsigned int, unsigned int, JSC::Structure*)::{lambda(JSC::GCSafeConcurrentJSLocker const&, int, int)#1} const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007f9173c37ccb in JSC::JSObject::putDirectWithoutTransition(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007f91709080d8 in JSC::JSTypedArrayViewPrototype::finishCreation(JSC::VM&, JSC::JSGlobalObject*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#24 0x00007f9170915781 in JSC::JSTypedArrayViewPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#25 0x00007f91708b028a in JSC::JSTypedArrayViewPrototype* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSTypedArrayViewPrototype>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::$_11>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSTypedArrayViewPrototype>::Initializer const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#26 0x00007f91708b1e69 in JSC::Structure* JSC::LazyProperty<JSC::JSGlobalObject, JSC::Structure>::callFunc<JSC::LazyClassStructure::initLater<JSC::JSGlobalObject::init(JSC::VM&)::$_20>(JSC::JSGlobalObject::init(JSC::VM&)::$_20 const&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::Structure>::Initializer const&)#1}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::Structure>::Initializer const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#27 0x00007f9173ddc07d in JSC::GenericTypedArrayView<JSC::Float32Adaptor>::wrap(JSC::JSGlobalObject*, JSC::JSGlobalObject*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#28 0x00007f9175514119 in WebCore::jsAudioBufferPrototypeFunction_getChannelData(JSC::JSGlobalObject*, JSC::CallFrame*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#29 0x00007f91295ff178 in  ()
#30 0x00007ffec90dcd90 in  ()
#31 0x00007f916fcac475 in llint_op_call () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#32 0x0000000000000000 in  ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201020/250d4c27/attachment.htm>

More information about the webkit-unassigned mailing list