| Summary: | [GStreamer] webaudio/Convolver/unmmodified-buffer.html is flaky timing out and crashing inside JSC since added in r267307 | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Lauro Moura <lmoura> |
| Component: | Web Audio | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bugs-noreply, cdumez, dpino, keith_miller, mark.lam, pnormand, saam, webkit-bug-importer, ysuzuki |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Attachments: | |||
|
Description
Lauro Moura
2020-10-01 13:40:50 PDT
Created attachment 410264 [details]
JSC::X86Assembler::getRelocatedAddress fails labe.isSet() assert
Thread 1 (Thread 0x7f4df90e29c0 (LWP 107)):
#0 WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295
#1 0x00007f4e10845ed7 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#2 0x00007f4e00c62cd2 in JSC::X86Assembler::getRelocatedAddress(void*, JSC::AssemblerLabel) (code=0x7f4df8482660, label=...) at ../../Source/JavaScriptCore/assembler/X86Assembler.h:3947 #3 0x00007f4e00ed2a80 in JSC::AbstractMacroAssembler<JSC::X86Assembler>::getLinkerAddress<(WTF::PtrTag)26432>(void*, JSC::AssemblerLabel) (code=0x7f4df8482660, label=...) at ../../Source/JavaScriptCore/assembler/AbstractMacroAssembler.h:880 #4 0x00007f4e013713ac in JSC::LinkBuffer::locationOf<(WTF::PtrTag)26432>(JSC::AbstractMacroAssembler<JSC::X86Assembler>::Label) (this=0x7f4db4474450, label=...) at ../../Source/JavaScriptCore/assembler/
LinkBuffer.h:219 #5 0x00007f4e0154c06c in JSC::JITMathIC<JSC::JITMulGenerator, JSC::BinaryArithProfile>::finalizeInlineCode(JSC::MathICGenerationState const&, JSC::LinkBuffer&) (this=0x7f4db4485120, state=..., linkBuffer=...) at ../../Source/JavaScriptCore/jit/JITMathIC.h:214 #6 0x00007f4e01a8f28a in JSC::JIT::emitMathICSlow<JSC::OpMul, JSC::JITMulGenerator, long (*)(JSC::JSGlobalObject*, long, long, JSC::JITBinaryMathIC<JSC::JITMulGenerator>*), long (*)(JSC::JSGlobalObject*
, long, long, JSC::BinaryArithProfile*), long (*)(JSC::JSGlobalObject*, long, long, JSC::JITBinaryMathIC<JSC::JITMulGenerator>*)>(JSC::JITBinaryMathIC<JSC::JITMulGenerator>*, JSC::Instruction const*, lon
g (*)(JSC::JSGlobalObject*, long, long, JSC::JITBinaryMathIC<JSC::JITMulGenerator>*), long (*)(JSC::JSGlobalObject*, long, long, JSC::BinaryArithProfile*), long (*)(JSC::JSGlobalObject*, long, long, JSC:
:JITBinaryMathIC<JSC::JITMulGenerator>*))::{lambda(JSC::LinkBuffer&)#1}::operator()(JSC::LinkBuffer&) const (this=0x7f4db4476088, linkBuffer=...) at ../../Source/JavaScriptCore/jit/JITArithmetic.cpp:1148
#7 0x00007f4e01aa52a6 in WTF::SharedTaskFunctor<void (JSC::LinkBuffer&), JSC::JIT::emitMathICSlow<JSC::OpMul, JSC::JITMulGenerator, long (*)(JSC::JSGlobalObject*, long, long, JSC::JITBinaryMathIC<JSC::J
ITMulGenerator>*), long (*)(JSC::JSGlobalObject*, long, long, JSC::BinaryArithProfile*), long (*)(JSC::JSGlobalObject*, long, long, JSC::JITBinaryMathIC<JSC::JITMulGenerator>*)>(JSC::JITBinaryMathIC<JSC:
:JITMulGenerator>*, JSC::Instruction const*, long (*)(JSC::JSGlobalObject*, long, long, JSC::JITBinaryMathIC<JSC::JITMulGenerator>*), long (*)(JSC::JSGlobalObject*, long, long, JSC::BinaryArithProfile*), long (*)(JSC::JSGlobalObject*, long, long, JSC::JITBinaryMathIC<JSC::JITMulGenerator>*))::{lambda(JSC::LinkBuffer&)#1}>::run(JSC::LinkBuffer&) (this=0x7f4db4476078, arguments#0=...) at DerivedSources/Fo
rwardingHeaders/wtf/SharedTask.h:91
#8 0x00007f4e00bd50c3 in JSC::LinkBuffer::performFinalization() (this=0x7f4db4474450) at ../../Source/JavaScriptCore/assembler/LinkBuffer.cpp:458
#9 0x00007f4e00bd4927 in JSC::LinkBuffer::finalizeCodeWithoutDisassemblyImpl() (this=0x7f4db4474450) at ../../Source/JavaScriptCore/assembler/LinkBuffer.cpp:68
#10 0x00007f4e013722c4 in JSC::LinkBuffer::finalizeCodeWithoutDisassembly<(WTF::PtrTag)357>() (this=0x7f4db4474450) at ../../Source/JavaScriptCore/assembler/LinkBuffer.h:272
#11 0x00007f4e01a6e511 in JSC::JIT::link() (this=0x7f4db44567a0) at ../../Source/JavaScriptCore/jit/JIT.cpp:961
#12 0x00007f4e01b049e1 in JSC::JITWorklist::Plan::finalize() (this=0x7f4db4456780) at ../../Source/JavaScriptCore/jit/JITWorklist.cpp:55
#13 0x00007f4e01b013ec in JSC::JITWorklist::finalizePlans(WTF::Vector<WTF::RefPtr<JSC::JITWorklist::Plan, WTF::DumbPtrTraits<JSC::JITWorklist::Plan>, WTF::DefaultRefDerefTraits<JSC::JITWorklist::Plan> >,
32ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&) (this=0x7f4df8779280, myPlans=...) at ../../Source/JavaScriptCore/jit/JITWorklist.cpp:314
#14 0x00007f4e01b00f45 in JSC::JITWorklist::poll(JSC::VM&) (this=0x7f4df8779280, vm=...) at ../../Source/JavaScriptCore/jit/JITWorklist.cpp:224
#15 0x00007f4e01b44482 in JSC::LLInt::jitCompileAndSetHeuristics(JSC::VM&, JSC::CodeBlock*, JSC::BytecodeIndex) (vm=..., codeBlock=0x7f4db522fc90, loopOSREntryBytecodeIndex=...) at ../../Source/JavaScrip
tCore/llint/LLIntSlowPaths.cpp:377
#16 0x00007f4e01b2ddf0 in JSC::LLInt::llint_loop_osr(JSC::CallFrame*, JSC::Instruction const*) (callFrame=0x7ffc9c7aad70, pc=0x7f4d9e6fb0d7) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:481
#17 0x00007f4e00a81324 in llint_op_loop_hint () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:97
#18 0x0000000200000002 in ()
#19 0x0000000000000000 in ()
Created attachment 410265 [details]
JSC::PrivateFieldPutKind::PrivateFieldPutKind(..) fails assert on m_value
STDERR: ASSERTION FAILED: m_value == None || m_value == Set || m_value == Define
Thread 1 (Thread 0x7efc2131e9c0 (LWP 107)):
#0 WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295
#1 0x00007efc38a81ed7 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#2 0x00007efc28d7f40f in JSC::PrivateFieldPutKind::PrivateFieldPutKind(unsigned char) (this=0x7fffd692ce17, value=226 '\342') at ../../Source/JavaScriptCore/runtime/PrivateFieldPutKind.h:57
#3 0x00007efc28d7f383 in JSC::PrivateFieldPutKind::fromByte(unsigned char) (byte=226 '\342') at ../../Source/JavaScriptCore/runtime/PrivateFieldPutKind.h:41
#4 0x00007efc28dcb3ce in JSC::Fits<JSC::PrivateFieldPutKind, (JSC::OpcodeSize)1, std::integral_constant<bool, true> >::convert(unsigned char) (putMode=226 '\342') at ../../Source/JavaScriptCore/bytecode
/Fits.h:406
#5 0x00007efc28d891a1 in JSC::OpPutPrivateName::OpPutPrivateName(unsigned char const*) (this=0x7fffd692d350, stream=0x7efc1ede6481 "\351QG\342\266\031\237\373Br\f\202\332P\237\177\232u\016\276.O\220\277
\206W/\272\207M\240\273\341U\217\202\062Y/\220\210M\240*\217W\217F\336Z/e\211M\240\231<Y\217\t\212\\/;\212M\240\t\352Z\217\315\065^/\021\213M\240x\227\\\217\220\341_/\347\213M\240\347D^\217S\215a/\275\21
4M\240V\362_\217\027\071cFJ\205\225\360ޫ\001") at DerivedSources/JavaScriptCore/BytecodeStructs.h:9704
#6 0x00007efc28d89457 in JSC::OpPutPrivateName::decode(unsigned char const*) (stream=0x7efc1ede6480 ")\351QG\342\266\031\237\373Br\f\202\332P\237\177\232u\016\276.O\220\277\206W/\272\207M\240\273\341U\2
17\202\062Y/\220\210M\240*\217W\217F\336Z/e\211M\240\231<Y\217\t\212\\/;\212M\240\t\352Z\217\315\065^/\021\213M\240x\227\\\217\220\341_/\347\213M\240\347D^\217S\215a/\275\214M\240V\362_\217\027\071cFJ\20
5\225\360ޫ\001") at DerivedSources/JavaScriptCore/BytecodeStructs.h:9738
#7 0x00007efc28dccd8e in JSC::BaseInstruction<JSC::OpcodeID>::as<JSC::OpPutPrivateName, JSC::JSOpcodeTraits>() const (this=0x7efc1ede6480) at ../../Source/JavaScriptCore/bytecode/Instruction.h:165
#8 0x00007efc2916bccf in JSC::CodeBlock::finishCreation(JSC::VM&, JSC::ScriptExecutable*, JSC::UnlinkedCodeBlock*, JSC::JSScope*) (this=0x7efc066fb6a0, vm=..., ownerExecutable=0x7efc066ac380, unlinkedCo
deBlock=0x7efc1d450d10, scope=0x7efc1c0f4b68) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:545
#9 0x00007efc2a1ddfc3 in JSC::FunctionCodeBlock::create(JSC::VM&, JSC::FunctionExecutable*, JSC::UnlinkedFunctionCodeBlock*, JSC::JSScope*) (vm=..., ownerExecutable=0x7efc066ac380, unlinkedCodeBlock=0x7
efc1d450d10, scope=0x7efc1c0f4b68) at ../../Source/JavaScriptCore/bytecode/FunctionCodeBlock.h:60
#10 0x00007efc2a1d904a in JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::Exception*&) (this=0x7efc066ac380, kind=JSC::CodeForCall, function=0x7e
fc066bf7e0, scope=0x7efc1c0f4b68, exception=@0x7fffd692d600: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:340
#11 0x00007efc2a1d964a in JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7efc066ac380, vm=..., function=0
x7efc066bf7e0, scope=0x7efc1c0f4b68, kind=JSC::CodeForCall, resultCodeBlock=@0x7fffd692d960: 0x7fffd692d9d0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:422
#12 0x00007efc29650bdf in JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable>(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7efc066ac38
0, vm=..., function=0x7efc066bf7e0, scope=0x7efc1c0f4b68, kind=JSC::CodeForCall, resultCodeBlock=@0x7fffd692d960: 0x7fffd692d9d0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:1086
#13 0x00007efc29d80ab3 in JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) (calleeFrame=0x7fffd692d950, kind=JSC::CodeForCall, calleeAsValue=...,
callLinkInfo=0x7efc1c0c93b8) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1743
#14 0x00007efc29d82512 in JSC::LLInt::genericCall<JSC::OpCall>(JSC::CodeBlock*, JSC::CallFrame*, JSC::OpCall&&, JSC::CodeSpecializationKind, unsigned int) (codeBlock=0x7efc066fb440, callFrame=0x7fffd692d
9d0, bytecode=..., kind=JSC::CodeForCall, checkpointIndex=0) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1788
#15 0x00007efc29d77a96 in JSC::LLInt::llint_slow_path_call(JSC::CallFrame*, JSC::Instruction const*) (callFrame=0x7fffd692d9d0, pc=0x7efc1c68fc03) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
1795
#16 0x00007efc28cbd712 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:97
#17 0x00007fffd692d9d0 in ()
Created attachment 410266 [details]
JSC::CodeBlock::setConstantRegisters fails constants.Size assert
STDERR: ASSERTION FAILED: constants.size() == constantsSourceCodeRepresentation.size()
Thread 1 (Thread 0x7f911cf8e9c0 (LWP 107)):
#0 WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:295
#1 0x00007f91346f1ed7 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#2 0x00007f9124dde2e6 in JSC::CodeBlock::setConstantRegisters(WTF::RefCountedArray<JSC::WriteBarrier<JSC::Unknown, WTF::DumbValueTraits<JSC::Unknown> >, WTF::DumbPtrTraits<JSC::WriteBarrier<JSC::Unknown
, WTF::DumbValueTraits<JSC::Unknown> > > > const&, WTF::RefCountedArray<JSC::SourceCodeRepresentation, WTF::DumbPtrTraits<JSC::SourceCodeRepresentation> > const&, JSC::ScriptExecutable*) (this=0x7f90c22e
c390, constants=..., constantsSourceCodeRepresentation=..., topLevelExecutable=0x7f90d835c928) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:918
#3 0x00007f9124dd9df4 in JSC::CodeBlock::finishCreation(JSC::VM&, JSC::ScriptExecutable*, JSC::UnlinkedCodeBlock*, JSC::JSScope*) (this=0x7f90c22ec390, vm=..., ownerExecutable=0x7f90c22bd100, unlinkedCo
deBlock=0x7f911c64ea88, scope=0x7f90c24e6488) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:390
#4 0x00007f9125e4dfc3 in JSC::FunctionCodeBlock::create(JSC::VM&, JSC::FunctionExecutable*, JSC::UnlinkedFunctionCodeBlock*, JSC::JSScope*) (vm=..., ownerExecutable=0x7f90c22bd100, unlinkedCodeBlock=0x7
f911c64ea88, scope=0x7f90c24e6488) at ../../Source/JavaScriptCore/bytecode/FunctionCodeBlock.h:60
#5 0x00007f9125e4904a in JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::Exception*&) (this=0x7f90c22bd100, kind=JSC::CodeForCall, function=0x7f
90c22b9de0, scope=0x7f90c24e6488, exception=@0x7ffc6569ebe0: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:340
#6 0x00007f9125e4964a in JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7f90c22bd100, vm=..., function=0
x7f90c22b9de0, scope=0x7f90c24e6488, kind=JSC::CodeForCall, resultCodeBlock=@0x7ffc6569ef40: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:422
#7 0x00007f91252c0bdf in JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable>(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7f90c22bd10
0, vm=..., function=0x7f90c22b9de0, scope=0x7f90c24e6488, kind=JSC::CodeForCall, resultCodeBlock=@0x7ffc6569ef40: 0x0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:1086
#8 0x00007f91259f0ab3 in JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) (calleeFrame=0x7ffc6569ef30, kind=JSC::CodeForCall, calleeAsValue=...,
callLinkInfo=0x7f90c24a3090) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1743
#9 0x00007f91259f2512 in JSC::LLInt::genericCall<JSC::OpCall>(JSC::CodeBlock*, JSC::CallFrame*, JSC::OpCall&&, JSC::CodeSpecializationKind, unsigned int) (codeBlock=0x7f90c22ec260, callFrame=0x7ffc6569e
fb0, bytecode=..., kind=JSC::CodeForCall, checkpointIndex=0) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1788
#10 0x00007f91259e7a96 in JSC::LLInt::llint_slow_path_call(JSC::CallFrame*, JSC::Instruction const*) (callFrame=0x7ffc6569efb0, pc=0x7f90d83a5b77) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
1795
#11 0x00007f912492d712 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:97
#12 0x00007ffc6569efb0 in ()
#13 0x0000000000000000 in ()
Created attachment 410267 [details]
JSC::UnlinkedMetadataTable::link() segfaults inside a memset call
Thread 1 (Thread 0x7f8534e619c0 (LWP 107)):
#0 __memset_avx2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:202
#1 0x00007f853ccc8cbc in JSC::UnlinkedMetadataTable::link() (this=0x7f84f0261210) at ../../Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h:122
#2 0x00007f853ccac4ad in JSC::CodeBlock::CodeBlock(JSC::VM&, JSC::Structure*, JSC::ScriptExecutable*, JSC::UnlinkedCodeBlock*, JSC::JSScope*) (this=0x7f84da2ee270, vm=..., structure=0x7f84f10f8d90, ownerExecutable=0x7f84da2b6a00, unlinkedCodeBlock=0x7f84f1050bb0, scope=0x7f84f1078260) at ../../Source/JavaScriptCore/bytecode/CodeBlock.cpp:359
#3 0x00007f853dd21062 in JSC::FunctionCodeBlock::FunctionCodeBlock(JSC::VM&, JSC::Structure*, JSC::FunctionExecutable*, JSC::UnlinkedFunctionCodeBlock*, JSC::JSScope*) (this=0x7f84da2ee270, vm=..., structure=0x7f84f10f8d90, ownerExecutable=0x7f84da2b6a00, unlinkedCodeBlock=0x7f84f1050bb0, scope=0x7f84f1078260) at ../../Source/JavaScriptCore/bytecode/FunctionCodeBlock.h:77
#4 0x00007f853dd20fa0 in JSC::FunctionCodeBlock::create(JSC::VM&, JSC::FunctionExecutable*, JSC::UnlinkedFunctionCodeBlock*, JSC::JSScope*) (vm=..., ownerExecutable=0x7f84da2b6a00, unlinkedCodeBlock=0x7f84f1050bb0, scope=0x7f84f1078260) at ../../Source/JavaScriptCore/bytecode/FunctionCodeBlock.h:59
#5 0x00007f853dd1c04a in JSC::ScriptExecutable::newCodeBlockFor(JSC::CodeSpecializationKind, JSC::JSFunction*, JSC::JSScope*, JSC::Exception*&) (this=0x7f84da2b6a00, kind=JSC::CodeForCall, function=0x7f84da2bb520, scope=0x7f84f1078260, exception=@0x7ffdc4a816e0: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:340
#6 0x00007f853dd1c64a in JSC::ScriptExecutable::prepareForExecutionImpl(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7f84da2b6a00, vm=..., function=0x7f84da2bb520, scope=0x7f84f1078260, kind=JSC::CodeForCall, resultCodeBlock=@0x7ffdc4a81a40: 0x0) at ../../Source/JavaScriptCore/runtime/ScriptExecutable.cpp:422
#7 0x00007f853d193bdf in JSC::ScriptExecutable::prepareForExecution<JSC::FunctionExecutable>(JSC::VM&, JSC::JSFunction*, JSC::JSScope*, JSC::CodeSpecializationKind, JSC::CodeBlock*&) (this=0x7f84da2b6a00, vm=..., function=0x7f84da2bb520, scope=0x7f84f1078260, kind=JSC::CodeForCall, resultCodeBlock=@0x7ffdc4a81a40: 0x0) at ../../Source/JavaScriptCore/bytecode/CodeBlock.h:1086
#8 0x00007f853d8c3ab3 in JSC::LLInt::setUpCall(JSC::CallFrame*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) (calleeFrame=0x7ffdc4a81a30, kind=JSC::CodeForCall, calleeAsValue=..., callLinkInfo=0x7f84da4933b8) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1743
#9 0x00007f853d8c5512 in JSC::LLInt::genericCall<JSC::OpCall>(JSC::CodeBlock*, JSC::CallFrame*, JSC::OpCall&&, JSC::CodeSpecializationKind, unsigned int) (codeBlock=0x7f84da2ee140, callFrame=0x7ffdc4a81ab0, bytecode=..., kind=JSC::CodeForCall, checkpointIndex=0) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1788
#10 0x00007f853d8baa96 in JSC::LLInt::llint_slow_path_call(JSC::CallFrame*, JSC::Instruction const*) (callFrame=0x7ffdc4a81ab0, pc=0x7f84f0292888) at ../../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1795
#11 0x00007f853c800712 in llint_op_call () at /app/webkit/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:97
#12 0x00007ffdc4a81ab0 in ()
#13 0x0000000000000000 in ()
Commenting out the ConvolverNode invocation (lines 47 and 48) (and in practice forcing the test to pass comparing equal data) makes the crash disappear. Testing in MiniBrowser, the WebProcess gets stuck at 100%. CC'ing Chris in case he saw something like that before. (In reply to Lauro Moura from comment #6) > CC'ing Chris in case he saw something like that before. Sorry, I have not seen those. It crashes deep in JSC so I cc'd a few JSC experts to see if they can help. Could this be a memory corruption? I think the new default max size for the FFTFrameGStreamer might be too high. I'll try to find a more reasonable value. This is consistently passing after https://trac.webkit.org/changeset/268826/webkit OK to remove flaky expectation? *** Bug 217956 has been marked as a duplicate of this bug. *** (In reply to Philippe Normand from comment #9) > This is consistently passing after > https://trac.webkit.org/changeset/268826/webkit > > OK to remove flaky expectation? Fine with me. *** Bug 216118 has been marked as a duplicate of this bug. *** |