Bug 219066

Summary: [WebRTC] webrtc/audio-sframe.html is flaky crashing since added in r269830
Product: WebKit Reporter: Lauro Moura <lmoura>
Component: WebRTCAssignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
GTK crash log
none
Patch none

Description Lauro Moura 2020-11-17 20:52:11 PST 
Created attachment 414407 [details]
GTK crash log

webrtc/audio-sframe.html

Crashing frequently on GTK/WPE, and less often on iOs 14 on iPhone SE 1st gen, and Catalina/Mojave Release on Mac Mini.

Full GTK crash log attached. Crashing stack below:

Thread 1 (Thread 0x7f812a10f9c0 (LWP 19256)):
#0  0x00007f8130ba1e0e in WTFCrash () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#1  0x00007f8133cecdfd in WebCore::toJSNewlyCreated(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::RTCRtpTransform, WTF::RawPtrTraits<WebCore::RTCRtpTransform> >&&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#2  0x00007f8133cecf12 in WebCore::toJS(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WebCore::RTCRtpTransform&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#3  0x00007f8133cb5bf1 in WebCore::jsRTCRtpReceiver_transform(JSC::JSGlobalObject*, long, JSC::PropertyName) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007f813090373c in JSC::PropertySlot::customGetter(JSC::JSGlobalObject*, JSC::PropertyName) const () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#5  0x00007f81304df330 in JSC::operationGetByIdOptimize(JSC::JSGlobalObject*, JSC::StructureStubInfo*, long, unsigned long) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#6  0x00007f80e941a34e in  ()
#7  0x00007f80ac6c6d00 in  ()
#8  0x000000000000000a in  ()
#9  0x00007f80e2a00000 in  ()
#10 0x00007f81300451ba in void* JSC::allocateCell<JSC::JSLexicalEnvironment>(JSC::Heap&, unsigned long) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#11 0x00007f81307236dc in slow_path_create_lexical_environment () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#12 0xfffe000000000002 in  ()
#13 0x00007ffd0a7d1780 in  ()
#14 0x00007f812fa88503 in llint_op_call () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#15 0x00007f80ac6c3840 in  ()
#16 0x00007f80e087bde0 in  ()
#17 0x0000034c00000006 in  ()
#18 0x00007f80284c77a0 in  ()
#19 0x00007f80c4282f88 in  ()
#20 0xfffe000000000005 in  ()
#21 0x000000000000000a in  ()
#22 0xfffe000000000000 in  ()
#23 0x00007f80ac6df930 in  ()
#24 0x0000000000000000 in  ()
Comment 1 Lauro Moura 2020-11-17 20:55:13 PST 
Clarification: The iOS failures are on Simulator.

Link to results history:

https://results.webkit.org/?suite=layout-tests&test=webrtc%2Faudio-sframe.html
Comment 2 Lauro Moura 2020-11-17 21:01:34 PST 
Gardened in r269941
Comment 3 Radar WebKit Bug Importer 2020-11-26 03:23:18 PST 
<rdar://problem/71747778>
Comment 4 youenn fablet 2020-11-27 00:25:24 PST 
Created attachment 414918 [details]
Patch
Comment 5 EWS 2020-11-27 00:52:09 PST 
Committed r270183: <https://trac.webkit.org/changeset/270183>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 414918 [details].