webaudio/DynamicsCompressor/dynamicscompressor-simple.html [ Crash ] The test has been frequently flaky crashing in the last 4000 revisions. Crash-log: https://build.webkit.org/results/GTK-Linux-64-bit-Release-Tests/r268726%20(16530)/webaudio/DynamicsCompressor/dynamicscompressor-simple-crash-log.txt Thread 1 (Thread 0x7f916a2b89c0 (LWP 7979)): #0 0x00007f916fedb78a in JSC::CodeBlock::unlinkIncomingCalls() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #1 0x00007f916fedb413 in JSC::CodeBlock::~CodeBlock() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #2 0x00007f917049792a in void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::DefaultDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::DefaultDestroyFunc const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #3 0x00007f91704963c8 in JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::DefaultDestroyFunc>(JSC::FreeList*, JSC::DefaultDestroyFunc const&)::{lambda()#1}::operator()() const () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #4 0x00007f9170495413 in void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::DefaultDestroyFunc>(JSC::FreeList*, JSC::DefaultDestroyFunc const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #5 0x00007f917048e492 in JSC::HeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #6 0x00007f91704a2510 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #7 0x00007f91704751f8 in JSC::BlockDirectory::sweep() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #8 0x00007f91704b0428 in JSC::Subspace::sweepBlocks() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #9 0x00007f9170480b46 in JSC::Heap::deleteUnmarkedCompiledCode() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #10 0x00007f9170485823 in JSC::Heap::finalize() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #11 0x00007f9170485219 in JSC::Heap::handleNeedFinalize(unsigned int) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #12 0x00007f9170481cee in JSC::Heap::finishChangingPhase(JSC::GCConductor) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #13 0x00007f9170483c02 in JSC::Heap::runEndPhase(JSC::GCConductor) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #14 0x00007f9170481b3d in JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #15 0x00007f9170487ef8 in WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_0>::implFunction(void*, JSC::CurrentThreadState&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #16 0x00007f917049d167 in JSC::callWithCurrentThreadState(WTF::ScopedLambda<void (JSC::CurrentThreadState&)> const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #17 0x00007f91704852ce in JSC::Heap::collectInMutatorThread() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #18 0x00007f9170484fe4 in JSC::Heap::stopIfNecessarySlow() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #19 0x00007f917047db5e in JSC::Heap::collectIfNecessaryOrDefer(JSC::GCDeferralContext*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #20 0x00007f91709d82f5 in JSC::Structure::materializePropertyTable(JSC::VM&, bool) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #21 0x00007f9173c3c027 in int JSC::Structure::add<(JSC::Structure::ShouldPin)1, JSC::JSObject::prepareToPutDirectWithoutTransition(JSC::VM&, JSC::PropertyName, unsigned int, unsigned int, JSC::Structure*)::{lambda(JSC::GCSafeConcurrentJSLocker const&, int, int)#1}>(JSC::VM&, JSC::PropertyName, unsigned int, JSC::JSObject::prepareToPutDirectWithoutTransition(JSC::VM&, JSC::PropertyName, unsigned int, unsigned int, JSC::Structure*)::{lambda(JSC::GCSafeConcurrentJSLocker const&, int, int)#1} const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #22 0x00007f9173c37ccb in JSC::JSObject::putDirectWithoutTransition(JSC::VM&, JSC::PropertyName, JSC::JSValue, unsigned int) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #23 0x00007f91709080d8 in JSC::JSTypedArrayViewPrototype::finishCreation(JSC::VM&, JSC::JSGlobalObject*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #24 0x00007f9170915781 in JSC::JSTypedArrayViewPrototype::create(JSC::VM&, JSC::JSGlobalObject*, JSC::Structure*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #25 0x00007f91708b028a in JSC::JSTypedArrayViewPrototype* JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSTypedArrayViewPrototype>::callFunc<JSC::JSGlobalObject::init(JSC::VM&)::$_11>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::JSTypedArrayViewPrototype>::Initializer const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #26 0x00007f91708b1e69 in JSC::Structure* JSC::LazyProperty<JSC::JSGlobalObject, JSC::Structure>::callFunc<JSC::LazyClassStructure::initLater<JSC::JSGlobalObject::init(JSC::VM&)::$_20>(JSC::JSGlobalObject::init(JSC::VM&)::$_20 const&)::{lambda(JSC::LazyProperty<JSC::JSGlobalObject, JSC::Structure>::Initializer const&)#1}>(JSC::LazyProperty<JSC::JSGlobalObject, JSC::Structure>::Initializer const&) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #27 0x00007f9173ddc07d in JSC::GenericTypedArrayView<JSC::Float32Adaptor>::wrap(JSC::JSGlobalObject*, JSC::JSGlobalObject*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #28 0x00007f9175514119 in WebCore::jsAudioBufferPrototypeFunction_getChannelData(JSC::JSGlobalObject*, JSC::CallFrame*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37 #29 0x00007f91295ff178 in () #30 0x00007ffec90dcd90 in () #31 0x00007f916fcac475 in llint_op_call () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18 #32 0x0000000000000000 in ()
webaudio/DynamicsCompressor/dynamicscompressor-clear-internal-state.html [ Crash ] Also flaky crash failing with the same stacktrace.
Duplicate of #217189 I think.
*** This bug has been marked as a duplicate of bug 217189 ***