[Webkit-unassigned] [Bug 184549] New: Crash in JSC::CodeBlock::finalizeBaselineJITInlineCaches
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 12 11:25:28 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=184549
Bug ID: 184549
Summary: Crash in
JSC::CodeBlock::finalizeBaselineJITInlineCaches
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: Linux
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mcatanzaro at igalia.com
Created attachment 337812
--> https://bugs.webkit.org/attachment.cgi?id=337812&action=review
Backtrace
Truncated backtrace:
Thread no. 1 (3 frames)
#0 JSC::CallLinkInfo::visitWeak at /usr/src/debug/webkitgtk4-2.20.0-1.fc27.x86_64/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp:220
#1 JSC::CodeBlock::finalizeBaselineJITInlineCaches at /usr/src/debug/webkitgtk4-2.20.0-1.fc27.x86_64/Source/JavaScriptCore/bytecode/CodeBlock.cpp:1359
#2 JSC::CodeBlock::finalizeUnconditionally at /usr/src/debug/webkitgtk4-2.20.0-1.fc27.x86_64/Source/JavaScriptCore/bytecode/CodeBlock.cpp:1377
I've never seen a crash like this before, so it's probably a regression introduced between 2.18 (branched in August 2017) and 2.20 (branched in February 2018).
I'm attaching a full backtrace with register state and assembler dump.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180412/7b8d5232/attachment-0002.html>
More information about the webkit-unassigned
mailing list