[Webkit-unassigned] [Bug 190387] WTFCrash under ScratchRegisterAllocator::allocateScratchGPR()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 15 00:26:36 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=190387

--- Comment #4 from Dan Jacobson <jidanni at jidanni.org> ---
And here is what happens when I browse it using

/usr/lib/*-linux-gnu/webkit2gtk-4.0/MiniBrowser \
        --gtk-debug=enable-write-console-messages-to-stdout

1   0xb376b194 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x14) [0xb376b194]
2   0xb33733f2 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC24ScratchRegisterAllocator18allocateScratchGPREv+0xe2) [0xb33733f2]
3   0xb2f36768 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC22GetterSetterAccessCase16emitDOMJITGetterERNS_21AccessGenerationStateEPKNS_6DOMJIT12GetterSetterENS_12X86Registers10RegisterIDE+0x9e8) [0xb2f36768]
4   0xb2ef5516 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10AccessCase12generateImplERNS_21AccessGenerationStateE+0x1a66) [0xb2ef5516]
5   0xb2ef686a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10AccessCase8generateERNS_21AccessGenerationStateE+0x2a) [0xb2ef686a]
6   0xb2f4abf3 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC17PolymorphicAccess10regenerateERKNS_24GCSafeConcurrentJSLockerERNS_2VMEPNS_9CodeBlockERNS_17StructureStubInfoERKNS_10IdentifierE+0x9b3) [0xb2f4abf3]
7   0xb2f5cb11 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC17StructureStubInfo13addAccessCaseERKNS_24GCSafeConcurrentJSLockerEPNS_9CodeBlockERKNS_10IdentifierESt10unique_ptrINS_10AccessCaseESt14default_deleteISA_EE+0x581) [0xb2f5cb11]
8   0xb3375e35 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x782e35) [0xb3375e35]
9   0xb3376d67 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC14repatchGetByIDEPNS_9ExecStateENS_7JSValueERKNS_10IdentifierERKNS_12PropertySlotERNS_17StructureStubInfoENS_11GetByIDKindE+0x37) [0xb3376d67]
10  0xb3345b51 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x752b51) [0xb3345b51]
11  0xacb8514e [0xacb8514e]
12  0xacb85bf8 [0xacb85bf8]
13  0xacb6d29a [0xacb6d29a]
14  0xacb6a83a [0xacb6a83a]
15  0xacb69a77 [0xacb69a77]
16  0xac9faf19 [0xac9faf19]
17  0xb33855e3 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x7925e3) [0xb33855e3]
18  0xaca8cfe9 [0xaca8cfe9]
19  0xb3385636 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x792636) [0xb3385636]
20  0xb33800f8 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x78d0f8) [0xb33800f8]
21  0xb32f85eb /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC11Interpreter11executeCallEPNS_9ExecStateEPNS_8JSObjectENS_8CallTypeERKNS_8CallDataENS_7JSValueERKNS_7ArgListE+0x23b) [0xb32f85eb]

The page is still visible, but one cannot scroll it with the mouse
wheel.

Package: libwebkit2gtk-4.0-37
Version: 2.22.2-1
File: /usr/lib/i386-linux-gnu/webkit2gtk-4.0/MiniBrowser

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.18.0-2-686-pae (SMP w/1 CPU core)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), LANGUAGE=zh_TW.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages libwebkit2gtk-4.0-37:i386 depends on:
ii  libatk1.0-0                     2.30.0-1
ii  libc6                           2.27-6
ii  libcairo2                       1.15.12-1
ii  libegl1                         1.1.0-1
ii  libenchant1c2a                  1.6.0-11.1
ii  libfontconfig1                  2.13.1-1
ii  libfreetype6                    2.9.1-2
ii  libgcc1                         1:8.2.0-7
ii  libgcrypt20                     1.8.3-1
ii  libgdk-pixbuf2.0-0              2.38.0+dfsg-6
ii  libgl1                          1.1.0-1
ii  libglib2.0-0                    2.58.1-2
ii  libgstreamer-gl1.0-0            1.14.4-1
ii  libgstreamer-plugins-base1.0-0  1.14.4-1
ii  libgstreamer1.0-0               1.14.4-1
ii  libgtk-3-0                      3.24.1-2
ii  libharfbuzz-icu0                1.9.0-1
ii  libharfbuzz0b                   1.9.0-1
ii  libhyphen0                      2.8.8-5
ii  libicu60                        60.2-6
ii  libjavascriptcoregtk-4.0-18     2.22.2-1
ii  libjpeg62-turbo                 1:1.5.2-2+b1
ii  libnotify4                      0.7.7-3
ii  libpango-1.0-0                  1.42.4-3
ii  libpng16-16                     1.6.34-2
ii  libsecret-1-0                   0.18.6-3
ii  libsoup2.4-1                    2.64.1-3
ii  libsqlite3-0                    3.25.2-1
ii  libstdc++6                      8.2.0-7
ii  libtasn1-6                      4.13-3
ii  libwayland-client0              1.16.0-1
ii  libwayland-egl1                 1.16.0-1
ii  libwayland-server0              1.16.0-1
ii  libwebp6                        0.6.1-2
ii  libwebpdemux2                   0.6.1-2
ii  libwoff1                        1.0.2-1
ii  libx11-6                        2:1.6.7-1
ii  libxcomposite1                  1:0.4.4-2
ii  libxdamage1                     1:1.1.4-3
ii  libxml2                         2.9.8+dfsg-1
ii  libxslt1.1                      1.1.32-2
ii  zlib1g                          1:1.2.11.dfsg-1

Versions of packages libwebkit2gtk-4.0-37:i386 recommends:
ii  gstreamer1.0-alsa          1.14.4-1
pn  gstreamer1.0-gl            <none>
ii  gstreamer1.0-plugins-good  1.14.4-1
ii  libgl1-mesa-dri            18.2.0-1

Versions of packages libwebkit2gtk-4.0-37:i386 suggests:
pn  libwebkit2gtk-4.0-37-gtk2  <none>

-- no debconf information

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181015/9ffa881d/attachment.html>

More information about the webkit-unassigned mailing list