[Webkit-unassigned] [Bug 200983] [Android] 64-bit JSC r245459 crashes in JSC::AccessCase::propagateTransitions(JSC::SlotVisitor&)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Oct 14 14:52:44 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=200983
--- Comment #7 from Yusuke Suzuki <ysuzuki at apple.com> ---
(In reply to Pratik from comment #6)
> Hi Yusuke,
>
> We are actively working on upgrading JSC to the latest version.
>
> In the meantime we back-ported the fix from this ticket
> https://bugs.webkit.org/show_bug.cgi?id=202122 as it was mark dup of
> https://bugs.webkit.org/show_bug.cgi?id=202150 which claims to reproduce the
> same crash, but we are still observing this crash. How confident are you
> that upgrading to latest version and applying this patch would fix this
> issue?
We fixed bunch of crash issues. Many issues like OSR exit bug are shown as showing incorrect garbage in stack / registers, which leads to GC crashes later. So it is worth trying.
BTW, can you dump the crash stack traces with all the threads? The pasted crash trace is the one in the Heap thread. But if the issue is concurrency-related, the stack traces of the other threads when crashing is also important. (like, `bt all` in gdb).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191014/1753c82e/attachment.html>
More information about the webkit-unassigned
mailing list