[Webkit-unassigned] [Bug 85076] ARM JIT causes segmentation fault on javascript-heavy pages
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 31 21:19:58 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=85076
--- Comment #19 from Stevenzengxm <13007199500 at 163.com> ---
Comment on attachment 139221
--> https://bugs.webkit.org/attachment.cgi?id=139221
Attempted gdb diagnostics
>Program terminated with signal 11, Segmentation fault.
>#0 0x00000024 in ?? ()
>(gdb) info threads
> Id Target Id Frame
> 7 Thread 0x465562a0 (LWP 1582) 0x424c8a14 in nanosleep ()
> from /lib/libc.so.6
> 6 Thread 0x458ff2a0 (LWP 1581) 0x424f7fa8 in __GI___poll (fds=0x45a02398,
> nfds=3, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
> 5 Thread 0x46e562a0 (LWP 1583) 0x42419ee4 in __pthread_cond_wait (
> cond=0x46564cf8, mutex=0x0) at pthread_cond_wait.c:156
> 4 Thread 0x476562a0 (LWP 1585) 0x4241a2b0 in __pthread_cond_timedwait (
> cond=0x465bea30, mutex=0x0, abstime=0x47655bc0)
> at pthread_cond_timedwait.c:168
> 3 Thread 0x48edf2a0 (LWP 1627) 0x4241a2b0 in __pthread_cond_timedwait (
> cond=0x3a7438, mutex=0x0, abstime=0x48edeb88)
> at pthread_cond_timedwait.c:168
> 2 Thread 0x44f812a0 (LWP 1580) 0x424f7fa8 in __GI___poll (fds=0x45000c78,
> nfds=1, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
>* 1 Thread 0x442e0000 (LWP 1579) 0x00000024 in ?? ()
>(gdb) bt
>#0 0x00000024 in ?? ()
>#1 0x49f0eaf4 in ?? ()
>#2 0x49f0eaf4 in ?? ()
>Backtrace stopped: previous frame identical to this frame (corrupt stack?)
>(gdb) info registers
>r0 0x47657920 1197832480
>r1 0x476579f0 1197832688
>r2 0x4ecb6a20 1321953824
>r3 0x47657938 1197832504
>r4 0x47657920 1197832480
>r5 0x1ef 495
>r6 0x47657588 1197831560
>r7 0x4a0516e0 1241847520
>r8 0x41d5d15c 1104531804
>r9 0x47657570 1197831536
>r10 0x465bd400 1180423168
>r11 0x41f13060 1106325600
>r12 0x41f0fd40 1106312512
>sp 0xbe883040 0xbe883040
>lr 0x49f0eaf4 1240525556
>pc 0x24 0x24
>cpsr 0x200f0010 537853968
>(gdb) x/i 0x49f0eaf4
> 0x49f0eaf4: b 0x49f0b164
>(gdb) x/100i 0x49f0b164
> 0x49f0b164: mov r8, #0
> 0x49f0b168: str r8, [r4]
> 0x49f0b16c: mvn r8, #3
> 0x49f0b170: str r8, [r4, #3118288]
> 0x49f0b174: mov r8, #0
> 0x49f0b178: str r8, [r4, #3118288]
> 0x49f0b17c: mvn r8, #3
> 0x49f0b180: str r8, [r4, #3118288]
> 0x49f0b184: mov r8, #0
> 0x49f0b188: str r8, [r4, #3118288]
> 0x49f0b18c: mvn r8, #3
> 0x49f0b190: str r8, [r4, #3118288]
> 0x49f0b194: mov r8, #0
> 0x49f0b198: str r8, [r4, #3118288]
> 0x49f0b19c: mvn r8, #3
> 0x49f0b1a0: str r8, [r4, #3118288]
> 0x49f0b1a4: mov r8, #0
> 0x49f0b1a8: str r8, [r4, #3118288]
> 0x49f0b1ac: mvn r8, #3
> 0x49f0b1b0: str r8, [r4, #3118288] ; 0x24
> 0x49f0b1b4: mov r8, #0
> 0x49f0b1b8: str r8, [r4, #3118288] ; 0x28
> 0x49f0b1bc: mvn r8, #3
> 0x49f0b1c0: str r8, [r4, #3118288] ; 0x2c
> 0x49f0b1c4: mov r8, #0
> 0x49f0b1c8: str r8, [r4, #3118288] ; 0x30
> 0x49f0b1cc: mvn r8, #3
> 0x49f0b1d0: str r8, [r4, #3118288] ; 0x34
> 0x49f0b1d4: mov r8, #0
> 0x49f0b1d8: str r8, [r4, #3118288] ; 0x38
> 0x49f0b1dc: mvn r8, #3
> 0x49f0b1e0: str r8, [r4, #3118288] ; 0x3c
> 0x49f0b1e4: mov r8, #0
> 0x49f0b1e8: str r8, [r4, #3118288] ; 0x40
> 0x49f0b1ec: mvn r8, #3
> 0x49f0b1f0: str r8, [r4, #3118288] ; 0x44
> 0x49f0b1f4: mov r8, #0
> 0x49f0b1f8: str r8, [r4, #3118288] ; 0x48
> 0x49f0b1fc: mvn r8, #3
> 0x49f0b200: str r8, [r4, #3118288] ; 0x4c
> 0x49f0b204: mov r8, #0
> 0x49f0b208: str r8, [r4]
> 0x49f0b20c: mvn r8, #5
> 0x49f0b210: str r8, [r4, #3118288]
> 0x49f0b214: mov r8, #0
> 0x49f0b218: str r8, [r4, #3118288]
> 0x49f0b21c: mvn r8, #5
> 0x49f0b220: str r8, [r4, #3118288]
> 0x49f0b224: mov r8, #0
> 0x49f0b228: str r8, [r4, #3118288]
> 0x49f0b22c: mvn r8, #5
> 0x49f0b230: str r8, [r4, #3118288]
> 0x49f0b234: ldr r8, [r4, #3118288]
> 0x49f0b238: cmn r8, #6
> 0x49f0b23c: bne 0x49f0b26c
> 0x49f0b240: mov r0, sp
> 0x49f0b244: str r4, [sp, #3118288] ; 0x60
> 0x49f0b248: mov r8, #8
> 0x49f0b24c: str r8, [r4, #-3118288] ; 0x2c
> 0x49f0b250: ldr r3, [pc, #32828736] ; 0x49f0b940
> 0x49f0b254: str r4, [r3]
> 0x49f0b258: ldr r8, [pc, #32828736] ; 0x49f0b944
> 0x49f0b25c: blx r8
> 0x49f0b260: str r0, [r4]
> 0x49f0b264: mvn r8, #4
> 0x49f0b268: str r8, [r4, #3118288]
> 0x49f0b26c: ldr r0, [r4, #-3118288] ; 0x40
> 0x49f0b270: ldr r1, [r4, #-3118288] ; 0x3c
> 0x49f0b274: cmn r1, #5
> 0x49f0b278: bne 0x49f0d140
> 0x49f0b27c: ldr r8, [r0, #3118288]
> 0x49f0b280: ldr r3, [pc, #32828736] ; 0x49f0b94c
> 0x49f0b284: cmp r3, r8
> 0x49f0b288: ldrne pc, [pc, #32828736] ; 0x49f0b950
> 0x49f0b28c: ldr r2, [r0, #3118288]
> 0x49f0b290: ldr r3, [pc, #32828736] ; 0x49f0b954
> 0x49f0b294: ldr r0, [r2, r3]
> 0x49f0b298: ldr r3, [pc, #32828736] ; 0x49f0b958
> 0x49f0b29c: ldr r1, [r2, r3]
> 0x49f0b2a0: str r0, [r4, #3118288] ; 0x50
> 0x49f0b2a4: str r1, [r4, #3118288] ; 0x54
> 0x49f0b2a8: nop ; (mov r0, r0)
> 0x49f0b2ac: mov r1, r1
> 0x49f0b2b0: cmn r1, #2
> 0x49f0b2b4: bcc 0x49f0d17c
> 0x49f0b2b8: bics r3, r0, #0
> 0x49f0b2bc: beq 0x49f0b3a4
> 0x49f0b2c0: ldr r0, [r4, #-3118288] ; 0x40
> 0x49f0b2c4: ldr r1, [r4, #-3118288] ; 0x3c
> 0x49f0b2c8: cmn r1, #5
> 0x49f0b2cc: bne 0x49f0d1e4
> 0x49f0b2d0: ldr r8, [r0, #3118288]
> 0x49f0b2d4: ldr r3, [pc, #32828736] ; 0x49f0b968
> 0x49f0b2d8: cmp r3, r8
> 0x49f0b2dc: ldrne pc, [pc, #32828736] ; 0x49f0b96c
> 0x49f0b2e0: ldr r2, [r0, #3118288]
> 0x49f0b2e4: ldr r3, [pc, #32828736] ; 0x49f0b970
> 0x49f0b2e8: ldr r0, [r2, r3]
> 0x49f0b2ec: ldr r3, [pc, #32828736] ; 0x49f0b974
> 0x49f0b2f0: ldr r1, [r2, r3]
>
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191101/147ca460/attachment.htm>
More information about the webkit-unassigned
mailing list