[Webkit-unassigned] [Bug 229546] New: [JSC] Segfault in stress/typedarray-every.js (32bit)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 26 02:35:36 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=229546
Bug ID: 229546
Summary: [JSC] Segfault in stress/typedarray-every.js (32bit)
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: xan.lopez at gmail.com
I believe this is caused by the patch in bug #229229. Not 100% sure because the bots are trying to catch up. Stack trace:
Starting program: /home/igalia/xlopez/WebKit/WebKitBuild/Debug/bin/jsc -f ./JSTests/stress/typedarray-every.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/arm-linux-gnueabihf/libthread_db.so.1".
[New Thread 0xf4039440 (LWP 13807)]
Thread 1 "jsc" received signal SIGABRT, Aborted.
__libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
47 ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S: No such file or directory.
(gdb) bt
#0 __libc_do_syscall () at ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S:47
#1 0xf5eeeea0 in __libc_signal_restore_set (set=0xfffec444) at ../sysdeps/unix/sysv/linux/internal-signals.h:86
#2 __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3 0xf5edf7a2 in __GI_abort () at abort.c:79
#4 0xf6d1b3e4 in JSC::ScratchRegisterAllocator::allocateScratch<JSC::GPRInfo> (this=0xfffec7a0) at ../../Source/JavaScriptCore/jit/ScratchRegisterAllocator.cpp:97
#5 0xf6d1223c in JSC::ScratchRegisterAllocator::allocateScratchGPR (this=0xfffec7a0) at ../../Source/JavaScriptCore/jit/ScratchRegisterAllocator.cpp:102
#6 0xf634f08c in JSC::AccessCase::generateWithGuard (this=0xf377bfc0, state=..., fallThrough=...) at ../../Source/JavaScriptCore/bytecode/AccessCase.cpp:1611
#7 0xf6433906 in JSC::PolymorphicAccess::regenerate (this=0xf377bfa0, locker=..., vm=..., globalObject=0xf37c2038, codeBlock=0xf1fadea0, ecmaMode=..., stubInfo=...)
at ../../Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp:637
#8 0xf644ec48 in operator() (__closure=0xfffed7d4) at ../../Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:221
#9 0xf644eda2 in JSC::StructureStubInfo::addAccessCase (this=0xf3789528, locker=..., globalObject=0xf37c2038, codeBlock=0xf1fadea0, ecmaMode=..., ident=...,
accessCase=...) at ../../Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:245
#10 0xf6d0dd20 in JSC::tryCacheArrayPutByVal (globalObject=0xf37c2038, codeBlock=0xf1fadea0, baseValue=..., index=..., stubInfo=...)
at ../../Source/JavaScriptCore/jit/Repatch.cpp:960
#11 0xf6d0de9e in JSC::repatchArrayPutByVal (globalObject=0xf37c2038, codeBlock=0xf1fadea0, base=..., index=..., stubInfo=..., putKind=JSC::PutKind::NotDirect,
ecmaMode=...) at ../../Source/JavaScriptCore/jit/Repatch.cpp:976
#12 0xf6cabfb6 in JSC::putByValOptimize (globalObject=0xf37c2038, codeBlock=0xf1fadea0, baseValue=..., subscript=..., value=..., stubInfo=0xf3789528, profile=0xf37870b8,
ecmaMode=...) at ../../Source/JavaScriptCore/jit/JITOperations.cpp:1035
#13 0xf6cac3ce in JSC::operationPutByValNonStrictOptimize (globalObject=0xf37c2038, encodedBaseValue=-17390199368, encodedSubscript=-4294967295, encodedValue=-4294967291,
stubInfo=0xf3789528, profile=0xf37870b8) at ../../Source/JavaScriptCore/jit/JITOperations.cpp:1087
#14 0xf36fe5a4 in ?? ()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210826/8dd05be3/attachment-0001.htm>
More information about the webkit-unassigned
mailing list