[Webkit-unassigned] [Bug 238956] REGRESSION(r292372): cloop crashes on s390x

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 7 14:48:24 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=238956

Michael Catanzaro <mcatanzaro at gnome.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mcatanzaro at gnome.org

--- Comment #2 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Yusuke Suzuki from comment #1)
> Please attach debug build backtrace since we have no big endian machines.

Ah, good request, the debug backtrace is a lot better than I expected it would be. Short form:

(gdb) bt
#0  0x000003ff9e2fed5e in JSC::LLInt::CLoop::execute (entryOpcodeID=JSC::llint_vm_entry_to_javascript, 
    executableAddress=0x3ff9e1975ba <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+36986>, vm=0x196ce30, protoCallFrame=0x3fffcafd460, isInitializationPass=false)
    at JavaScriptCore/DerivedSources/LLIntAssembly.h:38969
#1  0x000003ff9eaa553e in JSC::vmEntryToJavaScript (
    executableAddress=0x3ff9e1975ba <JSC::LLInt::CLoop::execute(JSC::OpcodeID, void*, JSC::VM*, JSC::ProtoCallFrame*, bool)+36986>, vm=0x196ce30, protoCallFrame=0x3fffcafd460) at ../../Source/JavaScriptCore/llint/LLIntThunks.cpp:669
#2  0x000003ff9ea6f768 in JSC::JITCode::execute (this=0x19ef600, vm=0x196ce30, protoCallFrame=0x3fffcafd460)
    at ../../Source/JavaScriptCore/jit/JITCodeInlines.h:42
#3  0x000003ff9ea5e7be in JSC::Interpreter::executeProgram (this=0x199e3c0, source=..., thisObj=0x19e90d8)
    at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:977
#4  0x000003ff9ed7dfa8 in JSC::evaluate (globalObject=0x19af2e8, source=..., thisValue=..., returnedException=...)
    at ../../Source/JavaScriptCore/runtime/Completion.cpp:137
#5  0x000000000102a29a in runWithOptions (globalObject=0x19af2e8, options=..., success=@0x3fffcafdcdf: true)
    at ../../Source/JavaScriptCore/jsc.cpp:3232
#6  0x000000000102be3e in operator() (__closure=0x3fffcafde2f, vm=..., globalObject=0x19af2e8, 
    success=@0x3fffcafdcdf: true) at ../../Source/JavaScriptCore/jsc.cpp:3801
#7  0x000000000102db06 in runJSC<jscmain(int, char**)::<lambda(JSC::VM&, GlobalObject*, bool&)> >(const CommandLine &, bool, const struct {...} &) (options=..., isWorker=false, func=...) at ../../Source/JavaScriptCore/jsc.cpp:3623
#8  0x000000000102bf70 in jscmain (argc=8, argv=0x3fffcafe128) at ../../Source/JavaScriptCore/jsc.cpp:3794
#9  0x0000000001028420 in main (argc=8, argv=0x3fffcafe128) at ../../Source/JavaScriptCore/jsc.cpp:3020

I'll attach the long version with stack variables.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220407/fe948905/attachment-0001.htm>

More information about the webkit-unassigned mailing list