[Webkit-unassigned] [Bug 254325] [GTK] Reddit crashes in MiniBrowser

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 27 13:29:03 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=254325

--- Comment #5 from Michael Catanzaro <mcatanzaro at gnome.org> ---
Uh, I can reproduce the crash, but my backtrace is 115 frames of nothing:

#0  0x00007f6fc021f2f7 in ?? ()
#1  0x000000000000000a in ?? ()
#2  0x00007f6f970b7960 in ?? ()
#3  0x00007f843a400000 in ?? ()
#4  0x000000019087b8e0 in ?? ()
#5  0x00007f6f90e48380 in ?? ()
#6  0x00007f843a904800 in ?? ()
#7  0x00007f6f90e31d00 in ?? ()
#8  0x00007f6f970b7c80 in ?? ()
#9  0x00007f6f90d2b740 in ?? ()
#10 0x00007f844e153fc0 in ?? ()

If I run 'thread apply all bt' then I see I have good debuginfo for every thread except the thread that is crashing, so there's nothing wrong with debuginfo. So now we know why building with -g didn't seem to work for you.

I've never seen a crash like this before. I wonder if the stack is corrupted here? I'm not sure what we can do to resolve it because:

(gdb) disassemble
No function contains program counter for selected frame.

Even at the assembly language level, we have no clue where it is crashing. We've just got nothing. I think there's a fairly high chance that something is wrong with JSC, but without a backtrace there's no way for me to prove it.

In the off chance that this might be useful:

(gdb) info registers
rax            0xa                 10
rbx            0x7f844e153fc0      140206222426048
rcx            0x7f6e00005980      140110423153024
rdx            0x7f6f90e4c160      140117149008224
rsi            0x7f6f970b7ce0      140117252209888
rdi            0x7f6f90e4c160      140117149008224
rbp            0x7ffef6de4970      0x7ffef6de4970
rsp            0x7ffef6de4900      0x7ffef6de4900
r8             0x7f6e00005980      140110423153024
r9             0x7f6f953d58f0      140117221923056
r10            0xa                 10
r11            0x0                 0
r12            0x7f6f9efd4210      140117385495056
r13            0x7f6f950b2480      140117218632832
r14            0xfffe000000000000  -562949953421312
r15            0xfffe000000000002  -562949953421310
rip            0x7f6fc021f2f7      0x7f6fc021f2f7
eflags         0x10246             [ PF ZF IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230327/e6c1bd6a/attachment.htm>

More information about the webkit-unassigned mailing list