190387 2018-10-08 17:59:51 -0700 [JSC] Disable DOMJIT on 32bit architecture 2018-10-15 08:08:41 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED http://radioscanningtw.jidanni.org/index.php?hidebots=1&limit=50&days=512&enhanced=1&title=特殊:近期變動&urlversion=2 InRadar P2 Normal --- 1 jidanni ysuzuki beidson ews-watchlist keith_miller mark.lam msaboff saam webkit-bug-importer ysuzuki oldest_to_newest 1467290 0 jidanni 2018-10-08 17:59:51 -0700 Seen when browsing the above URL. 1 0xb3690194 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x14) [0xb3690194] 2 0xb32983f2 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC24ScratchRegisterAllocator18allocateScratchGPREv+0xe2) [0xb32983f2] 3 0xb2e5b768 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC22GetterSetterAccessCase16emitDOMJITGetterERNS_21AccessGenerationStateEPKNS_6DOMJIT12GetterSetterENS_12X86Registers10RegisterIDE+0x9e8) [0xb2e5b768] 4 0xb2e1a516 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10AccessCase12generateImplERNS_21AccessGenerationStateE+0x1a66) [0xb2e1a516] 5 0xb2e1b86a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10AccessCase8generateERNS_21AccessGenerationStateE+0x2a) [0xb2e1b86a] 6 0xb2e6fbf3 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC17PolymorphicAccess10regenerateERKNS_24GCSafeConcurrentJSLockerERNS_2VMEPNS_9CodeBlockERNS_17StructureStubInfoERKNS_10IdentifierE+0x9b3) [0xb2e6fbf3] 7 0xb2e81b11 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC17StructureStubInfo13addAccessCaseERKNS_24GCSafeConcurrentJSLockerEPNS_9CodeBlockERKNS_10IdentifierESt10unique_ptrINS_10AccessCaseESt14default_deleteISA_EE+0x581) [0xb2e81b11] 8 0xb329ae35 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x782e35) [0xb329ae35] 9 0xb329bd67 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC14repatchGetByIDEPNS_9ExecStateENS_7JSValueERKNS_10IdentifierERKNS_12PropertySlotERNS_17StructureStubInfoENS_11GetByIDKindE+0x37) [0xb329bd67] 10 0xb326ab51 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x752b51) [0xb326ab51] 11 0xacac2b3d [0xacac2b3d] 12 0xacac3498 [0xacac3498] 13 0xaca7e39a [0xaca7e39a] 14 0xacaa6a9a [0xacaa6a9a] 15 0xacaa7ff4 [0xacaa7ff4] 16 0xacab06a2 [0xacab06a2] 17 0xacab85d9 [0xacab85d9] 18 0xacab99b6 [0xacab99b6] 19 0xacabc319 [0xacabc319] 20 0xb32aa5e3 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x7925e3) [0xb32aa5e3] 21 0xaca076d8 [0xaca076d8] 22 0xb32aa636 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x792636) [0xb32aa636] 23 0xb32a50f8 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x78d0f8) [0xb32a50f8] 24 0xb321d5eb /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC11Interpreter11executeCallEPNS_9ExecStateEPNS_8JSObjectENS_8CallTypeERKNS_8CallDataENS_7JSValueERKNS_7ArgListE+0x23b) [0xb321d5eb] Version: 3.30.0-2 File: /usr/bin/epiphany Versions of packages epiphany-browser depends on: ii dbus-x11 [dbus-session-bus] 1.13.6-1 ii epiphany-browser-data 3.30.0-2 ii gsettings-desktop-schemas 3.28.1-1 ii iso-codes 4.1-1 ii libc6 2.27-6 ii libcairo2 1.15.12-1 ii libdazzle-1.0-0 3.30.1-2 ii libgcr-base-3-1 3.28.0-1 ii libgcr-ui-3-1 3.28.0-1 ii libgdk-pixbuf2.0-0 2.38.0+dfsg-6 ii libglib2.0-0 2.58.1-2 ii libgmp10 2:6.1.2+dfsg-3 ii libgtk-3-0 3.24.1-2 ii libhogweed4 3.4-1 ii libicu60 60.2-6 ii libjavascriptcoregtk-4.0-18 2.22.2-1 ii libjson-glib-1.0-0 1.4.2-4 ii libnettle6 3.4-1 ii libnotify4 0.7.7-3 ii libpango-1.0-0 1.42.4-3 ii libsecret-1-0 0.18.6-3 ii libsoup2.4-1 2.64.1-3 ii libsqlite3-0 3.25.2-1 ii libwebkit2gtk-4.0-37 2.22.2-1 ii libxml2 2.9.8+dfsg-1 Versions of packages epiphany-browser recommends: ii ca-certificates 20180409 pn evince <none> ii yelp 3.30.0-1 epiphany-browser suggests no packages. -- no debconf information 1467882 1 ap 2018-10-10 16:39:08 -0700 Is this reproducible? 1467897 2 jidanni 2018-10-10 17:41:40 -0700 I see tons of Incorrect HMAC value Failed to decrypt the BSO payload Failed to create synchronizable object from BSO, skipping... on my 64 bit machine. Next week I'll try it on my 32 bit machine where the problem occurred... 1469147 3 jidanni 2018-10-15 00:20:42 -0700 I can reproduce it just fine on my 32 bit machine. (Not 64 bit machine though.) Tested when both logged in and logged out to that website. (Desktop version of website.) 1469148 4 jidanni 2018-10-15 00:26:36 -0700 And here is what happens when I browse it using /usr/lib/*-linux-gnu/webkit2gtk-4.0/MiniBrowser \ --gtk-debug=enable-write-console-messages-to-stdout 1 0xb376b194 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x14) [0xb376b194] 2 0xb33733f2 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC24ScratchRegisterAllocator18allocateScratchGPREv+0xe2) [0xb33733f2] 3 0xb2f36768 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC22GetterSetterAccessCase16emitDOMJITGetterERNS_21AccessGenerationStateEPKNS_6DOMJIT12GetterSetterENS_12X86Registers10RegisterIDE+0x9e8) [0xb2f36768] 4 0xb2ef5516 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10AccessCase12generateImplERNS_21AccessGenerationStateE+0x1a66) [0xb2ef5516] 5 0xb2ef686a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10AccessCase8generateERNS_21AccessGenerationStateE+0x2a) [0xb2ef686a] 6 0xb2f4abf3 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC17PolymorphicAccess10regenerateERKNS_24GCSafeConcurrentJSLockerERNS_2VMEPNS_9CodeBlockERNS_17StructureStubInfoERKNS_10IdentifierE+0x9b3) [0xb2f4abf3] 7 0xb2f5cb11 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC17StructureStubInfo13addAccessCaseERKNS_24GCSafeConcurrentJSLockerEPNS_9CodeBlockERKNS_10IdentifierESt10unique_ptrINS_10AccessCaseESt14default_deleteISA_EE+0x581) [0xb2f5cb11] 8 0xb3375e35 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x782e35) [0xb3375e35] 9 0xb3376d67 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC14repatchGetByIDEPNS_9ExecStateENS_7JSValueERKNS_10IdentifierERKNS_12PropertySlotERNS_17StructureStubInfoENS_11GetByIDKindE+0x37) [0xb3376d67] 10 0xb3345b51 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x752b51) [0xb3345b51] 11 0xacb8514e [0xacb8514e] 12 0xacb85bf8 [0xacb85bf8] 13 0xacb6d29a [0xacb6d29a] 14 0xacb6a83a [0xacb6a83a] 15 0xacb69a77 [0xacb69a77] 16 0xac9faf19 [0xac9faf19] 17 0xb33855e3 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x7925e3) [0xb33855e3] 18 0xaca8cfe9 [0xaca8cfe9] 19 0xb3385636 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x792636) [0xb3385636] 20 0xb33800f8 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x78d0f8) [0xb33800f8] 21 0xb32f85eb /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC11Interpreter11executeCallEPNS_9ExecStateEPNS_8JSObjectENS_8CallTypeERKNS_8CallDataENS_7JSValueERKNS_7ArgListE+0x23b) [0xb32f85eb] The page is still visible, but one cannot scroll it with the mouse wheel. Package: libwebkit2gtk-4.0-37 Version: 2.22.2-1 File: /usr/lib/i386-linux-gnu/webkit2gtk-4.0/MiniBrowser -- System Information: Debian Release: buster/sid APT prefers experimental APT policy: (990, 'experimental'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 4.18.0-2-686-pae (SMP w/1 CPU core) Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), LANGUAGE=zh_TW.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages libwebkit2gtk-4.0-37:i386 depends on: ii libatk1.0-0 2.30.0-1 ii libc6 2.27-6 ii libcairo2 1.15.12-1 ii libegl1 1.1.0-1 ii libenchant1c2a 1.6.0-11.1 ii libfontconfig1 2.13.1-1 ii libfreetype6 2.9.1-2 ii libgcc1 1:8.2.0-7 ii libgcrypt20 1.8.3-1 ii libgdk-pixbuf2.0-0 2.38.0+dfsg-6 ii libgl1 1.1.0-1 ii libglib2.0-0 2.58.1-2 ii libgstreamer-gl1.0-0 1.14.4-1 ii libgstreamer-plugins-base1.0-0 1.14.4-1 ii libgstreamer1.0-0 1.14.4-1 ii libgtk-3-0 3.24.1-2 ii libharfbuzz-icu0 1.9.0-1 ii libharfbuzz0b 1.9.0-1 ii libhyphen0 2.8.8-5 ii libicu60 60.2-6 ii libjavascriptcoregtk-4.0-18 2.22.2-1 ii libjpeg62-turbo 1:1.5.2-2+b1 ii libnotify4 0.7.7-3 ii libpango-1.0-0 1.42.4-3 ii libpng16-16 1.6.34-2 ii libsecret-1-0 0.18.6-3 ii libsoup2.4-1 2.64.1-3 ii libsqlite3-0 3.25.2-1 ii libstdc++6 8.2.0-7 ii libtasn1-6 4.13-3 ii libwayland-client0 1.16.0-1 ii libwayland-egl1 1.16.0-1 ii libwayland-server0 1.16.0-1 ii libwebp6 0.6.1-2 ii libwebpdemux2 0.6.1-2 ii libwoff1 1.0.2-1 ii libx11-6 2:1.6.7-1 ii libxcomposite1 1:0.4.4-2 ii libxdamage1 1:1.1.4-3 ii libxml2 2.9.8+dfsg-1 ii libxslt1.1 1.1.32-2 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages libwebkit2gtk-4.0-37:i386 recommends: ii gstreamer1.0-alsa 1.14.4-1 pn gstreamer1.0-gl <none> ii gstreamer1.0-plugins-good 1.14.4-1 ii libgl1-mesa-dri 18.2.0-1 Versions of packages libwebkit2gtk-4.0-37:i386 suggests: pn libwebkit2gtk-4.0-37-gtk2 <none> -- no debconf information 1469149 5 ysuzuki 2018-10-15 00:27:09 -0700 I think this is due to register exhaustion. And I think disabling DOMJIT on 32bit environment is the reasonable fix. 1469150 6 352303 ysuzuki 2018-10-15 00:35:43 -0700 Created attachment 352303 Patch 1469212 7 ysuzuki 2018-10-15 08:07:34 -0700 Committed r237108: <https://trac.webkit.org/changeset/237108> 1469214 8 webkit-bug-importer 2018-10-15 08:08:41 -0700 <rdar://problem/45271326> 352303 2018-10-15 00:35:43 -0700 2018-10-15 08:02:47 -0700 Patch bug-190387-20181015163542.patch text/plain 1589 ysuzuki U3VidmVyc2lvbiBSZXZpc2lvbjogMjM3MDkxCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlw dENvcmUvQ2hhbmdlTG9nIGIvU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwppbmRleCBm YThlOTM5MTI2ZGYzMzJhY2YxMTgxOWQ1ZDg0YjI3ZGY3ZGI0YzJiLi42YWY2ODFmNDA4MmEwYzM4 NjE2MzI2ZWI3ZTRiYmM4YmEyYTQ4YTliIDEwMDY0NAotLS0gYS9Tb3VyY2UvSmF2YVNjcmlwdENv cmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNCBAQAorMjAxOC0xMC0xNSAgWXVzdWtlIFN1enVraSAgPHl1c3VrZXN1enVraUBzbG93 c3RhcnQub3JnPgorCisgICAgICAgIFtKU0NdIERpc2FibGUgRE9NSklUIG9uIDMyYml0IGFyY2hp dGVjdHVyZQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9 MTkwMzg3CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAg V2UgZGlzYWJsZSBET01KSVQgb24gMzJiaXQgYXJjaGl0ZWN0dXJlIGR1ZSB0byBleGhhdXN0aW9u IG9mIHJlZ2lzdGVycy4KKworICAgICAgICAqIHJ1bnRpbWUvT3B0aW9ucy5oOgorCiAyMDE4LTEw LTEyICBUYWRldSBaYWdhbGxvICA8dHphZ2FsbG9AYXBwbGUuY29tPgogCiAgICAgICAgIEdhcmRl bmluZzogQnVpbGQgZml4IGFmdGVyIHIyMzcwODQuCmRpZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNj cmlwdENvcmUvcnVudGltZS9PcHRpb25zLmggYi9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGlt ZS9PcHRpb25zLmgKaW5kZXggMmU0OWE1ZDUyY2NlYTA0MTY0YjIyMWQ4YzNhYjhjOWNkMWUwOGMx YS4uN2U2MGNkMTNjZmRmZDRhODhiODA5ZjQ3OWUyMDVkNzM2OGRkZTc5ZSAxMDA2NDQKLS0tIGEv U291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvT3B0aW9ucy5oCisrKyBiL1NvdXJjZS9KYXZh U2NyaXB0Q29yZS9ydW50aW1lL09wdGlvbnMuaApAQCAtMTQwLDcgKzE0MCw3IEBAIGNvbnN0ZXhw ciBib29sIGVuYWJsZVdlYkFzc2VtYmx5U3RyZWFtaW5nQXBpID0gZmFsc2U7CiAgICAgdihib29s LCB1c2VCYXNlbGluZUpJVCwgdHJ1ZSwgTm9ybWFsLCAiYWxsb3dzIHRoZSBiYXNlbGluZSBKSVQg dG8gYmUgdXNlZCBpZiB0cnVlIikgXAogICAgIHYoYm9vbCwgdXNlREZHSklULCB0cnVlLCBOb3Jt YWwsICJhbGxvd3MgdGhlIERGRyBKSVQgdG8gYmUgdXNlZCBpZiB0cnVlIikgXAogICAgIHYoYm9v bCwgdXNlUmVnRXhwSklULCB0cnVlLCBOb3JtYWwsICJhbGxvd3MgdGhlIFJlZ0V4cCBKSVQgdG8g YmUgdXNlZCBpZiB0cnVlIikgXAotICAgIHYoYm9vbCwgdXNlRE9NSklULCB0cnVlLCBOb3JtYWws ICJhbGxvd3MgdGhlIERPTUpJVCB0byBiZSB1c2VkIGlmIHRydWUiKSBcCisgICAgdihib29sLCB1 c2VET01KSVQsIGlzNjRCaXQoKSwgTm9ybWFsLCAiYWxsb3dzIHRoZSBET01KSVQgdG8gYmUgdXNl ZCBpZiB0cnVlIikgXAogICAgIFwKICAgICB2KGJvb2wsIHJlcG9ydE11c3RTdWNjZWVkRXhlY3V0 YWJsZUFsbG9jYXRpb25zLCBmYWxzZSwgTm9ybWFsLCBudWxscHRyKSBcCiAgICAgXAo=