254325 2023-03-23 04:58:49 -0700 REGRESSION(261993@main): Reddit crashes in MiniBrowser 2023-03-31 05:27:52 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build PC Linux RESOLVED DUPLICATE 254752 P2 Normal --- 1 kdwkleung webkit-unassigned bugs-noreply fujii mcatanzaro oldest_to_newest 1943337 0 kdwkleung 2023-03-23 04:58:49 -0700 In the latest WebKitGTK MiniBrowser (locally compiled), visiting reddit.com crashes the WebProcess -- "** (MiniBrowser:17): WARNING **: 04:56:38.751: WebProcess CRASHED" 1943351 1 mcatanzaro 2023-03-23 05:59:06 -0700 Backtrace? 1943356 2 465552 kdwkleung 2023-03-23 06:20:51 -0700 Created attachment 465552 Backtrace for crashing WebProcess Would this be good? 1943376 3 mcatanzaro 2023-03-23 08:37:50 -0700 No, because you didn't take that with gdb or install any debuginfo. 1943906 4 kdwkleung 2023-03-24 17:58:58 -0700 Well looks like coredumpctl gdb isn’t working for me… are you able to reproduce it on your end?0 1944346 5 mcatanzaro 2023-03-27 13:29:03 -0700 Uh, I can reproduce the crash, but my backtrace is 115 frames of nothing: #0 0x00007f6fc021f2f7 in ?? () #1 0x000000000000000a in ?? () #2 0x00007f6f970b7960 in ?? () #3 0x00007f843a400000 in ?? () #4 0x000000019087b8e0 in ?? () #5 0x00007f6f90e48380 in ?? () #6 0x00007f843a904800 in ?? () #7 0x00007f6f90e31d00 in ?? () #8 0x00007f6f970b7c80 in ?? () #9 0x00007f6f90d2b740 in ?? () #10 0x00007f844e153fc0 in ?? () If I run 'thread apply all bt' then I see I have good debuginfo for every thread except the thread that is crashing, so there's nothing wrong with debuginfo. So now we know why building with -g didn't seem to work for you. I've never seen a crash like this before. I wonder if the stack is corrupted here? I'm not sure what we can do to resolve it because: (gdb) disassemble No function contains program counter for selected frame. Even at the assembly language level, we have no clue where it is crashing. We've just got nothing. I think there's a fairly high chance that something is wrong with JSC, but without a backtrace there's no way for me to prove it. In the off chance that this might be useful: (gdb) info registers rax 0xa 10 rbx 0x7f844e153fc0 140206222426048 rcx 0x7f6e00005980 140110423153024 rdx 0x7f6f90e4c160 140117149008224 rsi 0x7f6f970b7ce0 140117252209888 rdi 0x7f6f90e4c160 140117149008224 rbp 0x7ffef6de4970 0x7ffef6de4970 rsp 0x7ffef6de4900 0x7ffef6de4900 r8 0x7f6e00005980 140110423153024 r9 0x7f6f953d58f0 140117221923056 r10 0xa 10 r11 0x0 0 r12 0x7f6f9efd4210 140117385495056 r13 0x7f6f950b2480 140117218632832 r14 0xfffe000000000000 -562949953421312 r15 0xfffe000000000002 -562949953421310 rip 0x7f6fc021f2f7 0x7f6fc021f2f7 eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 1944355 6 fujii 2023-03-27 13:43:12 -0700 You can confirm if it's a JIT bug by disabling JIT. export JSC_useJIT=0 https://trac.webkit.org/wiki/EnvironmentVariables 1944361 7 mcatanzaro 2023-03-27 13:59:17 -0700 Looks like 2.40.0 is OK, so this problem is introduced recently. 1944366 8 mcatanzaro 2023-03-27 14:08:00 -0700 (In reply to Fujii Hironori from comment #6) > You can confirm if it's a JIT bug by disabling JIT. > export JSC_useJIT=0 > https://trac.webkit.org/wiki/EnvironmentVariables Good idea. The crash actually does go away with that environment variable set, so something bad must have landed in JSC. Changing component. This should be bisectable, so I'll try to narrow it down. 1945031 9 mcatanzaro 2023-03-29 10:06:53 -0700 *** This bug has been marked as a duplicate of bug 254633 *** 1945654 10 mcatanzaro 2023-03-31 05:27:52 -0700 *** This bug has been marked as a duplicate of bug 254752 *** 465552 2023-03-23 06:20:51 -0700 2023-03-23 06:20:51 -0700 Backtrace for crashing WebProcess Backtrace.txt text/plain 3458 kdwkleung SGludDogWW91IGFyZSBjdXJyZW50bHkgbm90IHNlZWluZyBtZXNzYWdlcyBmcm9tIG90aGVyIHVz ZXJzIGFuZCB0aGUgc3lzdGVtLgogICAgICBVc2VycyBpbiBncm91cHMgJzQyOTQ5NjcyOTUnLCAn c3lzdGVtZC1qb3VybmFsJyBjYW4gc2VlIGFsbCBtZXNzYWdlcy4KICAgICAgUGFzcyAtcSB0byB0 dXJuIG9mZiB0aGlzIG5vdGljZS4KICAgICAgICAgICBQSUQ6IDE0ODUwOSAoV2ViS2l0V2ViUHJv Y2VzKQogICAgICAgICAgIFVJRDogMTAwMCAoa2R3aykKICAgICAgICAgICBHSUQ6IDEwMDAgKGtk d2spCiAgICAgICAgU2lnbmFsOiAxMSAoU0VHVikKICAgICBUaW1lc3RhbXA6IFRodSAyMDIzLTAz LTIzIDIxOjE4OjA1IEhLVCAoMThzIGFnbykKICBDb21tYW5kIExpbmU6IC9hcHAvd2Via2l0L1dl YktpdEJ1aWxkL1JlbGVhc2UvYmluL1dlYktpdFdlYlByb2Nlc3MgMTYgNDEKICAgIEV4ZWN1dGFi bGU6IC9hcHAvd2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvYmluL1dlYktpdFdlYlByb2Nlc3MK IENvbnRyb2wgR3JvdXA6IC91c2VyLnNsaWNlL3VzZXItMTAwMC5zbGljZS91c2VyQDEwMDAuc2Vy dmljZS9hcHAuc2xpY2UvYXBwLWZsYXRwYWstb3JnLndlYmtpdC5TZGstMTQ4MzE2LnNjb3BlCiAg ICAgICAgICBVbml0OiB1c2VyQDEwMDAuc2VydmljZQogICAgIFVzZXIgVW5pdDogYXBwLWZsYXRw YWstb3JnLndlYmtpdC5TZGstMTQ4MzE2LnNjb3BlCiAgICAgICAgIFNsaWNlOiB1c2VyLTEwMDAu c2xpY2UKICAgICBPd25lciBVSUQ6IDEwMDAgKGtkd2spCiAgICAgICBCb290IElEOiBlYWFmY2I0 MzcyYjI0ZDdlYmJlMzVhN2E4ZmU4Mjk0NQogICAgTWFjaGluZSBJRDogM2U0N2JkNzFjZDU5NDdh M2E5ZTU0ZGU1MGM4NDE4MzEKICAgICAgSG9zdG5hbWU6IHRvb2xib3gKICAgICAgIFN0b3JhZ2U6 IC92YXIvbGliL3N5c3RlbWQvY29yZWR1bXAvY29yZS5XZWJLaXRXZWJQcm9jZXMuMTAwMC5lYWFm Y2I0MzcyYjI0ZDdlYmJlMzVhN2E4ZmU4Mjk0NS4xNDg1MDkuMTY3OTU3NzQ4NTAwMDAwMC56c3Qg KHByZXNlbnQpCiAgU2l6ZSBvbiBEaXNrOiAzNi42TQogICAgICAgTWVzc2FnZTogUHJvY2VzcyAx NDg1MDkgKFdlYktpdFdlYlByb2Nlcykgb2YgdXNlciAxMDAwIGR1bXBlZCBjb3JlLgogICAgICAg ICAgICAgICAgCiAgICAgICAgICAgICAgICBTdGFjayB0cmFjZSBvZiB0aHJlYWQgMTcwOgogICAg ICAgICAgICAgICAgIzAgIDB4MDAwMDdmYTUyNDJiZTFjOSBuL2EgKG4vYSArIDB4MCkKICAgICAg ICAgICAgICAgICMxICAweDAwMDA3ZmE1MjQzNjkzMWEgbi9hIChuL2EgKyAweDApCiAgICAgICAg ICAgICAgICAjMiAgMHgwMDAwN2ZhNThhNzY3ODZhIG4vYSAoL2FwcC93ZWJraXQvV2ViS2l0QnVp bGQvUmVsZWFzZS9saWIvbGliamF2YXNjcmlwdGNvcmVndGstNi4wLnNvLjEuMS4wICsgMHg1Njc4 NmEpCiAgICAgICAgICAgICAgICAjMyAgMHgwMDAwN2ZhNThhNzY3ODZhIG4vYSAoL2FwcC93ZWJr aXQvV2ViS2l0QnVpbGQvUmVsZWFzZS9saWIvbGliamF2YXNjcmlwdGNvcmVndGstNi4wLnNvLjEu MS4wICsgMHg1Njc4NmEpCiAgICAgICAgICAgICAgICAjNCAgMHgwMDAwN2ZhNTI0MzRiNzYxIG4v YSAobi9hICsgMHgwKQogICAgICAgICAgICAgICAgIzUgIDB4MDAwMDdmYTUyNDM0MDRjYyBuL2Eg KG4vYSArIDB4MCkKICAgICAgICAgICAgICAgICM2ICAweDAwMDA3ZmE1MjQxOWU5ZTkgbi9hIChu L2EgKyAweDApCiAgICAgICAgICAgICAgICAjNyAgMHgwMDAwN2ZhNTI0MjRjNmEwIG4vYSAobi9h ICsgMHgwKQogICAgICAgICAgICAgICAgIzggIDB4MDAwMDdmYTU4YTc2Nzg2YSBuL2EgKC9hcHAv d2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGliL2xpYmphdmFzY3JpcHRjb3JlZ3RrLTYuMC5z by4xLjEuMCArIDB4NTY3ODZhKQogICAgICAgICAgICAgICAgIzkgIDB4MDAwMDdmYTU4YTc2Nzg2 YSBuL2EgKC9hcHAvd2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGliL2xpYmphdmFzY3JpcHRj b3JlZ3RrLTYuMC5zby4xLjEuMCArIDB4NTY3ODZhKQogICAgICAgICAgICAgICAgIzEwIDB4MDAw MDdmYTU4YTc2Nzg2YSBuL2EgKC9hcHAvd2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGliL2xp YmphdmFzY3JpcHRjb3JlZ3RrLTYuMC5zby4xLjEuMCArIDB4NTY3ODZhKQogICAgICAgICAgICAg ICAgIzExIDB4MDAwMDdmYTU4YTc2Nzg2YSBuL2EgKC9hcHAvd2Via2l0L1dlYktpdEJ1aWxkL1Jl bGVhc2UvbGliL2xpYmphdmFzY3JpcHRjb3JlZ3RrLTYuMC5zby4xLjEuMCArIDB4NTY3ODZhKQog ICAgICAgICAgICAgICAgIzEyIDB4MDAwMDdmYTU4YTc2Nzg2YSBuL2EgKC9hcHAvd2Via2l0L1dl YktpdEJ1aWxkL1JlbGVhc2UvbGliL2xpYmphdmFzY3JpcHRjb3JlZ3RrLTYuMC5zby4xLjEuMCAr IDB4NTY3ODZhKQogICAgICAgICAgICAgICAgIzEzIDB4MDAwMDdmYTU4YTc2NzdmMyBuL2EgKC9h cHAvd2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGliL2xpYmphdmFzY3JpcHRjb3JlZ3RrLTYu MC5zby4xLjEuMCArIDB4NTY3N2YzKQogICAgICAgICAgICAgICAgIzE0IDB4MDAwMDdmYTU4YTc2 ODJlYSBuL2EgKC9hcHAvd2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGliL2xpYmphdmFzY3Jp cHRjb3JlZ3RrLTYuMC5zby4xLjEuMCArIDB4NTY4MmVhKQogICAgICAgICAgICAgICAgIzE1IDB4 MDAwMDdmYTU4YTc2NzdmMyBuL2EgKC9hcHAvd2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGli L2xpYmphdmFzY3JpcHRjb3JlZ3RrLTYuMC5zby4xLjEuMCArIDB4NTY3N2YzKQogICAgICAgICAg ICAgICAgIzE2IDB4MDAwMDdmYTU4YTc2NzdmMyBuL2EgKC9hcHAvd2Via2l0L1dlYktpdEJ1aWxk L1JlbGVhc2UvbGliL2xpYmphdmFzY3JpcHRjb3JlZ3RrLTYuMC5zby4xLjEuMCArIDB4NTY3N2Yz KQogICAgICAgICAgICAgICAgIzE3IDB4MDAwMDdmYTU4YTc2NzdmMyBuL2EgKC9hcHAvd2Via2l0 L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGliL2xpYmphdmFzY3JpcHRjb3JlZ3RrLTYuMC5zby4xLjEu MCArIDB4NTY3N2YzKQogICAgICAgICAgICAgICAgIzE4IDB4MDAwMDdmYTU4YTc0YTRkNyBuL2Eg KC9hcHAvd2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGliL2xpYmphdmFzY3JpcHRjb3JlZ3Rr LTYuMC5zby4xLjEuMCArIDB4NTRhNGQ3KQogICAgICAgICAgICAgICAgIzE5IDB4MDAwMDdmYTU4 YjMxYmYzMiBuL2EgKC9hcHAvd2Via2l0L1dlYktpdEJ1aWxkL1JlbGVhc2UvbGliL2xpYmphdmFz Y3JpcHRjb3JlZ3RrLTYuMC5zby4xLjEuMCArIDB4MTExYmYzMikKICAgICAgICAgICAgICAgICMy MCAweDAwMDAwMDAwMDAwMDAwMDQgbi9hIChuL2EgKyAweDApCiAgICAgICAgICAgICAgICAjMjEg MHgwMDAwN2ZhMzhlYzgwY2UwIG4vYSAobi9hICsgMHgwKQogICAgICAgICAgICAgICAgRUxGIG9i amVjdCBiaW5hcnkgYXJjaGl0ZWN0dXJlOiBBTUQgeDg2LTY0Cgo=