Is this reproducible?

I see tons of

Incorrect HMAC value
Failed to decrypt the BSO payload
Failed to create synchronizable object from BSO, skipping...

on my 64 bit machine. Next week I'll try it on my 32 bit machine where the problem occurred...

I can reproduce it just fine on my 32 bit machine. (Not 64 bit machine though.)
Tested when both logged in and logged out to that website. (Desktop version of website.)

And here is what happens when I browse it using

/usr/lib/*-linux-gnu/webkit2gtk-4.0/MiniBrowser \
        --gtk-debug=enable-write-console-messages-to-stdout

1   0xb376b194 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(WTFCrash+0x14) [0xb376b194]
2   0xb33733f2 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC24ScratchRegisterAllocator18allocateScratchGPREv+0xe2) [0xb33733f2]
3   0xb2f36768 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC22GetterSetterAccessCase16emitDOMJITGetterERNS_21AccessGenerationStateEPKNS_6DOMJIT12GetterSetterENS_12X86Registers10RegisterIDE+0x9e8) [0xb2f36768]
4   0xb2ef5516 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10AccessCase12generateImplERNS_21AccessGenerationStateE+0x1a66) [0xb2ef5516]
5   0xb2ef686a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC10AccessCase8generateERNS_21AccessGenerationStateE+0x2a) [0xb2ef686a]
6   0xb2f4abf3 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC17PolymorphicAccess10regenerateERKNS_24GCSafeConcurrentJSLockerERNS_2VMEPNS_9CodeBlockERNS_17StructureStubInfoERKNS_10IdentifierE+0x9b3) [0xb2f4abf3]
7   0xb2f5cb11 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC17StructureStubInfo13addAccessCaseERKNS_24GCSafeConcurrentJSLockerEPNS_9CodeBlockERKNS_10IdentifierESt10unique_ptrINS_10AccessCaseESt14default_deleteISA_EE+0x581) [0xb2f5cb11]
8   0xb3375e35 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x782e35) [0xb3375e35]
9   0xb3376d67 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC14repatchGetByIDEPNS_9ExecStateENS_7JSValueERKNS_10IdentifierERKNS_12PropertySlotERNS_17StructureStubInfoENS_11GetByIDKindE+0x37) [0xb3376d67]
10  0xb3345b51 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x752b51) [0xb3345b51]
11  0xacb8514e [0xacb8514e]
12  0xacb85bf8 [0xacb85bf8]
13  0xacb6d29a [0xacb6d29a]
14  0xacb6a83a [0xacb6a83a]
15  0xacb69a77 [0xacb69a77]
16  0xac9faf19 [0xac9faf19]
17  0xb33855e3 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x7925e3) [0xb33855e3]
18  0xaca8cfe9 [0xaca8cfe9]
19  0xb3385636 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x792636) [0xb3385636]
20  0xb33800f8 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(+0x78d0f8) [0xb33800f8]
21  0xb32f85eb /usr/lib/i386-linux-gnu/libjavascriptcoregtk-4.0.so.18(_ZN3JSC11Interpreter11executeCallEPNS_9ExecStateEPNS_8JSObjectENS_8CallTypeERKNS_8CallDataENS_7JSValueERKNS_7ArgListE+0x23b) [0xb32f85eb]

The page is still visible, but one cannot scroll it with the mouse
wheel.

Package: libwebkit2gtk-4.0-37
Version: 2.22.2-1
File: /usr/lib/i386-linux-gnu/webkit2gtk-4.0/MiniBrowser

-- System Information:
Debian Release: buster/sid
  APT prefers experimental
  APT policy: (990, 'experimental'), (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 4.18.0-2-686-pae (SMP w/1 CPU core)
Locale: LANG=zh_TW.UTF-8, LC_CTYPE=zh_TW.UTF-8 (charmap=UTF-8), LANGUAGE=zh_TW.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages libwebkit2gtk-4.0-37:i386 depends on:
ii  libatk1.0-0                     2.30.0-1
ii  libc6                           2.27-6
ii  libcairo2                       1.15.12-1
ii  libegl1                         1.1.0-1
ii  libenchant1c2a                  1.6.0-11.1
ii  libfontconfig1                  2.13.1-1
ii  libfreetype6                    2.9.1-2
ii  libgcc1                         1:8.2.0-7
ii  libgcrypt20                     1.8.3-1
ii  libgdk-pixbuf2.0-0              2.38.0+dfsg-6
ii  libgl1                          1.1.0-1
ii  libglib2.0-0                    2.58.1-2
ii  libgstreamer-gl1.0-0            1.14.4-1
ii  libgstreamer-plugins-base1.0-0  1.14.4-1
ii  libgstreamer1.0-0               1.14.4-1
ii  libgtk-3-0                      3.24.1-2
ii  libharfbuzz-icu0                1.9.0-1
ii  libharfbuzz0b                   1.9.0-1
ii  libhyphen0                      2.8.8-5
ii  libicu60                        60.2-6
ii  libjavascriptcoregtk-4.0-18     2.22.2-1
ii  libjpeg62-turbo                 1:1.5.2-2+b1
ii  libnotify4                      0.7.7-3
ii  libpango-1.0-0                  1.42.4-3
ii  libpng16-16                     1.6.34-2
ii  libsecret-1-0                   0.18.6-3
ii  libsoup2.4-1                    2.64.1-3
ii  libsqlite3-0                    3.25.2-1
ii  libstdc++6                      8.2.0-7
ii  libtasn1-6                      4.13-3
ii  libwayland-client0              1.16.0-1
ii  libwayland-egl1                 1.16.0-1
ii  libwayland-server0              1.16.0-1
ii  libwebp6                        0.6.1-2
ii  libwebpdemux2                   0.6.1-2
ii  libwoff1                        1.0.2-1
ii  libx11-6                        2:1.6.7-1
ii  libxcomposite1                  1:0.4.4-2
ii  libxdamage1                     1:1.1.4-3
ii  libxml2                         2.9.8+dfsg-1
ii  libxslt1.1                      1.1.32-2
ii  zlib1g                          1:1.2.11.dfsg-1

Versions of packages libwebkit2gtk-4.0-37:i386 recommends:
ii  gstreamer1.0-alsa          1.14.4-1
pn  gstreamer1.0-gl            <none>
ii  gstreamer1.0-plugins-good  1.14.4-1
ii  libgl1-mesa-dri            18.2.0-1

Versions of packages libwebkit2gtk-4.0-37:i386 suggests:
pn  libwebkit2gtk-4.0-37-gtk2  <none>

-- no debconf information

I think this is due to register exhaustion. And I think disabling DOMJIT on 32bit environment is the reasonable fix.

Created attachment 352303 [details]
Patch

Committed r237108: <https://trac.webkit.org/changeset/237108>

<rdar://problem/45271326>