[Webkit-unassigned] [Bug 252849] New: RELEASE_ASSERT_NOT_REACHED in JITCode::dataAddressAtOffset when attempting to play video on reddit.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 23 11:31:20 PST 2023 

https://bugs.webkit.org/show_bug.cgi?id=252849

            Bug ID: 252849
           Summary: RELEASE_ASSERT_NOT_REACHED in
                    JITCode::dataAddressAtOffset when attempting to play
                    video on reddit.com
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bugs-noreply at webkitgtk.org

Since WebKitGTK 2.39.90, we have a web process crash when attempting to play any video on reddit.com. Video playback fails to start and then after waiting for a sufficient amount of time, we hit this crash:

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo at entry=6, no_tid=no_tid at entry=0)
    at pthread_kill.c:44
#1  0x00007f41c40911f3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f41c403f00e in __GI_raise (sig=sig at entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f41c40287fc in __GI_abort () at abort.c:79
#4  0x00007f41c27956dc in JSC::FTL::JITCode::dataAddressAtOffset(unsigned long) ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#5  0x00007f41c2dc54b3 in JSC::DFG::Plan::compileInThreadImpl() ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#6  0x00007f41c331da28 in JSC::JITPlan::compileInThread(JSC::JITWorklistThread*) ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#7  0x00007f41c333bdde in JSC::JITWorklistThread::work() ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#8  0x00007f41c3a9c0fb in WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::{lambda()#1}, void>::call() () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#9  0x00007f41c3acef05 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#10 0x00007f41c3b3184d in WTF::wtfThreadEntryPoint(void*) ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#11 0x00007f41c408f1da in start_thread (arg=<optimized out>) at pthread_create.c:442
#12 0x00007f41c4117f44 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100

Unfortunately debuginfo is not available due to bug #252679 so that's the best backtrace I can get, but it's surely hitting this RELEASE_ASSERT_NOT_REACHED() in FTLJITCode.cpp:

void* JITCode::dataAddressAtOffset(size_t)
{
    // We can't patch FTL code, yet. Even if we did, it's not clear that we would do so
    // through this API.
    RELEASE_ASSERT_NOT_REACHED();
    return nullptr;
}

That code has not changed since 136905 at main, so whatever has changed must be somewhere else.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230223/1e8faa92/attachment.htm>

More information about the webkit-unassigned mailing list