RESOLVED WONTFIX247662
Android arm64 signal 4 (SIGILL) /data/app/com.netease.cloudmusic/lib/arm/libjsc.so 
https://bugs.webkit.org/show_bug.cgi?id=247662
Summary Android arm64 signal 4 (SIGILL) /data/app/com.netease.cloudmusic/lib/arm/libj...
wang
Reported 2022-11-08 23:55:30 PST
Created attachment 463465 [details] crash stack ### Version webkit-2.26.1 we use the libjsc.so from[https://github.com/react-native-community/jsc-android-buildscripts/releases/tag/v250230.2.1] the libjsc.so use webkit-2.26.1 ### Component We decompile with ida to check the assembly instructions, and suspect that m_regExpJITCode is the wrong address ``` if (s.is8Bit()) result = m_regExpJITCode->execute(s.characters8(), startOffset, s.length(), patternContextBufferHolder.buffer(), patternContextBufferHolder.size()); else result = m_regExpJITCode->execute(s.characters16(), startOffset, s.length(), patternContextBufferHolder.buffer(), patternContextBufferHolder.size()); ``` ### Platform and OS Android 10 ### Summary Our app is used by 30 million users every day, when the app is launched, react-native is turned on, and the js code is run using the jsc engine. About 3000 users are experiencing SIGILL crashes every day. ### Description Detailed crash stack: ``` signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x6e780714c0 (*pc=0x54000109) x0 000000779881cb63 x1 0000000000000000 x2 0000000000000000 x3 00000077e1be7458 x4 0000000000000000 x5 0000000000000000 x6 f2aa8611d2997b11 x7 3900023ff2c00dd1 x8 0000006e780714a0 x9 0000000000002000 x10 000000000000009c x11 0000000000000040 x12 0000006e780716c0 x13 d4200000d4200000 x14 0000000000000000 x15 0000006e78071660 x16 0000000000000001 x17 0000006e5430cbd8 x18 0000006e4f3aa000 x19 0000006e55cc4000 x20 0000006e4c439d60 x21 0000006e5430b300 x22 0000006e54300000 x23 0000000000000000 x24 0000006e55c2b990 x25 0000000000000000 x26 00000077e1be7458 x27 ffff000000000000 x28 0000000000000000 x29 00000077e1be7560 sp 00000077e1be7390 lr 00000077986a39d8 pc 0000006e780714c0 backtrace: #00 pc 00000000000724c0 <anonymous: 6e77fff000> #01 pc 00000000005629d4 /data/app/com.netease.cloudmusic-MWwXW1Ro6eqwDgCypqXt2w==/lib/arm64/libjsc.so #02 pc 0000000000058b4c <anonymous: 6e77fff000> java stacktrace: at com.facebook.react.bridge.queue.NativeRunnable.run(Native method) at android.os.Handler.handleCallback(Handler.java:883) at android.os.Handler.dispatchMessage(Handler.java:100) at com.facebook.react.bridge.queue.MessageQueueThreadHandler.dispatchMessage(ProGuard:1) at android.os.Looper.loop(Looper.java:224) at com.facebook.react.bridge.queue.MessageQueueThreadImpl$4.run(ProGuard:8) at java.lang.Thread.run(Thread.java:919) ``` ``` signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0x78baa3b4e0 (*pc=0xd3407c21) x0 00000078c8e1db63 x1 0000000000000000 x2 0000000000000000 x3 0000000000000000 x4 0000000000000000 x5 0000000000000000 x6 f2c00f11f2b73411 x7 d65f03c03900023f x8 00000078baa3b4e0 x9 0000000000002000 x10 000000000000009c x11 0000000000000280 x12 00000078b3a10770 x13 0000000000000001 x14 0000000000000000 x15 00000078baa3b5a0 x16 00000078c8fcf3d8 x17 0000007978cfc168 x18 0000000000000000 x19 00000078b10c3c30 x20 0000000000000000 x21 00000078b3a0d6a8 x22 00000078b9a00000 x23 00000078b10c3c50 x24 0000000000000000 x25 00000078b15cc010 x26 00000078b9a0ccc8 x27 ffff000000000000 x28 ffff000000000002 x29 00000078b3a0d7d0 sp 00000078b3a0d5b0 lr 00000078c8c99844 pc 00000078baa3b4e0 backtrace: #00 pc 000000000004a4e0 <anonymous: 78ba9f1000> #01 pc 0000000000557840 /data/app/com.netease.cloudmusic-8TiD-LQZ_naq2wWtS0dKpA==/lib/arm64/libjsc.so #02 pc 00000000005636b0 /data/app/com.netease.cloudmusic-8TiD-LQZ_naq2wWtS0dKpA==/lib/arm64/libjsc.so #03 pc 00000000000106ac <anonymous: 78ba9f1000> java stacktrace: at com.facebook.react.bridge.queue.NativeRunnable.run(Native method) at android.os.Handler.handleCallback(Handler.java:790) at android.os.Handler.dispatchMessage(Handler.java:99) at com.facebook.react.bridge.queue.MessageQueueThreadHandler.dispatchMessage(ProGuard:1) at android.os.Looper.loop(Looper.java:192) at com.facebook.react.bridge.queue.MessageQueueThreadImpl$4.run(ProGuard:8) at java.lang.Thread.run(Thread.java:764) ```
Attachments
crash stack (172.72 KB, application/zip)
2022-11-08 23:55 PST, wang 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2022-11-09 10:10:12 PST
Interesting... I didn't know anyone had JavaScriptCore working on Android. That said, I'm afraid 2.26.1 is three years old, much too old to be worth investigating. So your first step is to try upgrading to 2.38.2. There's a pretty decent chance your problem will go away just by doing that, so definitely worth it. If you're still seeing crashes after the upgrade, then you can reopen this bug, but it's unlikely to be solved without a *way* better backtrace. I'm not sure what is customary for Android backtraces, but ideally you'd show something as close as possible to what would be provided by gdb on Linux or lldb on macOS, e.g. as in bug #245968, with function names and line numbers at bare minimum, and ideally also stack variables. You might need to build your application with more debugging enabled than normal (e.g. using -g) to do this.
Michael Catanzaro
Comment 2 2022-11-09 10:13:42 PST
(In reply to Michael Catanzaro from comment #1) > Interesting... I didn't know anyone had JavaScriptCore working on Android. Oh that's not true, because there's also https://github.com/Igalia/wpe-android/, and JSC is clearly working there. Regardless, good luck!
Note You need to log in before you can comment on or make changes to this bug.