RESOLVED WORKSFORME 252849
REGRESSION(2.39.90): RELEASE_ASSERT_NOT_REACHED in JITCode::dataAddressAtOffset when attempting to play video on reddit.com 
https://bugs.webkit.org/show_bug.cgi?id=252849
Summary REGRESSION(2.39.90): RELEASE_ASSERT_NOT_REACHED in JITCode::dataAddressAtOff...
Michael Catanzaro
Reported 2023-02-23 11:31:20 PST
Since WebKitGTK 2.39.90, we have a web process crash when attempting to play any video on reddit.com. Video playback fails to start and then after waiting for a sufficient amount of time, we hit this crash: (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f41c40911f3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007f41c403f00e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f41c40287fc in __GI_abort () at abort.c:79 #4 0x00007f41c27956dc in JSC::FTL::JITCode::dataAddressAtOffset(unsigned long) () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1 #5 0x00007f41c2dc54b3 in JSC::DFG::Plan::compileInThreadImpl() () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1 #6 0x00007f41c331da28 in JSC::JITPlan::compileInThread(JSC::JITWorklistThread*) () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1 #7 0x00007f41c333bdde in JSC::JITWorklistThread::work() () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1 #8 0x00007f41c3a9c0fb in WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::{lambda()#1}, void>::call() () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1 #9 0x00007f41c3acef05 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1 #10 0x00007f41c3b3184d in WTF::wtfThreadEntryPoint(void*) () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1 #11 0x00007f41c408f1da in start_thread (arg=<optimized out>) at pthread_create.c:442 #12 0x00007f41c4117f44 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100 Unfortunately debuginfo is not available due to bug #252679 so that's the best backtrace I can get, but it's surely hitting this RELEASE_ASSERT_NOT_REACHED() in FTLJITCode.cpp: void* JITCode::dataAddressAtOffset(size_t) { // We can't patch FTL code, yet. Even if we did, it's not clear that we would do so // through this API. RELEASE_ASSERT_NOT_REACHED(); return nullptr; } That code has not changed since 136905@main, so whatever has changed must be somewhere else.
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2023-03-01 07:48:38 PST
I decided to bisect this today and unfortunately my personal build does not crash. This makes it much harder to figure out what commit to revert. I also notice a bunch of warnings that I've never seen before, but which look unrelated: ** (WebKitWebProcess:2): WARNING **: 09:46:59.851: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin. ** (WebKitWebProcess:2): WARNING **: 09:47:00.410: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin. ** (WebKitWebProcess:2): WARNING **: 09:47:02.526: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin. ** (WebKitWebProcess:2): WARNING **: 09:47:02.545: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin. ** (WebKitWebProcess:2): WARNING **: 09:47:02.597: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin. ** (WebKitWebProcess:2): WARNING **: 09:47:02.611: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin. ** (WebKitWebProcess:2): WARNING **: 09:47:02.686: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin. ** (WebKitWebProcess:2): WARNING **: 09:47:07.524: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.
Michael Catanzaro
Comment 2 2023-03-01 07:55:27 PST
I can no longer reproduce this crash in Tech Preview either. The video is still broken though, but it plays successfully using my build of main, so high chance it's fixed by 260875@main.
Michael Catanzaro
Comment 3 2023-03-01 08:23:12 PST
If I checkout webkitgtk/2.39.90, build, and run that, then I get the same failure to play the video, but still without the crash. So the video playback issue is fixed. I have no clue what happened to the crash. Whatever.
Note You need to log in before you can comment on or make changes to this bug.