Bug 252849

Summary: REGRESSION(2.39.90): RELEASE_ASSERT_NOT_REACHED in JITCode::dataAddressAtOffset when attempting to play video on reddit.com
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: bugs-noreply, mcatanzaro
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   

Description Michael Catanzaro 2023-02-23 11:31:20 PST 
Since WebKitGTK 2.39.90, we have a web process crash when attempting to play any video on reddit.com. Video playback fails to start and then after waiting for a sufficient amount of time, we hit this crash:

(gdb) bt
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
#1  0x00007f41c40911f3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f41c403f00e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007f41c40287fc in __GI_abort () at abort.c:79
#4  0x00007f41c27956dc in JSC::FTL::JITCode::dataAddressAtOffset(unsigned long) ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#5  0x00007f41c2dc54b3 in JSC::DFG::Plan::compileInThreadImpl() ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#6  0x00007f41c331da28 in JSC::JITPlan::compileInThread(JSC::JITWorklistThread*) ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#7  0x00007f41c333bdde in JSC::JITWorklistThread::work() ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#8  0x00007f41c3a9c0fb in WTF::Detail::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::{lambda()#1}, void>::call() () at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#9  0x00007f41c3acef05 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#10 0x00007f41c3b3184d in WTF::wtfThreadEntryPoint(void*) ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#11 0x00007f41c408f1da in start_thread (arg=<optimized out>) at pthread_create.c:442
#12 0x00007f41c4117f44 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100

Unfortunately debuginfo is not available due to bug #252679 so that's the best backtrace I can get, but it's surely hitting this RELEASE_ASSERT_NOT_REACHED() in FTLJITCode.cpp:

void* JITCode::dataAddressAtOffset(size_t)
{
    // We can't patch FTL code, yet. Even if we did, it's not clear that we would do so
    // through this API.
    RELEASE_ASSERT_NOT_REACHED();
    return nullptr;
}

That code has not changed since 136905@main, so whatever has changed must be somewhere else.
Comment 1 Michael Catanzaro 2023-03-01 07:48:38 PST 
I decided to bisect this today and unfortunately my personal build does not crash. This makes it much harder to figure out what commit to revert. I also notice a bunch of warnings that I've never seen before, but which look unrelated:

** (WebKitWebProcess:2): WARNING **: 09:46:59.851: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.

** (WebKitWebProcess:2): WARNING **: 09:47:00.410: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.

** (WebKitWebProcess:2): WARNING **: 09:47:02.526: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.

** (WebKitWebProcess:2): WARNING **: 09:47:02.545: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.

** (WebKitWebProcess:2): WARNING **: 09:47:02.597: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.

** (WebKitWebProcess:2): WARNING **: 09:47:02.611: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.

** (WebKitWebProcess:2): WARNING **: 09:47:02.686: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.

** (WebKitWebProcess:2): WARNING **: 09:47:07.524: WebKit wasn't able to find the DMABuf video sink dependencies. Hardware-accelerated zero-copy video rendering won't be achievable with this plugin.
Comment 2 Michael Catanzaro 2023-03-01 07:55:27 PST 
I can no longer reproduce this crash in Tech Preview either. The video is still broken though, but it plays successfully using my build of main, so high chance it's fixed by 260875@main.
Comment 3 Michael Catanzaro 2023-03-01 08:23:12 PST 
If I checkout webkitgtk/2.39.90, build, and run that, then I get the same failure to play the video, but still without the crash. So the video playback issue is fixed. I have no clue what happened to the crash. Whatever.