-
Notifications
You must be signed in to change notification settings - Fork 143
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JSC Crash in operationLinkDirectCall #327
Comments
Thank you for the stack trace. Can you provide more information on the conditions in which this happened? What hardware, what version of WPE, how you compiled it, how you were running it and what code/webpage you were running at the time? Anything that could help us reproduce the bug would be helpful. Thanks! |
We use 5c0c3fd from stable branch. Below are the settings that we used: export WPE_DISK_CACHE_SIZE=10m This happens on a mips platform. I compile the WPE with -O2 option. We don't see any asserting logs. |
What is the scenario to reproduce? What webpage, what were you doing? |
The issue happens when playing live video. It is internal link for linear video(live video) which is not accessible from outside. |
I see crash in same call without the custom player library that we have. #0 WTFCrash libWPEWebKit.so.0.0.20161117 Source/WTF/wtf/Assertions.cpp:324 (0x8) |
@aazamansari is this reproducible on the wpe-2017 branch? |
@aazamansari are you able to reproduce with a debug build, or with an -O0 (or maybe -O1) build with debug symbols? With the build+core files that you provided, I haven't been able to see the values of local variables, which makes this very hard to investigate. |
The issue is still being reprodused in the release versions, hundreds crashes every day: |
@Gavriliuk and we've been trying to reproduce this on a vanilla Broadcom STB with WPE for hours by different people, different devices without success using refsw 16.x and 17.x. Without having a reliable way for us to reproduce we can't really help you. |
@wouterlucas |
@Gavriliuk a core file from a debug build (and associated build files and source code/revision) could be helpful. |
Hi @guijemont, unfortunately this doesn't look possible
We observe these crashes in the field, I can attach some minidump reports with stacktraces from the recent builds: |
At Youi we have the exact same error ( We use the 2.19.1 tarball (https://webkitgtk.org/releases/webkitgtk-2.19.1.tar.xz) that we build ourself. We have been able to narrow down the issue to the following:
@Gavriliuk Does it matches the reports you saw in your dashboard? (it is not public) |
To @ncuillery |
@Gavriliuk do we have a public app available to validate? |
@albertd, I actually can't know what do you have :-) This crash happens on our TV STBs - not very rarely, but randomly, no steps to reproduce Thanks |
It seems like the crash is being happened during the XMLHttpRequest sends the asynchronous request or processes its response |
Hi @wouterlucas @albertd , Again we started analyzing this issue since this crash frequency is higher in field. operationLinkDirectCall will be called only when the calltype is Direct*. Can we modify the code like this to avoid the crash, Could you please tell the consequence of this change. |
Interestingly, this week I've been playing with running jsc's tests with qemu, and I found a crash that looks a lot like this one (which wouldn't reproduce on the mips hardware I have). I'll keep on investigating that since now I have a way to reproduce, and I will update this bug once I understand more of what's happening. |
Thanks @guijemont for the update. |
This problem is often observed when load average is too high It seems the operation block is already destroyed when its call is executed It leads to SIGSEGV in many cases, and sometimes SIGUSR1 from WTFCrash because of RELEASE_ASSERT on the line 999:
|
@wouterlucas @woutermeek I am believing this #650 fix this issue. CC @aazamansari |
#650 has been merged in 80c2847. Please confirm whether this solves the issue, but from the description of the fix on the upstream bug, I expect it to fix this. |
@Balajims88 @aazamansari have you been able to confirm that the issue is fixed? |
Hi @guijemont The JSC crash in operationLinkDirectCall is still not resolved. [ 10 Thread 0 (crashed) The crash has been identified in the boxes like SamsungXG2V2. Exact steps to reproduce is not available as they are occurring random and intermittently. |
Hi @guijemont , |
Hi @Balajims88! Are you able to provide a way for us to reproduce the issue? This would be the one thing that would allow us to figure things out relatively quickly. |
@guijemont Sorry, I have a no steps to reproduce this issue. |
Hi @guijemont, Thank you... |
Can you tell me what revision of https://github.com/WebPlatformForEmbedded/WPEWebKit matches "4.2p12s1" ? I don't have access to "XG2V2", but I can try to reproduce on another device of the same architecture. Is that an arm or mips device?
How can I access that?
Does the crash happen every time? And how quickly does it happen? |
The crash usually happens upon launching a web-app. Three most common crash URLs are: https://xfinity.ccast.api.amazonvideo.com/lrc-vending/html5/index.html?deviceTyp The release assert gets fired that checks if it is a Direct Call :
`void JIT_OPERATION operationLinkDirectCall(ExecState* exec, CallLinkInfo* callLinkInfo, JSFunction* callee)
It looks like operationLinkDirectCall is getting called for an unexpected CallLinkInfo call type, possibly as a result of some kind of data corruption. |
@guijemont , wpe-20170728 1 WTFCrash
wpe-2.22 2.22+gitAUTOINC+686cd2f7df-r0/git/Source/JavaScriptCore/jit/JITOperations.cpp:1112
|
@guijemont, my understanding is @woutermeek has received or will receive soon a more detailed information from Comcast as well as the MIPS-based device to reproduce with. |
There are random crash happens on JS Core( WPE -2.22). There is no reproduction scenario. WTFCrash_call_stack_isDirect_1112_1.txt Attached few callstack from crash. |
Most of the times process's vm.peak exceeds vm.size as well vm.rss.peak exceeds vm.rss.size. vm.rss.peak 239,296 |
@woutermeek , GCC version on Dunfell build is gcc version 9.3.0, where we see increse in this crash. |
@guijemont , Do you have any test case of JSC which can reproduce this crash ? |
Not yet, though there is still hope that I could find one among the failures I see with qemu. |
Inactive ticket for long time! Closing the ticket; if you think it is still relevant and/or valid for the latest version/s. Please do not hesitate to re-open! |
#0 WTFCrash libWPEWebKit.so.0.0.20161117 Source/WTF/wtf/Assertions.cpp:324 (0x8)
#1 operationLinkDirectCall libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/jit/JITOperations.cpp:953 (0x4)
#2 @0x5ab86150
#3 deref libWPEWebKit.so.0.0.20161117 Source/WTF/wtf/ThreadSafeRefCounted.h:36 (0x8)
#4 _fini libWPEWebKit.so.0.0.20161117
#5 execute libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/jit/JITCode.cpp:81 (0xc)
#6 executeCall libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/interpreter/Interpreter.cpp:952 (0x10)
#7 call libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/runtime/CallData.cpp:39 (0x0)
#8 boundThisNoArgsFunctionCall libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/runtime/JSBoundFunction.cpp:54 (0x14)
#9 libWPEWebKit.so.0.0.20161117@0x69858c libWPEWebKit.so.0.0.20161117
#10 executeCall libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/interpreter/Interpreter.cpp:955 (0xc)
#11 call libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/runtime/CallData.cpp:39 (0x0)
#12 profiledCall libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/runtime/CallData.cpp:59 (0x0)
#13 JSObjectCallAsFunction libWPEWebKit.so.0.0.20161117 Source/JavaScriptCore/API/JSObjectRef.cpp:541 (0x38)
#14 libCUSTOMPlayer.so.0.0.0@0x7be70 libCUSTOMPlayer.so.0.0.0
#15 libCUSTOMPlayer.so.0.0.0@0x6bc58 libCUSTOMPlayer.so.0.0.0
#16 libCUSTOMPlayer.so.0.0.0@0x740978 libCUSTOMPlayer.so.0.0.0
#17 libCUSTOMPlayer.so.0.0.0@0x6cf40 libCUSTOMPlayer.so.0.0.0
#18 libCUSTOMPlayer.so.0.0.0@0x72768 libCUSTOMPlayer.so.0.0.0
#19 libCUSTOMPlayer.so.0.0.0@0x1f8228 libCUSTOMPlayer.so.0.0.0
#20 libCUSTOMPlayer.so.0.0.0@0x1f8400 libCUSTOMPlayer.so.0.0.0
#21 libCUSTOMPlayer.so.0.0.0@0x1f8750 libCUSTOMPlayer.so.0.0.0
#22 WPECallbackManager::eventPosted()::{lambda(void*)#1}::_FUN(void*) libComcastInjectedBundle.so
#23 g_timeout_dispatch libglib-2.0.so.0.4800.1 glib-2.0/1_2.48.1-r0/glib-2.48.1/glib/gmain.c:4577 (0x4)
#24 g_main_context_dispatch libglib-2.0.so.0.4800.1 glib-2.0/1_2.48.1-r0/glib-2.48.1/glib/gmain.c:3154 (0x0)
#25 g_main_context_iterate libglib-2.0.so.0.4800.1 glib-2.0/1_2.48.1-r0/glib-2.48.1/glib/gmain.c:3840 (0x4)
#26 g_main_loop_run libglib-2.0.so.0.4800.1 glib-2.0/1_2.48.1-r0/glib-2.48.1/glib/gmain.c:4034 (0xc)
#27 run libWPEWebKit.so.0.0.20161117 Source/WTF/wtf/glib/RunLoopGLib.cpp:97 (0x4)
#28 ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> libWPEWebKit.so.0.0.20161117 Source/WebKit2/Shared/unix/ChildProcessMain.h:61 (0x4)
#29 main WPEWebProcess Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:52 (0x8)
#30 libc-2.19.so@0x194a4 libc-2.19.so
#31 libgcc_s.so.1@0x2e18 libgcc_s.so.1
#32 ld-2.19.so@0xd80 ld-2.19.so
The text was updated successfully, but these errors were encountered: