JavaScriptCore Crash in iOS17.4.1

Safari & Web General
aaassss OP
Created May ’24
Replies 5
Boosts 0
Views 991
Participants 3

Our app collected some JavaScriptCore crash information on iOS17 and above systems, but the cause of the error cannot be located. The crash stack is as follows:

#27

Heap Helper Thread

SIGSEGV

0 JavaScriptCore JSC::MarkedBlock::aboutToMarkSlow(unsigned int) 1 JavaScriptCore JSC::JSFinalObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) 2 JavaScriptCore JSC::JSFinalObject::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) 3 JavaScriptCore JSC::SlotVisitor::drain(***::MonotonicTime) 4 JavaScriptCore JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, ***::MonotonicTime) 5 JavaScriptCore ***::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_15>::run() 6 JavaScriptCore ***::ParallelHelperClient::runTask(***::RefPtr<***::SharedTask<void ()>, ***::RawPtrTraits<***::SharedTask<void ()> >, ***::DefaultRefDerefTraits<***::SharedTask <void ()> > > const&) 7 JavaScriptCore ***::ParallelHelperPool::Thread::work() 8 JavaScriptCore ***::Detail::CallableWrapper<***::AutomaticThread::start(***::AbstractLocker const&)::$_0, void>::call() 9 JavaScriptCore ***::Thread::entryPoint(***::Thread::NewThreadContext*) 10 JavaScriptCore ***::wtfThreadEntryPoint(void*) 11 libsystem_pthread.dylib __pthread_start

#1 Queue: com.apple.main-thread

SIGSEGV

0 libobjc.A.dylib _objc_msgSend 1 UIKitCore -[UIView(Geometry) convertPoint:toView:]

#24

JSC Heap Collector Thread

SIGSEGV

0 libsystem_kernel.dylib ___psynch_cvwait 1 libsystem_pthread.dylib __pthread_cond_wait 2 JavaScriptCore ***::ThreadCondition::timedWait(***::Mutex&, ***::WallTime) 3 JavaScriptCore ***::ParkingLot::parkConditionallyImpl(void const*, ***::ScopedLambda<bool ()> const&, ***::ScopedLambda<void ()> const&, ***::TimeWithDynamicClockType const&) 4 JavaScriptCore bool ***::Condition::waitUntilUnchecked<***::Lock>(***::Lock&, ***::TimeWithDynamicClockType const&) 5 JavaScriptCore JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, ***::MonotonicTime) 6 JavaScriptCore JSC::Heap::runConcurrentPhase(JSC::GCConductor) 7 JavaScriptCore JSC::Heap::runCurrentPhase(JSC::GCConductor, JSC::CurrentThreadState*) 8 JavaScriptCore JSC::Heap::HeapThread::work() 9 JavaScriptCore ***::Detail::CallableWrapper<***::AutomaticThread::start(***::AbstractLocker const&)::$_0, void>::call() 10 JavaScriptCore ***::Thread::entryPoint(***::Thread::NewThreadContext*) 11 JavaScriptCore ***::wtfThreadEntryPoint(void*) 12 libsystem_pthread.dylib __pthread_start

#25

Heap Helper Thread

SIGSEGV

0 libsystem_kernel.dylib ___psynch_cvwait 1 libsystem_pthread.dylib __pthread_cond_wait 2 JavaScriptCore ***::ThreadCondition::timedWait(***::Mutex&, ***::WallTime) 3 JavaScriptCore ***::ParkingLot::parkConditionallyImpl(void const*, ***::ScopedLambda<bool ()> const&, ***::ScopedLambda<void ()> const&, ***::TimeWithDynamicClockType const&) 4 JavaScriptCore bool ***::Condition::waitUntilUnchecked<***::Lock>(***::Lock&, ***::TimeWithDynamicClockType const&) 5 JavaScriptCore JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, ***::MonotonicTime) 6 JavaScriptCore ***::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_15>::run() 7 JavaScriptCore ***::ParallelHelperClient::runTask(***::RefPtr<***::SharedTask<void ()>, ***::RawPtrTraits<***::SharedTask<void ()> >, ***::DefaultRefDerefTraits<***::SharedTask<void ()> > > const&) 8 JavaScriptCore ***::ParallelHelperPool::Thread::work() 9 JavaScriptCore ***::Detail::CallableWrapper<***::AutomaticThread::start(***::AbstractLocker const&)::$_0, void>::call() 10 JavaScriptCore ***::Thread::entryPoint(***::Thread::NewThreadContext*) 11 JavaScriptCore ***::wtfThreadEntryPoint(void*) 12 libsystem_pthread.dylib __pthread_start

#27

Heap Helper Thread

SIGSEGV

0 libsystem_kernel.dylib ___psynch_cvwait 1 libsystem_pthread.dylib __pthread_cond_wait 2 JavaScriptCore ***::ThreadCondition::timedWait(***::Mutex&, ***::WallTime) 3 JavaScriptCore ***::ParkingLot::parkConditionallyImpl(void const*, ***::ScopedLambda<bool ()> const&, ***::ScopedLambda<void ()> const&, ***::TimeWithDynamicClockType const&) 4 JavaScriptCore bool ***::Condition::waitUntilUnchecked<***::Lock>(***::Lock&, ***::TimeWithDynamicClockType const&) 5 JavaScriptCore JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, ***::MonotonicTime) 6 JavaScriptCore ***::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_15>::run() 7 JavaScriptCore ***::ParallelHelperClient::runTask(***::RefPtr<***::SharedTask<void ()>, ***::RawPtrTraits<***::SharedTask<void ()> >, ***::DefaultRefDerefTraits<***::SharedTask<void ()> > > const&) 8 JavaScriptCore ***::ParallelHelperPool::Thread::work() 9 JavaScriptCore ***::Detail::CallableWrapper<***::AutomaticThread::start(***::AbstractLocker const&)::$_0, void>::call() 10 JavaScriptCore ***::Thread::entryPoint(***::Thread::NewThreadContext*) 11 JavaScriptCore ***::wtfThreadEntryPoint(void*) 12 libsystem_pthread.dylib __pthread_start

Please help analyze and locate the cause. Has anyone else encountered this problem?

Replies  5
Boosts  0
Views  991
Participants  3
DTS Engineer OP
Apple
May ’24

Please post a full crash report, using the process described by Posting a Crash Report.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
aaassss OP
May ’24

The following are several complete crash log information. Currently, crashes are only collected on iOS17 and above systems, especially on iOS17.4.1.

2024-05-11_16-06-06.0474_+0800-240f2fe4c888b579f4dc1e16431836c45826d6c3.crash

2024-05-13_08-04-11.9693_+0800-36f5eaafeb0d8936a50eb52aa5d812f440eb2d85.crash

2024-05-13_14-30-03.2084_+0800-d9598b08a153f5214b51257400423d4079049578.crash

Share and Enjoy

0
DTS Engineer OP
Apple
May ’24

Sorry I didn’t reply sooner; I missed your update somehow.

Looking at those crash reports it seems like you have a third-party crash reporter installed. For example, in the first crash report I see evidence for this in thread 13. Third-party crash reporters are an ongoing source of weird problems [1]. I recommend that you remove that and see if you continue to see this issue. If you do, please post a new crash report on this thread and I’ll take another look.

These crash reports indicate that you’re crashing inside JavaScriptCore’s garbage collector (GC). The problem with GC is that it tends to touch a lot of memory, and thus it’s hard to be 100% sure whether the problem lies with JSC itself, or with a memory corruption issue that JSC happens to have stumbled across. Third-party crash reporters are known to cause such issues, hence my advice above.

The other thing you can do is run your app with the standard memory debugging tools enabled. That’ll give you some assurance that it’s not a memory issue in your app that’s triggering this.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] I talk about this in depth in Implementing Your Own Crash Reporter.

0
aaassss OP
May ’24

We are very sure that it has nothing to do with this third-party library. This library is used to collect crash logs. After the application crashes, the logs will be collected through this library. We found a few more recent crash logs. Please help me analyze it.

Share and Enjoy

2024-05-22_02-03-12.7395_+0800-6a973993b83da4dd6df937f5ad47afde8c1a05e7.crash

2024-05-22_10-23-18.4577_+0800-683a9213e40c957374f4d84937a8f2b7faf6c943.crash
0
DTS Engineer OP
Apple
May ’24

We are very sure that it has nothing to do with this third-party library. This library is used to collect crash logs.

Right, and that’s exactly my point. Here’s a quote from the Implementing Your Own Crash Reporter post I referenced earlier:

It’s impossible to implement a good crash reporter, one that’s reliable, binary compatible, and sufficient to debug complex problems.

The rest of that post justifies that statement.

So, if you’re hunting a hard-to-reproduce problem the first step is to remove your third-party crash reporter. The Apple crash reporter may not have all the features you want, but it works reliably.

Once you do this, you’ll see one of two results:

  • You’ll continue to see this crash (A).

  • Or you won’t (B).

Honestly, I think that A is most likely, indicating that the actual problem lies either in your code or in the OS. However, it’s important to rule out your third-party crash reporter first, because if it is B then you can spend ridiculous amounts of time chasing your tail.

Beyond that, did you try the suggestion from the last paragraph of my previous response?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
JavaScriptCore Crash in iOS17.4.1
First post date Last post date
 
 
Q