217448 2020-10-07 14:30:07 -0700 Crash under JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor() 2020-10-07 15:44:15 -0700 1 1 1 Unclassified WebKit Web Audio WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez cdumez darin eric.carlson ews-watchlist ggaren glenn jer.noble philipj sam sergio webkit-bug-importer oldest_to_newest 1695676 0 cdumez 2020-10-07 14:30:07 -0700 Crash under JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor(): ==30091==ERROR: AddressSanitizer: heap-use-after-free on address 0x62500062f010 at pc 0x000605bbbe6b bp 0x7000053f07a0 sp 0x7000053f0798 READ of size 8 at 0x62500062f010 thread T81 ==30091==WARNING: invalid path to external symbolizer! ==30091==WARNING: Failed to use and restart external symbolizer! #0 0x605bbbe6a in JSC::HandleBlock::handleSet() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x598e6a) #1 0x605bd9173 in JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>::clear() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x5b6173) #2 0x605bbbe81 in WebCore::JSCallbackDataStrong::~JSCallbackDataStrong() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x598e81) #3 0x605b99659 in WebCore::JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x576659) #4 0x605b997dd in WebCore::JSAudioWorkletProcessorConstructor::~JSAudioWorkletProcessorConstructor() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x5767dd) #5 0x605c29bc4 in WTF::RefCounted<WebCore::AudioWorkletProcessorConstructor, std::__1::default_delete<WebCore::AudioWorkletProcessorConstructor> >::deref() const (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x606bc4) #6 0x607e3bcf8 in WTF::KeyValuePair<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > >::~KeyValuePair() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2818cf8) #7 0x607e3bb9c in WTF::HashTable<WTF::String, WTF::KeyValuePair<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > > >, WTF::DefaultHash<WTF::String>, WTF::HashMap<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> >, WTF::DefaultHash<WTF::String>, WTF::HashTraits<WTF::String>, WTF::HashTraits<WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > > >::KeyValuePairTraits, WTF::HashTraits<WTF::String> >::deallocateTable(WTF::KeyValuePair<WTF::String, WTF::RefPtr<WebCore::JSAudioWorkletProcessorConstructor, WTF::DumbPtrTraits<WebCore::JSAudioWorkletProcessorConstructor>, WTF::DefaultRefDerefTraits<WebCore::JSAudioWorkletProcessorConstructor> > >*) (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2818b9c) #8 0x607e37779 in WebCore::AudioWorkletGlobalScope::~AudioWorkletGlobalScope() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2814779) #9 0x607e3781d in WebCore::AudioWorkletGlobalScope::~AudioWorkletGlobalScope() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x281481d) #10 0x605c2a194 in WTF::RefCounted<WebCore::WorkletGlobalScope, std::__1::default_delete<WebCore::WorkletGlobalScope> >::deref() const (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x607194) #11 0x607e5c406 in WTF::RefPtr<WebCore::AudioWorkletGlobalScope, WTF::DumbPtrTraits<WebCore::AudioWorkletGlobalScope>, WTF::DefaultRefDerefTraits<WebCore::AudioWorkletGlobalScope> >::operator=(std::nullptr_t) (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2839406) #12 0x607e5bd20 in WebCore::AudioWorkletThread::workletThread() (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore:x86_64+0x2838d20) #13 0x623496803 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x116803) #14 0x6234a1bd8 in WTF::wtfThreadEntryPoint(void*) (/Volumes/Data/worker/trunk-catalina-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x121bd8) #15 0x7fff69705108 in _pthread_start (/usr/lib/system/libsystem_pthread.dylib:x86_64+0x6108) #16 0x7fff69700b8a in thread_start (/usr/lib/system/libsystem_pthread.dylib:x86_64+0x1b8a) 1695677 1 cdumez 2020-10-07 14:30:20 -0700 <rdar://problem/70059902> 1695678 2 410779 cdumez 2020-10-07 14:32:47 -0700 Created attachment 410779 Patch 1695693 3 410779 ggaren 2020-10-07 14:46:38 -0700 Comment on attachment 410779 Patch r=me 1695721 4 ews-feeder 2020-10-07 15:44:14 -0700 Committed r268159: <https://trac.webkit.org/changeset/268159> All reviewed patches have been landed. Closing bug and clearing flags on attachment 410779. 410779 2020-10-07 14:32:47 -0700 2020-10-07 15:44:15 -0700 Patch bug-217448-20201007143246.patch text/plain 1843 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjY4MTIxCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMDlhNDAyNWM3MzAwNTA5 OGNlZjBhNWE4YWJmN2E1MGJkM2ZkOTYwNS4uMDMyODZiODVhZTIyODZkOTBkNDA0NDg2NjllNDZk ZDMxYmFjYWNlOSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE5IEBACisyMDIwLTEwLTA3ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgQ3Jhc2ggdW5kZXIgSlNBdWRp b1dvcmtsZXRQcm9jZXNzb3JDb25zdHJ1Y3Rvcjo6fkpTQXVkaW9Xb3JrbGV0UHJvY2Vzc29yQ29u c3RydWN0b3IoKQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9MjE3NDQ4CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS83MDA1OTkwMj4KKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBNYWtlIHN1cmUgd2UgY2xlYXIg b3V0IG1fcHJvY2Vzc29yQ29uc3RydWN0b3JNYXAgaW4gQXVkaW9Xb3JrbGV0R2xvYmFsU2NvcGU6 OnByZXBhcmVGb3JUZXJtaW5hdGlvbigpCisgICAgICAgIHNpbmNlIHRoaXMgbWFwIGtlZXBzIEpT IHdyYXBwZXJzIGFsaXZlLgorCisgICAgICAgIE5vIG5ldyB0ZXN0cywgYWxyZWFkeSBjb3ZlcmVk IGJ5IGV4aXN0aW5nIHRlc3RzIHRoYXQgYXJlIGNyYXNoaW5nIG9uIEFTQU4gYm90cy4KKworICAg ICAgICAqIE1vZHVsZXMvd2ViYXVkaW8vQXVkaW9Xb3JrbGV0R2xvYmFsU2NvcGUuY3BwOgorICAg ICAgICAoV2ViQ29yZTo6QXVkaW9Xb3JrbGV0R2xvYmFsU2NvcGU6OnByZXBhcmVGb3JUZXJtaW5h dGlvbik6CisKIDIwMjAtMTAtMDcgIENocmlzIER1bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KIAog ICAgICAgICBDb25zdHJ1Y3RpbmcgYSBBdWRpb1dvcmtsZXROb2RlIHNob3VsZCBjb25zdHJ1Y3Qg YW4gQXVkaW9Xb3JrbGV0UHJvY2Vzc29yIG9uIHRoZSBXb3JrbGV0IHRocmVhZApkaWZmIC0tZ2l0 IGEvU291cmNlL1dlYkNvcmUvTW9kdWxlcy93ZWJhdWRpby9BdWRpb1dvcmtsZXRHbG9iYWxTY29w ZS5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dlYmF1ZGlvL0F1ZGlvV29ya2xldEdsb2Jh bFNjb3BlLmNwcAppbmRleCBkNmNiM2FjYjllNzYxOTMxNGE3NmQzZmZkNWY5OGFjNzBjMzcwY2Yx Li4zMTI2ZTZkZTNjZmE0NzczMmUzZDk5Y2Y5NjMwYTdhYjdkZWUzZDBmIDEwMDY0NAotLS0gYS9T b3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dlYmF1ZGlvL0F1ZGlvV29ya2xldEdsb2JhbFNjb3BlLmNw cAorKysgYi9Tb3VyY2UvV2ViQ29yZS9Nb2R1bGVzL3dlYmF1ZGlvL0F1ZGlvV29ya2xldEdsb2Jh bFNjb3BlLmNwcApAQCAtMTQ2LDYgKzE0Niw4IEBAIHZvaWQgQXVkaW9Xb3JrbGV0R2xvYmFsU2Nv cGU6OnByZXBhcmVGb3JUZXJtaW5hdGlvbigpCiAgICAgICAgIGRlZmF1bHRUYXNrR3JvdXAtPnN0 b3BBbmREaXNjYXJkQWxsVGFza3MoKTsKICAgICBzdG9wQWN0aXZlRE9NT2JqZWN0cygpOwogCisg ICAgbV9wcm9jZXNzb3JDb25zdHJ1Y3Rvck1hcC5jbGVhcigpOworCiAgICAgLy8gRXZlbnQgbGlz dGVuZXJzIHdvdWxkIGtlZXAgRE9NV3JhcHBlcldvcmxkIG9iamVjdHMgYWxpdmUgZm9yIHRvbyBs b25nLiBBbHNvLCB0aGV5IGhhdmUgcmVmZXJlbmNlcyB0byBKUyBvYmplY3RzLAogICAgIC8vIHdo aWNoIGJlY29tZSBkYW5nbGluZyBvbmNlIEhlYXAgaXMgZGVzdHJveWVkLgogICAgIHJlbW92ZUFs bEV2ZW50TGlzdGVuZXJzKCk7Cg==