226653 2021-06-04 11:07:25 -0700 Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() on the bots 2021-06-12 15:10:19 -0700 1 1 1 Unclassified WebKit Media WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=226931 InRadar P2 Normal --- 1 cdumez cdumez eric.carlson ews-watchlist glenn jer.noble peng.liu6 philipj sergio webkit-bug-importer youennf oldest_to_newest 1766846 0 cdumez 2021-06-04 11:07:25 -0700 Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() on the bots: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [70570] VM Regions Near 0x4: --> __TEXT 000000010d705000-000000010d706000 [ 4K] r-x/r-x SM=COW /Volumes/VOLUME/*/*.Development Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit 0x000000010d9a1558 IPC::Semaphore::encode(IPC::Encoder&) const + 14 1 com.apple.WebKit 0x000000010db9704d void IPC::TupleEncoder<4ul, WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long>::encode<IPC::Encoder>(IPC::Encoder&, std::__1::tuple<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long> const&) + 57 2 com.apple.WebKit 0x000000010db9700a void IPC::TupleEncoder<7ul, WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long>::encode<IPC::Encoder>(IPC::Encoder&, std::__1::tuple<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long> const&) + 94 3 com.apple.WebKit 0x000000010db96f6a bool IPC::Connection::send<Messages::RemoteCaptureSampleManager::AudioStorageChanged>(Messages::RemoteCaptureSampleManager::AudioStorageChanged&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 74 4 com.apple.WebKit 0x000000010db96e20 WebKit::UserMediaCaptureManagerProxy::SourceProxy::storageChanged(WebKit::SharedMemory*, WebCore::CAAudioStreamDescription const&, unsigned long) + 170 5 com.apple.WebKit 0x000000010da2591a WebKit::SharedRingBufferStorage::deallocate() + 56 6 com.apple.WebCore 0x000000011271a4e2 WebCore::CARingBuffer::~CARingBuffer() + 18 7 com.apple.WebKit 0x000000010db967e5 std::__1::unique_ptr<WebCore::CARingBuffer, std::__1::default_delete<WebCore::CARingBuffer> >::reset(WebCore::CARingBuffer*) + 25 8 com.apple.WebKit 0x000000010db966f2 WebKit::UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() + 192 9 com.apple.WebKit 0x000000010db96084 WebKit::UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() + 14 10 com.apple.WebKit 0x000000010db97a09 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashTraits<std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> > >::remove(WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >*) + 37 11 com.apple.WebKit 0x000000010db94847 WebKit::UserMediaCaptureManagerProxy::end(WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>) + 99 12 com.apple.WebKit 0x000000010d844d42 WebKit::GPUConnectionToWebProcess::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 192 13 com.apple.WebKit 0x000000010d7fed26 WebKit::GPUConnectionToWebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 460 14 com.apple.WebKit 0x000000010d728e31 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 221 15 com.apple.WebKit 0x000000010d729071 IPC::Connection::dispatchOneIncomingMessage() + 169 16 com.apple.JavaScriptCore 0x00000001157f6311 WTF::RunLoop::performWork() + 513 17 com.apple.JavaScriptCore 0x00000001157f6be2 WTF::RunLoop::performWork(void*) + 34 18 com.apple.CoreFoundation 0x00007fff38c3f884 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 19 com.apple.CoreFoundation 0x00007fff38c3f823 __CFRunLoopDoSource0 + 103 20 com.apple.CoreFoundation 0x00007fff38c3f63d __CFRunLoopDoSources0 + 209 21 com.apple.CoreFoundation 0x00007fff38c3e359 __CFRunLoopRun + 937 22 com.apple.CoreFoundation 0x00007fff38c3d953 CFRunLoopRunSpecific + 466 23 com.apple.Foundation 0x00007fff3b2fb1c8 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 24 com.apple.Foundation 0x00007fff3b3adc6f -[NSRunLoop(NSRunLoop) run] + 76 25 libxpc.dylib 0x00007fff72fb34ea _xpc_objc_main.cold.4 + 49 26 libxpc.dylib 0x00007fff72fb3430 _xpc_objc_main + 559 27 libxpc.dylib 0x00007fff72fb2f63 xpc_main + 377 28 com.apple.WebKit 0x000000010d8ed86a WebKit::XPCServiceMain(int, char const**) + 266 29 libdyld.dylib 0x00007fff72d61cc9 start + 1 Thread 4:: Dispatch queue: MockAudioSharedUnit Capture Queue 0 com.apple.WebKit 0x000000010d9a20b7 WebKit::makeMemoryEntry(unsigned long, unsigned long, WebKit::SharedMemory::Protection, unsigned int) + 4 1 com.apple.WebKit 0x000000010d9a255a WebKit::SharedMemory::createSendRight(WebKit::SharedMemory::Protection) const + 54 2 com.apple.WebKit 0x000000010d9a24da WebKit::SharedMemory::createHandle(WebKit::SharedMemory::Handle&, WebKit::SharedMemory::Protection) + 90 3 com.apple.WebKit 0x000000010db96db1 WebKit::UserMediaCaptureManagerProxy::SourceProxy::storageChanged(WebKit::SharedMemory*, WebCore::CAAudioStreamDescription const&, unsigned long) + 59 4 com.apple.WebKit 0x000000010da25895 WebKit::SharedRingBufferStorage::allocate(unsigned long, WebCore::CAAudioStreamDescription const&, unsigned long) + 85 5 com.apple.WebCore 0x000000011271af41 WebCore::CARingBuffer::allocate(WebCore::CAAudioStreamDescription const&, unsigned long) + 225 6 com.apple.WebKit 0x000000010db96452 WebKit::UserMediaCaptureManagerProxy::SourceProxy::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 554 7 com.apple.WebCore 0x00000001128832bf WebCore::RealtimeMediaSource::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 287 8 com.apple.WebCore 0x00000001128a232a WebCore::BaseAudioSharedUnit::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 298 9 com.apple.WebCore 0x0000000111a5990f WebCore::MockAudioSharedUnit::emitSampleBuffers(unsigned int) + 111 10 com.apple.WebCore 0x0000000111a599ff WebCore::MockAudioSharedUnit::render(WTF::Seconds) + 175 11 libdispatch.dylib 0x00007fff72d076c4 _dispatch_call_block_and_release + 12 12 libdispatch.dylib 0x00007fff72d08658 _dispatch_client_callout + 8 13 libdispatch.dylib 0x00007fff72d0dc44 _dispatch_lane_serial_drain + 597 14 libdispatch.dylib 0x00007fff72d0e5d6 _dispatch_lane_invoke + 363 15 libdispatch.dylib 0x00007fff72d17c09 _dispatch_workloop_worker_thread + 596 16 libsystem_pthread.dylib 0x00007fff72f66a3d _pthread_wqthread + 290 17 libsystem_pthread.dylib 0x00007fff72f65b77 start_wqthread + 15 The SourceProxy destructor takes care of calling invalidate() on the SharedRingBufferStorage before destroying the CARingBuffer to avoid having SourceProxy::storageChanged() called in the middle of destruction. However, the background thread may reconstruct the RingBuffer right after the invalidate call and we will still crash in this case. 1766850 1 430595 cdumez 2021-06-04 11:24:13 -0700 Created attachment 430595 Patch 1766950 2 ews-feeder 2021-06-04 15:17:47 -0700 Committed r278500 (238507@main): <https://commits.webkit.org/238507@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 430595. 1766951 3 webkit-bug-importer 2021-06-04 15:18:21 -0700 <rdar://problem/78887963> 430595 2021-06-04 11:24:13 -0700 2021-06-04 15:17:48 -0700 Patch bug-226653-20210604112412.patch text/plain 2160 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjc4NDcyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDkyZGU5ODcyMDhhYzE1NWEw YTQ2ODM1NjNmNTgxYTgyOGY3MTIxNTAuLjQ5NTE0YmYyMWJmMGFmZGI3ODJmZTljMjhjMWE1NDIy MjBhNTBkMTEgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjIgQEAKKzIwMjEtMDYtMDQgIENocmlzIER1 bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KKworICAgICAgICBGbGFreSBjcmFzaCB1bmRlciBVc2Vy TWVkaWFDYXB0dXJlTWFuYWdlclByb3h5OjpTb3VyY2VQcm94eTo6flNvdXJjZVByb3h5KCkgb24g dGhlIGJvdHMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTIyNjY1MworCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IFRoZSBTb3VyY2VQcm94eSBkZXN0cnVjdG9yIHdhcyB0YWtpbmcgY2FyZSBvZiBjYWxsaW5nIGlu dmFsaWRhdGUoKSBvbiB0aGUgU2hhcmVkUmluZ0J1ZmZlclN0b3JhZ2UKKyAgICAgICAgYmVmb3Jl IGRlc3Ryb3lpbmcgdGhlIENBUmluZ0J1ZmZlciBvbiB0aGUgbWFpbiB0aHJlYWQsIHRvIGF2b2lk IGhhdmluZyBTb3VyY2VQcm94eTo6c3RvcmFnZUNoYW5nZWQoKQorICAgICAgICBjYWxsZWQgaW4g dGhlIG1pZGRsZSBvZiBkZXN0cnVjdGlvbi4gSG93ZXZlciwgdGhlIGJhY2tncm91bmQgdGhyZWFk IG1heSBzdGlsbCBiZSBydW5uaW5nIGF0IHRoaXMKKyAgICAgICAgcG9pbnQgYW5kIG1heSByZWNv bnN0cnVjdCB0aGUgUmluZ0J1ZmZlciByaWdodCBhZnRlciB0aGUgaW52YWxpZGF0ZSBjYWxsLCBj YXVzaW5nIHVzIHRvIGNyYXNoCisgICAgICAgIGJlY2F1c2Ugc3RvcmFnZUNoYW5nZWQoKSBzdGls bCBnZXRzIGNhbGxlZCBpbiB0aGUgbWlkZGxlIG9uIGRlc3RydWN0aW9uLgorCisgICAgICAgIFRv IGFkZHJlc3MgdGhlIGlzc3VlLCB3ZSBub3cgbWFrZSBzdXJlIHRvIHN0b3AgdGhlIHJlbmRlcmlu ZyB0aHJlYWQgYmVmb3JlIHdlIHByb2NlZWQgd2l0aCB0aGUKKyAgICAgICAgZGVzdHJ1Y3Rpb24g YW5kIGludmFsaWRhdGUgdGhlIFNoYXJlZFJpbmdCdWZmZXJTdG9yYWdlJ3Mgc3RvcmFnZSBjaGFu Z2UgaGFuZGxlci4KKworICAgICAgICAqIFVJUHJvY2Vzcy9Db2NvYS9Vc2VyTWVkaWFDYXB0dXJl TWFuYWdlclByb3h5LmNwcDoKKyAgICAgICAgKFdlYktpdDo6VXNlck1lZGlhQ2FwdHVyZU1hbmFn ZXJQcm94eTo6U291cmNlUHJveHk6On5Tb3VyY2VQcm94eSk6CisKIDIwMjEtMDYtMDQgIENocmlz IER1bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KIAogICAgICAgICBBdm9pZCB3YXN0ZWZ1bCBsYXJn ZSBhbGxvY2F0aW9uIGluIFNwZWVjaFJlY29nbml0aW9uUmVtb3RlUmVhbHRpbWVNZWRpYVNvdXJj ZTo6c2V0U3RvcmFnZSgpCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L1VJUHJvY2Vzcy9Db2Nv YS9Vc2VyTWVkaWFDYXB0dXJlTWFuYWdlclByb3h5LmNwcCBiL1NvdXJjZS9XZWJLaXQvVUlQcm9j ZXNzL0NvY29hL1VzZXJNZWRpYUNhcHR1cmVNYW5hZ2VyUHJveHkuY3BwCmluZGV4IGQwY2I4MTUy YjUyZjc4YTMzOWJjNGFmMGJkZjIzMDZkNWMzYTMyOTEuLjYxNmY3MmM0YmVkOThhMzU1NzcwN2Y1 ZTdkZWM5OGJjOGY0ZmYwMjkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL0Nv Y29hL1VzZXJNZWRpYUNhcHR1cmVNYW5hZ2VyUHJveHkuY3BwCisrKyBiL1NvdXJjZS9XZWJLaXQv VUlQcm9jZXNzL0NvY29hL1VzZXJNZWRpYUNhcHR1cmVNYW5hZ2VyUHJveHkuY3BwCkBAIC03Nyw2 ICs3Nyw5IEBAIHB1YmxpYzoKIAogICAgIH5Tb3VyY2VQcm94eSgpCiAgICAgeworICAgICAgICAv LyBNYWtlIHN1cmUgdGhlIHJlbmRlcmluZyB0aHJlYWQgaXMgc3RvcHBlZCBiZWZvcmUgd2UgcHJv Y2VlZCB3aXRoIHRoZSBkZXN0cnVjdGlvbi4KKyAgICAgICAgc3RvcCgpOworCiAgICAgICAgIGlm IChtX3JpbmdCdWZmZXIpCiAgICAgICAgICAgICBzdGF0aWNfY2FzdDxTaGFyZWRSaW5nQnVmZmVy U3RvcmFnZSY+KG1fcmluZ0J1ZmZlci0+c3RvcmFnZSgpKS5pbnZhbGlkYXRlKCk7CiAK