| Summary: | Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() on the bots | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Chris Dumez <cdumez> | ||||
| Component: | Media | Assignee: | Chris Dumez <cdumez> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | eric.carlson, ews-watchlist, glenn, jer.noble, peng.liu6, philipj, sergio, webkit-bug-importer, youennf | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=226931 | ||||||
| Attachments: |
|
||||||
Created attachment 430595 [details]
Patch
Committed r278500 (238507@main): <https://commits.webkit.org/238507@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 430595 [details]. |
Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() on the bots: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [70570] VM Regions Near 0x4: --> __TEXT 000000010d705000-000000010d706000 [ 4K] r-x/r-x SM=COW /Volumes/VOLUME/*/*.Development Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit 0x000000010d9a1558 IPC::Semaphore::encode(IPC::Encoder&) const + 14 1 com.apple.WebKit 0x000000010db9704d void IPC::TupleEncoder<4ul, WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long>::encode<IPC::Encoder>(IPC::Encoder&, std::__1::tuple<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long> const&) + 57 2 com.apple.WebKit 0x000000010db9700a void IPC::TupleEncoder<7ul, WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long>::encode<IPC::Encoder>(IPC::Encoder&, std::__1::tuple<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long> const&) + 94 3 com.apple.WebKit 0x000000010db96f6a bool IPC::Connection::send<Messages::RemoteCaptureSampleManager::AudioStorageChanged>(Messages::RemoteCaptureSampleManager::AudioStorageChanged&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 74 4 com.apple.WebKit 0x000000010db96e20 WebKit::UserMediaCaptureManagerProxy::SourceProxy::storageChanged(WebKit::SharedMemory*, WebCore::CAAudioStreamDescription const&, unsigned long) + 170 5 com.apple.WebKit 0x000000010da2591a WebKit::SharedRingBufferStorage::deallocate() + 56 6 com.apple.WebCore 0x000000011271a4e2 WebCore::CARingBuffer::~CARingBuffer() + 18 7 com.apple.WebKit 0x000000010db967e5 std::__1::unique_ptr<WebCore::CARingBuffer, std::__1::default_delete<WebCore::CARingBuffer> >::reset(WebCore::CARingBuffer*) + 25 8 com.apple.WebKit 0x000000010db966f2 WebKit::UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() + 192 9 com.apple.WebKit 0x000000010db96084 WebKit::UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() + 14 10 com.apple.WebKit 0x000000010db97a09 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashTraits<std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> > >::remove(WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >*) + 37 11 com.apple.WebKit 0x000000010db94847 WebKit::UserMediaCaptureManagerProxy::end(WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>) + 99 12 com.apple.WebKit 0x000000010d844d42 WebKit::GPUConnectionToWebProcess::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 192 13 com.apple.WebKit 0x000000010d7fed26 WebKit::GPUConnectionToWebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 460 14 com.apple.WebKit 0x000000010d728e31 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 221 15 com.apple.WebKit 0x000000010d729071 IPC::Connection::dispatchOneIncomingMessage() + 169 16 com.apple.JavaScriptCore 0x00000001157f6311 WTF::RunLoop::performWork() + 513 17 com.apple.JavaScriptCore 0x00000001157f6be2 WTF::RunLoop::performWork(void*) + 34 18 com.apple.CoreFoundation 0x00007fff38c3f884 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 19 com.apple.CoreFoundation 0x00007fff38c3f823 __CFRunLoopDoSource0 + 103 20 com.apple.CoreFoundation 0x00007fff38c3f63d __CFRunLoopDoSources0 + 209 21 com.apple.CoreFoundation 0x00007fff38c3e359 __CFRunLoopRun + 937 22 com.apple.CoreFoundation 0x00007fff38c3d953 CFRunLoopRunSpecific + 466 23 com.apple.Foundation 0x00007fff3b2fb1c8 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 24 com.apple.Foundation 0x00007fff3b3adc6f -[NSRunLoop(NSRunLoop) run] + 76 25 libxpc.dylib 0x00007fff72fb34ea _xpc_objc_main.cold.4 + 49 26 libxpc.dylib 0x00007fff72fb3430 _xpc_objc_main + 559 27 libxpc.dylib 0x00007fff72fb2f63 xpc_main + 377 28 com.apple.WebKit 0x000000010d8ed86a WebKit::XPCServiceMain(int, char const**) + 266 29 libdyld.dylib 0x00007fff72d61cc9 start + 1 Thread 4:: Dispatch queue: MockAudioSharedUnit Capture Queue 0 com.apple.WebKit 0x000000010d9a20b7 WebKit::makeMemoryEntry(unsigned long, unsigned long, WebKit::SharedMemory::Protection, unsigned int) + 4 1 com.apple.WebKit 0x000000010d9a255a WebKit::SharedMemory::createSendRight(WebKit::SharedMemory::Protection) const + 54 2 com.apple.WebKit 0x000000010d9a24da WebKit::SharedMemory::createHandle(WebKit::SharedMemory::Handle&, WebKit::SharedMemory::Protection) + 90 3 com.apple.WebKit 0x000000010db96db1 WebKit::UserMediaCaptureManagerProxy::SourceProxy::storageChanged(WebKit::SharedMemory*, WebCore::CAAudioStreamDescription const&, unsigned long) + 59 4 com.apple.WebKit 0x000000010da25895 WebKit::SharedRingBufferStorage::allocate(unsigned long, WebCore::CAAudioStreamDescription const&, unsigned long) + 85 5 com.apple.WebCore 0x000000011271af41 WebCore::CARingBuffer::allocate(WebCore::CAAudioStreamDescription const&, unsigned long) + 225 6 com.apple.WebKit 0x000000010db96452 WebKit::UserMediaCaptureManagerProxy::SourceProxy::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 554 7 com.apple.WebCore 0x00000001128832bf WebCore::RealtimeMediaSource::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 287 8 com.apple.WebCore 0x00000001128a232a WebCore::BaseAudioSharedUnit::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 298 9 com.apple.WebCore 0x0000000111a5990f WebCore::MockAudioSharedUnit::emitSampleBuffers(unsigned int) + 111 10 com.apple.WebCore 0x0000000111a599ff WebCore::MockAudioSharedUnit::render(WTF::Seconds) + 175 11 libdispatch.dylib 0x00007fff72d076c4 _dispatch_call_block_and_release + 12 12 libdispatch.dylib 0x00007fff72d08658 _dispatch_client_callout + 8 13 libdispatch.dylib 0x00007fff72d0dc44 _dispatch_lane_serial_drain + 597 14 libdispatch.dylib 0x00007fff72d0e5d6 _dispatch_lane_invoke + 363 15 libdispatch.dylib 0x00007fff72d17c09 _dispatch_workloop_worker_thread + 596 16 libsystem_pthread.dylib 0x00007fff72f66a3d _pthread_wqthread + 290 17 libsystem_pthread.dylib 0x00007fff72f65b77 start_wqthread + 15 The SourceProxy destructor takes care of calling invalidate() on the SharedRingBufferStorage before destroying the CARingBuffer to avoid having SourceProxy::storageChanged() called in the middle of destruction. However, the background thread may reconstruct the RingBuffer right after the invalidate call and we will still crash in this case.