Bug 273385
| Summary: | ASSERTION FAILED: AudioTrack::clearClient(AudioTrackClient& client) ASSERT(m_clients.contains(client)); | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Jean-Yves Avenard [:jya] <jean-yves.avenard> |
| Component: | Media | Assignee: | Jean-Yves Avenard [:jya] <jean-yves.avenard> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Jean-Yves Avenard [:jya]
In a debug build, go to Netflix.com at attempt to watch a movie, it will very often crash with
```
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x1e7a800180c21710)
Note: Possible pointer authentication failure detected.
Found value that failed to authenticate at address=0x180c21710.
frame #0: 0x000000014d06b96c WebCore`WTFCrashWithInfo(line=139, file="/Users/jyavenard/Work/webkit/OpenSource/Source/WebCore/html/track/AudioTrack.cpp", function="void WebCore::AudioTrack::clearClient(AudioTrackClient &)", counter=2514) at Assertions.h:851:5
* frame #1: 0x000000014e924ae8 WebCore`WebCore::AudioTrack::clearClient(this=0x000000010d877400, client=0x000000010f0ac1d8) at AudioTrack.cpp:139:5
frame #2: 0x000000014e624318 WebCore`WebCore::HTMLMediaElement::removeAudioTrack(this=0x000000010f0ac0b0, track=0x00000003b8b52958) at HTMLMediaElement.cpp:4867:12
frame #3: 0x000000014cd058c0 WebCore`auto WebCore::MediaSource::removeSourceBuffer(WebCore::SourceBuffer&)::$_0::operator()<WebCore::HTMLMediaElement>(this=0x00000003b8b52958, mediaElement=0x000000010f0ac0b0) at MediaSource.cpp:945:38
frame #4: 0x000000014cd057fc WebCore`WTF::Detail::CallableWrapper<WebCore::MediaSource::removeSourceBuffer(WebCore::SourceBuffer&)::$_0, void, WebCore::HTMLMediaElement&>::call(this=0x00000003b8b52950, in=0x000000010f0ac0b0) at Function.h:53:39
frame #5: 0x000000014cd0ead8 WebCore`WTF::Function<void (WebCore::HTMLMediaElement&)>::operator()(this=0x00000003b8d7c898, in=0x000000010f0ac0b0) const at Function.h:82:35
frame #6: 0x000000014cd0e9b0 WebCore`WebCore::MediaSource::ensureWeakOnHTMLMediaElementContext(WTF::Function<void (WebCore::HTMLMediaElement&)>&&) const::$_0::operator()(this=0x00000003b8d7c888) at MediaSource.cpp:1392:13
frame #7: 0x000000014cd0e81c WebCore`WTF::Detail::CallableWrapper<WebCore::MediaSource::ensureWeakOnHTMLMediaElementContext(WTF::Function<void (WebCore::HTMLMediaElement&)>&&) const::$_0, void>::call(this=0x00000003b8d7c880) at Function.h:53:39
frame #8: 0x000000012842ff24 JavaScriptCore`WTF::Function<void ()>::operator()(this=0x000000016ef80d28) const at Function.h:82:35
frame #9: 0x000000012849ce34 JavaScriptCore`WTF::ensureOnMainThread(function=0x000000016ef80d28) at MainThread.cpp:95:9
frame #10: 0x000000014cccd250 WebCore`WebCore::MediaSource::ensureWeakOnHTMLMediaElementContext(this=0x000000010f0ab630, task=0x000000016ef80ec0) const at MediaSource.cpp:1390:5
frame #11: 0x000000014ccd29c0 WebCore`WebCore::MediaSource::removeSourceBuffer(this=0x000000010f0ab630, buffer=0x000000010f0b63c0) at MediaSource.cpp:943:21
frame #12: 0x000000014cccd3e0 WebCore`WebCore::MediaSource::detachFromElement(this=0x000000010f0ab630) at MediaSource.cpp:1175:9
frame #13: 0x000000014cd156ec WebCore`WebCore::MediaSourceInterfaceMainThread::detachFromElement(this=0x0000000349ecf900) at MediaSourceInterfaceMainThread.cpp:88:20
frame #14: 0x000000014e6146b4 WebCore`WebCore::HTMLMediaElement::detachMediaSource(this=0x000000010f0ac0b0) at HTMLMediaElement.cpp:4395:22
frame #15: 0x000000014e613c00 WebCore`WebCore::HTMLMediaElement::~HTMLMediaElement(this=0x000000010f0ac0b0) at HTMLMediaElement.cpp:652:5
frame #16: 0x000000014e707e98 WebCore`WebCore::HTMLVideoElement::~HTMLVideoElement(this=0x000000010f0ac0b0) at HTMLVideoElement.h:47:7
frame #17: 0x000000014e701250 WebCore`WebCore::HTMLVideoElement::~HTMLVideoElement(this=0x000000010f0ac0b0) at HTMLVideoElement.h:47:7
frame #18: 0x000000014e701280 WebCore`WebCore::HTMLVideoElement::~HTMLVideoElement(this=0x000000010f0ac0b0) at HTMLVideoElement.h:47:7
frame #19: 0x000000014e1ce120 WebCore`WebCore::Node::removedLastRef(this=0x000000010f0ac0b0) at Node.cpp:2882:5
frame #20: 0x000000014d750acc WebCore`WebCore::Node::derefAllowingPartiallyDestroyed(this=0x000000010f0ac0b0) const at Node.h:884:34
frame #21: 0x000000014d7508d4 WebCore`WebCore::Node::deref(this=0x000000010f0ac0b0) const at Node.h:864:5
frame #22: 0x000000014a76b858 WebCore`WebCore::EventTarget::deref(this=0x000000010f0ac0b0) at Node.h:980:15
frame #23: 0x000000014a76b7d8 WebCore`WTF::DefaultRefDerefTraits<WebCore::EventTarget>::derefIfNotNull(ptr=0x000000010f0ac0b0) at Ref.h:62:18
frame #24: 0x000000014a76b764 WebCore`WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>, WTF::DefaultRefDerefTraits<WebCore::EventTarget>>::~Ref(this=0x000000034963b8e0) at Ref.h:82:13
frame #25: 0x000000014a76b504 WebCore`WTF::Ref<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>, WTF::DefaultRefDerefTraits<WebCore::EventTarget>>::~Ref(this=0x000000034963b8e0) at Ref.h:76:5
frame #26: 0x000000014af106f4 WebCore`WebCore::JSDOMWrapper<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>>::~JSDOMWrapper(this=0x000000034963b8c8) at JSDOMWrapper.h:74:7
frame #27: 0x000000014af106c0 WebCore`WebCore::JSEventTarget::~JSEventTarget(this=0x000000034963b8c8) at JSEventTarget.h:29:7
frame #28: 0x000000014aeaf0b8 WebCore`WebCore::JSEventTarget::~JSEventTarget(this=0x000000034963b8c8) at JSEventTarget.h:29:7
frame #29: 0x000000014ae59fac WebCore`WebCore::JSEventTarget::destroy(cell=0x000000034963b8c8) at JSEventTarget.cpp:196:32
frame #30: 0x000000012a28a8f4 JavaScriptCore`JSC::JSDestructibleObjectDestroyFunc::operator()(this=0x000000016ef81497, (null)=0x000000010e412000, cell=0x000000034963b8c8) const at JSDestructibleObjectHeapCellType.cpp:43:9
frame #31: 0x000000012a28a8ac JavaScriptCore`JSC::JSDestructibleObjectHeapCellType::destroy(this=0x000000010e4127b0, vm=0x000000010e412000, cell=0x000000034963b8c8) const at JSDestructibleObjectHeapCellType.cpp:63:5
frame #32: 0x0000000129bdc6a4 JavaScriptCore`JSC::Subspace::destroy(this=0x000000010d700b00, vm=0x000000010e412000, cell=0x000000034963b8c8) at Subspace.cpp:68:21
frame #33: 0x0000000129bd1100 JavaScriptCore`JSC::PreciseAllocation::sweep(this=0x000000034963b858) at PreciseAllocation.cpp:273:25
frame #34: 0x0000000129bb44cc JavaScriptCore`JSC::MarkedSpace::sweepPreciseAllocations(this=0x000000010e412178) at MarkedSpace.cpp:235:21
frame #35: 0x0000000129af5704 JavaScriptCore`JSC::Heap::sweepInFinalize(this=0x000000010e4120c8) at Heap.cpp:2284:19
frame #36: 0x0000000129af531c JavaScriptCore`JSC::Heap::finalize(this=0x000000010e4120c8) at Heap.cpp:2217:9
frame #37: 0x0000000129af4a9c JavaScriptCore`JSC::Heap::handleNeedFinalize(this=0x000000010e4120c8, oldState=13) at Heap.cpp:2155:9
frame #38: 0x0000000129af3a78 JavaScriptCore`JSC::Heap::handleNeedFinalize(this=0x000000010e4120c8) at Heap.cpp:2166:12
frame #39: 0x0000000129af01a0 JavaScriptCore`JSC::Heap::finishChangingPhase(this=0x000000010e4120c8, conn=Mutator) at Heap.cpp:1762:17
frame #40: 0x0000000129af17a8 JavaScriptCore`JSC::Heap::changePhase(this=0x000000010e4120c8, conn=Mutator, nextPhase=NotRunning) at Heap.cpp:1736:12
frame #41: 0x0000000129af174c JavaScriptCore`JSC::Heap::runEndPhase(this=0x000000010e4120c8, conn=Mutator) at Heap.cpp:1726:12
frame #42: 0x0000000129aefab8 JavaScriptCore`JSC::Heap::runCurrentPhase(this=0x000000010e4120c8, conn=Mutator, currentThreadState=0x000000016ef819a0) at Heap.cpp:1372:18
frame #43: 0x0000000129b4b9cc JavaScriptCore`JSC::Heap::collectInMutatorThread()::$_0::operator()(this=0x000000016ef81a00, state=0x000000016ef819a0) const at Heap.cpp:1993:52
frame #44: 0x0000000129b4b958 JavaScriptCore`WTF::ScopedLambdaFunctor<void (JSC::CurrentThreadState&), JSC::Heap::collectInMutatorThread()::$_0>::implFunction(argument=0x000000016ef819f0, arguments=0x000000016ef819a0) at ScopedLambda.h:106:16
frame #45: 0x0000000129baf460 JavaScriptCore`void WTF::ScopedLambda<void (JSC::CurrentThreadState&)>::operator()<JSC::CurrentThreadState&>(this=0x000000016ef819f0, arguments=0x000000016ef819a0) const at ScopedLambda.h:58:16
frame #46: 0x0000000129baf3f4 JavaScriptCore`JSC::callWithCurrentThreadState(lambda=0x000000016ef819f0) at MachineStackMarker.cpp:227:5
frame #47: 0x0000000129af4ba0 JavaScriptCore`JSC::Heap::collectInMutatorThread(this=0x000000010e4120c8) at Heap.cpp:2005:13
frame #48: 0x0000000129af4934 JavaScriptCore`JSC::Heap::stopIfNecessarySlow(this=0x000000010e4120c8, oldState=21) at Heap.cpp:1974:9
frame #49: 0x0000000129af5c7c JavaScriptCore`void JSC::Heap::waitForCollector<JSC::Heap::waitForCollection(unsigned long long)::$_0>(this=0x000000010e4120c8, func=0x000000016ef81ad0) at Heap.cpp:2031:13
frame #50: 0x0000000129aef6e8 JavaScriptCore`JSC::Heap::waitForCollection(this=0x000000010e4120c8, ticket=6) at Heap.cpp:2276:5
frame #51: 0x0000000129aeeff4 JavaScriptCore`JSC::Heap::collectSync(this=0x000000010e4120c8, request=GCRequest @ 0x000000016ef81b78) at Heap.cpp:1279:5
frame #52: 0x0000000129aeed74 JavaScriptCore`JSC::Heap::collect(this=0x000000010e4120c8, synchronousness=Sync, request=GCRequest @ 0x000000016ef81bf0) at Heap.cpp:1199:9
frame #53: 0x0000000129ada538 JavaScriptCore`JSC::EdenGCActivityCallback::doCollection(this=0x000000010d0c54a0, vm=0x000000010e412000) at EdenGCActivityCallback.cpp:43:13
frame #54: 0x000000014f16a334 WebCore`WebCore::OpportunisticTaskScheduler::EdenGCActivityCallback::doCollection(this=0x000000010d0c54a0, vm=0x000000010e412000) at OpportunisticTaskScheduler.cpp:263:11
frame #55: 0x0000000129ae2df4 JavaScriptCore`JSC::GCActivityCallback::doWork(this=0x000000010d0c54a0, vm=0x000000010e412000) at GCActivityCallback.cpp:66:5
frame #56: 0x000000012a3b6b70 JavaScriptCore`JSC::JSRunLoopTimer::timerDidFire(this=0x000000010d0c54a0) at JSRunLoopTimer.cpp:236:5
frame #57: 0x000000012a3b634c JavaScriptCore`JSC::JSRunLoopTimer::Manager::timerDidFire(this=0x000000010d0196a0) at JSRunLoopTimer.cpp:109:16
frame #58: 0x000000012a3b5fe4 JavaScriptCore`JSC::JSRunLoopTimer::Manager::timerDidFireCallback(this=0x000000010d0196a0) at JSRunLoopTimer.cpp:56:5
frame #59: 0x000000012a3bd2e0 JavaScriptCore`decltype(*std::declval<JSC::JSRunLoopTimer::Manager*&>().*std::declval<void (JSC::JSRunLoopTimer::Manager::*&)()>()()) std::__1::__invoke[abi:sn180100]<void (JSC::JSRunLoopTimer::Manager::*&)(), JSC::JSRunLoopTimer::Manager*&, void>(__f=0x000000010d019708, __a0=0x000000010d019718) at invoke.h:312:25
frame #60: 0x000000012a3bd238 JavaScriptCore`std::__1::__bind_return<void (JSC::JSRunLoopTimer::Manager::*)(), std::__1::tuple<JSC::JSRunLoopTimer::Manager*>, std::__1::tuple<>, __is_valid_bind_return<void (JSC::JSRunLoopTimer::Manager::*)(), std::__1::tuple<JSC::JSRunLoopTimer::Manager*>, std::__1::tuple<>>::value>::type std::__1::__apply_functor[abi:sn180100]<void (JSC::JSRunLoopTimer::Manager::*)(), std::__1::tuple<JSC::JSRunLoopTimer::Manager*>, 0ul, std::__1::tuple<>>(__f=0x000000010d019708, __bound_args=size=1, (null)=__tuple_indices<0UL> @ 0x000000016ef81f2f, __args=size=0) at bind.h:195:10
frame #61: 0x000000012a3bd1ec JavaScriptCore`std::__1::__bind_return<void (JSC::JSRunLoopTimer::Manager::*)(), std::__1::tuple<JSC::JSRunLoopTimer::Manager*>, std::__1::tuple<>, __is_valid_bind_return<void (JSC::JSRunLoopTimer::Manager::*)(), std::__1::tuple<JSC::JSRunLoopTimer::Manager*>, std::__1::tuple<>>::value>::type std::__1::__bind<void (JSC::JSRunLoopTimer::Manager::*&)(), JSC::JSRunLoopTimer::Manager*&>::operator()[abi:sn180100]<>(this=0x000000010d019708) at bind.h:222:12
frame #62: 0x000000012a3bd188 JavaScriptCore`WTF::Detail::CallableWrapper<std::__1::__bind<void (JSC::JSRunLoopTimer::Manager::*&)(), JSC::JSRunLoopTimer::Manager*&>, void>::call(this=0x000000010d019700) at Function.h:53:39
frame #63: 0x000000012842ff24 JavaScriptCore`WTF::Function<void ()>::operator()(this=0x000000010d0196f8) const at Function.h:82:35
frame #64: 0x00000001284a99d4 JavaScriptCore`WTF::RunLoop::Timer::fired(this=0x000000010d0196e0) at RunLoop.h:195:33
frame #65: 0x00000001284e7ae0 JavaScriptCore`WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_0::operator()(this=0x000000016ef8200f, cfTimer=0x00000003a060a8c0, context=0x000000010d0196e0) const at RunLoopCF.cpp:133:16
frame #66: 0x00000001284e7a54 JavaScriptCore`WTF::RunLoop::TimerBase::start(WTF::Seconds, bool)::$_0::__invoke(cfTimer=0x00000003a060a8c0, context=0x000000010d0196e0) at RunLoopCF.cpp:126:45
frame #67: 0x0000000180d65380 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 32
frame #68: 0x0000000180d65024 CoreFoundation`__CFRunLoopDoTimer + 1012
frame #69: 0x0000000180d64b34 CoreFoundation`__CFRunLoopDoTimers + 356
frame #70: 0x0000000180d4a6f4 CoreFoundation`__CFRunLoopRun + 1872
frame #71: 0x0000000180d49950 CoreFoundation`CFRunLoopRunSpecific + 608
frame #72: 0x0000000181f39b68 Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212
frame #73: 0x0000000181fb151c Foundation`-[NSRunLoop(NSRunLoop) run] + 64
frame #74: 0x0000000180976e3c libxpc.dylib`_xpc_objc_main + 700
frame #75: 0x0000000180986aec libxpc.dylib`_xpc_main + 276
frame #76: 0x00000001809769d8 libxpc.dylib`xpc_main + 64
frame #77: 0x00000001161140e4 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x000000016ef83448) at XPCServiceMain.mm:311:5
frame #78: 0x0000000118a1f560 WebKit`WKXPCServiceMain(argc=1, argv=0x000000016ef83448, (null)=0x0000000000000000, darwinEnvp=0x000000016ef83578) at WKMain.mm:42:12
frame #79: 0x0000000100e7ff8c com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x000000016ef83448, (null)=0x000000016ef83458, darwinEnvp=0x000000016ef83578) at AuxiliaryProcessMain.cpp:32:12
frame #80: 0x00000001808d9f48 dyld`start + 2028
```
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/127214158>
Jean-Yves Avenard [:jya]
*** This bug has been marked as a duplicate of bug 278659 ***