RESOLVED FIXED 181057
com.apple.WebKit.WebContent.Development crashed in com.apple.WebCore: WebCore::UserMediaRequest::stop + 126 
https://bugs.webkit.org/show_bug.cgi?id=181057
Summary com.apple.WebKit.WebContent.Development crashed in com.apple.WebCore: WebCore...
youenn fablet
Reported 2017-12-20 14:51:05 PST
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000110e3a4ee WebCore::UserMediaRequest::stop() + 126 1 com.apple.WebCore 0x00000001104d49d8 WebCore::ScriptExecutionContext::stopActiveDOMObjects() + 152 2 com.apple.WebCore 0x00000001104d44c9 WebCore::Document::prepareForDestruction() + 761 3 com.apple.WebCore 0x000000011142e641 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::DumbPtrTraits<WebCore::FrameView> >&&) + 177 4 com.apple.WebCore 0x0000000110497e62 WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) + 82 5 com.apple.WebKit 0x0000000105309804 WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() + 338 6 com.apple.WebCore 0x000000011139ef49 WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 409 7 com.apple.WebCore 0x0000000110496f1f WebCore::FrameLoader::commitProvisionalLoad() + 335 8 com.apple.WebCore 0x0000000111384ef1 WebCore::DocumentLoader::finishedLoading() + 353 9 com.apple.WebCore 0x000000011049666b WebCore::DocumentLoader::maybeLoadEmpty() + 891 10 com.apple.WebCore 0x00000001104960af WebCore::DocumentLoader::startLoadingMainResource() + 591 11 com.apple.WebCore 0x000000011139e056 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, bool, WebCore::AllowNavigationToInvalidURL) + 694 12 com.apple.WebCore 0x00000001113b58cb W
Attachments
Patch (2.01 KB, patch)
2017-12-20 14:53 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.10 KB, patch)
2017-12-20 15:32 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (2.10 KB, patch)
2017-12-20 15:41 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Fixed typo (1.54 KB, patch)
2017-12-21 21:04 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2017-12-20 14:53:28 PST
Created attachment 329956 [details] Patch
Eric Carlson
Comment 2 2017-12-20 15:24:13 PST
Comment on attachment 329956 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=329956&action=review > Source/WebCore/Modules/mediastream/UserMediaRequest.cpp:280 > + Ref<UserMediaRequest> protectedThis(*this); This is quite subtle, so I it think it would be a good idea to add a comment about why it is necessary to protect this because of the side effects of clearing m_pendingActivationMediaStream.
youenn fablet
Comment 3 2017-12-20 15:32:10 PST
Created attachment 329958 [details] Patch for landing
WebKit Commit Bot
Comment 4 2017-12-20 15:33:40 PST
Comment on attachment 329958 [details] Patch for landing Rejecting attachment 329958 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'validate-changelog', '--check-oops', '--non-interactive', 329958, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit ChangeLog entry in Source/WebCore/ChangeLog contains OOPS!. Full output: http://webkit-queues.webkit.org/results/5780780
youenn fablet
Comment 5 2017-12-20 15:41:07 PST
Created attachment 329959 [details] Patch for landing
WebKit Commit Bot
Comment 6 2017-12-20 16:13:13 PST
Comment on attachment 329959 [details] Patch for landing Clearing flags on attachment: 329959 Committed r226203: <https://trac.webkit.org/changeset/226203>
WebKit Commit Bot
Comment 7 2017-12-20 16:13:14 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 8 2017-12-20 16:14:44 PST
<rdar://problem/36167175>
Darin Adler
Comment 9 2017-12-21 09:33:03 PST
Comment on attachment 329959 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=329959&action=review > Source/WebCore/Modules/mediastream/UserMediaRequest.cpp:280 > + // Protecting 'it'this' since nulling m_pendingActivationMediaStream might destroy it. Typ: 'it'this'
Darin Adler
Comment 10 2017-12-21 09:33:18 PST
(In reply to Darin Adler from comment #9) > Typ: 'it'this' Typo: Typ
youenn fablet
Comment 11 2017-12-21 21:04:10 PST
Reopening to attach new patch.
youenn fablet
Comment 12 2017-12-21 21:04:12 PST
Created attachment 330107 [details] Fixed typo
WebKit Commit Bot
Comment 13 2017-12-21 21:37:52 PST
Comment on attachment 330107 [details] Fixed typo Clearing flags on attachment: 330107 Committed r226258: <https://trac.webkit.org/changeset/226258>
WebKit Commit Bot
Comment 14 2017-12-21 21:37:53 PST
All reviewed patches have been landed. Closing bug.
Ryan Haddad
Comment 15 2018-01-03 13:31:37 PST
This change caused LayoutTest http/tests/media/media-stream/disconnected-frame.html to consistently fail an assertion: ASSERTION FAILED: !m_adoptionIsRequired /Volumes/Data/slave/highsierra-debug/build/WebKitBuild/Debug/usr/local/include/wtf/RefCounted.h(44) : void WTF::RefCountedBase::ref() const 1 0x33849168d WTFCrash 2 0x32801fa4e WTF::RefCountedBase::ref() const 3 0x32968a92b WTF::Ref<WebCore::UserMediaRequest, WTF::DumbPtrTraits<WebCore::UserMediaRequest> >::Ref(WebCore::UserMediaRequest&) 4 0x32968829d WTF::Ref<WebCore::UserMediaRequest, WTF::DumbPtrTraits<WebCore::UserMediaRequest> >::Ref(WebCore::UserMediaRequest&) 5 0x329688214 WebCore::UserMediaRequest::stop() 6 0x329ec3fd5 WebCore::ScriptExecutionContext::suspendActiveDOMObjectIfNeeded(WebCore::ActiveDOMObject&) 7 0x329cf6cd3 WebCore::ActiveDOMObject::suspendIfNeeded() 8 0x329686dab WebCore::UserMediaRequest::UserMediaRequest(WebCore::Document&, WebCore::MediaStreamRequest&&, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::MediaStream> >&&) 9 0x329686c4d WebCore::UserMediaRequest::UserMediaRequest(WebCore::Document&, WebCore::MediaStreamRequest&&, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::MediaStream> >&&) 10 0x329686b36 WebCore::UserMediaRequest::create(WebCore::Document&, WebCore::MediaStreamRequest&&, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::MediaStream> >&&) 11 0x329644d6d WebCore::MediaDevices::getUserMedia(WebCore::MediaDevices::StreamConstraints const&, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::MediaStream> >&&) const 12 0x328bcc968 WebCore::jsMediaDevicesPrototypeFunctionGetUserMediaBody(JSC::ExecState*, WebCore::JSMediaDevices*, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&, JSC::ThrowScope&) 13 0x328bccf38 long long WebCore::IDLOperationReturningPromise<WebCore::JSMediaDevices>::call<&(WebCore::jsMediaDevicesPrototypeFunctionGetUserMediaBody(JSC::ExecState*, WebCore::JSMediaDevices*, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&, JSC::ThrowScope&)), (WebCore::PromiseExecutionScope)0, (WebCore::CastedThisErrorBehavior)2>(JSC::ExecState&, char const*)::'lambda'(JSC::ExecState&, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&)::operator()(JSC::ExecState&, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&) const 14 0x328bccaba JSC::JSValue WebCore::callPromiseFunction<(WebCore::PromiseExecutionScope)0, long long WebCore::IDLOperationReturningPromise<WebCore::JSMediaDevices>::call<&(WebCore::jsMediaDevicesPrototypeFunctionGetUserMediaBody(JSC::ExecState*, WebCore::JSMediaDevices*, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&, JSC::ThrowScope&)), (WebCore::PromiseExecutionScope)0, (WebCore::CastedThisErrorBehavior)2>(JSC::ExecState&, char const*)::'lambda'(JSC::ExecState&, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&)>(JSC::ExecState&, long long WebCore::IDLOperationReturningPromise<WebCore::JSMediaDevices>::call<&(WebCore::jsMediaDevicesPrototypeFunctionGetUserMediaBody(JSC::ExecState*, WebCore::JSMediaDevices*, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&, JSC::ThrowScope&)), (WebCore::PromiseExecutionScope)0, (WebCore::CastedThisErrorBehavior)2>(JSC::ExecState&, char const*)::'lambda'(JSC::ExecState&, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&)) 15 0x328bbc0f5 long long WebCore::IDLOperationReturningPromise<WebCore::JSMediaDevices>::call<&(WebCore::jsMediaDevicesPrototypeFunctionGetUserMediaBody(JSC::ExecState*, WebCore::JSMediaDevices*, WTF::Ref<WebCore::DeferredPromise, WTF::DumbPtrTraits<WebCore::DeferredPromise> >&&, JSC::ThrowScope&)), (WebCore::PromiseExecutionScope)0, (WebCore::CastedThisErrorBehavior)2>(JSC::ExecState&, char const*) 16 0x328bbb6bc WebCore::jsMediaDevicesPrototypeFunctionGetUserMedia(JSC::ExecState*) 17 0x473f17601178 18 0x336ff3d04 llint_entry 19 0x336ff3d04 llint_entry 20 0x336ff3d04 llint_entry 21 0x336febdf2 vmEntryToJavaScript 22 0x337d4443e JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) 23 0x337ceb475 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 24 0x337f518ea JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 25 0x337f519c9 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 26 0x337f51c6d JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 27 0x3298872db WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) 28 0x3298c1932 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) 29 0x329e23c22 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>) 30 0x329e1b6aa WebCore::EventTarget::fireEventListeners(WebCore::Event&) 31 0x32a58db78 WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) LEAK: 2 WebPageProxy https://build.webkit.org/results/Apple%20High%20Sierra%20Debug%20WK2%20(Tests)/r226357%20(1424)/results.html
youenn fablet
Comment 16 2018-01-03 16:20:33 PST
Filed https://bugs.webkit.org/show_bug.cgi?id=181264 for the crash. Will upload a fix quickly.
Note You need to log in before you can comment on or make changes to this bug.