WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
209684
ASSERTION FAILED: m_wrapper on imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/ready-states/autoplay.html
https://bugs.webkit.org/show_bug.cgi?id=209684
Summary
ASSERTION FAILED: m_wrapper on imported/w3c/web-platform-tests/html/semantics...
Jason Lawrence
Reported
2020-03-27 15:16:27 PDT
Created
attachment 394763
[details]
autoplay-crash-log imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/ready-states/autoplay.html Description: This test is flaky crashing on Mac Debug. The flaky crashes first appear in the visual history on 03/10/2020. History:
https://results.webkit.org/?suite=layout-tests&test=imported%2Fw3c%2Fweb-platform-tests%2Fhtml%2Fsemantics%2Fembedded-content%2Fmedia-elements%2Fready-states%2Fautoplay.html&platform=mac&style=debug&limit=50000
Crash log attached; Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000010a22dce0 WTFCrash + 16 (Assertions.cpp:309) 1 com.apple.WebCore 0x0000000121ff747b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x0000000124369528 WebCore::JSEventListener::ensureJSFunction(WebCore::ScriptExecutionContext&) const + 616 (JSEventListener.h:125) 3 com.apple.WebCore 0x000000012436884b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 219 (JSEventListener.cpp:113) 4 com.apple.WebCore 0x0000000124a25e4b WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1099 (EventTarget.cpp:326) 5 com.apple.WebCore 0x0000000124a21ff2 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 354 (EventTarget.cpp:257) 6 com.apple.WebCore 0x0000000124aa6e4a WebCore::Node::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 186 (Node.cpp:2365) 7 com.apple.WebCore 0x0000000124a0d510 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 192 (EventContext.cpp:55) 8 com.apple.WebCore 0x0000000124a0e02b WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 379 (EventDispatcher.cpp:101) 9 com.apple.WebCore 0x0000000124a0db45 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 581 (EventDispatcher.cpp:157) 10 com.apple.WebCore 0x0000000124aa6e9d WebCore::Node::dispatchEvent(WebCore::Event&) + 29 (Node.cpp:2375) 11 com.apple.WebCore 0x0000000124e6eb31 WebCore::HTMLMediaElement::dispatchEvent(WebCore::Event&) + 225 (HTMLMediaElement.cpp:5886) 12 com.apple.WebCore 0x0000000124a44cd0 WebCore::MainThreadGenericEventQueue::dispatchOneEvent() + 608 (GenericEventQueue.cpp:73) 13 com.apple.WebCore 0x0000000124a4b9e1 decltype(*(std::__1::forward<WebCore::MainThreadGenericEventQueue*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::MainThreadGenericEventQueue::*&)(), WebCore::MainThreadGenericEventQueue*&, void>(void (WebCore::MainThreadGenericEventQueue::*&&&)(), WebCore::MainThreadGenericEventQueue*&&&) + 113 (type_traits:4280)
Attachments
autoplay-crash-log
(166.06 KB, text/plain)
2020-03-27 15:16 PDT
,
Jason Lawrence
no flags
Details
Patch
(6.93 KB, patch)
2020-03-31 09:14 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(4.11 KB, patch)
2020-04-01 10:44 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(3.81 KB, patch)
2020-04-01 11:26 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2020-03-27 15:16:47 PDT
<
rdar://problem/60987285
>
Jason Lawrence
Comment 2
2020-03-27 15:28:33 PDT
I have marked this test as crashing while this issue is investigated.
https://trac.webkit.org/changeset/259143/webkit
Alexey Proskuryakov
Comment 3
2020-03-30 14:18:37 PDT
Still crashing today (latest seen with
r259201
).
Chris Dumez
Comment 4
2020-03-30 17:09:07 PDT
Media classes should really stop using those EventQueue classes and start using the HTML event loop. It would avoid such issues..
Chris Dumez
Comment 5
2020-03-30 17:10:28 PDT
HTMLMediaElement has a single MainThreadGenericEventQueue data member: m_asyncEventQueue. However, hasPendingActivity() already makes sure it does not have pending events: bool HTMLMediaElement::hasPendingActivity() const { return (hasAudio() && isPlaying()) || m_asyncEventQueue->hasPendingEvents() || m_playbackTargetIsWirelessQueue.hasPendingTasks() || m_creatingControls; } Therefore, it must be some other MainThreadGenericEventQueue which dispatches events on the HTMLMediaElement?
Chris Dumez
Comment 6
2020-03-31 08:22:59 PDT
I have not been able to reproduce yet. If anybody is, please let me know how.
Chris Dumez
Comment 7
2020-03-31 09:14:58 PDT
Created
attachment 395047
[details]
Patch
Darin Adler
Comment 8
2020-03-31 10:32:49 PDT
Comment on
attachment 395047
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=395047&action=review
> Source/WebCore/dom/GenericEventQueue.h:59 > + bool hasPendingActivityForGC() const;
Not loving this name. What is "activity for GC"? Maybe we mean "activity that should prevent GC"? Let's think about the words we would use to explain this.
Chris Dumez
Comment 9
2020-03-31 10:34:11 PDT
Comment on
attachment 395047
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=395047&action=review
>> Source/WebCore/dom/GenericEventQueue.h:59 >> + bool hasPendingActivityForGC() const; > > Not loving this name. What is "activity for GC"? Maybe we mean "activity that should prevent GC"? Let's think about the words we would use to explain this.
Would hasPendingActivity() be OK?
Darin Adler
Comment 10
2020-03-31 10:35:18 PDT
(In reply to Darin Adler from
comment #8
)
> Let's think about the words we would use to explain this.
The words we would use to explain this to another person and maybe we can name the function better. (Don't hold up check-in looking for a better name, though.)
Darin Adler
Comment 11
2020-03-31 10:35:36 PDT
Comment on
attachment 395047
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=395047&action=review
>>> Source/WebCore/dom/GenericEventQueue.h:59 >>> + bool hasPendingActivityForGC() const; >> >> Not loving this name. What is "activity for GC"? Maybe we mean "activity that should prevent GC"? Let's think about the words we would use to explain this. > > Would hasPendingActivity() be OK?
Probably.
Chris Dumez
Comment 12
2020-03-31 10:36:16 PDT
(In reply to Darin Adler from
comment #11
)
> Comment on
attachment 395047
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=395047&action=review
> > >>> Source/WebCore/dom/GenericEventQueue.h:59 > >>> + bool hasPendingActivityForGC() const; > >> > >> Not loving this name. What is "activity for GC"? Maybe we mean "activity that should prevent GC"? Let's think about the words we would use to explain this. > > > > Would hasPendingActivity() be OK? > > Probably.
This is only used for ActiveDOMObject::virtualHasPendingActivity() so it would at least be consistent.
Chris Dumez
Comment 13
2020-03-31 10:39:47 PDT
Committed
r259299
: <
https://trac.webkit.org/changeset/259299
>
Chris Dumez
Comment 14
2020-03-31 10:40:01 PDT
(In reply to Chris Dumez from
comment #13
)
> Committed
r259299
: <
https://trac.webkit.org/changeset/259299
>
Fixed name before landing.
Chris Dumez
Comment 15
2020-03-31 16:23:37 PDT
There was a crash on the bot after my fix: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001c5edfc2e WTFCrash + 14 (Assertions.cpp:309) 1 com.apple.WebCore 0x00000001a8fda47b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x00000001ab36f83f WebCore::JSEventListener::ensureJSFunction(WebCore::ScriptExecutionContext&) const + 639 (JSEventListener.h:125) 3 com.apple.WebCore 0x00000001ab36ebad WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 205 (JSEventListener.cpp:113) 4 com.apple.WebCore 0x00000001aba313a7 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1063 (EventTarget.cpp:326) 5 com.apple.WebCore 0x00000001aba2d5c4 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 356 (EventTarget.cpp:257) 6 com.apple.WebCore 0x00000001abab3922 WebCore::Node::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 178 (Node.cpp:2366) 7 com.apple.WebCore 0x00000001aba18741 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 193 (EventContext.cpp:55) 8 com.apple.WebCore 0x00000001aba1922f WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 383 (EventDispatcher.cpp:101) 9 com.apple.WebCore 0x00000001aba18d67 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 567 (EventDispatcher.cpp:157) 10 com.apple.WebCore 0x00000001abab397d WebCore::Node::dispatchEvent(WebCore::Event&) + 29 (Node.cpp:2376) 11 com.apple.WebCore 0x00000001abe7f6e1 WebCore::HTMLMediaElement::dispatchEvent(WebCore::Event&) + 225 (HTMLMediaElement.cpp:5879) 12 com.apple.WebCore 0x00000001aba50933 WebCore::MainThreadGenericEventQueue::dispatchOneEvent() + 643 (GenericEventQueue.cpp:76) 13 com.apple.WebCore 0x00000001aba578f7 decltype(*(std::__1::forward<WebCore::MainThreadGenericEventQueue*&>(fp0)).*fp()) std::__1::__invoke<void (WebCore::MainThreadGenericEventQueue::*&)(), WebCore::MainThreadGenericEventQueue*&, void>(void (WebCore::MainThreadGenericEventQueue::*&)(), WebCore::MainThreadGenericEventQueue*&) + 119 (type_traits:4366) 14 com.apple.WebCore 0x00000001aba57870 std::__1::__bind_return<void (WebCore::MainThreadGenericEventQueue::*)(), std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::MainThreadGenericEventQueue::*)(), std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, std::__1::tuple<> >::value>::type std::__1::__apply_functor<void (WebCore::MainThreadGenericEventQueue::*)(), std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, 0ul, std::__1::tuple<> >(void (WebCore::MainThreadGenericEventQueue::*&)(), std::__1::tuple<WebCore::MainThreadGenericEventQueue*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64 (functional:2716) 15 com.apple.WebCore 0x00000001aba57829 std::__1::__bind_return<void (WebCore::MainThreadGenericEventQueue::*)(), std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::MainThreadGenericEventQueue::*)(), std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, std::__1::tuple<> >::value>::type std::__1::__bind<void (WebCore::MainThreadGenericEventQueue::*)(), WebCore::MainThreadGenericEventQueue*>::operator()<>() + 41 (functional:2749) 16 com.apple.WebCore 0x00000001aba577ce WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::MainThreadGenericEventQueue::*)(), WebCore::MainThreadGenericEventQueue*>, void>::call() + 30 (Function.h:52) 17 com.apple.WebCore 0x00000001a8fece22 WTF::Function<void ()>::operator()() const + 130 (Function.h:84) 18 com.apple.WebCore 0x00000001a92f4275 WebCore::GenericTaskQueue<WebCore::Timer>::enqueueTask(WTF::Function<void ()>&&)::'lambda'()::operator()() const + 181 (GenericTaskQueue.h:108) 19 com.apple.WebCore 0x00000001a92f40ae WTF::Detail::CallableWrapper<WebCore::GenericTaskQueue<WebCore::Timer>::enqueueTask(WTF::Function<void ()>&&)::'lambda'(), void>::call() + 30 (Function.h:52) 20 com.apple.WebCore 0x00000001a8fece22 WTF::Function<void ()>::operator()() const + 130 (Function.h:84) 21 com.apple.WebCore 0x00000001ac92d0ef WebCore::TaskDispatcher<WebCore::Timer>::dispatchOneTask() + 223 (GenericTaskQueue.cpp:111) 22 com.apple.WebCore 0x00000001ac92cdc5 WebCore::TaskDispatcher<WebCore::Timer>::sharedTimerFired() + 261 (GenericTaskQueue.cpp:86) 23 com.apple.WebCore 0x00000001ac9335c1 WebCore::TaskDispatcher<WebCore::Timer>::sharedTimer()::$_1::operator()() const + 17 (GenericTaskQueue.cpp:60) 24 com.apple.WebCore 0x00000001ac93357e WTF::Detail::CallableWrapper<WebCore::TaskDispatcher<WebCore::Timer>::sharedTimer()::$_1, void>::call() + 30 (Function.h:52) 25 com.apple.WebCore 0x00000001a8fece22 WTF::Function<void ()>::operator()() const + 130 (Function.h:84) 26 com.apple.WebCore 0x00000001a90b5cde WebCore::Timer::fired() + 30 (Timer.h:127) 27 com.apple.WebCore 0x00000001ac980144 WebCore::ThreadTimers::sharedTimerFiredInternal() + 644 (ThreadTimers.cpp:127) 28 com.apple.WebCore 0x00000001ac988aa1 WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const + 33 (ThreadTimers.cpp:67) 29 com.apple.WebCore 0x00000001ac988a4e WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call() + 30 (Function.h:52) 30 com.apple.WebCore 0x00000001a8fece22 WTF::Function<void ()>::operator()() const + 130 (Function.h:84) 31 com.apple.WebCore 0x00000001ac946b0b WebCore::MainThreadSharedTimer::fired() + 139 (MainThreadSharedTimer.cpp:84) 32 com.apple.WebCore 0x00000001ac9f83c6 WebCore::timerFired(__CFRunLoopTimer*, void*) + 38 (MainThreadSharedTimerCF.cpp:75) 33 com.apple.CoreFoundation 0x00007fff349b39b9 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 34 com.apple.CoreFoundation 0x00007fff349b351f __CFRunLoopDoTimer + 859 35 com.apple.CoreFoundation 0x00007fff349b3007 __CFRunLoopDoTimers + 322 36 com.apple.CoreFoundation 0x00007fff34997daa __CFRunLoopRun + 1871 37 com.apple.CoreFoundation 0x00007fff34996ffe CFRunLoopRunSpecific + 462 38 com.apple.Foundation 0x00007fff3702b2a8 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 39 com.apple.Foundation 0x00007fff370ddd2f -[NSRunLoop(NSRunLoop) run] + 76 40 libxpc.dylib 0x00007fff6eb2e51a _xpc_objc_main.cold.4 + 49 41 libxpc.dylib 0x00007fff6eb2e460 _xpc_objc_main + 559 42 libxpc.dylib 0x00007fff6eb2df93 xpc_main + 377 43 com.apple.WebKit 0x000000010abc86db WebKit::XPCServiceMain(int, char const**) + 1499 (XPCServiceMain.mm:172) 44 com.apple.WebKit 0x000000010bf737bb WKXPCServiceMain + 27 (WKMain.mm:33) 45 com.apple.WebKit.WebContent 0x000000010a2f5ec2 main + 34 (AuxiliaryProcessMain.cpp:30) 46 libdyld.dylib 0x00007fff6e8e0cc9 start + 1
Chris Dumez
Comment 16
2020-04-01 08:30:41 PDT
(In reply to Chris Dumez from
comment #15
)
> There was a crash on the bot after my fix: > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > 0 com.apple.JavaScriptCore 0x00000001c5edfc2e WTFCrash + 14 > (Assertions.cpp:309) > 1 com.apple.WebCore 0x00000001a8fda47b WTFCrashWithInfo(int, > char const*, char const*, int) + 27 > 2 com.apple.WebCore 0x00000001ab36f83f > WebCore::JSEventListener::ensureJSFunction(WebCore::ScriptExecutionContext&) > const + 639 (JSEventListener.h:125) > 3 com.apple.WebCore 0x00000001ab36ebad > WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, > WebCore::Event&) + 205 (JSEventListener.cpp:113) > 4 com.apple.WebCore 0x00000001aba313a7 > WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, > WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, > WTF::DumbPtrTraits<WebCore::RegisteredEventListener> >, 1ul, > WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, > WebCore::EventTarget::EventInvokePhase) + 1063 (EventTarget.cpp:326) > 5 com.apple.WebCore 0x00000001aba2d5c4 > WebCore::EventTarget::fireEventListeners(WebCore::Event&, > WebCore::EventTarget::EventInvokePhase) + 356 (EventTarget.cpp:257) > 6 com.apple.WebCore 0x00000001abab3922 > WebCore::Node::handleLocalEvents(WebCore::Event&, > WebCore::EventTarget::EventInvokePhase) + 178 (Node.cpp:2366) > 7 com.apple.WebCore 0x00000001aba18741 > WebCore::EventContext::handleLocalEvents(WebCore::Event&, > WebCore::EventTarget::EventInvokePhase) const + 193 (EventContext.cpp:55) > 8 com.apple.WebCore 0x00000001aba1922f > WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + > 383 (EventDispatcher.cpp:101) > 9 com.apple.WebCore 0x00000001aba18d67 > WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + > 567 (EventDispatcher.cpp:157) > 10 com.apple.WebCore 0x00000001abab397d > WebCore::Node::dispatchEvent(WebCore::Event&) + 29 (Node.cpp:2376) > 11 com.apple.WebCore 0x00000001abe7f6e1 > WebCore::HTMLMediaElement::dispatchEvent(WebCore::Event&) + 225 > (HTMLMediaElement.cpp:5879) > 12 com.apple.WebCore 0x00000001aba50933 > WebCore::MainThreadGenericEventQueue::dispatchOneEvent() + 643 > (GenericEventQueue.cpp:76) > 13 com.apple.WebCore 0x00000001aba578f7 > decltype(*(std::__1::forward<WebCore::MainThreadGenericEventQueue*&>(fp0)). > *fp()) std::__1::__invoke<void (WebCore::MainThreadGenericEventQueue::*&)(), > WebCore::MainThreadGenericEventQueue*&, void>(void > (WebCore::MainThreadGenericEventQueue::*&)(), > WebCore::MainThreadGenericEventQueue*&) + 119 (type_traits:4366) > 14 com.apple.WebCore 0x00000001aba57870 > std::__1::__bind_return<void (WebCore::MainThreadGenericEventQueue::*)(), > std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, std::__1::tuple<>, > __is_valid_bind_return<void (WebCore::MainThreadGenericEventQueue::*)(), > std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, std::__1::tuple<> > >::value>::type std::__1::__apply_functor<void > (WebCore::MainThreadGenericEventQueue::*)(), > std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, 0ul, > std::__1::tuple<> >(void (WebCore::MainThreadGenericEventQueue::*&)(), > std::__1::tuple<WebCore::MainThreadGenericEventQueue*>&, > std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&) + 64 (functional:2716) > 15 com.apple.WebCore 0x00000001aba57829 > std::__1::__bind_return<void (WebCore::MainThreadGenericEventQueue::*)(), > std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, std::__1::tuple<>, > __is_valid_bind_return<void (WebCore::MainThreadGenericEventQueue::*)(), > std::__1::tuple<WebCore::MainThreadGenericEventQueue*>, std::__1::tuple<> > >::value>::type std::__1::__bind<void > (WebCore::MainThreadGenericEventQueue::*)(), > WebCore::MainThreadGenericEventQueue*>::operator()<>() + 41 (functional:2749) > 16 com.apple.WebCore 0x00000001aba577ce > WTF::Detail::CallableWrapper<std::__1::__bind<void > (WebCore::MainThreadGenericEventQueue::*)(), > WebCore::MainThreadGenericEventQueue*>, void>::call() + 30 (Function.h:52) > 17 com.apple.WebCore 0x00000001a8fece22 WTF::Function<void > ()>::operator()() const + 130 (Function.h:84) > 18 com.apple.WebCore 0x00000001a92f4275 > WebCore::GenericTaskQueue<WebCore::Timer>::enqueueTask(WTF::Function<void > ()>&&)::'lambda'()::operator()() const + 181 (GenericTaskQueue.h:108) > 19 com.apple.WebCore 0x00000001a92f40ae > WTF::Detail::CallableWrapper<WebCore::GenericTaskQueue<WebCore::Timer>:: > enqueueTask(WTF::Function<void ()>&&)::'lambda'(), void>::call() + 30 > (Function.h:52) > 20 com.apple.WebCore 0x00000001a8fece22 WTF::Function<void > ()>::operator()() const + 130 (Function.h:84) > 21 com.apple.WebCore 0x00000001ac92d0ef > WebCore::TaskDispatcher<WebCore::Timer>::dispatchOneTask() + 223 > (GenericTaskQueue.cpp:111) > 22 com.apple.WebCore 0x00000001ac92cdc5 > WebCore::TaskDispatcher<WebCore::Timer>::sharedTimerFired() + 261 > (GenericTaskQueue.cpp:86) > 23 com.apple.WebCore 0x00000001ac9335c1 > WebCore::TaskDispatcher<WebCore::Timer>::sharedTimer()::$_1::operator()() > const + 17 (GenericTaskQueue.cpp:60) > 24 com.apple.WebCore 0x00000001ac93357e > WTF::Detail::CallableWrapper<WebCore::TaskDispatcher<WebCore::Timer>:: > sharedTimer()::$_1, void>::call() + 30 (Function.h:52) > 25 com.apple.WebCore 0x00000001a8fece22 WTF::Function<void > ()>::operator()() const + 130 (Function.h:84) > 26 com.apple.WebCore 0x00000001a90b5cde > WebCore::Timer::fired() + 30 (Timer.h:127) > 27 com.apple.WebCore 0x00000001ac980144 > WebCore::ThreadTimers::sharedTimerFiredInternal() + 644 > (ThreadTimers.cpp:127) > 28 com.apple.WebCore 0x00000001ac988aa1 > WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0:: > operator()() const + 33 (ThreadTimers.cpp:67) > 29 com.apple.WebCore 0x00000001ac988a4e > WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore:: > SharedTimer*)::$_0, void>::call() + 30 (Function.h:52) > 30 com.apple.WebCore 0x00000001a8fece22 WTF::Function<void > ()>::operator()() const + 130 (Function.h:84) > 31 com.apple.WebCore 0x00000001ac946b0b > WebCore::MainThreadSharedTimer::fired() + 139 (MainThreadSharedTimer.cpp:84) > 32 com.apple.WebCore 0x00000001ac9f83c6 > WebCore::timerFired(__CFRunLoopTimer*, void*) + 38 > (MainThreadSharedTimerCF.cpp:75) > 33 com.apple.CoreFoundation 0x00007fff349b39b9 > __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 > 34 com.apple.CoreFoundation 0x00007fff349b351f __CFRunLoopDoTimer + > 859 > 35 com.apple.CoreFoundation 0x00007fff349b3007 __CFRunLoopDoTimers + > 322 > 36 com.apple.CoreFoundation 0x00007fff34997daa __CFRunLoopRun + 1871 > 37 com.apple.CoreFoundation 0x00007fff34996ffe CFRunLoopRunSpecific + > 462 > 38 com.apple.Foundation 0x00007fff3702b2a8 -[NSRunLoop(NSRunLoop) > runMode:beforeDate:] + 212 > 39 com.apple.Foundation 0x00007fff370ddd2f -[NSRunLoop(NSRunLoop) > run] + 76 > 40 libxpc.dylib 0x00007fff6eb2e51a _xpc_objc_main.cold.4 > + 49 > 41 libxpc.dylib 0x00007fff6eb2e460 _xpc_objc_main + 559 > 42 libxpc.dylib 0x00007fff6eb2df93 xpc_main + 377 > 43 com.apple.WebKit 0x000000010abc86db > WebKit::XPCServiceMain(int, char const**) + 1499 (XPCServiceMain.mm:172) > 44 com.apple.WebKit 0x000000010bf737bb WKXPCServiceMain + 27 > (WKMain.mm:33) > 45 com.apple.WebKit.WebContent 0x000000010a2f5ec2 main + 34 > (AuxiliaryProcessMain.cpp:30) > 46 libdyld.dylib 0x00007fff6e8e0cc9 start + 1
Since my speculative fix did not suffice, I still need help reproducing this crash if anyone is able to.
Chris Dumez
Comment 17
2020-04-01 08:47:38 PDT
Ok, I am finally able to reproduce: Tools/Scripts/run-webkit-tests --no-build --debug --force --repeat-each=500 -f imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/ready-states/autoplay.html -1
Chris Dumez
Comment 18
2020-04-01 09:15:20 PDT
Event being fired when we crash is 'canplay'.
Chris Dumez
Comment 19
2020-04-01 10:44:23 PDT
Created
attachment 395185
[details]
Patch
Darin Adler
Comment 20
2020-04-01 11:05:14 PDT
Comment on
attachment 395185
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=395185&action=review
> Source/WebCore/html/HTMLMediaElement.cpp:5776 > + if (m_creatingControls) > + return true; > + > + if (m_asyncEventQueue->hasPendingActivity() || m_playbackTargetIsWirelessQueue.hasPendingTasks()) > + return true; > + > + // If there is playing audio, we need to make sure the media element we don't get destroyed so that > + // it does not get interrupted. > + if (hasAudio() && isPlaying()) > + return true; > + > + // We need to keep the wrapper alive as long as we may fire events and there are event listeners. > + return m_player && (!ended() || seeking() || m_networkState >= NETWORK_IDLE) && hasEventListeners();
I guess it’s nice that the multiple return statements give us a place to put comments. But I really like the "||" form to clarify there is no tricky logic, just multiple independent reasons: return m_creatingControls || m_asyncEventQueue->hasPendingActivity() || m_playbackTargetIsWirelessQueue.hasPendingTasks() || (hasAudio() && isPlaying()) || (m_player && (!ended() || seeking() || m_networkState >= NETWORK_IDLE) && hasEventListeners()); There’s something so appealing to that style for me.
Chris Dumez
Comment 21
2020-04-01 11:26:31 PDT
Created
attachment 395190
[details]
Patch
EWS
Comment 22
2020-04-01 12:30:19 PDT
Committed
r259359
: <
https://trac.webkit.org/changeset/259359
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 395190
[details]
.
youenn fablet
Comment 23
2021-06-02 01:27:02 PDT
This seems to create some leaks, let's tighten the heuristic at
https://bugs.webkit.org/show_bug.cgi?id=226529
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug