RESOLVED FIXED219809
[GPUProcess] Crash under AudioDestinationCocoa::setIsPlaying(bool) 
https://bugs.webkit.org/show_bug.cgi?id=219809
Summary [GPUProcess] Crash under AudioDestinationCocoa::setIsPlaying(bool)
Chris Dumez
Reported 2020-12-11 16:03:30 PST
When running the webaudio layout test with the GPU Process enabled, several tests are crashing like so: Thread 0 Crashed: 0 libsystem_kernel.dylib 0x00007fff20432462 __pthread_kill + 10 1 libsystem_pthread.dylib 0x00007fff20460610 0x7fff2045a000 + 26128 2 libsystem_c.dylib 0x00007fff203b3720 abort + 120 3 libsystem_malloc.dylib 0x00007fff20294430 malloc_vreport + 548 4 libsystem_malloc.dylib 0x00007fff202974c8 malloc_report + 151 5 com.apple.WebCore 0x0000000447917c98 bmalloc::IsoDirectory<bmalloc::IsoConfig<296u>, 480u>::~IsoDirectory() + 40 (IsoDirectory.h:60) 6 com.apple.WebCore 0x00000004498291e0 WebCore::AudioDestinationNode::updateIsEffectivelyPlayingAudio() + 32 (AudioDestinationNode.cpp:136) 7 com.apple.WebCore 0x00000004498291b5 WebCore::AudioDestinationNode::isPlayingDidChange() + 21 (AudioDestinationNode.cpp:122) 8 com.apple.WebCore 0x000000044b4679f8 WebCore::AudioDestinationCocoa::setIsPlaying(bool) + 120 (AudioDestinationCocoa.cpp:147) 9 com.apple.WebKit 0x0000000439a0130d WebKit::RemoteAudioDestinationProxy::stop(WTF::CompletionHandler<void (bool)>&&)::$_1::operator()(bool) + 61 (RemoteAudioDestinationProxy.cpp:133) 10 com.apple.WebKit 0x0000000439a01278 WTF::Detail::CallableWrapper<WebKit::RemoteAudioDestinationProxy::stop(WTF::CompletionHandler<void (bool)>&&)::$_1, void, bool&&>::call(bool&&) + 56 (Function.h:52) 11 com.apple.WebKit 0x00000004384ef74a WTF::Function<void (bool&&)>::operator()(bool&&) const + 154 (Function.h:83) 12 com.apple.WebKit 0x00000004384e142e WTF::CompletionHandler<void (bool&&)>::operator()(bool&&) + 254 (CompletionHandler.h:67) 13 com.apple.WebKit 0x000000043895234b Messages::RemoteAudioDestinationManager::StopAudioDestination::callReply(IPC::Decoder&, WTF::CompletionHandler<void (bool&&)>&&) + 171 (RemoteAudioDestinationManagerMessageReceiver.cpp:104) 14 com.apple.WebKit 0x0000000439a00ecb void IPC::Connection::sendWithAsyncReply<Messages::RemoteAudioDestinationManager::StopAudioDestination, WebKit::RemoteAudioDestinationProxy::stop(WTF::CompletionHandler<void (bool)>&&)::$_1>(Messages::RemoteAudioDestinationManager::StopAudioDestination&&, WebKit::RemoteAudioDestinationProxy::stop(WTF::CompletionHandler<void (bool)>&&)::$_1&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*)::operator()(IPC::Decoder*) + 107 (Connection.h:528) 15 com.apple.WebKit 0x0000000439a00dd3 WTF::Detail::CallableWrapper<void IPC::Connection::sendWithAsyncReply<Messages::RemoteAudioDestinationManager::StopAudioDestination, WebKit::RemoteAudioDestinationProxy::stop(WTF::CompletionHandler<void (bool)>&&)::$_1>(Messages::RemoteAudioDestinationManager::StopAudioDestination&&, WebKit::RemoteAudioDestinationProxy::stop(WTF::CompletionHandler<void (bool)>&&)::$_1&&, unsigned long long, WTF::OptionSet<IPC::SendOption>)::'lambda'(IPC::Decoder*), void, IPC::Decoder*>::call(IPC::Decoder*) + 51 (Function.h:52) 16 com.apple.WebKit 0x00000004380a3b8a WTF::Function<void (IPC::Decoder*)>::operator()(IPC::Decoder*) const + 154 (Function.h:83) 17 com.apple.WebKit 0x000000043808221e WTF::CompletionHandler<void (IPC::Decoder*)>::operator()(IPC::Decoder*) + 254 (CompletionHandler.h:67) 18 com.apple.WebKit 0x0000000438081d7a IPC::Connection::dispatchMessage(IPC::Decoder&) + 378 (Connection.cpp:1021)
Attachments
Patch (27.21 KB, patch)
2020-12-11 17:12 PST, Chris Dumez 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (27.44 KB, patch)
2020-12-11 17:34 PST, Chris Dumez 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (27.99 KB, patch)
2020-12-11 17:38 PST, Chris Dumez 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (28.50 KB, patch)
2020-12-11 17:49 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (28.49 KB, patch)
2020-12-14 08:24 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (17.78 KB, patch)
2020-12-14 17:05 PST, Chris Dumez 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (17.73 KB, patch)
2020-12-14 17:07 PST, Chris Dumez 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (17.93 KB, patch)
2020-12-14 17:14 PST, Chris Dumez 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (18.16 KB, patch)
2020-12-14 17:20 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (18.54 KB, patch)
2020-12-15 08:31 PST, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (9) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2020-12-11 17:12:08 PST
Created attachment 416075 [details] Patch
Chris Dumez
Comment 2 2020-12-11 17:34:21 PST
Created attachment 416077 [details] Patch
Chris Dumez
Comment 3 2020-12-11 17:38:22 PST
Created attachment 416078 [details] Patch
Chris Dumez
Comment 4 2020-12-11 17:49:17 PST
Created attachment 416080 [details] Patch
Eric Carlson
Comment 5 2020-12-11 23:48:27 PST
Comment on attachment 416080 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=416080&action=review > Source/WebCore/ChangeLog:9 > + are asynchronous due to IPC. Those functions take completion handlers and and s/and and/and/
Chris Dumez
Comment 6 2020-12-14 08:24:32 PST
Created attachment 416162 [details] Patch
Chris Dumez
Comment 7 2020-12-14 08:26:52 PST
Comment on attachment 416162 [details] Patch Clearing flags on attachment: 416162 Committed r270768: <https://trac.webkit.org/changeset/270768>
Chris Dumez
Comment 8 2020-12-14 08:26:54 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 9 2020-12-14 08:27:16 PST
<rdar://problem/72298420>
Chris Dumez
Comment 10 2020-12-14 16:14:41 PST
Reverted r270768 for reason: Still crashes in debug in a different location Committed r270808: <https://trac.webkit.org/changeset/270808>
Chris Dumez
Comment 11 2020-12-14 16:15:13 PST
Crash after this fix: Thread 34 Crashed:: WebCore: AudioWorklet 0 com.apple.JavaScriptCore 0x00000006bfd1db4e WTFCrash + 14 (Assertions.cpp:295) 1 com.apple.WebCore 0x000000069f757c9b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:671) 2 com.apple.WebCore 0x00000006a1a8536a WebCore::BaseAudioContext::scheduleNodeDeletion() + 138 (BaseAudioContext.cpp:779) 3 com.apple.WebCore 0x00000006a1a851a5 WebCore::BaseAudioContext::handlePostRenderTasks() + 165 (BaseAudioContext.cpp:738) 4 com.apple.WebCore 0x00000006a1a269e4 WebCore::AudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 564 (AudioDestinationNode.cpp:104) 5 com.apple.WebCore 0x00000006a36506bc WebCore::AudioDestinationCocoa::AudioDestinationCocoa(WebCore::AudioIOCallback&, unsigned int, float, bool)::$_16::operator()(WebCore::AudioBus*, unsigned long) const + 188 (AudioDestinationCocoa.cpp:87) 6 com.apple.WebCore 0x00000006a36505cb WTF::Detail::CallableWrapper<WebCore::AudioDestinationCocoa::AudioDestinationCocoa(WebCore::AudioIOCallback&, unsigned int, float, bool)::$_16, void, WebCore::AudioBus*, unsigned long>::call(WebCore::AudioBus*, unsigned long) + 75 (Function.h:52) 7 com.apple.WebCore 0x00000006a361db72 WTF::Function<void (WebCore::AudioBus*, unsigned long)>::operator()(WebCore::AudioBus*, unsigned long) const + 178 (Function.h:83) 8 com.apple.WebCore 0x00000006a361d6a5 WebCore::MultiChannelResampler::provideInputForChannel(float*, unsigned long, unsigned int) + 373 (MultiChannelResampler.cpp:97) 9 com.apple.WebCore 0x00000006a36265fe decltype(*(std::__1::forward<WebCore::MultiChannelResampler*&>(fp0)).*fp(std::__1::forward<float*>(fp1), std::__1::forward<unsigned long>(fp1), std::__1::forward<unsigned int&>(fp1))) std::__1::__invoke<void (WebCore::MultiChannelResampler::*&)(float*, unsigned long, unsigned int), WebCore::MultiChannelResampler*&, float*, unsigned long, unsigned int&, void>(void (WebCore::MultiChannelResampler::*&)(float*, unsigned long, unsigned int), WebCore::MultiChannelResampler*&, float*&&, unsigned long&&, unsigned int&) + 190 (type_traits:3486) 10 com.apple.WebCore 0x00000006a3626507 std::__1::__bind_return<void (WebCore::MultiChannelResampler::*)(float*, unsigned long, unsigned int), std::__1::tuple<WebCore::MultiChannelResampler*, std::__1::placeholders::__ph<1>, std::__1::placeholders::__ph<2>, unsigned int>, std::__1::tuple<float*&&, unsigned long&&>, __is_valid_bind_return<void (WebCore::MultiChannelResampler::*)(float*, unsigned long, unsigned int), std::__1::tuple<WebCore::MultiChannelResampler*, std::__1::placeholders::__ph<1>, std::__1::placeholders::__ph<2>, unsigned int>, std::__1::tuple<float*&&, unsigned long&&> >::value>::type std::__1::__apply_functor<void (WebCore::MultiChannelResampler::*)(float*, unsigned long, unsigned int), std::__1::tuple<WebCore::MultiChannelResampler*, std::__1::placeholders::__ph<1>, std::__1::placeholders::__ph<2>, unsigned int>, 0ul, 1ul, 2ul, 3ul, std::__1::tuple<float*&&, unsigned long&&> >(void (WebCore::MultiChannelResampler::*&)(float*, unsigned long, unsigned int), std::__1::tuple<WebCore::MultiChannelResampler*, std::__1::placeholders::__ph<1>, std::__1::placeholders::__ph<2>, unsigned int>&, std::__1::__tuple_indices<0ul, 1ul, 2ul, 3ul>, std::__1::tuple<float*&&, unsigned long&&>&&) + 151 (functional:2846) 11 com.apple.WebCore 0x00000006a3626451 std::__1::__bind_return<void (WebCore::MultiChannelResampler::*)(float*, unsigned long, unsigned int), std::__1::tuple<WebCore::MultiChannelResampler*, std::__1::placeholders::__ph<1>, std::__1::placeholders::__ph<2>, unsigned int>, std::__1::tuple<float*&&, unsigned long&&>, __is_valid_bind_return<void (WebCore::MultiChannelResampler::*)(float*, unsigned long, unsigned int), std::__1::tuple<WebCore::MultiChannelResampler*, std::__1::placeholders::__ph<1>, std::__1::placeholders::__ph<2>, unsigned int>, std::__1::tuple<float*&&, unsigned long&&> >::value>::type std::__1::__bind<void (WebCore::MultiChannelResampler::*)(float*, unsigned long, unsigned int), WebCore::MultiChannelResampler*, std::__1::placeholders::__ph<1> const&, std::__1::placeholders::__ph<2> const&, unsigned int&>::operator()<float*, unsigned long>(float*&&, unsigned long&&) + 97 (functional:2879) 12 com.apple.WebCore 0x00000006a3626378 WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::MultiChannelResampler::*)(float*, unsigned long, unsigned int), WebCore::MultiChannelResampler*, std::__1::placeholders::__ph<1> const&, std::__1::placeholders::__ph<2> const&, unsigned int&>, void, float*, unsigned long>::call(float*, unsigned long) + 72 (Function.h:52) 13 com.apple.WebCore 0x00000006a3642d32 WTF::Function<void (float*, unsigned long)>::operator()(float*, unsigned long) const + 178 (Function.h:83) 14 com.apple.WebCore 0x00000006a3642c6a WebCore::SincResampler::process(float*, unsigned long) + 794 (SincResampler.cpp:289) 15 com.apple.WebCore 0x00000006a361da22 WebCore::MultiChannelResampler::process(WebCore::AudioBus*, unsigned long) + 546 (MultiChannelResampler.cpp:81) 16 com.apple.WebCore 0x00000006a3649827 WebCore::AudioDestinationCocoa::renderOnRenderingThead(unsigned long) + 135 (AudioDestinationCocoa.cpp:219) 17 com.apple.WebCore 0x00000006a3649530 WebCore::AudioDestinationCocoa::render(double, unsigned long long, unsigned int, AudioBufferList*) + 528 (AudioDestinationCocoa.cpp:209) 18 com.apple.WebKit 0x0000000691a20749 WebKit::RemoteAudioDestinationProxy::requestBuffer(double, unsigned long long, unsigned long long) + 281 (RemoteAudioDestinationProxy.cpp:162)
Chris Dumez
Comment 12 2020-12-14 17:05:50 PST
Created attachment 416212 [details] Patch
Chris Dumez
Comment 13 2020-12-14 17:07:34 PST
Created attachment 416213 [details] Patch
Chris Dumez
Comment 14 2020-12-14 17:14:09 PST
Created attachment 416215 [details] Patch
Chris Dumez
Comment 15 2020-12-14 17:20:34 PST
Created attachment 416216 [details] Patch
youenn fablet
Comment 16 2020-12-15 03:01:41 PST
Comment on attachment 416216 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=416216&action=review > Source/WebCore/Modules/webaudio/DefaultAudioDestinationNode.h:48 > explicit DefaultAudioDestinationNode(BaseAudioContext&, Optional<float>); No need for explicit > Source/WebCore/platform/audio/AudioDestination.h:79 > + void callRenderCallback(AudioBus* sourceBus, AudioBus* destinationBus, size_t framesToProcess, const AudioIOPosition& outputPosition) Can be moved outside of the class declaration.
Chris Dumez
Comment 17 2020-12-15 08:31:47 PST
Created attachment 416250 [details] Patch
Chris Dumez
Comment 18 2020-12-15 08:36:34 PST
Comment on attachment 416250 [details] Patch Clearing flags on attachment: 416250 Committed r270840: <https://trac.webkit.org/changeset/270840>
Chris Dumez
Comment 19 2020-12-15 08:36:36 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.