WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
226653
Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() on the bots
https://bugs.webkit.org/show_bug.cgi?id=226653
Summary
Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() o...
Chris Dumez
Reported
2021-06-04 11:07:25 PDT
Flaky crash under UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() on the bots: Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [70570] VM Regions Near 0x4: --> __TEXT 000000010d705000-000000010d706000 [ 4K] r-x/r-x SM=COW /Volumes/VOLUME/*/*.Development Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit 0x000000010d9a1558 IPC::Semaphore::encode(IPC::Encoder&) const + 14 1 com.apple.WebKit 0x000000010db9704d void IPC::TupleEncoder<4ul, WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long>::encode<IPC::Encoder>(IPC::Encoder&, std::__1::tuple<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long> const&) + 57 2 com.apple.WebKit 0x000000010db9700a void IPC::TupleEncoder<7ul, WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long>::encode<IPC::Encoder>(IPC::Encoder&, std::__1::tuple<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> const&, WebKit::SharedMemory::IPCHandle const&, WebCore::CAAudioStreamDescription const&, unsigned long long, IPC::Semaphore const&, WTF::MediaTime const&, unsigned long> const&) + 94 3 com.apple.WebKit 0x000000010db96f6a bool IPC::Connection::send<Messages::RemoteCaptureSampleManager::AudioStorageChanged>(Messages::RemoteCaptureSampleManager::AudioStorageChanged&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 74 4 com.apple.WebKit 0x000000010db96e20 WebKit::UserMediaCaptureManagerProxy::SourceProxy::storageChanged(WebKit::SharedMemory*, WebCore::CAAudioStreamDescription const&, unsigned long) + 170 5 com.apple.WebKit 0x000000010da2591a WebKit::SharedRingBufferStorage::deallocate() + 56 6 com.apple.WebCore 0x000000011271a4e2 WebCore::CARingBuffer::~CARingBuffer() + 18 7 com.apple.WebKit 0x000000010db967e5 std::__1::unique_ptr<WebCore::CARingBuffer, std::__1::default_delete<WebCore::CARingBuffer> >::reset(WebCore::CARingBuffer*) + 25 8 com.apple.WebKit 0x000000010db966f2 WebKit::UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() + 192 9 com.apple.WebKit 0x000000010db96084 WebKit::UserMediaCaptureManagerProxy::SourceProxy::~SourceProxy() + 14 10 com.apple.WebKit 0x000000010db97a09 WTF::HashTable<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > > >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashMap<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> >, WTF::DefaultHash<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> >, WTF::HashTraits<std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >, WTF::HashTableTraits>::KeyValuePairTraits, WTF::HashTraits<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType> > >::remove(WTF::KeyValuePair<WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>, std::__1::unique_ptr<WebKit::UserMediaCaptureManagerProxy::SourceProxy, std::__1::default_delete<WebKit::UserMediaCaptureManagerProxy::SourceProxy> > >*) + 37 11 com.apple.WebKit 0x000000010db94847 WebKit::UserMediaCaptureManagerProxy::end(WTF::ObjectIdentifier<WebCore::RealtimeMediaSourceIdentifierType>) + 99 12 com.apple.WebKit 0x000000010d844d42 WebKit::GPUConnectionToWebProcess::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 192 13 com.apple.WebKit 0x000000010d7fed26 WebKit::GPUConnectionToWebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 460 14 com.apple.WebKit 0x000000010d728e31 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 221 15 com.apple.WebKit 0x000000010d729071 IPC::Connection::dispatchOneIncomingMessage() + 169 16 com.apple.JavaScriptCore 0x00000001157f6311 WTF::RunLoop::performWork() + 513 17 com.apple.JavaScriptCore 0x00000001157f6be2 WTF::RunLoop::performWork(void*) + 34 18 com.apple.CoreFoundation 0x00007fff38c3f884 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 19 com.apple.CoreFoundation 0x00007fff38c3f823 __CFRunLoopDoSource0 + 103 20 com.apple.CoreFoundation 0x00007fff38c3f63d __CFRunLoopDoSources0 + 209 21 com.apple.CoreFoundation 0x00007fff38c3e359 __CFRunLoopRun + 937 22 com.apple.CoreFoundation 0x00007fff38c3d953 CFRunLoopRunSpecific + 466 23 com.apple.Foundation 0x00007fff3b2fb1c8 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 24 com.apple.Foundation 0x00007fff3b3adc6f -[NSRunLoop(NSRunLoop) run] + 76 25 libxpc.dylib 0x00007fff72fb34ea _xpc_objc_main.cold.4 + 49 26 libxpc.dylib 0x00007fff72fb3430 _xpc_objc_main + 559 27 libxpc.dylib 0x00007fff72fb2f63 xpc_main + 377 28 com.apple.WebKit 0x000000010d8ed86a WebKit::XPCServiceMain(int, char const**) + 266 29 libdyld.dylib 0x00007fff72d61cc9 start + 1 Thread 4:: Dispatch queue: MockAudioSharedUnit Capture Queue 0 com.apple.WebKit 0x000000010d9a20b7 WebKit::makeMemoryEntry(unsigned long, unsigned long, WebKit::SharedMemory::Protection, unsigned int) + 4 1 com.apple.WebKit 0x000000010d9a255a WebKit::SharedMemory::createSendRight(WebKit::SharedMemory::Protection) const + 54 2 com.apple.WebKit 0x000000010d9a24da WebKit::SharedMemory::createHandle(WebKit::SharedMemory::Handle&, WebKit::SharedMemory::Protection) + 90 3 com.apple.WebKit 0x000000010db96db1 WebKit::UserMediaCaptureManagerProxy::SourceProxy::storageChanged(WebKit::SharedMemory*, WebCore::CAAudioStreamDescription const&, unsigned long) + 59 4 com.apple.WebKit 0x000000010da25895 WebKit::SharedRingBufferStorage::allocate(unsigned long, WebCore::CAAudioStreamDescription const&, unsigned long) + 85 5 com.apple.WebCore 0x000000011271af41 WebCore::CARingBuffer::allocate(WebCore::CAAudioStreamDescription const&, unsigned long) + 225 6 com.apple.WebKit 0x000000010db96452 WebKit::UserMediaCaptureManagerProxy::SourceProxy::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 554 7 com.apple.WebCore 0x00000001128832bf WebCore::RealtimeMediaSource::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 287 8 com.apple.WebCore 0x00000001128a232a WebCore::BaseAudioSharedUnit::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 298 9 com.apple.WebCore 0x0000000111a5990f WebCore::MockAudioSharedUnit::emitSampleBuffers(unsigned int) + 111 10 com.apple.WebCore 0x0000000111a599ff WebCore::MockAudioSharedUnit::render(WTF::Seconds) + 175 11 libdispatch.dylib 0x00007fff72d076c4 _dispatch_call_block_and_release + 12 12 libdispatch.dylib 0x00007fff72d08658 _dispatch_client_callout + 8 13 libdispatch.dylib 0x00007fff72d0dc44 _dispatch_lane_serial_drain + 597 14 libdispatch.dylib 0x00007fff72d0e5d6 _dispatch_lane_invoke + 363 15 libdispatch.dylib 0x00007fff72d17c09 _dispatch_workloop_worker_thread + 596 16 libsystem_pthread.dylib 0x00007fff72f66a3d _pthread_wqthread + 290 17 libsystem_pthread.dylib 0x00007fff72f65b77 start_wqthread + 15 The SourceProxy destructor takes care of calling invalidate() on the SharedRingBufferStorage before destroying the CARingBuffer to avoid having SourceProxy::storageChanged() called in the middle of destruction. However, the background thread may reconstruct the RingBuffer right after the invalidate call and we will still crash in this case.
Attachments
Patch
(2.11 KB, patch)
2021-06-04 11:24 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2021-06-04 11:24:13 PDT
Created
attachment 430595
[details]
Patch
EWS
Comment 2
2021-06-04 15:17:47 PDT
Committed
r278500
(
238507@main
): <
https://commits.webkit.org/238507@main
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 430595
[details]
.
Radar WebKit Bug Importer
Comment 3
2021-06-04 15:18:21 PDT
<
rdar://problem/78887963
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug