228688 – RealtimeMediaSource::audioSamplesAvailable is calling malloc as part of locking in audio thread

Bug 228688 - RealtimeMediaSource::audioSamplesAvailable is calling malloc as part of locking in audio thread

Summary: RealtimeMediaSource::audioSamplesAvailable is calling malloc as part of locki...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebRTC (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	youenn fablet

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-08-01 06:26 PDT by youenn fablet
Modified:	2021-08-03 10:14 PDT (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (2.95 KB, patch) 2021-08-01 06:39 PDT, youenn fablet	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description youenn fablet 2021-08-01 06:26:13 PDT

As per https://ews-build.s3-us-west-2.amazonaws.com/macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS/r434702-9076/results.html, 


Thread 16 Crashed:: RemoteAudioDestinationProxy render thread
0   com.apple.JavaScriptCore      	0x0000000135394554 WTFCrash + 20 (Assertions.cpp:321)
1   com.apple.JavaScriptCore      	0x0000000136645510 WTFCrashWithInfo(int, char const*, char const*, int) + 32
2   com.apple.JavaScriptCore      	0x00000001353d33e4 WTF::fastMalloc(unsigned long) + 260 (FastMalloc.cpp:524)
3   com.apple.JavaScriptCore      	0x000000013542e994 WTF::ThreadSpecific<WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >, (WTF::CanBeGCThread)1>::Data::operator new(unsigned long) + 24 (ThreadSpecific.h:75)
4   com.apple.JavaScriptCore      	0x000000013542e8ec WTF::ThreadSpecific<WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >, (WTF::CanBeGCThread)1>::set() + 112 (ThreadSpecific.h:186)
5   com.apple.JavaScriptCore      	0x000000013542e81c WTF::ThreadSpecific<WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >, (WTF::CanBeGCThread)1>::operator WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >*() + 64 (ThreadSpecific.h:202)
6   com.apple.JavaScriptCore      	0x000000013542e1b4 WTF::ThreadSpecific<WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >, (WTF::CanBeGCThread)1>::operator*() + 24 (ThreadSpecific.h:214)
7   com.apple.JavaScriptCore      	0x000000013542cbf4 WTF::(anonymous namespace)::myThreadData() + 40 (ParkingLot.cpp:456)
8   com.apple.JavaScriptCore      	0x000000013542c89c WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 32 (ParkingLot.cpp:570)
9   com.apple.JavaScriptCore      	0x00000001353fc8a0 WTF::ParkingLot::ParkResult WTF::ParkingLot::parkConditionally<WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::'lambda'(), WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::'lambda0'()>(void const*, unsigned char const&, unsigned char const&, WTF::TimeWithDynamicClockType const&) + 104 (ParkingLot.h:82)
10  com.apple.JavaScriptCore      	0x00000001370b4220 WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char) + 104
11  com.apple.JavaScriptCore      	0x00000001353fbf10 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::lockSlow(WTF::Atomic<unsigned char>&) + 372 (LockAlgorithmInlines.h:84)
12  com.apple.JavaScriptCore      	0x00000001353fbd90 WTF::Lock::lockSlow() + 24 (Lock.cpp:46)
13  com.apple.WebCore             	0x000000011455bdd0 WTF::Lock::lock() + 64
14  com.apple.WebCore             	0x000000011504fb14 WTF::Locker<WTF::Lock>::Locker(WTF::Lock&) + 68
15  com.apple.WebCore             	0x000000011455bd78 WTF::Locker<WTF::Lock>::Locker(WTF::Lock&) + 40
16  com.apple.WebCore             	0x0000000118602428 WebCore::RealtimeMediaSource::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 80
17  com.apple.WebCore             	0x00000001143fee90 WebCore::MediaStreamAudioSource::consumeAudio(WebCore::AudioBus&, unsigned long) + 812
18  com.apple.WebCore             	0x00000001163f3ea4 WebCore::MediaStreamAudioDestinationNode::process(unsigned long) + 92
19  com.apple.WebCore             	0x0000000116321744 WebCore::AudioNode::processIfNecessary(unsigned long) + 388
20  com.apple.WebCore             	0x0000000116375a84 WebCore::BaseAudioContext::processAutomaticPullNodes(unsigned long) + 184
21  com.apple.WebCore             	0x000000011631cd38 WebCore::AudioDestinationNode::renderQuantum(WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 456
22  com.apple.WebCore             	0x00000001163c9488 WebCore::DefaultAudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 60

Comment 1 youenn fablet 2021-08-01 06:27:51 PDT

Lock::unlockSlow() is using DisableMallocRestrictionsForCurrentThreadScope disableMallocRestrictions.
Maybe Lock::slow()should do the same.

Comment 2 youenn fablet 2021-08-01 06:39:02 PDT

Created attachment 434720 [details]
Patch

Comment 3 EWS 2021-08-03 10:05:24 PDT

Committed r280600 (?): <https://commits.webkit.org/r280600>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 434720 [details].

Comment 4 Radar WebKit Bug Importer 2021-08-03 10:14:04 PDT

<rdar://problem/81467792>