Bug 233586 - Process crash in WebRTC call
Summary: Process crash in WebRTC call
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Media (show other bugs)
Version: Safari 15
Hardware: iPhone / iPad iOS 15
: P2 Major
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-11-29 12:10 PST by Teodor
Modified: 2021-12-01 13:29 PST (History)
3 users (show)

See Also:


Attachments
Crash log (12.78 KB, text/plain)
2021-11-29 12:10 PST, Teodor
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Teodor 2021-11-29 12:10:33 PST
Created attachment 445322 [details]
Crash log

Since iOS 15.1, there are crashes that are consistently reproducible when two Safari browsers connect directly (peer-to-peer) through WebRTC. Contact me to get a set of page URLs to test this on (if needed).

Immediately before the crash, the remote video is rendered for at least one frame.

The process crash typically happens in two steps:
1.a) WebRTC connection is established (4 media tracks in each direction, two are active, two are zero'ed out)
1.b) Remote video is displayed for at least one frame
1.c) First (small) crash - WebRTC ICE and WebSocket are gracefully terminated (WebSocket server sees client-side connection *closure*). Screen goes "blank" (full-white in lights on theme) for 500ms-1s.
2.a) Page is rendered. Local media stream (self image) appears after 500ms-1s. Remote media is missing.
2.b) JavaScript's state is seemingly uncorrupted. WebSocket is reconnected, server sends new SDP, new WebRTC session is established.
2.c) Remote video is displayed for at least one frame
2.d) Entire process crashes, blank screen is permanently displayed.
(optional) 3) Reload the tab with reload icon. Repeat steps 1 and 2. Get "A problem repeatedly occurred with PAGE_URL".

When the crash does not reproduce (e.g., using SFU), in iPhone 8 step 1 still happens - in other words, the screen goes blank, WebRTC is reestablished, but the second time it is stable and does not crash. In iPhone XR, using SFU, none of the issues are present.

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
VM Region Info: 0 is not in any region.  Bytes before following region: 4366712832
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   10446c000-104470000 [   16K] r-x/r-x SM=COW  ...le.WebKit.GPU
Exception Note:  EXC_CORPSE_NOTIFY
Termination Reason: SIGNAL; [11]
Terminating Process: exc handler [12532]

Full crash log attached.
Comment 1 Alexey Proskuryakov 2021-11-29 17:40:36 PST
rdar://80407863