[Webkit-unassigned] [Bug 228688] New: RealtimeMediaSource::audioSamplesAvailable is calling malloc as part of locking in audio thread

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Aug 1 06:26:13 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=228688

            Bug ID: 228688
           Summary: RealtimeMediaSource::audioSamplesAvailable is calling
                    malloc as part of locking in audio thread
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebRTC
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: youennf at gmail.com
                CC: youennf at gmail.com

As per https://ews-build.s3-us-west-2.amazonaws.com/macOS-AppleSilicon-Big-Sur-Debug-WK2-Tests-EWS/r434702-9076/results.html, 


Thread 16 Crashed:: RemoteAudioDestinationProxy render thread
0   com.apple.JavaScriptCore            0x0000000135394554 WTFCrash + 20 (Assertions.cpp:321)
1   com.apple.JavaScriptCore            0x0000000136645510 WTFCrashWithInfo(int, char const*, char const*, int) + 32
2   com.apple.JavaScriptCore            0x00000001353d33e4 WTF::fastMalloc(unsigned long) + 260 (FastMalloc.cpp:524)
3   com.apple.JavaScriptCore            0x000000013542e994 WTF::ThreadSpecific<WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >, (WTF::CanBeGCThread)1>::Data::operator new(unsigned long) + 24 (ThreadSpecific.h:75)
4   com.apple.JavaScriptCore            0x000000013542e8ec WTF::ThreadSpecific<WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >, (WTF::CanBeGCThread)1>::set() + 112 (ThreadSpecific.h:186)
5   com.apple.JavaScriptCore            0x000000013542e81c WTF::ThreadSpecific<WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >, (WTF::CanBeGCThread)1>::operator WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >*() + 64 (ThreadSpecific.h:202)
6   com.apple.JavaScriptCore            0x000000013542e1b4 WTF::ThreadSpecific<WTF::RefPtr<WTF::(anonymous namespace)::ThreadData, WTF::RawPtrTraits<WTF::(anonymous namespace)::ThreadData>, WTF::DefaultRefDerefTraits<WTF::(anonymous namespace)::ThreadData> >, (WTF::CanBeGCThread)1>::operator*() + 24 (ThreadSpecific.h:214)
7   com.apple.JavaScriptCore            0x000000013542cbf4 WTF::(anonymous namespace)::myThreadData() + 40 (ParkingLot.cpp:456)
8   com.apple.JavaScriptCore            0x000000013542c89c WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 32 (ParkingLot.cpp:570)
9   com.apple.JavaScriptCore            0x00000001353fc8a0 WTF::ParkingLot::ParkResult WTF::ParkingLot::parkConditionally<WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::'lambda'(), WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char)::'lambda0'()>(void const*, unsigned char const&, unsigned char const&, WTF::TimeWithDynamicClockType const&) + 104 (ParkingLot.h:82)
10  com.apple.JavaScriptCore            0x00000001370b4220 WTF::ParkingLot::ParkResult WTF::ParkingLot::compareAndPark<unsigned char, unsigned char>(WTF::Atomic<unsigned char> const*, unsigned char) + 104
11  com.apple.JavaScriptCore            0x00000001353fbf10 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::lockSlow(WTF::Atomic<unsigned char>&) + 372 (LockAlgorithmInlines.h:84)
12  com.apple.JavaScriptCore            0x00000001353fbd90 WTF::Lock::lockSlow() + 24 (Lock.cpp:46)
13  com.apple.WebCore                   0x000000011455bdd0 WTF::Lock::lock() + 64
14  com.apple.WebCore                   0x000000011504fb14 WTF::Locker<WTF::Lock>::Locker(WTF::Lock&) + 68
15  com.apple.WebCore                   0x000000011455bd78 WTF::Locker<WTF::Lock>::Locker(WTF::Lock&) + 40
16  com.apple.WebCore                   0x0000000118602428 WebCore::RealtimeMediaSource::audioSamplesAvailable(WTF::MediaTime const&, WebCore::PlatformAudioData const&, WebCore::AudioStreamDescription const&, unsigned long) + 80
17  com.apple.WebCore                   0x00000001143fee90 WebCore::MediaStreamAudioSource::consumeAudio(WebCore::AudioBus&, unsigned long) + 812
18  com.apple.WebCore                   0x00000001163f3ea4 WebCore::MediaStreamAudioDestinationNode::process(unsigned long) + 92
19  com.apple.WebCore                   0x0000000116321744 WebCore::AudioNode::processIfNecessary(unsigned long) + 388
20  com.apple.WebCore                   0x0000000116375a84 WebCore::BaseAudioContext::processAutomaticPullNodes(unsigned long) + 184
21  com.apple.WebCore                   0x000000011631cd38 WebCore::AudioDestinationNode::renderQuantum(WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 456
22  com.apple.WebCore                   0x00000001163c9488 WebCore::DefaultAudioDestinationNode::render(WebCore::AudioBus*, WebCore::AudioBus*, unsigned long, WebCore::AudioIOPosition const&) + 60

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210801/1ab0b494/attachment.htm>

More information about the webkit-unassigned mailing list