[Webkit-unassigned] [Bug 233586] New: Process crash in WebRTC call

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Nov 29 12:10:33 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=233586

            Bug ID: 233586
           Summary: Process crash in WebRTC call
           Product: WebKit
           Version: Safari 15
          Hardware: iPhone / iPad
                OS: iOS 15
            Status: NEW
          Severity: Major
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: teodor.atroshenko at gmail.com

Created attachment 445322

  --> https://bugs.webkit.org/attachment.cgi?id=445322&action=review

Crash log

Since iOS 15.1, there are crashes that are consistently reproducible when two Safari browsers connect directly (peer-to-peer) through WebRTC. Contact me to get a set of page URLs to test this on (if needed).

Immediately before the crash, the remote video is rendered for at least one frame.

The process crash typically happens in two steps:
1.a) WebRTC connection is established (4 media tracks in each direction, two are active, two are zero'ed out)
1.b) Remote video is displayed for at least one frame
1.c) First (small) crash - WebRTC ICE and WebSocket are gracefully terminated (WebSocket server sees client-side connection *closure*). Screen goes "blank" (full-white in lights on theme) for 500ms-1s.
2.a) Page is rendered. Local media stream (self image) appears after 500ms-1s. Remote media is missing.
2.b) JavaScript's state is seemingly uncorrupted. WebSocket is reconnected, server sends new SDP, new WebRTC session is established.
2.c) Remote video is displayed for at least one frame
2.d) Entire process crashes, blank screen is permanently displayed.
(optional) 3) Reload the tab with reload icon. Repeat steps 1 and 2. Get "A problem repeatedly occurred with PAGE_URL".

When the crash does not reproduce (e.g., using SFU), in iPhone 8 step 1 still happens - in other words, the screen goes blank, WebRTC is reestablished, but the second time it is stable and does not crash. In iPhone XR, using SFU, none of the issues are present.

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
VM Region Info: 0 is not in any region.  Bytes before following region: 4366712832
      REGION TYPE                 START - END      [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                   10446c000-104470000 [   16K] r-x/r-x SM=COW  ...le.WebKit.GPU
Exception Note:  EXC_CORPSE_NOTIFY
Termination Reason: SIGNAL; [11]
Terminating Process: exc handler [12532]

Full crash log attached.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211129/4d9700d7/attachment.htm>

More information about the webkit-unassigned mailing list