New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 709438 link

Starred by 1 user
Status: Fixed
Owner:
holmer@chromium.org
Closed: Oct 24
Cc:
philipel@chromium.org
brandtr@chromium.org
mflodman@chromium.org
sprang@chromium.org
terelius@chromium.org
holmer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug


Participants' hotlists:
Hotlist-1

Previous locations:
webrtc:7453


Sign in to add a comment

Chrome M57 keeps crashing when running WebRTC with Chrome M56

Reported by maojie0...@gmail.com, Apr 7 2017 
What steps will reproduce the problem?
1. Open https://webdemo.agora.io/videocall/ and enter a room name using Chrome M57
2. Open https://webdemo.agora.io/videocall/ and enter the previous room name using Chrome M56
3. After a while, Chrome M57 crashed.

What is the expected result?
Chrome M57 is not crashing.

What do you see instead?
Chrome M57 crashes.

What version of the product are you using? On what operating system?
Google Chrome	57.0.2987.133 (Official Build) (64-bit)
Revision	ec33cd0c06881d919ac0de419d829ad914e0be8f-refs/branch-heads/2987@{#887}
OS	        Mac OS X 
JavaScript	V8 5.7.492.71

Please provide any additional information below.
I've build the same version of Chromium, but I can't reproduce the crash, not sure if there's any difference between the official build and the developer build.

My Chromium build version:
Chromium	57.0.2987.133 (Developer Build) (64-bit)
Revision	8a67263f2d4e0fcbf1675e08b7e24672046463d2
OS	Mac OS X 
JavaScript	V8 5.7.492.71
0ea2c3d3-8574-45a7-88fd-ae3386f2b557.dmp
552 KB Download

Comment 1 by maojie0...@gmail.com, Apr 7 2017 

Attached the crash dump, I've used the minidump_stackwalk to analyze but got no symbols you guys may have the access to the https://goto.google.com/crsym/, could you please help to take a look at this issue?

Operating system: Mac OS X
                  10.12.3 16D32
CPU: amd64
     family 6 model 70 stepping 1
     8 CPUs

GPU: UNKNOWN

Crash reason:  EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Crash address: 0x7f8ae3200018
Process uptime: 35 seconds

Thread 16 (crashed)
 0  Google Chrome Framework + 0x38ca1ea
    rax = 0x000000012ccaf5c0   rdx = 0x0000000000000000
    rcx = 0x0000000000000000   rbx = 0x00007f8ae3200000
    rsi = 0x00000001266bb000   rdi = 0x0000000000000103
    rbp = 0x0000700014709a10   rsp = 0x00007000147099c0
     r8 = 0x00000000000000a9    r9 = 0x0000000000000083
    r10 = 0x0000000000000000   r11 = 0x0000000000000246
    r12 = 0x00007000147099d0   r13 = 0x00007f8ae1059a00
    r14 = 0x000000000010d32c   r15 = 0x00007f8adf16d700
    rip = 0x0000000110a6f1ea
    Found by: given as instruction pointer in context
 1  Google Chrome Framework + 0x38b4625
    rbp = 0x0000700014709a30   rsp = 0x0000700014709a20
    rip = 0x0000000110a59625
    Found by: previous frame's frame pointer
 2  Google Chrome Framework + 0x38b369d
    rbp = 0x0000700014709a80   rsp = 0x0000700014709a40
    rip = 0x0000000110a5869d
    Found by: previous frame's frame pointer
 3  Google Chrome Framework + 0x38bd2f1
    rbp = 0x0000700014709b90   rsp = 0x0000700014709a90
    rip = 0x0000000110a622f1
    Found by: previous frame's frame pointer
 4  Google Chrome Framework + 0x38bc6f1
    rbp = 0x0000700014709d60   rsp = 0x0000700014709ba0
    rip = 0x0000000110a616f1
    Found by: previous frame's frame pointer
 5  Google Chrome Framework + 0x38c4316
    rbp = 0x0000700014709da0   rsp = 0x0000700014709d70
    rip = 0x0000000110a69316
    Found by: previous frame's frame pointer
 6  Google Chrome Framework + 0x38cd43e
    rbp = 0x000070001470a4c0   rsp = 0x0000700014709db0
    rip = 0x0000000110a7243e
    Found by: previous frame's frame pointer
 7  Google Chrome Framework + 0x388d031
    rbp = 0x000070001470b2d0   rsp = 0x000070001470a4d0
    rip = 0x0000000110a32031
    Found by: previous frame's frame pointer
 8  Google Chrome Framework + 0x3847392
    rbp = 0x000070001470b9d0   rsp = 0x000070001470b2e0
    rip = 0x00000001109ec392
    Found by: previous frame's frame pointer
 9  Google Chrome Framework + 0x3846766
    rbp = 0x000070001470c170   rsp = 0x000070001470b9e0
    rip = 0x00000001109eb766
    Found by: previous frame's frame pointer
10  Google Chrome Framework + 0x388d401
    rbp = 0x000070001470c270   rsp = 0x000070001470c180
    rip = 0x0000000110a32401
    Found by: previous frame's frame pointer
11  Google Chrome Framework + 0x385395a
    rbp = 0x000070001470c2b0   rsp = 0x000070001470c280
    rip = 0x00000001109f895a
    Found by: previous frame's frame pointer
12  Google Chrome Framework + 0x388deb9
    rbp = 0x000070001470c430   rsp = 0x000070001470c2c0
    rip = 0x0000000110a32eb9
    Found by: previous frame's frame pointer
13  Google Chrome Framework + 0x388d956
    rbp = 0x000070001470c7c0   rsp = 0x000070001470c440
    rip = 0x0000000110a32956
    Found by: previous frame's frame pointer
14  Google Chrome Framework + 0x377536f
    rbp = 0x000070001470c980   rsp = 0x000070001470c7d0
    rip = 0x000000011091a36f
    Found by: previous frame's frame pointer
15  Google Chrome Framework + 0x38f60d1
    rbp = 0x000070001470caf0   rsp = 0x000070001470c990
    rip = 0x0000000110a9b0d1
    Found by: previous frame's frame pointer
16  Google Chrome Framework + 0x39196dd
    rbp = 0x000070001470cb20   rsp = 0x000070001470cb00
    rip = 0x0000000110abe6dd
    Found by: previous frame's frame pointer
17  Google Chrome Framework + 0x2c9210f
    rbp = 0x000070001470cb40   rsp = 0x000070001470cb30
    rip = 0x000000010fe3710f
    Found by: previous frame's frame pointer
18  Google Chrome Framework + 0x3699bb8
    rbp = 0x000070001470cbd0   rsp = 0x000070001470cb50
    rip = 0x000000011083ebb8
    Found by: previous frame's frame pointer
19  Google Chrome Framework + 0x369a1e1
    rbp = 0x000070001470cc40   rsp = 0x000070001470cbe0
    rip = 0x000000011083f1e1
    Found by: previous frame's frame pointer
20  Google Chrome Framework + 0x199dc71
    rbp = 0x000070001470cd10   rsp = 0x000070001470cc50
    rip = 0x000000010eb42c71
    Found by: previous frame's frame pointer
21  Google Chrome Framework + 0x19c293b
    rbp = 0x000070001470cde0   rsp = 0x000070001470cd20
    rip = 0x000000010eb6793b
    Found by: previous frame's frame pointer
22  Google Chrome Framework + 0x19c2c8c
    rbp = 0x000070001470ce00   rsp = 0x000070001470cdf0
    rip = 0x000000010eb67c8c
    Found by: previous frame's frame pointer
23  Google Chrome Framework + 0x19c3043
    rbp = 0x000070001470cf30   rsp = 0x000070001470ce10
    rip = 0x000000010eb68043
    Found by: previous frame's frame pointer
24  Google Chrome Framework + 0x19c62da
    rbp = 0x000070001470cf60   rsp = 0x000070001470cf40
    rip = 0x000000010eb6b2da
    Found by: previous frame's frame pointer
25  Google Chrome Framework + 0x19b6f5a
    rbp = 0x000070001470cf70   rsp = 0x000070001470cf70
    rip = 0x000000010eb5bf5a
    Found by: previous frame's frame pointer
26  Google Chrome Framework + 0x19c5d54
    rbp = 0x000070001470cfb0   rsp = 0x000070001470cf80
    rip = 0x000000010eb6ad54
    Found by: previous frame's frame pointer
27  CoreFoundation + 0xa7981
    rbp = 0x000070001470cfc0   rsp = 0x000070001470cfc0
    rip = 0x00007fffbd6af981
    Found by: previous frame's frame pointer
28  CoreFoundation + 0x88a7d
    rbp = 0x000070001470d020   rsp = 0x000070001470cfd0
    rip = 0x00007fffbd690a7d
    Found by: previous frame's frame pointer
29  CoreFoundation + 0x87f76
    rbp = 0x000070001470dd10   rsp = 0x000070001470d030
    rip = 0x00007fffbd68ff76
    Found by: previous frame's frame pointer
30  CoreFoundation + 0x87974
    rbp = 0x000070001470dda0   rsp = 0x000070001470dd20
    rip = 0x00007fffbd68f974
    Found by: previous frame's frame pointer
31  Google Chrome Framework + 0x19c669f
    rbp = 0x000070001470dde0   rsp = 0x000070001470ddb0
    rip = 0x000000010eb6b69f
    Found by: previous frame's frame pointer
32  Google Chrome Framework + 0x19c619c
    rbp = 0x000070001470de10   rsp = 0x000070001470ddf0
    rip = 0x000000010eb6b19c
    Found by: previous frame's frame pointer
33  Google Chrome Framework + 0x19e4803
    rbp = 0x000070001470de50   rsp = 0x000070001470de20
    rip = 0x000000010eb89803
    Found by: previous frame's frame pointer
34  Google Chrome Framework + 0x1a10db9
    rbp = 0x000070001470dec0   rsp = 0x000070001470de60
    rip = 0x000000010ebb5db9
    Found by: previous frame's frame pointer
35  Google Chrome Framework + 0x1a0bef7
    rbp = 0x000070001470def0   rsp = 0x000070001470ded0
    rip = 0x000000010ebb0ef7
    Found by: previous frame's frame pointer
36  libsystem_pthread.dylib + 0x3aab
    rbp = 0x000070001470df10   rsp = 0x000070001470df00
    rip = 0x00007fffd2df4aab
    Found by: previous frame's frame pointer
37  libsystem_pthread.dylib + 0x39f7
    rbp = 0x000070001470df50   rsp = 0x000070001470df20
    rip = 0x00007fffd2df49f7
    Found by: previous frame's frame pointer
38  libsystem_pthread.dylib + 0x31fd
    rbp = 0x000070001470df78   rsp = 0x000070001470df60
    rip = 0x00007fffd2df41fd
    Found by: previous frame's frame pointer
39  Google Chrome Framework + 0x1a0bea0
    rsp = 0x000070001470e028   rip = 0x000000010ebb0ea0
    Found by: stack scanning

Comment 2 by kjellander@chromium.org, Apr 7 2017

Project: chromium
Moved issue webrtc:7453 to now be  issue chromium:709438 .

Comment 3 by kjellander@chromium.org, Apr 7 2017

Components: Blink>WebRTC
Labels: OS-Mac

Comment 4 by b...@chromium.org, Apr 10 2017 

Can you provide us with a crash ID?  Open chrome://crashes and find the entry that matches the time of the crash.  (In the release build.)

Comment 5 by maojie0...@gmail.com, Apr 11 2017 

Crash ID 0ea2c3d3-8574-45a7-88fd-ae3386f2b557 (Server ID: a2c2b19640000000)

Comment 6 by maojie0...@gmail.com, Apr 17 2017 

Is there any update about this issue?

Comment 7 by guidou@chromium.org, Apr 18 2017

Components: -Blink>WebRTC Blink>WebRTC>Network

Comment 8 by deadbeef@chromium.org, Apr 18 2017

Components: -Blink>WebRTC>Network Blink>WebRTC>Video
Crash is occurring in VCMFrameBuffer::GetNaluInfos(). Most relevant stack frames:

(Google Chrome Framework -memory:1784 )	webrtc::VCMSessionInfo::GetNaluInfos() const
(Google Chrome Framework -frame_buffer.cc:70 )	webrtc::VCMFrameBuffer::GetNaluInfos() const
(Google Chrome Framework -decoding_state.cc:235 )	webrtc::VCMDecodingState::ContinuousFrame(webrtc::VCMFrameBuffer const*) const
(Google Chrome Framework -jitter_buffer.cc:820 )	webrtc::VCMJitterBuffer::IsContinuous(webrtc::VCMFrameBuffer const&) const
(Google Chrome Framework -jitter_buffer.cc:738 )	webrtc::VCMJitterBuffer::InsertPacket(webrtc::VCMPacket const&, bool*)
(Google Chrome Framework -receiver.cc:110 )	webrtc::VCMReceiver::InsertPacket(webrtc::VCMPacket const&)
(Google Chrome Framework -video_receiver.cc:425 )	webrtc::vcm::VideoReceiver::IncomingPacket(unsigned char const*, unsigned long, webrtc::WebRtcRTPHeader const&)
(Google Chrome Framework -rtp_stream_receiver.cc:295 )	webrtc::RtpStreamReceiver::OnReceivedPayloadData(unsigned char const*, unsigned long, webrtc::WebRtcRTPHeader const*)
(Google Chrome Framework -rtp_receiver_video.cc:103 )	webrtc::RTPReceiverVideo::ParseRtpPacket(webrtc::WebRtcRTPHeader*, webrtc::PayloadUnion const&, bool, unsigned char const*, unsigned long, long long, bool)
(Google Chrome Framework -rtp_receiver_impl.cc:177 )	webrtc::RtpReceiverImpl::IncomingRtpPacket(webrtc::RTPHeader const&, unsigned char const*, unsigned long, webrtc::PayloadUnion, bool)
(Google Chrome Framework -rtp_stream_receiver.cc:456 )	webrtc::RtpStreamReceiver::OnRecoveredPacket(unsigned char const*, unsigned long)
(Google Chrome Framework -ulpfec_receiver_impl.cc:236 )	webrtc::UlpfecReceiverImpl::ProcessReceivedFec()
(Google Chrome Framework -rtp_stream_receiver.cc:474 )	webrtc::RtpStreamReceiver::ParseAndHandleEncapsulatingHeader(unsigned char const*, unsigned long, webrtc::RTPHeader const&)
(Google Chrome Framework -rtp_stream_receiver.cc:446 )	webrtc::RtpStreamReceiver::DeliverRtp(unsigned char const*, unsigned long, webrtc::PacketTime const&)
(Google Chrome Framework -call.cc:1143 )	webrtc::internal::Call::DeliverRtp(webrtc::MediaType, unsigned char const*, unsigned long, webrtc::PacketTime const&)
(Google Chrome Framework -webrtcvideoengine2.cc:1381 )	cricket::WebRtcVideoChannel2::OnPacketReceived(rtc::CopyOnWriteBuffer*, rtc::PacketTime const&)
(Google Chrome Framework -channel.cc:837 )	cricket::BaseChannel::OnPacketReceived(bool, rtc::CopyOnWriteBuffer const&, rtc::PacketTime const&)

Changing component to Video.

Comment 9 by holmer@chromium.org, Apr 19 2017

Cc: philipel@chromium.org brandtr@chromium.org
This is unfortunate, but this code is being replaced in M58 which is soon stable, so I doubt it's worth fixing.

Philip/Rasmus, do you know of any changes in M57 which may have caused this? AFAIK we should never be sending ULPFEC with H.264, so it looks incorrect that this code path can even be reached.

Comment 10 by brandtr@chromium.org, Apr 19 2017 

On the top of my head, I'm not aware of any changes that might have caused ULPFEC packets to be sent for H264.

With NACK, we should not be sending H264+ULPFEC, but without NACK, we can do it:
https://cs.chromium.org/chromium/src/third_party/webrtc/video/video_send_stream_tests.cc?l=506

The linked webapp seems to not disable NACK, however:
a=rtpmap:100 H264/90000
a=rtcp-fb:100 ccm fir
a=rtcp-fb:100 nack
a=rtcp-fb:100 nack pli
a=rtcp-fb:100 goog-remb
a=rtcp-fb:100 transport-cc

Comment 11 by maojie0...@gmail.com, Apr 19 2017 

I know the performance issue caused by enabling the H264 with ULPFEC, but this webapp is using VP8 under the communication mode, I have removed the H264 line in the answer SDP. Not sure why the crashing only happens in the official build of Chrome M57.

Comment 12 by tommi@chromium.org, Apr 26 2017

Owner: holmer@chromium.org
Status: Assigned (was: Unconfirmed)

Comment 13 by holmer@chromium.org, Oct 24

Status: Fixed (was: Assigned)

Sign in to add a comment