[Webkit-unassigned] [Bug 191106] New: [MSE][GStreamer] Race condition in MediaPlayerPrivateGStreamerMSE destruction

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 31 03:20:43 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=191106

            Bug ID: 191106
           Summary: [MSE][GStreamer] Race condition in
                    MediaPlayerPrivateGStreamerMSE destruction
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: aboya at igalia.com
                CC: bugs-noreply at webkitgtk.org

This happened when running media/media-source/media-source-overlapping-append.html, but most of the time it passes. An element is being unref'ed to zero while it's not yet NULL.

Thread 1 (Thread 0x7fb0fb6beb00 (LWP 814)):
#0  _g_log_abort () at /webkit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmessages.c:554
#1  0x00007fb0edd99559 in g_logv () at /webkit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmessages.c:1362
#2  0x00007fb0edd99712 in g_log () at /webkit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmessages.c:1403
#3  0x00007fb0ee070483 in g_object_unref () at /webkit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/gobject/gobject.c:3293
#4  0x00007fb0f9f4e450 in WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007fb0f9f4697e in WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007fb0f9f59429 in WebCore::MediaPlayerPrivateGStreamerMSE::~MediaPlayerPrivateGStreamerMSE() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007fb0f99c18b8 in WebCore::MediaPlayer::~MediaPlayer() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007fb0f99c1949 in WebCore::MediaPlayer::~MediaPlayer() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007fb0f96236b6 in WebCore::HTMLMediaElement::clearMediaPlayer() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007fb0f96236e1 in WebCore::HTMLMediaElement::userCancelledLoad() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007fb0f9623886 in WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007fb0f96239ed in WebCore::HTMLMediaElement::stop() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007fb0f94d1fbd in WTF::Function<WebCore::ScriptExecutionContext::ShouldContinue (WebCore::ActiveDOMObject&)>::CallableWrapper<WebCore::ScriptExecutionContext::stopActiveDOMObjects()::{lambda(auto:1&)#1}>::call(WebCore::ActiveDOMObject&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007fb0f94d2d4e in WebCore::ScriptExecutionContext::forEachActiveDOMObject(WTF::Function<WebCore::ScriptExecutionContext::ShouldContinue (WebCore::ActiveDOMObject&)> const&) const () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#15 0x00007fb0f94d3145 in WebCore::ScriptExecutionContext::stopActiveDOMObjects() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#16 0x00007fb0f9465960 in WebCore::Document::stopActiveDOMObjects() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#17 0x00007fb0f9465b0d in WebCore::Document::prepareForDestruction() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007fb0f987f5f4 in WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::DumbPtrTraits<WebCore::FrameView> >&&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007fb0f9889d2c in WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007fb0f8b94dc4 in WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007fb0f97ae2e2 in WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007fb0f97ae3e9 in WebCore::FrameLoader::commitProvisionalLoad() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007fb0f97943d4 in WebCore::DocumentLoader::finishedLoading() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#24 0x00007fb0f9796cd5 in WebCore::DocumentLoader::maybeLoadEmpty() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#25 0x00007fb0f9797052 in WebCore::DocumentLoader::startLoadingMainResource(WebCore::ShouldContinue) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#26 0x00007fb0f97aeeea in WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WebCore::FormState*, WebCore::ShouldContinue, WebCore::AllowNavigationToInvalidURL) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#27 0x00007fb0f97b3863 in WTF::Function<void (WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState>&&, WebCore::ShouldContinue)>::CallableWrapper<WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::RefPtr<WebCore::FormState, WTF::DumbPtrTraits<WebCore::FormState> >&&, WebCore::AllowNavigationToInvalidURL, WebCore::ShouldTreatAsContinuingLoad, WebCore::ShouldSkipSafeBrowsingCheck, WTF::CompletionHandler<void ()>&&)::{lambda(WebCore::ResourceRequest const&, WTF::WeakPtr<WebCore::FormState>&&, WebCore::ShouldContinue)#2}>::call(WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState>&&, WebCore::ShouldContinue) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#28 0x00007fb0f97cc532 in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WebCore::DocumentLoader*, WTF::RefPtr<WebCore::FormState, WTF::DumbPtrTraits<WebCore::FormState> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState>&&, WebCore::ShouldContinue)>&&, WebCore::PolicyDecisionMode, WebCore::ShouldSkipSafeBrowsingCheck)::{lambda(WebCore::PolicyAction)#1}::operator()(WebCore::PolicyAction) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#29 0x00007fb0f8ba3e33 in WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction(WebCore::NavigationAction const&, WebCore::ResourceRequest const&, WebCore::ResourceResponse const&, WebCore::FormState*, WebCore::PolicyDecisionMode, WebCore::ShouldSkipSafeBrowsingCheck, WTF::Function<void (WebCore::PolicyAction)>&&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#30 0x00007fb0f97d0fef in WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest&&, WebCore::ResourceResponse const&, WebCore::DocumentLoader*, WTF::RefPtr<WebCore::FormState, WTF::DumbPtrTraits<WebCore::FormState> >&&, WTF::CompletionHandler<void (WebCore::ResourceRequest&&, WTF::WeakPtr<WebCore::FormState>&&, WebCore::ShouldContinue)>&&, WebCore::PolicyDecisionMode, WebCore::ShouldSkipSafeBrowsingCheck) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#31 0x00007fb0f97af4f7 in WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::RefPtr<WebCore::FormState, WTF::DumbPtrTraits<WebCore::FormState> >&&, WebCore::AllowNavigationToInvalidURL, WebCore::ShouldTreatAsContinuingLoad, WebCore::ShouldSkipSafeBrowsingCheck, WTF::CompletionHandler<void ()>&&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#32 0x00007fb0f97b139a in WebCore::FrameLoader::load(WebCore::DocumentLoader&, WebCore::ShouldSkipSafeBrowsingCheck) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#33 0x00007fb0f97b1e00 in WebCore::FrameLoader::load(WebCore::FrameLoadRequest&&) [clone .localalias.982] () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#34 0x00007fb0f8bbe9df in WebKit::WebPage::loadRequest(WebKit::LoadParameters&&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#35 0x00007fb0f87b589c in void IPC::handleMessage<Messages::WebPage::LoadRequest, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::LoadParameters&&)>(IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::LoadParameters&&)) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#36 0x00007fb0f87b30e5 in WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#37 0x00007fb0f885b0e3 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#38 0x00007fb0f8a758d6 in WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#39 0x00007fb0f8854cff in IPC::Connection::dispatchMessage(IPC::Decoder&) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#40 0x00007fb0f88561ab in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#41 0x00007fb0f8856ab5 in IPC::Connection::dispatchOneIncomingMessage() () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#42 0x00007fb0f62488a5 in WTF::RunLoop::performWork() () from /webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#43 0x00007fb0f626fa29 in WTF::RunLoop::RunLoop()::{lambda(void*)#1}::_FUN(void*) () from /webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#44 0x00007fb0edd92838 in g_main_dispatch () at /webkit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3148
#45 g_main_context_dispatch () at /webkit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3813
#46 0x00007fb0edd92bf8 in g_main_context_iterate () at /webkit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:3886
#47 0x00007fb0edd92ee2 in g_main_loop_run () at /webkit/WebKitBuild/DependenciesGTK/Source/glib-2.54.2/glib/gmain.c:4082
#48 0x00007fb0f6270410 in WTF::RunLoop::run() () from /webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#49 0x00007fb0f8be9048 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) () from /webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#50 0x00007fb0eb31b11b in __libc_start_main (main=0x400bd0 <main>, argc=3, argv=0x7ffe63181cf8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe63181ce8) at ../csu/libc-start.c:308
#51 0x0000000000400c5a in _start ()

(WebKitWebProcess:814): GStreamer-CRITICAL **: 
Trying to dispose element play_0x7fb06d4bbc00, but it is in READY instead of the NULL state.
You need to explicitly set elements to the NULL state before
dropping the final reference, to allow them to clean up.
This problem may also be caused by a refcounting bug in the
application or some element.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181031/9e3bef3c/attachment-0001.html>

More information about the webkit-unassigned mailing list