[Webkit-unassigned] [Bug 215499] New: [GStreamer] Random drawTexturedQuadWithProgram() crashes on video tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 14 04:28:17 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=215499

            Bug ID: 215499
           Summary: [GStreamer] Random drawTexturedQuadWithProgram()
                    crashes on video tests
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: aboya at igalia.com
                CC: bugs-noreply at webkitgtk.org

Created attachment 406583

  --> https://bugs.webkit.org/attachment.cgi?id=406583&action=review

media/media-source/media-source-remove-crash-crash-log.txt

I found this in media/media-source/media-source-remove-crash.html, but the crash is probably generic to rendering of media playback since very similar ones have been reported on compositing/video/video-border-radius.html (https://bugs.webkit.org/show_bug.cgi?id=211768), compositing/video/video-poster.html, compositing/video/video-clip-change-src.html and compositing/video/video-reflection.html (https://bugs.webkit.org/show_bug.cgi?id=211833)

crash log for WebKitWebProcess (pid 382):

Thread 1 (Thread 0x7f7a1e7fc700 (LWP 518)):
#0  0x00007f7a4c8f5957 in  () at /usr/lib/x86_64-linux-gnu/GL/lib/dri/swrast_dri.so
#1  0x00007f7a4c8e97c5 in  () at /usr/lib/x86_64-linux-gnu/GL/lib/dri/swrast_dri.so
#2  0x00007f7a4c8e9d5f in  () at /usr/lib/x86_64-linux-gnu/GL/lib/dri/swrast_dri.so
#3  0x00007f7a4c8d817c in  () at /usr/lib/x86_64-linux-gnu/GL/lib/dri/swrast_dri.so
#4  0x00007f7a4ca63ee8 in  () at /usr/lib/x86_64-linux-gnu/GL/lib/dri/swrast_dri.so
#5  0x00007f7a4ca64372 in  () at /usr/lib/x86_64-linux-gnu/GL/lib/dri/swrast_dri.so
#6  0x00007f7ab1ddea6e in WebCore::TextureMapperGL::drawTexturedQuadWithProgram(WebCore::TextureMapperShaderProgram&, WTF::Vector<std::pair<unsigned int, unsigned int>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, int, WebCore::IntSize const&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007f7ab1ddfcc6 in WebCore::TextureMapperGL::drawTexturePlanarYUV(std::array<unsigned int, 3ul> const&, std::array<float, 9ul> const&, int, WebCore::IntSize const&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float, unsigned int) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007f7ab3a07f02 in void WTF::__visitor_table<WTF::Visitor<WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper(WebCore::TextureMapper&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float)::{lambda(WebCore::TextureMapperPlatformLayerBuffer::RGBTexture const&)#1}, WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper(WebCore::TextureMapper&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float)::{lambda(WebCore::TextureMapperPlatformLayerBuffer::YUVTexture const&)#2}, WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper(WebCore::TextureMapper&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float)::{lambda(WebCore::TextureMapperPlatformLayerBuffer::ExternalOESTexture const&)#3}>, WebCore::TextureMapperPlatformLayerBuffer::RGBTexture, WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper(WebCore::TextureMapper&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float)::{lambda(WebCore::TextureMapperPlatformLayerBuffer::RGBTexture const&)#1}, {lambda(WebCore::TextureMapperPlatformLayerBuffer::YUVTexture const&)#2}>::__trampoline_func<WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper(WebCore::TextureMapper&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float)::{lambda(WebCore::TextureMapperPlatformLayerBuffer::RGBTexture const&)#1}>(WebCore::TextureMapperPlatformLayerBuffer::ExternalOESTexture const&, WTF::Variant<WebCore::TextureMapperPlatformLayerBuffer::RGBTexture, WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper(WebCore::TextureMapper&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float)::{lambda(WebCore::TextureMapperPlatformLayerBuffer::RGBTexture const&)#1}, {lambda(WebCore::TextureMapperPlatformLayerBuffer::YUVTexture const&)#2}>&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007f7ab3a0781a in WebCore::TextureMapperPlatformLayerBuffer::paintToTextureMapper(WebCore::TextureMapper&, WebCore::FloatRect const&, WebCore::TransformationMatrix const&, float) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007f7ab1dd77df in WebCore::TextureMapperLayer::paintSelf(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007f7ab1ddb50d in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007f7ab1ddb876 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#13 0x00007f7ab1ddb4ad in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#14 0x00007f7ab1ddb55f in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#15 0x00007f7ab1ddb876 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#16 0x00007f7ab1ddb4ad in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#17 0x00007f7ab1ddb55f in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#18 0x00007f7ab1ddb876 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#19 0x00007f7ab1ddb4ad in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#20 0x00007f7ab1ddb55f in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#21 0x00007f7ab1ddb876 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#22 0x00007f7ab1ddb4ad in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#23 0x00007f7ab1ddb55f in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#24 0x00007f7ab1ddb876 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#25 0x00007f7ab1ddb4ad in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#26 0x00007f7ab1ddb55f in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#27 0x00007f7ab1ddb876 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#28 0x00007f7ab1ddb4ad in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#29 0x00007f7ab1ddb55f in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#30 0x00007f7ab1ddb876 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#31 0x00007f7ab1ddb4ad in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#32 0x00007f7ab1ddb55f in WebCore::TextureMapperLayer::paintSelfAndChildren(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#33 0x00007f7ab1ddb876 in WebCore::TextureMapperLayer::paintSelfAndChildrenWithReplica(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#34 0x00007f7ab1ddb4ad in WebCore::TextureMapperLayer::paintRecursive(WebCore::TextureMapperPaintOptions const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#35 0x00007f7ab1ddc199 in WebCore::TextureMapperLayer::paint() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#36 0x00007f7ab184bf83 in WebKit::CoordinatedGraphicsScene::paintToCurrentGLContext(WebCore::TransformationMatrix const&, WebCore::FloatRect const&, unsigned int) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#37 0x00007f7ab184c229 in WebKit::ThreadedCompositor::renderLayerTree() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#38 0x00007f7aaeffff66 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#39 0x00007f7aaab0ac3e in g_main_dispatch (context=0x7f79f0000b60) at ../glib/gmain.c:3309
#40 0x00007f7aaab0ac3e in g_main_context_dispatch (context=context at entry=0x7f79f0000b60) at ../glib/gmain.c:3974
#41 0x00007f7aaab0aff0 in g_main_context_iterate (context=0x7f79f0000b60, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4047
#42 0x00007f7aaab0b2e3 in g_main_loop_run (loop=0x7f79f0001d40) at ../glib/gmain.c:4241
#43 0x00007f7aaf0003b0 in WTF::RunLoop::run() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#44 0x00007f7aaef9bd84 in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#45 0x00007f7aaf001889 in WTF::wtfThreadEntryPoint(void*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#46 0x00007f7aabb885e2 in start_thread (arg=<optimized out>) at pthread_create.c:479
#47 0x00007f7aa9818473 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

At first I thought this could be a race with player destruction, but at the same time another thread is making new textures:

Thread 17 (Thread 0x7f79eb7fe700 (LWP 2423)):
#0  0x00007f7aa97a0e04 in sysmalloc (nb=nb at entry=77520, av=av at entry=0x7f79e4000020) at malloc.c:2720
#1  0x00007f7aa97a2192 in _int_malloc (av=av at entry=0x7f79e4000020, bytes=bytes at entry=77503) at malloc.c:4141
#2  0x00007f7aa97a3429 in __GI___libc_malloc (bytes=77503) at malloc.c:3066
#3  0x00007f7aaab10c15 in g_try_malloc (n_bytes=<optimized out>) at ../glib/gmem.c:252
#4  0x00007f7aab19871d in gst_gl_base_memory_alloc_data (gl_mem=0x7f79e40abe30 [GstMemory]) at ../gst-libs/gst/gl/gstglbasememory.c:223
#5  0x00007f7aab19871d in gst_gl_base_memory_alloc_data (gl_mem=gl_mem at entry=0x7f79e40abe30 [GstMemory]) at ../gst-libs/gst/gl/gstglbasememory.c:214
#6  0x00007f7aab19dd38 in gst_gl_buffer_cpu_access (size=77440, info=0x7f79e4725fd0, mem=0x7f79e40abe30 [GstMemory]) at ../gst-libs/gst/gl/gstglbuffer.c:217
#7  0x00007f7aab19dd38 in _gl_buffer_map (mem=0x7f79e40abe30 [GstMemory], info=0x7f79e4725fd0, size=77440) at ../gst-libs/gst/gl/gstglbuffer.c:217
#8  0x00007f7aab19803d in _map_data_gl (context=<optimized out>, transfer=0x7f79eb7fd940) at ../gst-libs/gst/gl/gstglbasememory.c:282
#9  0x00007f7aab1a1028 in gst_gl_context_thread_add (context=0x5610f48ba7f0 [GstGLContextGLX|glcontextglx7], func=func at entry=0x7f7aab197f40 <_map_data_gl>, data=data at entry=0x7f79eb7fd940) at ../gst-libs/gst/gl/gstglcontext.c:1569
#10 0x00007f7aab197bd2 in _mem_map_full (mem=<optimized out>, info=<optimized out>, size=<optimized out>) at ../gst-libs/gst/gl/gstglbasememory.c:316
#11 0x00007f7aab427b36 in gst_memory_map (mem=0x7f79e40abe30 [GstMemory], info=info at entry=0x7f79e4725fd0, flags=(GST_MAP_READ | GST_MAP_WRITE)) at ../gst/gstmemory.c:305
#12 0x00007f7aab1ad961 in _pbo_download_transfer (info=0x7f7a00063e80, info=0x7f7a00063e80, size=77440, gl_mem=0x7f79c40c8e80 [GstMemory]) at ../gst-libs/gst/gl/gstglmemorypbo.c:293
#13 0x00007f7aab1ad961 in _gl_mem_map_cpu_access (size=77440, info=0x7f7a00063e80, gl_mem=0x7f79c40c8e80 [GstMemory]) at ../gst-libs/gst/gl/gstglmemorypbo.c:312
#14 0x00007f7aab1ad961 in _gl_mem_map (gl_mem=0x7f79c40c8e80 [GstMemory], info=0x7f7a00063e80, maxsize=77440) at ../gst-libs/gst/gl/gstglmemorypbo.c:373
#15 0x00007f7aab19803d in _map_data_gl (context=<optimized out>, transfer=0x7f79bf7fd310) at ../gst-libs/gst/gl/gstglbasememory.c:282
#16 0x00007f7aab1bf787 in _run_message_sync (message=0x7f79bf7fd280) at ../gst-libs/gst/gl/gstglwindow.c:573
#17 0x00007f7aab1bf726 in _run_message_async (message=0x5610f43844e0) at ../gst-libs/gst/gl/gstglwindow.c:640
#18 0x00007f7aaab0ac3e in g_main_dispatch (context=0x7f79c4011fa0) at ../glib/gmain.c:3309
#19 0x00007f7aaab0ac3e in g_main_context_dispatch (context=context at entry=0x7f79c4011fa0) at ../glib/gmain.c:3974
#20 0x00007f7aaab0aff0 in g_main_context_iterate (context=0x7f79c4011fa0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4047
#21 0x00007f7aaab0b2e3 in g_main_loop_run (loop=0x7f79c4012260) at ../glib/gmain.c:4241
#22 0x00007f7aab1bf819 in gst_gl_window_default_run (window=0x7f7a540129d0 [GstGLWindowX11|glwindowx11-7]) at ../gst-libs/gst/gl/gstglwindow.c:499
#23 0x00007f7aab1a1fcf in gst_gl_context_create_thread (context=0x5610f48ba7f0 [GstGLContextGLX|glcontextglx7]) at ../gst-libs/gst/gl/gstglcontext.c:1305
#24 0x00007f7aaab34761 in g_thread_proxy (data=0x7f79dc01d120) at ../glib/gthread.c:807
#25 0x00007f7aabb885e2 in start_thread (arg=<optimized out>) at pthread_create.c:479
#26 0x00007f7aa9818473 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200814/ef9f4059/attachment-0001.htm>

More information about the webkit-unassigned mailing list