[Webkit-unassigned] [Bug 219437] New: [Debug][GStreamer] Crash in fast/mediastream/change-tracks-media-stream-being-played.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 2 09:46:03 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=219437

            Bug ID: 219437
           Summary: [Debug][GStreamer] Crash in
                    fast/mediastream/change-tracks-media-stream-being-play
                    ed.html
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebRTC
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: aboya at igalia.com
                CC: youennf at gmail.com

At the moment this crash is reproduced very easily (so far I've got it every time) in buildbox2 when using run-webkit-tests --gtk --debug

I looked at this one in particular because I made a patch for the black bars/resize at the end bug that prevents the tracks from being deleted on EOS and reuses the webkit track classes by changing the pad pointer. That is the only test where I see changes: It crashes both before and after, and in the same functions (videoSampleAvailable or audioSampleAvailable), but with my patch it's a virtual pure function being called and without it's a plain SIGSEGV.

Previous reports also mention a g_type_check_instance_cast segfault inside WebCore::WebKitMediaStreamTrackObserver::audioSamplesAvailable https://bugs.webkit.org/show_bug.cgi?id=209130

Having a cleaner base with no crash would be nice.

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f36a3bf2efb in WebCore::RealtimeMediaSource::videoSampleAvailable (this=0x7f36875e4700, mediaSample=...) at ../../Source/WebCore/platform/mediastream/RealtimeMediaSource.cpp:208
208             observer->videoSampleAvailable(mediaSample);
[Current thread is 1 (Thread 0x7f3687e479c0 (LWP 126))]

Thread 1 (Thread 0x7f3687e479c0 (LWP 126)):
#0  0x00007f36a3bf2efb in WebCore::RealtimeMediaSource::videoSampleAvailable(WebCore::MediaSample&) (this=0x7f36875e4700, mediaSample=...) at ../../Source/WebCore/platform/mediastream/RealtimeMediaSource.cpp:208
#1  0x00007f36a3c1ecac in WebCore::RealtimeVideoSource::videoSampleAvailable(WebCore::MediaSample&) (this=0x7f36875e4700, sample=...) at ../../Source/WebCore/platform/mediastream/RealtimeVideoSource.cpp:189
#2  0x00007f36a3bf2f14 in WebCore::RealtimeMediaSource::videoSampleAvailable(WebCore::MediaSample&) (this=0x7f3687553000, mediaSample=...) at ../../Source/WebCore/platform/mediastream/RealtimeMediaSource.cpp:208
#3  0x00007f36a3c1d901 in WebCore::RealtimeVideoCaptureSource::dispatchMediaSampleToObservers(WebCore::MediaSample&) (this=0x7f3687553000, sample=...) at ../../Source/WebCore/platform/mediastream/RealtimeVideoCaptureSource.cpp:399
#4  0x00007f36a4830192 in WebCore::MockRealtimeVideoSourceGStreamer::updateSampleBuffer() (this=0x7f3687553000) at ../../Source/WebCore/platform/mediastream/gstreamer/MockRealtimeVideoSourceGStreamer.cpp:70
#5  0x00007f36a3c4d217 in WebCore::MockRealtimeVideoSource::generateFrame() (this=0x7f3687553000) at ../../Source/WebCore/platform/mock/MockRealtimeVideoSource.cpp:449
#6  0x00007f36a3c5f051 in std::__invoke_impl<void, void (WebCore::MockRealtimeVideoSource::*&)(), WebCore::MockRealtimeVideoSource*&>(std::__invoke_memfun_deref, void (WebCore::MockRealtimeVideoSource::*&)(), WebCore::MockRealtimeVideoSource*&) (__f=@0x7f362e052ee8: (void (WebCore::MockRealtimeVideoSource::*)(WebCore::MockRealtimeVideoSource * const)) 0x7f36a3c4d024 <WebCore::MockRealtimeVideoSource::generateFrame()>, __t=@0x7f362e052ef8: 0x7f3687553000) at /usr/include/c++/10.2.0/bits/invoke.h:73
#7  0x00007f36a3c5eebf in std::__invoke<void (WebCore::MockRealtimeVideoSource::*&)(), WebCore::MockRealtimeVideoSource*&>(void (WebCore::MockRealtimeVideoSource::*&)(), WebCore::MockRealtimeVideoSource*&) (__fn=@0x7f362e052ee8: (void (WebCore::MockRealtimeVideoSource::*)(WebCore::MockRealtimeVideoSource * const)) 0x7f36a3c4d024 <WebCore::MockRealtimeVideoSource::generateFrame()>) at /usr/include/c++/10.2.0/bits/invoke.h:95
#8  0x00007f36a3c5ed4d in std::_Bind<void (WebCore::MockRealtimeVideoSource::*(WebCore::MockRealtimeVideoSource*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) (this=0x7f362e052ee8, __args=...) at /usr/include/c++/10.2.0/functional:416
#9  0x00007f36a3c5ec27 in std::_Bind<void (WebCore::MockRealtimeVideoSource::*(WebCore::MockRealtimeVideoSource*))()>::operator()<, void>() (this=0x7f362e052ee8) at /usr/include/c++/10.2.0/functional:499
#10 0x00007f36a3c5eb46 in WTF::Detail::CallableWrapper<std::_Bind<void (WebCore::MockRealtimeVideoSource::*(WebCore::MockRealtimeVideoSource*))()>, void>::call() (this=0x7f362e052ee0) at DerivedSources/ForwardingHeaders/wtf/Function.h:52
#11 0x00007f369fcda633 in WTF::Function<void ()>::operator()() const (this=0x7f3687553208) at DerivedSources/ForwardingHeaders/wtf/Function.h:83
#12 0x00007f36a3c5eb86 in WTF::RunLoop::Timer<WebCore::MockRealtimeVideoSource>::fired() (this=0x7f36875531e0) at DerivedSources/ForwardingHeaders/wtf/RunLoop.h:184
#13 0x00007f36912de9c1 in operator()(gpointer) const (__closure=0x0, userData=0x7f36875531e0) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#14 0x00007f36912dea01 in _FUN(gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:181
#15 0x00007f36912de00d in operator()(GSource*, GSourceFunc, gpointer) const (__closure=0x0, source=0x561683020ef0, callback=0x7f36912de9e4 <_FUN(gpointer)>, userData=0x7f36875531e0) at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#16 0x00007f36912de05b in _FUN(GSource*, GSourceFunc, gpointer) () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#17 0x00007f368a22004f in g_main_dispatch (context=0x561682c20af0) at ../glib/gmain.c:3325
#18 g_main_context_dispatch (context=0x561682c20af0) at ../glib/gmain.c:4016
#19 0x00007f368a2203f8 in g_main_context_iterate (context=0x561682c20af0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4092
#20 0x00007f368a220713 in g_main_loop_run (loop=0x561682ba1c10) at ../glib/gmain.c:4290
#21 0x00007f36912de624 in WTF::RunLoop::run() () at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#22 0x00007f36a11a2c25 in WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMainGtk>(int, char**) (argc=4, argv=0x7fff70c1f4d8) at ../../Source/WebKit/Shared/AuxiliaryProcessMain.h:68
#23 0x00007f36a11a2438 in WebKit::WebProcessMain(int, char**) (argc=4, argv=0x7fff70c1f4d8) at ../../Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:66
#24 0x0000561681c97d88 in main(int, char**) (argc=4, argv=0x7fff70c1f4d8) at ../../Source/WebKit/WebProcess/EntryPoint/unix/WebProcessMain.cpp:45

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201202/84fa76c2/attachment-0001.htm>

More information about the webkit-unassigned mailing list