[Webkit-unassigned] [Bug 213857] New: REGRESSION(r260755): [GStreamer] Crash in webKitWebSrcCreate

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 1 11:57:23 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=213857

            Bug ID: 213857
           Summary: REGRESSION(r260755): [GStreamer] Crash in
                    webKitWebSrcCreate
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
               URL: https://www.bloomberg.com/news/articles/2020-06-15/so-
                    is-tesla-bigger-than-toyota-or-not-well-it-s-complicat
                    ed
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bugs-noreply at webkitgtk.org

Load https://www.bloomberg.com/news/articles/2020-06-15/so-is-tesla-bigger-than-toyota-or-not-well-it-s-complicated in Tech Preview (currently using 2.29.2) and scroll up and down for a little bit. After a few seconds, it will crash on     RELEASE_ASSERT(members->player) in webKitWebSrcCreate:

(gdb) bt full
#0  0x00007fb12220da15 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
        set = 
            {__val = {0, 140398714206252, 206158430248, 140398714278715, 140285325600448, 140287322131040, 140286651102816, 140398754970704, 140286516863248, 55, 140286516796992, 140398754074212, 32, 140286516796992, 0, 0}}
        pid = <optimized out>
        tid = <optimized out>
#1  0x00007fb1221f6855 in __GI_abort () at abort.c:79
        save_stage = 1
        act = 
          {__sigaction_handler = {sa_handler = 0x20, sa_sigaction = 0x20}, sa_mask = {__val = {32, 140285241731848, 47, 94921742113184, 140398754074212, 140285218762752, 95, 140285107519344, 140398754074212, 140285218762752, 140285325601056, 140285325601136, 140286516884192, 140286516884192, 140398775357722, 0}}, sa_flags = -666304256, sa_restorer = 0x7f9700017148}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007fb122aead32 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
        baseSrc = 0x7f97000172e0 [WebKitWebSrc]
        src = <optimized out>
        priv = <optimized out>
        members = 
          {m_mutex = @0x7f9700017140, m_lockHolder = {<WTF::AbstractLocker> = {<No data fields>}, m_lockable = 0x7f9700017140}, m_data = @0x7f9700017148}
        __FUNCTION__ = "webKitWebSrcCreate"
        size = <optimized out>
        queueSize = <optimized out>
#3  0x00007fb122aead32 in webKitWebSrcCreate(GstPushSrc*, GstBuffer**)
    (pushSrc=0x7f97000172e0 [WebKitWebSrc], buffer=0x7f96b8ffea38)
    at ../Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:483
        baseSrc = 0x7f97000172e0 [WebKitWebSrc]
        src = <optimized out>
        priv = <optimized out>
        members = 
          {m_mutex = @0x7f9700017140, m_lockHolder = {<WTF::AbstractLocker> = {<No data fields>}, m_lockable = 0x7f9700017140}, m_data = @0x7f9700017148}
        __FUNCTION__ = "webKitWebSrcCreate"
        size = <optimized out>
        queueSize = <optimized out>
#4  0x00007fb11f9160fd in gst_base_src_get_range
    (src=src at entry=0x7f97000172e0 [WebKitWebSrc], offset=offset at entry=0, length=<optimized out>, buf=buf at entry=0x7f96b8ffeb18) at ../libs/gst/base/gstbasesrc.c:2527
        ret = <optimized out>
        bclass = 0x5654b0ea3ca0
        status = <optimized out>
        res_buf = 0x0
        in_buf = 0x0
        own_res_buf = <optimized out>
        __func__ = "gst_base_src_get_range"
#5  0x00007fb11f919006 in gst_base_src_loop (pad=0x7f96ac00ad30 [GstPad]) at ../libs/gst/base/gstbasesrc.c:2851
        src = 0x7f97000172e0 [WebKitWebSrc]
        buf = 0x0
        ret = <optimized out>
        position = <optimized out>
        eos = 0
        blocksize = <optimized out>
        pending_events = 0x0
        tmp = <optimized out>
        __func__ = "gst_base_src_loop"
#6  0x00007fb11f849307 in gst_task_func (task=0x7f97000094d0 [GstTask]) at ../gst/gsttask.c:328
        lock = 0x7f96ac00ada0
        tself = 0x7f97000028c0
        priv = 0x7f9700009480
        __func__ = "gst_task_func"
#7  0x00007fb121ddc564 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354
        task = 0x7f9700001490
        pool = <optimized out>
#8  0x00007fb121ddbc61 in g_thread_proxy (data=0x7f97000028c0) at ../glib/gthread.c:819
        thread = 0x7f97000028c0
        __func__ = "g_thread_proxy"
#9  0x00007fb11fdae4d2 in start_thread (arg=<optimized out>) at pthread_create.c:477
        ret = <optimized out>
        pd = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140285325604608, 2516772936556526736, 140286747463678, 140286747463679, 140285325602112, 94921751437184, -2467921634287895408, -2481659232919307120}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
        not_first_call = 0
#10 0x00007fb1222d2563 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200701/89f2fc02/attachment-0001.htm>

More information about the webkit-unassigned mailing list