[Webkit-unassigned] [Bug 213857] REGRESSION(r260755): [GStreamer] Crash in webKitWebSrcCreate

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 13 07:46:29 PDT 2020 

https://bugs.webkit.org/show_bug.cgi?id=213857

--- Comment #11 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Philippe Normand from comment #10)
> New trace doesn't make sense, what does webKitWebAudioSrcLoop do in frame
> 2???

Hmm, I wonder why that frame is missing. Looks like that's the only WebKit frame in the backtrace... but WebKit is part of the runtime, so it's the same .Debug extension as all the GStreamer frames, I'm not sure how debuginfo could be present for one but not the other. Odd.

Anyway, I can reproduce without using flatpak, so I decided to get a backtrace there, hoping it would show the missing frame. Instead, it is a *third* crash involving WebKitWebSrc. Again, all I do is load the page and scroll up and down:

#0  0x00007f2991fcbbde in WTFCrash ()
    at ../../Source/WTF/wtf/Assertions.cpp:295
No locals.
#1  0x00007f29943d3710 in CRASH_WITH_INFO(...) ()
    at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
No locals.
#2  webKitWebSrcCreate (pushSrc=0x3a772b0 [WebKitWebSrc|webkitwebsrc6], 
    buffer=0x7f28d9afe888)
    at ../../Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:483
        baseSrc = 0x3a772b0 [WebKitWebSrc|webkitwebsrc6]
        src = <optimized out>
        priv = <optimized out>
        members = {m_mutex = @0x3a77110, 
          m_lockHolder = {<WTF::AbstractLocker> = {<No data fields>}, 
            m_lockable = 0x3a77110}, m_data = @0x3a77118}
        __FUNCTION__ = "webKitWebSrcCreate"
        size = <optimized out>
        queueSize = <optimized out>
#3  0x00007f298e68880d in gst_base_src_get_range ()
   from /lib64/libgstbase-1.0.so.0
No symbol table info available.
#4  0x00007f298e68f3c2 in gst_base_src_loop.lto_priv ()
   from /lib64/libgstbase-1.0.so.0
No symbol table info available.
#5  0x00007f298e5b454f in gst_task_func () from /lib64/libgstreamer-1.0.so.0
No symbol table info available.
#6  0x00007f298dcf1141 in g_thread_pool_thread_proxy (data=0x1e490e0) at ../../../../Projects/glib/glib/gthreadpool.c:354
        task = 0x1e192a0
        pool = 0x1e490e0
#7  0x00007f298dcf0a14 in g_thread_proxy (data=0x1e05d80) at ../../../../Projects/glib/glib/gthread.c:820
        thread = 0x1e05d80
        __func__ = "g_thread_proxy"
#8  0x00007f298dd2145a in linux_pthread_proxy (data=0x1e05d80) at ../../../../Projects/glib/glib/gthread-posix.c:1259
        thread = 0x1e05d80
        printed_scheduler_warning = 1
#9  0x00007f298ecb63f9 in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#10 0x00007f298cc9bb03 in clone () from /lib64/libc.so.6
No symbol table info available.

So that's three different WebKitWebSrc crashes. I'm starting to suspect a threadsafety issue, perhaps? I see there are a couple dozen threads running GStreamer code at the same time (will attach a 'thread apply all bt'), which is more than I would expect.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201013/aa05b473/attachment-0001.htm>

More information about the webkit-unassigned mailing list