[Webkit-unassigned] [Bug 230318] New: REGRESSION(r282220): [GTK][WPE] Several flaky crashes on media/track/cue tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Sep 15 13:42:41 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=230318

            Bug ID: 230318
           Summary: REGRESSION(r282220): [GTK][WPE] Several flaky crashes
                    on media/track/cue tests
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: clopez at igalia.com
                CC: bugs-noreply at webkitgtk.org, eric.carlson at apple.com,
                    jer.noble at apple.com, pnormand at igalia.com

Created attachment 438283

  --> https://bugs.webkit.org/attachment.cgi?id=438283&action=review

Crash log with threads for imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/label.html from the GTK Release bot

r282220 caused at least the following flaky crashes on GTK and WPE:

  imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/cues.html [ Pass Crash ]
  imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/kind.html [ Pass Crash ]
  imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/label.html [ Pass Crash ]
  imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/language.html [ Pass Crash ]
  imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/oncuechange.html [ Pass Crash ]
  imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/removeCue.html [ Pass Crash ]
  imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/track/track-element/track-cues-cuechange-dynamically-created-track-element.html [ Pass Crash ]
  imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/track/track-element/track-cues-enter-seeking.html [ Pass Crash ]
  media/track/track-cue-inline-assertion-crash.html [ Pass Crash ]
  media/track/track-cue-left-align.html [ Pass Crash ]
  media/track/track-cue-line-position.html [ Pass Crash ]
  media/track/track-cues-cuechange.html [ Pass Crash ]


On GTK can be easily reproduced by running WTR with: --repeat-each=20 media/track/track-cue-inline-assertion-crash.html


The backtrace is the same on all of them, which is:

Thread 1 (Thread 0x7f7783eafe80 (LWP 269462)):
#0  0x00007f7790490350 in WTF::MediaTime::compare(WTF::MediaTime const&) const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#1  0x00007f778ec3a6d5 in WebCore::HTMLMediaElement::textTrackRemoveCue(WebCore::TextTrack&, WebCore::TextTrackCue&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#2  0x00007f778ec3aa66 in non-virtual thunk to WebCore::HTMLMediaElement::textTrackRemoveCues(WebCore::TextTrack&, WebCore::TextTrackCueList const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#3  0x00007f778edd9856 in WTF::WeakHashSet<WebCore::TextTrackClient, WTF::EmptyCounter>::forEach(WTF::Function<void (WebCore::TextTrackClient&)> const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#4  0x00007f778edd5388 in WebCore::TextTrack::~TextTrack() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#5  0x00007f778edd5cd9 in WebCore::TextTrack::~TextTrack() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#6  0x00007f778ededbff in WebCore::TextTrackList::~TextTrackList() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#7  0x00007f778edf0969 in WebCore::TextTrackList::~TextTrackList() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#8  0x00007f778ec35fa6 in WebCore::HTMLMediaElement::~HTMLMediaElement() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#9  0x00007f778ecaaf24 in WebCore::HTMLVideoElement::~HTMLVideoElement() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#10 0x00007f778ec4c42d in WTF::Detail::CallableWrapper<WebCore::ActiveDOMObject::queueTaskKeepingObjectAlive<WebCore::HTMLMediaElement>(WebCore::HTMLMediaElement&, WebCore::TaskSource, WTF::Function<void ()>&&)::{lambda()#1}, void>::~CallableWrapper() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#11 0x00007f778ea08271 in WebCore::EventLoopFunctionDispatchTask::~EventLoopFunctionDispatchTask() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#12 0x00007f778ea064e5 in WebCore::EventLoop::run() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#13 0x00007f778ea9e61d in WebCore::WindowEventLoop::didReachTimeToRun() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#14 0x00007f778f1aa257 in WebCore::ThreadTimers::sharedTimerFiredInternal() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#15 0x00007f778a16b6e5 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0
#16 0x00007f778a16b95f in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0
#17 0x00007f77865d82bf in g_main_dispatch (context=0x5585ee593930) at ../glib/gmain.c:3344
#18 g_main_context_dispatch (context=0x5585ee593930) at ../glib/gmain.c:4062
#19 0x00007f77865d8668 in g_main_context_iterate (context=0x5585ee593930, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at ../glib/gmain.c:4138
#20 0x00007f77865d8983 in g_main_loop_run (loop=0x5585ee5c24e0) at ../glib/gmain.c:4336
#21 0x00007f778a16baa8 in WTF::RunLoop::run() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0
#22 0x00007f778d8ee774 in int WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#23 0x00007f7785f7a062 in __libc_start_main (main=0x5585ecceb850 <main>, argc=4, argv=0x7ffd82c3f088, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd82c3f078) at ../csu/libc-start.c:308
#24 0x00005585ecceb88e in _start () at ../sysdeps/x86_64/start.S:120

I'm attaching the complete trace with threads.


What intrigues me is that this tests are not crashing on the Debug bots, only on the Release ones.
I wonder if the crash may be caused by some optimization that GCC does and Clang doesn't. I will try to check this further later.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210915/23a45746/attachment-0001.htm>

More information about the webkit-unassigned mailing list