[Webkit-unassigned] [Bug 259735] New: [GStreamer] Crash in gst_pipewire_device_provider_stop called by WebCore::maximumNumberOfOutputChannels

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Aug 2 07:23:01 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=259735

            Bug ID: 259735
           Summary: [GStreamer] Crash in gst_pipewire_device_provider_stop
                    called by WebCore::maximumNumberOfOutputChannels
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at redhat.com
                CC: bugs-noreply at webkitgtk.org

Created attachment 467182

  --> https://bugs.webkit.org/attachment.cgi?id=467182&action=review

Full backtrace

I just saw two different web processes crash in the same way at the same time:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fa310764437 in gst_pipewire_device_provider_stop (provider=0x5648a681e9c0)
    at ../src/gst/gstpipewiredeviceprovider.c:668
668       pw_thread_loop_lock (self->core->loop);
[Current thread is 1 (Thread 0x7fa39775cf40 (LWP 2))]
(gdb) bt
#0  0x00007fa310764437 in gst_pipewire_device_provider_stop
    (provider=0x5648a681e9c0 [GstPipeWireDeviceProvider|pipewiredeviceprovider0])
    at ../src/gst/gstpipewiredeviceprovider.c:668
#1  0x00007fa39bf70d3f in gst_device_provider_stop
    (provider=0x5648a681e9c0 [GstPipeWireDeviceProvider|pipewiredeviceprovider0]) at ../gst/gstdeviceprovider.c:536
#2  0x00007fa39bf86e63 in gst_device_monitor_stop (monitor=0x5648a68174f0 [GstDeviceMonitor|devicemonitor0])
    at ../gst/gstdevicemonitor.c:586
#3  gst_device_monitor_stop (monitor=0x5648a68174f0 [GstDeviceMonitor|devicemonitor0])
    at ../gst/gstdevicemonitor.c:563
#4  0x00007fa3a1b815de in WebCore::maximumNumberOfOutputChannels()::$_0::operator()() const (this=<optimized out>)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/audio/gstreamer/AudioDestinationGStreamer.cpp:85
#5  std::__invoke_impl<void, WebCore::maximumNumberOfOutputChannels()::$_0>(std::__invoke_other, WebCore::maximumNumberOfOutputChannels()::$_0&&) (__f=<optimized out>)
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.1.0/../../../../include/c++/13.1.0/bits/invoke.h:61
#6  std::__invoke<WebCore::maximumNumberOfOutputChannels()::$_0>(WebCore::maximumNumberOfOutputChannels()::$_0&&)
    (__fn=<optimized out>)
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.1.0/../../../../include/c++/13.1.0/bits/invoke.h:96
#7  std::call_once<WebCore::maximumNumberOfOutputChannels()::$_0>(std::once_flag&, WebCore::maximumNumberOfOutputChannels()::$_0&&)::{lambda()#1}::operator()() const (this=<optimized out>)
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.1.0/../../../../include/c++/13.1.0/mutex:900
#8  std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<WebCore::maximumNumberOfOutputChannels()::$_0>(std::once_flag&, WebCore::maximumNumberOfOutputChannels()::$_0&&)::{lambda()#1}>(WebCore::maximumNumberOfOutputChannels()::$_0&)::{lambda()#1}::operator()() const (this=<optimized out>)
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.1.0/../../../../include/c++/13.1.0/mutex:836
#9  std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<WebCore::maximumNumberOfOutputChannels()::$_0>(std::once_flag&, WebCore::maximumNumberOfOutputChannels()::$_0&&)::{lambda()#1}>(WebCore::maximumNumberOfOutputChannels()::$_0&)::{lambda()#1}::__invoke() ()
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.1.0/../../../../include/c++/13.1.0/mutex:836
#10 0x00007fa39f4a7103 in __pthread_once_slow
    (once_control=0x7fa3a38eec60 <WebCore::maximumNumberOfOutputChannels()::onceFlag>, init_routine=0x7fa39aeefd70 <std::__once_proxy()>) at pthread_once.c:116
#11 0x00007fa3a1b7f354 in __gthread_once(int*, void (*)()) (__once=0x5648a681e9c0, __func=0x0)
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.1.0/../../../../include/c++/13.1.0/x86_64-unknown-linux-gnu/bits/gthr-default.h:700
#12 std::call_once<WebCore::maximumNumberOfOutputChannels()::$_0>(std::once_flag&, WebCore::maximumNumberOfOutputChannels()::$_0&&) (__once=..., __f=...)
    at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.1.0/../../../../include/c++/13.1.0/mutex:907
#13 WebCore::maximumNumberOfOutputChannels() ()
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/audio/gstreamer/AudioDestinationGStreamer.cpp:62
#14 WebCore::AudioDestination::maxChannelCount() ()
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/audio/gstreamer/AudioDestinationGStreamer.cpp:110
#15 0x00007fa3a0553ed5 in WebCore::jsAudioDestinationNode_maxChannelCountGetter(JSC::JSGlobalObject&, WebCore::JSAudioDestinationNode&) (thisObject=..., lexicalGlobalObject=<optimized out>)
    at WebCore/DerivedSources/JSAudioDestinationNode.cpp:165
#16 WebCore::IDLAttribute<WebCore::JSAudioDestinationNode>::get<&WebCore::jsAudioDestinationNode_maxChannelCountGetter, (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long, JSC::PropertyName)
    (thisValue=0, lexicalGlobalObject=<optimized out>, attributeName=...)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/bindings/js/JSDOMAttribute.h:89
#17 WebCore::jsAudioDestinationNode_maxChannelCount(JSC::JSGlobalObject*, long, JSC::PropertyName)
    (lexicalGlobalObject=<optimized out>, thisValue=0, attributeName=...)
    at WebCore/DerivedSources/JSAudioDestinationNode.cpp:170
--Type <RET> for more, q to quit, c to continue without paging--c
#18 0x00007fa39e7f4bc2 in JSC::PropertySlot::getValue(JSC::JSGlobalObject*, JSC::PropertyName) const
    (this=0x7ffccf1aaef8, globalObject=0x7fa1e3ca1990, propertyName=...)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/JavaScriptCore/runtime/PropertySlot.h:407
#19 JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName, JSC::PropertySlot&) const
    (this=0x7ffccf1aaef0, globalObject=0x7fa1e3ca1990, propertyName=..., slot=...)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:1038
#20 JSC::JSValue::get(JSC::JSGlobalObject*, JSC::PropertyName) const
    (this=0x7ffccf1aaef0, globalObject=0x7fa1e3ca1990, propertyName=...)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:1028
#21 JSC::CommonSlowPaths::opEnumeratorGetByVal(JSC::JSGlobalObject*, JSC::JSValue, JSC::JSValue, unsigned int, JSC::JSPropertyNameEnumerator::Flag, JSC::JSPropertyNameEnumerator*, JSC::ArrayProfile*, unsigned char*)
    (globalObject=0x7fa1e3ca1990, baseValue=..., propertyNameValue=..., index=<optimized out>, mode=<optimized out>, enumerator=<optimized out>, arrayProfile=0x7fa0dee741b0, enumeratorMetadata=0x7fa0dee741bc "\004")
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/JavaScriptCore/runtime/CommonSlowPaths.h:91
#22 0x00007fa39e7e41e0 in slow_path_enumerator_get_by_val(JSC::CallFrame*, JSC::JSInstruction const*)
    (callFrame=0x7ffccf1ab110, pc=0x7fa1de434116)
    at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:957
#23 0x00007fa39db949e4 in llint_op_enumerator_get_by_val_wide32 ()
    at /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-6.0.so.1
#24 0x0000000000000000 in  ()

Full backtrace attached.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230802/42de1534/attachment-0001.htm>

More information about the webkit-unassigned mailing list