175575 2017-08-15 09:14:09 -0700 [GStreamer] Memory corruption in GStreamerGL code 2020-11-03 08:29:31 -0800 1 1 1 Unclassified WebKit Media Other PC Linux RESOLVED FIXED P2 Normal --- 1 mcatanzaro webkit-unassigned bugs-noreply dpino magomez mcatanzaro pnormand oldest_to_newest 1338687 0 mcatanzaro 2017-08-15 09:14:09 -0700 Unfortunately memory corruption is usually really hard to track down since the backtrace rarely points to the real problem, and I don't have a consistent reproducer. But here it is. It happens sometimes when running layout test compositing/video/video-object-position.html: Thread 1 (Thread 0x2b6fc8320700 (LWP 11367)): #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00002b6b198ea3fa in __GI_abort () at abort.c:89 #2 0x00002b6b19926bd0 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x2b6b19a1bbd0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00002b6b1992cf96 in malloc_printerr (action=3, str=0x2b6b19a1bd28 "double free or corruption (fasttop)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5046 #4 0x00002b6b1992d78e in _int_free (av=av@entry=0x2b6ef0000020, p=p@entry=0x2b6ef02c6220, have_lock=have_lock@entry=1) at malloc.c:3902 #5 0x00002b6b1992fef8 in _int_realloc (av=av@entry=0x2b6ef0000020, oldp=oldp@entry=0x2b6ef02c6220, oldsize=oldsize@entry=64, nb=nb@entry=96) at malloc.c:4393 #6 0x00002b6b19931539 in __GI___libc_realloc (oldmem=0x2b6ef02c6230, bytes=84) at malloc.c:3080 #7 0x00002b6b9c2a5251 in resize () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:147 #8 0x00002b6b9c2a588f in ralloc_vasprintf_rewrite_tail () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:510 #9 0x00002b6b9c2a5936 in ralloc_vasprintf_append () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:479 #10 0x00002b6b9c2aed4d in _Z12linker_errorP17gl_shader_programPKcz () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:529 #11 0x00002b6b9c2b152c in link_intrastage_shaders () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:2026 #12 _Z12link_shadersP10gl_contextP17gl_shader_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:3539 #13 0x00002b6b9c22399b in _mesa_glsl_link_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/program/ir_to_mesa.cpp:2975 #14 0x00002b6b9c16005a in link_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderapi.c:1042 #15 0x00002b6b142fe47c in gst_gl_shader_link () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglshader.c:686 #16 0x00002b6b1430427e in _create_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:1945 #17 _init_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2028 #18 _do_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2368 #19 0x00002b6b14308683 in _run_message_sync () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:601 #20 0x00002b6b14308622 in _run_message_async () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:668 #21 0x00002b6b150e25ca in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212 #22 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865 #23 0x00002b6b150e2948 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938 #24 0x00002b6b150e2c62 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134 #25 0x00002b6b143086f5 in gst_gl_window_default_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:527 #26 0x00002b6b142f195c in gst_gl_context_create_thread () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcontext.c:1273 #27 0x00002b6b15109315 in g_thread_proxy () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gthread.c:784 #28 0x00002b6b187c2494 in start_thread (arg=0x2b6fc8320700) at pthread_create.c:333 #29 0x00002b6b1999e93f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 1338708 1 mcatanzaro 2017-08-15 09:44:43 -0700 I'm adding a crash expectation for this test. 1342805 2 mcatanzaro 2017-08-28 04:47:23 -0700 Another variant: Thread 1 (Thread 0x2b8468200700 (LWP 21392)): #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00002b82c9e873fa in __GI_abort () at abort.c:89 #2 0x00002b82c9ec3bd0 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x2b82c9fb8bd0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00002b82c9ec9f96 in malloc_printerr (action=3, str=0x2b82c9fb8d28 "double free or corruption (fasttop)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5046 #4 0x00002b82c9eca78e in _int_free (av=0x2b8478000020, p=0x2b84781d6b90, have_lock=0) at malloc.c:3902 #5 0x00002b83a0366dcd in _mesa_clear_shader_program_data () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderobj.c:304 #6 0x00002b83a0425921 in _mesa_glsl_link_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/program/ir_to_mesa.cpp:2964 #7 0x00002b83a036205a in link_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderapi.c:1042 #8 0x00002b82c4ba347c in gst_gl_shader_link () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglshader.c:686 #9 0x00002b82c4ba927e in _create_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:1945 #10 _init_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2028 #11 _do_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2368 #12 0x00002b82c4bad683 in _run_message_sync () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:601 #13 0x00002b82c4bad622 in _run_message_async () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:668 #14 0x00002b82c59875ca in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212 #15 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865 #16 0x00002b82c5987948 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938 #17 0x00002b82c5987c62 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134 #18 0x00002b82c4bad6f5 in gst_gl_window_default_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:527 #19 0x00002b82c4b9695c in gst_gl_context_create_thread () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcontext.c:1273 #20 0x00002b82c59ae315 in g_thread_proxy () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gthread.c:784 #21 0x00002b82c8d5f494 in start_thread (arg=0x2b8468200700) at pthread_create.c:333 #22 0x00002b82c9f3b93f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 Adding crash expectation for imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/ready-states/autoplay-with-slow-text-tracks.html. 1623552 3 dpino 2020-02-27 10:15:31 -0800 *** Bug 208288 has been marked as a duplicate of this bug. *** 1673055 4 pnormand 2020-07-20 07:13:43 -0700 compositing/video/video-object-position.html hasn't been crashing for the past 7 months and seems to only require a rebaseline: --- /home/buildbot/worker/gtk-linux-64-release-tests/build/layout-test-results/compositing/video/video-object-position-expected.txt +++ /home/buildbot/worker/gtk-linux-64-release-tests/build/layout-test-results/compositing/video/video-object-position-actual.txt @@ -13,74 +13,60 @@ (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 2.00 120.00 x 200.00) ) (GraphicsLayer (position 151.00 13.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents clipping layer 2.00, 2.00 120.00 x 200.00) - (contents layer 22.00, 12.00 120.00 x 200.00) ) (GraphicsLayer (position 289.00 13.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 2.00 120.00 x 200.00) ) (GraphicsLayer (position 427.00 13.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents clipping layer 2.00, 2.00 120.00 x 200.00) - (contents layer -8.00, -8.00 120.00 x 200.00) ) (GraphicsLayer (position 565.00 13.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 2.00 120.00 x 200.00) ) (GraphicsLayer (position 13.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 57.00 120.00 x 90.00) ) (GraphicsLayer (position 151.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents clipping layer 2.00, 2.00 120.00 x 200.00) - (contents layer 22.00, 12.00 120.00 x 90.00) ) (GraphicsLayer (position 289.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 30.00 120.00 x 90.00) ) (GraphicsLayer (position 427.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents clipping layer 2.00, 2.00 120.00 x 200.00) - (contents layer -8.00, 102.00 120.00 x 90.00) ) (GraphicsLayer (position 565.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 101.00 120.00 x 90.00) ) ) ) 1704005 5 dpino 2020-11-03 08:29:27 -0800 This test(s) has been consistenly passing in the last 4000 revisions. Closing bug.