Bug 204035

Summary: [GStreamer] Crash in WebCore::MediaPlayer::createResourceLoader
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: MediaAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: aboya, bugs-noreply, mcatanzaro, pnormand
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   

Michael Catanzaro
Reported 2019-11-08 17:22:05 PST
Hit this random (non-reproducible) crash today on https://www.reddit.com/r/StLouis/comments/dt5hu3/fedex_gingerly_delivering_my_packages_today/ Program terminated with signal SIGSEGV, Segmentation fault. #0 WebCore::MediaPlayer::createResourceLoader (this=<optimized out>) at ../Source/WebCore/platform/graphics/MediaPlayer.h:419 419 MediaPlayerClient& client() const { return *m_client; (gdb) bt full #0 0x00007f57b7076fdf in WebCore::MediaPlayer::createResourceLoader() (this=<optimized out>) at ../Source/WebCore/platform/graphics/MediaPlayer.h:419 #1 0x00007f57b5f655ac in <lambda()>::operator()(void) const (__closure=0x7f558c264008) at ../Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:629 priv = 0x7f555c071e80 loadOptions = <optimized out> notifyAsyncCompletion = true src = 0x7f555c072020 [WebKitWebSrc] request = {<WebCore::ResourceRequestBase> = {m_url = {m_string = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f558c25a0b0}}, m_isValid = 1, m_protocolIsInHTTPFamily = 1, m_cannotBeABaseURL = 0, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 5, m_userStart = 8, m_userEnd = 8, m_passwordEnd = 8, m_hostEnd = 17, m_pathAfterLastSlash = 50, m_pathEnd = 65, m_queryEnd = 65}, m_timeoutInterval = 0, m_firstPartyForCookies = {m_string = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f558c25a0b0}}, m_isValid = 1, m_protocolIsInHTTPFamily = 1, m_cannotBeABaseURL = 0, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 5, m_userStart = 8, m_userEnd = 8, m_passwordEnd = 8, m_hostEnd = 17, m_pathAfterLastSlash = 50, m_pathEnd = 65, m_queryEnd = 65}, m_httpMethod = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f558c24c000}}, m_initiatorIdentifier = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x0}}, m_cachePartition = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f57b3e1a340 <WTF::StringImpl::s_emptyAtomString>}}, m_httpHeaderFields = {m_commonHeaders = {<WTF::VectorBuffer<WebCore::HTTPHeaderMap::CommonHeader, 0>> = {<WTF::VectorBufferBase<WebCore::HTTPHeaderMap::CommonHeader>> = {m_buffer = 0x7f558c2bd000, m_capacity = 6, m_size = 3}, <No data fields>}, <No data fields>}, m_uncommonHeaders = {<WTF::VectorBuffer<WebCore::HTTPHeaderMap::UncommonHeader, 0>> = {<WTF::VectorBufferBase<WebCore::HTTPHeaderMap::UncommonHeader>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}}, m_responseContentDispositionEncodingFallbackArray = {<WTF::VectorBuffer<WTF::String, 0>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}, m_httpBody = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WebCore::FormData, WTF::DumbPtrTraits<WebCore::FormData> >::isRefPtr".>, m_ptr = 0x0}, m_cachePolicy = WebCore::ResourceRequestCachePolicy::UseProtocolCachePolicy, m_sameSiteDisposition = WebCore::ResourceRequestBase::SameSiteDisposition::Unspecified, m_priority = WebCore::ResourceLoadPriority::Low, m_requester = WebCore::ResourceRequestBase::Requester::Unspecified, m_inspectorInitiatorNodeIdentifier = {<WTF::constexpr_Optional_base<int>> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = 0}}, <No data fields>}, m_allowCookies = true, m_resourceRequestUpdated = true, m_platformRequestUpdated = false, m_resourceRequestBodyUpdated = true, m_platformRequestBodyUpdated = false, m_hiddenFromInspector = false, m_isTopSite = false, static s_defaultTimeoutInterval = 0}, m_acceptEncoding = true, m_soupFlags = (unknown: 0), m_initiatingPageID = {<WTF::constexpr_Optional_base<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = {<WTF::ObjectIdentifierBase> = {<No data fields>}, m_identifier = 91479367430963200}}}, <No data fields>}} protector = {m_ptr = 0x7f555c072020 [WebKitWebSrc]} #2 0x00007f57b3ac91f5 in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at ../Source/WTF/wtf/Lock.h:84 function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void>> = {get() = 0x7f558c274078}} functionsToHandle = 4 #3 0x00007f57b3ac91f5 in WTF::RunLoop::performWork() (this=0x7f57ad1f9000) at ../Source/WTF/wtf/RunLoop.cpp:107 function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void>> = {get() = 0x7f558c274078}} functionsToHandle = 4 #4 0x00007f57b3b15d5d in WTF::RunLoop::<lambda(gpointer)>::operator() (__closure=0x0, userData=<optimized out>) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:68 #5 0x00007f57b3b15d5d in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:70 #6 0x00007f57b416c4de in g_main_dispatch (context=0x55d82f944ad0) at ../glib/gmain.c:3185 dispatch = 0x7f57b3b15d70 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)> prev_source = 0x0 was_in_call = 0 user_data = 0x7f57ad1f9000 callback = 0x7f57b3b15d50 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)> cb_funcs = 0x7f57b4241280 <g_source_callback_funcs> cb_data = 0x55d82fb1ad40 need_destroy = <optimized out> source = 0x55d82fa2a880 current = 0x55d82f94dac0 i = 0 __func__ = "g_main_dispatch" #7 0x00007f57b416c4de in g_main_context_dispatch (context=context@entry=0x55d82f944ad0) at ../glib/gmain.c:3850 #8 0x00007f57b416c890 in g_main_context_iterate (context=0x55d82f944ad0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3923 max_priority = 100 timeout = 0 some_ready = 1 nfds = <optimized out> allocated_nfds = <optimized out> fds = 0x55d82fa65bb0 #9 0x00007f57b416cb83 in g_main_loop_run (loop=0x55d82faa9dd0) at ../glib/gmain.c:4117 __func__ = "g_main_loop_run" #10 0x00007f57b3b167d0 in WTF::RunLoop::run() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:96 runLoop = @0x7f57ad1f9000: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher, (WTF::DestructionThread)0>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 45}, static is_always_lock_free = true}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7f57b3dea4c8 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {static isHeldBit = 1 '\001', static hasParkedBit = 2 '\002', m_byte = {value = {<std::__atomic_base<unsigned char>> = {static _S_alignment = 1, _M_i = 0 '\000'}, static is_always_lock_free = true}}}, m_functionQueue = {m_start = 134, m_end = 1, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {m_buffer = 0x7f57acfae000, m_capacity = 136, m_size = 0}, <No data fields>}}, m_mainContext = {m_ptr = 0x55d82f944ad0}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {m_buffer = 0x7f57ad1fc100, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_source = {m_ptr = 0x55d82fa2a880}} mainContext = 0x55d82f944ad0 innermostLoop = 0x55d82faa9dd0 nestedMainLoop = <optimized out> #11 0x00007f57b5f5ccaa in WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=3, argv=<optimized out>) at ../Source/WebKit/Shared/unix/AuxiliaryProcessMain.h:47 auxiliaryMain = {<WebKit::AuxiliaryProcessMainBase> = {_vptr.AuxiliaryProcessMainBase = 0x7f57b81ccca8 <vtable for WebKit::WebProcessMain+16>, m_parameters = {uiProcessName = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x0}}, clientIdentifier = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x0}}, processIdentifier = {<WTF::constexpr_Optional_base<WTF::ObjectIdentifier<WebCore::ProcessIdentifierType> >> = {init_ = true, storage_ = {dummy_ = 146 '\222', value_ = {<WTF::ObjectIdentifierBase> = {<No data fields>}, m_identifier = 146}}}, <No data fields>}, connectionIdentifier = 62, extraInitializationData = {m_impl = {static m_maxLoad = 2, static m_minLoad = 6, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}, processType = WebKit::AuxiliaryProcess::ProcessType::WebContent}}, <No data fields>} #12 0x00007f57b50bc173 in __libc_start_main (main=0x55d82dd9b780 <main(int, char**)>, argc=3, argv=0x7fffe8d04998, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffe8d04988) at ../csu/libc-start.c:308 result = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 1682033445703618498, 94386970539984, 140737099352464, 0, 0, 4834687395565506498, 4776341343200055234}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffe8d049b8, 0x7f57b8402130}, data = {prev = 0x0, cleanup = 0x0, canceltype = -389002824}}} not_first_call = <optimized out> #13 0x000055d82dd9b7fe in _start () at ../sysdeps/x86_64/start.S:120
Attachments
Add attachment proposed patch, testcase, etc.
Philippe Normand
Comment 1 2019-11-13 01:22:04 PST
I can only speculate: the closure in webKitWebSrcMakeRequest() is called after dispose of webkitwebsrc
Philippe Normand
Comment 2 2019-11-21 03:18:02 PST
Might be a duplicate of #204161
Michael Catanzaro
Comment 3 2020-04-01 08:49:22 PDT
Still crashing randomly in 2.28. (In reply to Philippe Normand from comment #2) > Might be a duplicate of #204161 Dunno, maybe. Backtrace is different though....
Alicia Boya GarcĂ­a
Comment 4 2020-05-08 09:23:12 PDT
*** This bug has been marked as a duplicate of bug 211572 ***
Note You need to log in before you can comment on or make changes to this bug.