Bug 230318

Created attachment 438283 [details] Crash log with threads for imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/label.html from the GTK Release bot r282220 caused at least the following flaky crashes on GTK and WPE: imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/cues.html [ Pass Crash ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/kind.html [ Pass Crash ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/label.html [ Pass Crash ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/language.html [ Pass Crash ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/oncuechange.html [ Pass Crash ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/interfaces/TextTrack/removeCue.html [ Pass Crash ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/track/track-element/track-cues-cuechange-dynamically-created-track-element.html [ Pass Crash ] imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/track/track-element/track-cues-enter-seeking.html [ Pass Crash ] media/track/track-cue-inline-assertion-crash.html [ Pass Crash ] media/track/track-cue-left-align.html [ Pass Crash ] media/track/track-cue-line-position.html [ Pass Crash ] media/track/track-cues-cuechange.html [ Pass Crash ] On GTK can be easily reproduced by running WTR with: --repeat-each=20 media/track/track-cue-inline-assertion-crash.html The backtrace is the same on all of them, which is: Thread 1 (Thread 0x7f7783eafe80 (LWP 269462)): #0 0x00007f7790490350 in WTF::MediaTime::compare(WTF::MediaTime const&) const () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #1 0x00007f778ec3a6d5 in WebCore::HTMLMediaElement::textTrackRemoveCue(WebCore::TextTrack&, WebCore::TextTrackCue&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #2 0x00007f778ec3aa66 in non-virtual thunk to WebCore::HTMLMediaElement::textTrackRemoveCues(WebCore::TextTrack&, WebCore::TextTrackCueList const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #3 0x00007f778edd9856 in WTF::WeakHashSet<WebCore::TextTrackClient, WTF::EmptyCounter>::forEach(WTF::Function<void (WebCore::TextTrackClient&)> const&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #4 0x00007f778edd5388 in WebCore::TextTrack::~TextTrack() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #5 0x00007f778edd5cd9 in WebCore::TextTrack::~TextTrack() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #6 0x00007f778ededbff in WebCore::TextTrackList::~TextTrackList() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #7 0x00007f778edf0969 in WebCore::TextTrackList::~TextTrackList() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #8 0x00007f778ec35fa6 in WebCore::HTMLMediaElement::~HTMLMediaElement() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #9 0x00007f778ecaaf24 in WebCore::HTMLVideoElement::~HTMLVideoElement() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #10 0x00007f778ec4c42d in WTF::Detail::CallableWrapper<WebCore::ActiveDOMObject::queueTaskKeepingObjectAlive<WebCore::HTMLMediaElement>(WebCore::HTMLMediaElement&, WebCore::TaskSource, WTF::Function<void ()>&&)::{lambda()#1}, void>::~CallableWrapper() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #11 0x00007f778ea08271 in WebCore::EventLoopFunctionDispatchTask::~EventLoopFunctionDispatchTask() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #12 0x00007f778ea064e5 in WebCore::EventLoop::run() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #13 0x00007f778ea9e61d in WebCore::WindowEventLoop::didReachTimeToRun() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #14 0x00007f778f1aa257 in WebCore::ThreadTimers::sharedTimerFiredInternal() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #15 0x00007f778a16b6e5 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::{lambda(void*)#1}::_FUN(void*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0 #16 0x00007f778a16b95f in WTF::RunLoop::{lambda(_GSource*, int (*)(void*), void*)#1}::_FUN(_GSource*, int (*)(void*), void*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0 #17 0x00007f77865d82bf in g_main_dispatch (context=0x5585ee593930) at ../glib/gmain.c:3344 #18 g_main_context_dispatch (context=0x5585ee593930) at ../glib/gmain.c:4062 #19 0x00007f77865d8668 in g_main_context_iterate (context=0x5585ee593930, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4138 #20 0x00007f77865d8983 in g_main_loop_run (loop=0x5585ee5c24e0) at ../glib/gmain.c:4336 #21 0x00007f778a16baa8 in WTF::RunLoop::run() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0 #22 0x00007f778d8ee774 in int WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0 #23 0x00007f7785f7a062 in __libc_start_main (main=0x5585ecceb850 <main>, argc=4, argv=0x7ffd82c3f088, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd82c3f078) at ../csu/libc-start.c:308 #24 0x00005585ecceb88e in _start () at ../sysdeps/x86_64/start.S:120 I'm attaching the complete trace with threads. What intrigues me is that this tests are not crashing on the Debug bots, only on the Release ones. I wonder if the crash may be caused by some optimization that GCC does and Clang doesn't. I will try to check this further later.