WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
175575
[GStreamer] Memory corruption in GStreamerGL code
https://bugs.webkit.org/show_bug.cgi?id=175575
Summary
[GStreamer] Memory corruption in GStreamerGL code
Michael Catanzaro
Reported
2017-08-15 09:14:09 PDT
Unfortunately memory corruption is usually really hard to track down since the backtrace rarely points to the real problem, and I don't have a consistent reproducer. But here it is. It happens sometimes when running layout test compositing/video/video-object-position.html: Thread 1 (Thread 0x2b6fc8320700 (LWP 11367)): #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00002b6b198ea3fa in __GI_abort () at abort.c:89 #2 0x00002b6b19926bd0 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x2b6b19a1bbd0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00002b6b1992cf96 in malloc_printerr (action=3, str=0x2b6b19a1bd28 "double free or corruption (fasttop)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5046 #4 0x00002b6b1992d78e in _int_free (av=av@entry=0x2b6ef0000020, p=p@entry=0x2b6ef02c6220, have_lock=have_lock@entry=1) at malloc.c:3902 #5 0x00002b6b1992fef8 in _int_realloc (av=av@entry=0x2b6ef0000020, oldp=oldp@entry=0x2b6ef02c6220, oldsize=oldsize@entry=64, nb=nb@entry=96) at malloc.c:4393 #6 0x00002b6b19931539 in __GI___libc_realloc (oldmem=0x2b6ef02c6230, bytes=84) at malloc.c:3080 #7 0x00002b6b9c2a5251 in resize () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:147 #8 0x00002b6b9c2a588f in ralloc_vasprintf_rewrite_tail () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:510 #9 0x00002b6b9c2a5936 in ralloc_vasprintf_append () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/util/ralloc.c:479 #10 0x00002b6b9c2aed4d in _Z12linker_errorP17gl_shader_programPKcz () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:529 #11 0x00002b6b9c2b152c in link_intrastage_shaders () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:2026 #12 _Z12link_shadersP10gl_contextP17gl_shader_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/glsl/linker.cpp:3539 #13 0x00002b6b9c22399b in _mesa_glsl_link_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/program/ir_to_mesa.cpp:2975 #14 0x00002b6b9c16005a in link_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderapi.c:1042 #15 0x00002b6b142fe47c in gst_gl_shader_link () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglshader.c:686 #16 0x00002b6b1430427e in _create_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:1945 #17 _init_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2028 #18 _do_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2368 #19 0x00002b6b14308683 in _run_message_sync () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:601 #20 0x00002b6b14308622 in _run_message_async () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:668 #21 0x00002b6b150e25ca in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212 #22 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865 #23 0x00002b6b150e2948 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938 #24 0x00002b6b150e2c62 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134 #25 0x00002b6b143086f5 in gst_gl_window_default_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:527 #26 0x00002b6b142f195c in gst_gl_context_create_thread () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcontext.c:1273 #27 0x00002b6b15109315 in g_thread_proxy () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gthread.c:784 #28 0x00002b6b187c2494 in start_thread (arg=0x2b6fc8320700) at pthread_create.c:333 #29 0x00002b6b1999e93f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
Attachments
Add attachment
proposed patch, testcase, etc.
Michael Catanzaro
Comment 1
2017-08-15 09:44:43 PDT
I'm adding a crash expectation for this test.
Michael Catanzaro
Comment 2
2017-08-28 04:47:23 PDT
Another variant: Thread 1 (Thread 0x2b8468200700 (LWP 21392)): #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00002b82c9e873fa in __GI_abort () at abort.c:89 #2 0x00002b82c9ec3bd0 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x2b82c9fb8bd0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175 #3 0x00002b82c9ec9f96 in malloc_printerr (action=3, str=0x2b82c9fb8d28 "double free or corruption (fasttop)", ptr=<optimized out>, ar_ptr=<optimized out>) at malloc.c:5046 #4 0x00002b82c9eca78e in _int_free (av=0x2b8478000020, p=0x2b84781d6b90, have_lock=0) at malloc.c:3902 #5 0x00002b83a0366dcd in _mesa_clear_shader_program_data () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderobj.c:304 #6 0x00002b83a0425921 in _mesa_glsl_link_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/program/ir_to_mesa.cpp:2964 #7 0x00002b83a036205a in link_program () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/Mesa/src/mesa/main/shaderapi.c:1042 #8 0x00002b82c4ba347c in gst_gl_shader_link () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglshader.c:686 #9 0x00002b82c4ba927e in _create_shader () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:1945 #10 _init_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2028 #11 _do_convert () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcolorconvert.c:2368 #12 0x00002b82c4bad683 in _run_message_sync () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:601 #13 0x00002b82c4bad622 in _run_message_async () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:668 #14 0x00002b82c59875ca in g_main_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3212 #15 g_main_context_dispatch () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3865 #16 0x00002b82c5987948 in g_main_context_iterate () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:3938 #17 0x00002b82c5987c62 in g_main_loop_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gmain.c:4134 #18 0x00002b82c4bad6f5 in gst_gl_window_default_run () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglwindow.c:527 #19 0x00002b82c4b9695c in gst_gl_context_create_thread () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/gst-plugins-bad-1.10.5/gst-libs/gst/gl/gstglcontext.c:1273 #20 0x00002b82c59ae315 in g_thread_proxy () at /home/slave/webkitgtk/gtk-linux-64-release-tests/build/WebKitBuild/DependenciesGTK/Source/glib-2.52.1/glib/gthread.c:784 #21 0x00002b82c8d5f494 in start_thread (arg=0x2b8468200700) at pthread_create.c:333 #22 0x00002b82c9f3b93f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 Adding crash expectation for imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/ready-states/autoplay-with-slow-text-tracks.html.
Diego Pino
Comment 3
2020-02-27 10:15:31 PST
***
Bug 208288
has been marked as a duplicate of this bug. ***
Philippe Normand
Comment 4
2020-07-20 07:13:43 PDT
compositing/video/video-object-position.html hasn't been crashing for the past 7 months and seems to only require a rebaseline: --- /home/buildbot/worker/gtk-linux-64-release-tests/build/layout-test-results/compositing/video/video-object-position-expected.txt +++ /home/buildbot/worker/gtk-linux-64-release-tests/build/layout-test-results/compositing/video/video-object-position-actual.txt @@ -13,74 +13,60 @@ (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 2.00 120.00 x 200.00) ) (GraphicsLayer (position 151.00 13.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents clipping layer 2.00, 2.00 120.00 x 200.00) - (contents layer 22.00, 12.00 120.00 x 200.00) ) (GraphicsLayer (position 289.00 13.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 2.00 120.00 x 200.00) ) (GraphicsLayer (position 427.00 13.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents clipping layer 2.00, 2.00 120.00 x 200.00) - (contents layer -8.00, -8.00 120.00 x 200.00) ) (GraphicsLayer (position 565.00 13.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 2.00 120.00 x 200.00) ) (GraphicsLayer (position 13.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 57.00 120.00 x 90.00) ) (GraphicsLayer (position 151.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents clipping layer 2.00, 2.00 120.00 x 200.00) - (contents layer 22.00, 12.00 120.00 x 90.00) ) (GraphicsLayer (position 289.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 30.00 120.00 x 90.00) ) (GraphicsLayer (position 427.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents clipping layer 2.00, 2.00 120.00 x 200.00) - (contents layer -8.00, 102.00 120.00 x 90.00) ) (GraphicsLayer (position 565.00 231.00) (bounds 124.00 204.00) (contentsOpaque 1) (drawsContent 1) - (contents layer 2.00, 101.00 120.00 x 90.00) ) ) )
Diego Pino
Comment 5
2020-11-03 08:29:27 PST
This test(s) has been consistenly passing in the last 4000 revisions. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug