204161 – [GStreamer] Crash loading https://planet.webkit.org

RESOLVED DUPLICATE of bug 211572 204161

[GStreamer] Crash loading https://planet.webkit.org

https://bugs.webkit.org/show_bug.cgi?id=204161

Summary [GStreamer] Crash loading https://planet.webkit.org

Michael Catanzaro

Reported 2019-11-13 09:22:53 PST

Random non-reproducible crash loading https://planet.webkit.org. The top of the backtrace is hard to read because of the DumbPtrTraits.h obscuring the source file and line number, but I see [WebKitWebSrc] so I'll guess [GStreamer]. #0 0x00007f3a1bda7834 in <lambda()>::operator()(void) const (__closure=0x7f39785cd2d8) at DerivedSources/ForwardingHeaders/wtf/DumbPtrTraits.h:43 priv = 0x55584da56db0 loadOptions = 0 notifyAsyncCompletion = false src = 0x55584da56f50 [WebKitWebSrc] request = {<WebCore::ResourceRequestBase> = {m_url = {m_string = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f39785cf240}}, m_isValid = 1, m_protocolIsInHTTPFamily = 1, m_cannotBeABaseURL = 0, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 5, m_userStart = 8, m_userEnd = 8, m_passwordEnd = 8, m_hostEnd = 23, m_pathAfterLastSlash = 48, m_pathEnd = 72, m_queryEnd = 76}, m_timeoutInterval = 0, m_firstPartyForCookies = {m_string = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f39785cf240}}, m_isValid = 1, m_protocolIsInHTTPFamily = 1, m_cannotBeABaseURL = 0, m_portLength = 0, static maxPortLength = 7, static maxSchemeLength = 67108863, m_schemeEnd = 5, m_userStart = 8, m_userEnd = 8, m_passwordEnd = 8, m_hostEnd = 23, m_pathAfterLastSlash = 48, m_pathEnd = 72, m_queryEnd = 76}, m_httpMethod = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f39785d10f0}}, m_initiatorIdentifier = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x0}}, m_cachePartition = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x7f3a19c5d340 <WTF::StringImpl::s_emptyAtomString>}}, m_httpHeaderFields = {m_commonHeaders = {<WTF::VectorBuffer<WebCore::HTTPHeaderMap::CommonHeader, 0>> = {<WTF::VectorBufferBase<WebCore::HTTPHeaderMap::CommonHeader>> = {m_buffer = 0x7f39785cf2a0, m_capacity = 6, m_size = 4}, <No data fields>}, <No data fields>}, m_uncommonHeaders = {<WTF::VectorBuffer<WebCore::HTTPHeaderMap::UncommonHeader, 0>> = {<WTF::VectorBufferBase<WebCore::HTTPHeaderMap::UncommonHeader>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}}, m_responseContentDispositionEncodingFallbackArray = {<WTF::VectorBuffer<WTF::String, 0>> = {<WTF::VectorBufferBase<WTF::String>> = {m_buffer = 0x0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}, m_httpBody = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WebCore::FormData, WTF::DumbPtrTraits<WebCore::FormData> >::isRefPtr".>, m_ptr = 0x0}, m_cachePolicy = WebCore::ResourceRequestCachePolicy::UseProtocolCachePolicy, m_sameSiteDisposition = WebCore::ResourceRequestBase::SameSiteDisposition::Unspecified, m_priority = WebCore::ResourceLoadPriority::Low, m_requester = WebCore::ResourceRequestBase::Requester::Unspecified, m_inspectorInitiatorNodeIdentifier = {<WTF::constexpr_Optional_base<int>> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = -256}}, <No data fields>}, m_allowCookies = true, m_resourceRequestUpdated = true, m_platformRequestUpdated = false, m_resourceRequestBodyUpdated = true, m_platformRequestBodyUpdated = false, m_hiddenFromInspector = false, m_isTopSite = false, static s_defaultTimeoutInterval = 0}, m_acceptEncoding = false, m_soupFlags = (unknown: 0), m_initiatingPageID = {<WTF::constexpr_Optional_base<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >> = {init_ = false, storage_ = {dummy_ = 0 '\000', value_ = {<WTF::ObjectIdentifierBase> = {<No data fields>}, m_identifier = 18446744073709551360}}}, <No data fields>}} protector = {m_ptr = 0x55584da56f50 [WebKitWebSrc]} #1 0x00007f3a1990c1bc in WTF::Function<void ()>::operator()() const (this=<synthetic pointer>) at ../Source/WTF/wtf/Function.h:76 function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void>> = {get() = 0x7f39785d0190}} functionsHandled = 5 functionsToHandle = 7 #2 0x00007f3a1990c1bc in WTF::RunLoop::performWork() (this=0x7f3a12ff9000) at ../Source/WTF/wtf/RunLoop.cpp:124 function = {m_callableWrapper = std::unique_ptr<WTF::Detail::CallableWrapperBase<void>> = {get() = 0x7f39785d0190}} functionsHandled = 5 functionsToHandle = 7 #3 0x00007f3a19958d5d in WTF::RunLoop::<lambda(gpointer)>::operator() (__closure=0x0, userData=<optimized out>) at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:68 #4 0x00007f3a19958d5d in WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer) () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:70 #5 0x00007f3a19faf4de in g_main_dispatch (context=0x55584becde10) at ../glib/gmain.c:3185 dispatch = 0x7f3a19958d70 <WTF::<lambda(GSource*, GSourceFunc, gpointer)>::_FUN(GSource *, GSourceFunc, gpointer)> prev_source = 0x0 was_in_call = 0 user_data = 0x7f3a12ff9000 callback = 0x7f3a19958d50 <WTF::RunLoop::<lambda(gpointer)>::_FUN(gpointer)> cb_funcs = 0x7f3a1a084280 <g_source_callback_funcs> cb_data = 0x55584c01fcb0 need_destroy = <optimized out> source = 0x55584c02d990 current = 0x55584bedafd0 i = 0 __func__ = "g_main_dispatch" #6 0x00007f3a19faf4de in g_main_context_dispatch (context=context@entry=0x55584becde10) at ../glib/gmain.c:3850 #7 0x00007f3a19faf890 in g_main_context_iterate (context=0x55584becde10, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3923 max_priority = 100 timeout = 0 some_ready = 1 nfds = <optimized out> allocated_nfds = <optimized out> fds = 0x55584da57fa0 #8 0x00007f3a19fafb83 in g_main_loop_run (loop=0x55584c01bbe0) at ../glib/gmain.c:4117 __func__ = "g_main_loop_run" #9 0x00007f3a199597d0 in WTF::RunLoop::run() () at ../Source/WTF/wtf/glib/RunLoopGLib.cpp:96 runLoop = @0x7f3a12ff9000: {<WTF::FunctionDispatcher> = {<WTF::ThreadSafeRefCounted<WTF::FunctionDispatcher, (WTF::DestructionThread)0>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = {<std::__atomic_base<unsigned int>> = {static _S_alignment = 4, _M_i = 21}, static is_always_lock_free = true}}, <No data fields>}, _vptr.FunctionDispatcher = 0x7f3a19c2d4c8 <vtable for WTF::RunLoop+16>}, m_functionQueueLock = {static isHeldBit = 1 '\001', static hasParkedBit = 2 '\002', m_byte = {value = {<std::__atomic_base<unsigned char>> = {static _S_alignment = 1, _M_i = 0 '\000'}, static is_always_lock_free = true}}}, m_functionQueue = {m_start = 14, m_end = 15, m_buffer = {<WTF::VectorBufferBase<WTF::Function<void()> >> = {m_buffer = 0x7f39d2ded680, m_capacity = 136, m_size = 0}, <No data fields>}}, m_mainContext = {m_ptr = 0x55584becde10}, m_mainLoops = {<WTF::VectorBuffer<WTF::GRefPtr<_GMainLoop>, 0>> = {<WTF::VectorBufferBase<WTF::GRefPtr<_GMainLoop> >> = {m_buffer = 0x7f3a12ffc100, m_capacity = 16, m_size = 1}, <No data fields>}, <No data fields>}, m_source = {m_ptr = 0x55584c02d990}} mainContext = 0x55584becde10 innermostLoop = 0x55584c01bbe0 nestedMainLoop = <optimized out> #10 0x00007f3a1bd9fcaa in WebKit::AuxiliaryProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) (argc=3, argv=<optimized out>) at ../Source/WebKit/Shared/unix/AuxiliaryProcessMain.h:47 auxiliaryMain = {<WebKit::AuxiliaryProcessMainBase> = {_vptr.AuxiliaryProcessMainBase = 0x7f3a1e00fca8 <vtable for WebKit::WebProcessMain+16>, m_parameters = {uiProcessName = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x0}}, clientIdentifier = {static MaxLength = 2147483647, m_impl = {static isRefPtr = <error reading variable: Missing ELF symbol "WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::isRefPtr".>, m_ptr = 0x0}}, processIdentifier = {<WTF::constexpr_Optional_base<WTF::ObjectIdentifier<WebCore::ProcessIdentifierType> >> = {init_ = true, storage_ = {dummy_ = 50 '2', value_ = {<WTF::ObjectIdentifierBase> = {<No data fields>}, m_identifier = 306}}}, <No data fields>}, connectionIdentifier = 118, extraInitializationData = {m_impl = {static m_maxLoad = 2, static m_minLoad = 6, m_table = 0x0, m_tableSize = 0, m_tableSizeMask = 0, m_keyCount = 0, m_deletedCount = 0}}, processType = WebKit::AuxiliaryProcess::ProcessType::WebContent}}, <No data fields>} #11 0x00007f3a1aeff173 in __libc_start_main (main=0x55584ad1f780 <main(int, char**)>, argc=3, argv=0x7ffe24fe9bd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe24fe9bc8) at ../csu/libc-start.c:308 result = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -1982202111361332653, 93837700757456, 140729519086544, 0, 0, -5678737931388892589, -5712413900959823277}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7ffe24fe9bf8, 0x7f3a1e245130}, data = {prev = 0x0, cleanup = 0x0, canceltype = 620665848}}} not_first_call = <optimized out> #12 0x000055584ad1f7fe in _start () at ../sysdeps/x86_64/start.S:120

Attachments
Patch (3.11 KB, patch) 2019-11-21 03:09 PST, Philippe Normand	cgarcia: review-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Philippe Normand

Comment 1 2019-11-14 10:53:49 PST

This might be a regression introduced by r247215 ... Capturing the src pointer in the lambda of webKitWebSrcMakeRequest() doesn't look right; protector should be used instead.

Philippe Normand

Comment 2 2019-11-21 03:09:10 PST

Created attachment 384039 [details] Patch

Carlos Garcia Campos

Comment 3 2019-11-21 05:09:56 PST

Comment on attachment 384039 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=384039&action=review > Source/WebCore/platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:627 > - priv->notifier->notify(MainThreadSourceNotification::Start, [protector, request = WTFMove(request), src, notifyAsyncCompletion] { > + priv->notifier->notify(MainThreadSourceNotification::Start, [protector, request = WTFMove(request), notifyAsyncCompletion] { I don't understand this, if src is protected it's safe to pass and use inside the lambda

Alicia Boya García

Comment 4 2020-05-08 09:22:44 PDT

*** This bug has been marked as a duplicate of bug 211572 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 211572

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware PC

OS Linux

Product WebKit

Component WebKitGTK

Assignee

Philippe Normand

Reported

2019-11-13 09:22 PST

Modified

2020-05-08 09:22 PDT History

CC List

9 users Show

URL

Keywords

Depends on

Blocks