260984 2023-08-31 12:48:20 -0700 [GStreamer][MSE] Crash in webKitMediaSrcFlush 2023-09-21 06:14:17 -0700 1 1 1 Unclassified WebKit Media WebKit Nightly Build PC Linux RESOLVED DUPLICATE 260455 P2 Normal --- 1 mcatanzaro webkit-unassigned bugs-noreply mcatanzaro philn oldest_to_newest 1974793 0 mcatanzaro 2023-08-31 12:48:20 -0700 Here's a crash that occurs under webKitMediaSourceFlush when trying to lock a garbage mutex (this=0x28 in frame #4). Note also in frame #7, webKitMediaSrcStreamFlush is called with stream=0x0. That looks bad. (gdb) bt #0 0x00007f813813d321 in std::__atomic_base<unsigned char>::compare_exchange_weak(unsigned char&, unsigned char, std::memory_order, std::memory_order) (this=0x28, __i2=1 '\001', __m1=std::memory_order::acquire, __m2=std::memory_order::acquire, __i1=<optimized out>) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../include/c++/13.2.0/bits/atomic_base.h:540 #1 std::__atomic_base<unsigned char>::compare_exchange_weak(unsigned char&, unsigned char, std::memory_order) (this=0x28, __i2=1 '\001', __m=std::memory_order::acquire, __i1=<optimized out>) at /usr/bin/../lib/gcc/x86_64-unknown-linux-gnu/13.2.0/../../../../include/c++/13.2.0/bits/atomic_base.h:559 #2 WTF::Atomic<unsigned char>::compareExchangeWeak(unsigned char, unsigned char, std::memory_order) (this=0x28, expected=0 '\000', desired=1 '\001', order=std::memory_order::acquire) at WTF/Headers/wtf/Atomics.h:89 #3 WTF::LockAlgorithm<unsigned char, (unsigned char)1, (unsigned char)2, WTF::EmptyLockHooks<unsigned char> >::lockFastAssumingZero(WTF::Atomic<unsigned char>&) (lock=...) at WTF/Headers/wtf/LockAlgorithm.h:53 #4 WTF::Lock::lock() (this=0x28) at WTF/Headers/wtf/Lock.h:65 #5 WTF::DataMutexLocker<Stream::StreamingMembers>::lock() (this=<optimized out>) at WTF/Headers/wtf/DataMutex.h:126 #6 WTF::DataMutexLocker<Stream::StreamingMembers>::DataMutexLocker(WTF::DataMutex<Stream::StreamingMembers>&) (dataMutex=..., this=<optimized out>) at WTF/Headers/wtf/DataMutex.h:71 #7 webKitMediaSrcStreamFlush(Stream*, bool) (stream=0x0, isSeekingFlush=false) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:573 #8 0x00007f813813d229 in webKitMediaSrcFlush(WebKitMediaSrc*, WTF::AtomString const&) (source=0x557bffcf8200 [WebKitMediaSrc|webkitmediasrc0], streamName="A0") at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:673 #9 0x00007f813814448b in WebCore::SourceBufferPrivateGStreamer::flush(WTF::AtomString const&) (this=0x7f81255ab0e0, trackId="A0") at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/gstreamer/mse/SourceBufferPrivateGStreamer.cpp:146 #10 0x00007f813808c06a in WebCore::SourceBufferPrivate::reenqueueMediaForTime(WebCore::TrackBuffer&, WTF::AtomString const&, WTF::MediaTime const&) (this=0x7f81255ab0e0, trackBuffer=..., trackID="A0", time=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/SourceBufferPrivate.cpp:426 #11 WebCore::SourceBufferPrivate::seekToTime(WTF::MediaTime const&) (this=0x7f81255ab0e0, time=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/SourceBufferPrivate.cpp:266 #12 0x00007f81372b7294 in WebCore::SourceBuffer::seekToTime(WTF::MediaTime const&) (this=0x7f80860fb140, time=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/Modules/mediasource/SourceBuffer.cpp:455 #13 WebCore::MediaSource::completeSeek() (this=0x7f80860f6550) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/Modules/mediasource/MediaSource.cpp:249 #14 0x00007f81372b7045 in WebCore::MediaSource::seekToTime(WTF::MediaTime const&) (this=0x7f80860f6550, time=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/Modules/mediasource/MediaSource.cpp:226 #15 0x00007f81381410ae in WebCore::MediaPlayerPrivateGStreamerMSE::doSeek(WTF::MediaTime const&, float) (this=0x7f8125bc5a50, position=<optimized out>, rate=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:193 #16 0x00007f8138140f0c in WebCore::MediaPlayerPrivateGStreamerMSE::seek(WTF::MediaTime const&) (this=0x7f8125bc5a50, time=...) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:164 #17 0x00007f8137a26538 in WebCore::HTMLMediaElement::seekTask() (this=0x7f80860e87b0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/html/HTMLMediaElement.cpp:3568 #18 0x00007f8137827782 in WebCore::EventLoop::run() (this=0x7f81250cc370) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/EventLoop.cpp:282 #19 0x00007f81378b4305 in WebCore::WindowEventLoop::didReachTimeToRun() (this=0x0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/dom/WindowEventLoop.cpp:149 --Type <RET> for more, q to quit, c to continue without paging--c #20 0x00007f8137f4df8a in WebCore::ThreadTimers::sharedTimerFiredInternal() (this=0x7f81250f43f0) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebCore/platform/ThreadTimers.cpp:127 #21 0x00007f8134f521a5 in WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::operator()(void*) const (userData=0x7f8139d0ac58 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:177 #22 WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*) (userData=0x7f8139d0ac58 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:169 #23 0x00007f8134f51501 in WTF::RunLoop::$_0::operator()(_GSource*, int (*)(void*), void*) const (source=0x557bff59db00, callback=0x7f8134f52110 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*)>, userData=0x7f8139d0ac58 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, this=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #24 WTF::RunLoop::$_0::__invoke(_GSource*, int (*)(void*), void*) (source=0x557bff59db00, callback=0x7f8134f52110 <WTF::RunLoop::TimerBase::TimerBase(WTF::RunLoop&)::$_0::__invoke(void*)>, userData=0x7f8139d0ac58 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:45 #25 0x00007f813147ac97 in g_main_dispatch (context=context@entry=0x557bff2c1a70) at ../glib/gmain.c:3476 #26 0x00007f813147cda7 in g_main_context_dispatch_unlocked (context=0x557bff2c1a70) at ../glib/gmain.c:4284 #27 g_main_context_iterate_unlocked (context=0x557bff2c1a70, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4349 #28 0x00007f813147d757 in g_main_loop_run (loop=0x557bff2ff740) at ../glib/gmain.c:4551 #29 0x00007f8134f51ad1 in WTF::RunLoop::run() () at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WTF/wtf/glib/RunLoopGLib.cpp:108 #30 0x00007f813685b977 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (this=0x7fffb13dcf30, argc=3, argv=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:72 #31 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=3, argv=<optimized out>) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:98 #32 0x00007f813562808a in __libc_start_call_main (main=main@entry=0x557bfe7b3150 <main(int, char**)>, argc=argc@entry=3, argv=argv@entry=0x7fffb13dd0c8) at ../sysdeps/nptl/libc_start_call_main.h:58 #33 0x00007f813562814b in __libc_start_main_impl (main=0x557bfe7b3150 <main(int, char**)>, argc=3, argv=0x7fffb13dd0c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb13dd0b8) at ../csu/libc-start.c:360 #34 0x0000557bfe7b3085 in _start () at ../sysdeps/x86_64/start.S:115 Note: bug #260455 is similar 1978969 1 mcatanzaro 2023-09-21 06:14:17 -0700 > Note: bug #260455 is similar That's surely the same bug. *** This bug has been marked as a duplicate of bug 260455 ***