Bug 258971

Summary:

VideoFrameMetadataGStreamer.cpp - SEGFAULT after capture from video stream

Product:

WebKit

Reporter:

thomas.kerin

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED WORKSFORME

Severity:

Normal

CC:

philn

Priority:

Version:

WebKit Local Build

Hardware:

OS:

Linux

Attachments:

Description	Flags
GDB log of 'bt full' command	none
GDB log of 'bt' command	none

Description thomas.kerin 2023-07-07 05:11:45 PDT

Created attachment 466971 [details]
GDB log of 'bt full' command

I have a cog instance running our application where we display webcam footage in the browser window and allow the user to take a picture.

wpewebkit: 2.38.6
os: buildroot 85a9a3f0e644556b0cd8f2126c6efa5d32695704

A few seconds after capturing the image we experience a crash that seems localized to this location: https://github.com/WebKit/WebKit/blob/wpewebkit-2.38.6/Source/WebCore/platform/graphics/gstreamer/VideoFrameMetadataGStreamer.cpp#L126 The crash isn't very elusive, at the moment it happens every time I try.

I've rebuilt with debug symbols and got a core dump, which allowed me to log the full backtrace (attached)

Comment 1 thomas.kerin 2023-07-07 05:12:30 PDT

Created attachment 466972 [details]
GDB log of 'bt' command

Comment 2 thomas.kerin 2023-07-07 09:49:27 PDT

A few things happen after the crash, I'll include whatever details I can here

When I watch `journalctl -f` I see kernel messages and messages from cog

```
# crash begins
                          ...
Jul 07 16:46:08 buildroot audit[2493]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=2493 comm="vqueue:src" exe="/usr/libexec/wpe-webkit-1.0/WPEWebProcess" sig=11 res=1                  
Jul 07 16:46:08 buildroot kernel: vqueue:src[2612]: segfault at 10 ip 00007fb779dbce88 sp 00007fb5b1066068 error 4 in libWPEWebKit-1.0.so.3.18.9[7fb779da9000+20db000] likely on CPU 0 (core 0, socket 0)         
Jul 07 16:46:08 buildroot kernel: Code: c3 c6 47 0c 00 c3 53 48 89 fb 48 89 f7 48 89 33 e8 9d 21 ff ff 48 3d ff ff ff 7f 76 05 e8 00 56 ff ff 89 43 08 5b c3 48 8b 3f <8b> 47 10 c1 e8 08 75 05 e9 15 d0 ee 00 c3 48 8b 07 31 d2 48 89 17
Jul 07 16:46:08 buildroot kernel: audit: type=1701 audit(1688748368.108:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=kernel pid=2493 comm="vqueue:src" exe="/usr/libexec/wpe-webkit-1.0/WPEWebProcess" sig=11 res=1
                         ...
Jul 07 16:46:10 buildroot cog[2483]: <http://localhost:8088/photo> Crash!: The renderer process crashed. Reloading the page may fix intermittent failures.                                                  
                         ...                               
```

Comment 3 Philippe Normand 2023-07-07 09:57:51 PDT

Can you try https://github.com/WebKit/WebKit/commit/5114b739ade935af7e48a1228c39226845ddf314 ?

Comment 4 Philippe Normand 2023-07-26 12:23:08 PDT

(In reply to Philippe Normand from comment #3)
> Can you try
> https://github.com/WebKit/WebKit/commit/
> 5114b739ade935af7e48a1228c39226845ddf314 ?

No reply, so I assume this is no longer an issue? Feel free to re-open if it's the case after testing this commit.