Tab crashes when video goes from media stream to regular src |
|||
Issue descriptionChrome Version : 72.0.3592.0 (Developer Build) (64-bit) What steps will reproduce the problem? 1. Go to https://beaufortfrancois.github.io/sandbox/media/picture-in-picture-playground 2. Click "Toggle MediaStream" button to switch video to a media stream 3. Click "Toggle MediaStream" button to switch video back to a regular src. What is the expected result? Video should play. What happens instead of that? Tab crashes. See debug logs below. Received signal 11 SEGV_MAPERR 000000000000 #0 0x7f7e7be0f38d base::debug::StackTrace::StackTrace() #1 0x7f7e7bae272a base::debug::StackTrace::StackTrace() #2 0x7f7e7be0edda base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7f7e5199e390 <unknown> #4 0x7f7e58051cd2 blink::VideoFrameSubmitter::SubmitSingleFrame() #5 0x7f7e5805162e blink::VideoFrameSubmitter::UpdateSubmissionStateInternal() #6 0x7f7e580515a3 blink::VideoFrameSubmitter::SetIsOpaque() #7 0x7f7e76970e69 content::WebMediaPlayerMSCompositor::CheckForFrameChanges() #8 0x7f7e769707b2 content::WebMediaPlayerMSCompositor::SetCurrentFrame() #9 0x7f7e769708ef content::WebMediaPlayerMSCompositor::RenderWithoutAlgorithmOnCompositor() #10 0x7f7e74bb6caf _ZN4base8internal13FunctorTraitsIMN7content19AppCacheInternalsUI5ProxyEFvRK13scoped_refptrINS2_21ChromeAppCacheServiceEEEvE6InvokeISB_S5_IS4_EJS7_EEEvT_OT0_DpOT1_ #11 0x7f7e74bb6c0f _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIMN7content19AppCacheInternalsUI5ProxyEFvRK13scoped_refptrINS4_21ChromeAppCacheServiceEEEJS7_IS6_ES9_EEEvOT_DpOT0_ #12 0x7f7e74bb6b9d _ZN4base8internal7InvokerINS0_9BindStateIMN7content19AppCacheInternalsUI5ProxyEFvRK13scoped_refptrINS3_21ChromeAppCacheServiceEEEJS6_IS5_ES8_EEEFvvEE7RunImplISC_NSt3__15tupleIJSD_S8_EEEJLm0ELm1EEEEvOT_OT0_NSI_16integer_sequenceImJXspT1_EEEE #13 0x7f7e74bb6aa9 _ZN4base8internal7InvokerINS0_9BindStateIMN7content19AppCacheInternalsUI5ProxyEFvRK13scoped_refptrINS3_21ChromeAppCacheServiceEEEJS6_IS5_ES8_EEEFvvEE7RunOnceEPNS0_13BindStateBaseE #14 0x7f7e7bb332ee _ZNO4base12OnceCallbackIFvvEE3RunEv #15 0x7f7e7bae3bc2 base::debug::TaskAnnotator::RunTask() #16 0x7f7e7bd26afa base::internal::TaskTracker::RunOrSkipTask() #17 0x7f7e7be41686 base::internal::TaskTrackerPosix::RunOrSkipTask() #18 0x7f7e7bd0de3c base::internal::TaskTracker::RunAndPopNextTask() #19 0x7f7e7bd0d512 base::internal::SchedulerWorker::RunWorker() #20 0x7f7e7bd0cccc base::internal::SchedulerWorker::RunSharedWorker() #21 0x7f7e7bd0cbcd base::internal::SchedulerWorker::ThreadMain() #22 0x7f7e7be5c09d base::(anonymous namespace)::ThreadFunc() #23 0x7f7e519946ba start_thread #24 0x7f7e4d82741d clone r8: ffffffffffffffff r9: 00007f7e71f35168 r10: 0071a550dcd70200 r11: 0000000000000000 r12: 0000000000000000 r13: 00007ffe644c505f r14: 00007f7e371aa9c0 r15: 0000000000000000 di: 00003b6fafd5ec20 si: 00007f7e371a7b70 bp: 00007f7e371a7dd0 bx: 0000000000000000 dx: 0000000000000000 ax: 0000000000000000 cx: 0071a550dcd70200 sp: 00007f7e371a7d00 ip: 00007f7e58051cd2 efl: 0000000000010206 cgf: 002b000000000033 erf: 0000000000000004 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace] Calling _exit(1). Core file will not be generated.
,
Oct 26
,
Nov 1
,
Nov 8
Although the stack looks pretty similar to https://crbug.com/899389 , I think that https://crbug.com/901491 might have a root cause here instead. There's a fix in the pipeline for that one. I tried to see if I could get the issue to repro again with the fix applied, and I believe it also fixes this issue.
,
Nov 8
|
|||
►
Sign in to add a comment |
|||
Comment 1 by lethalantidote@chromium.org
, Oct 26