[Webkit-unassigned] [Bug 231519] New: [GStreamer] Crash in

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Oct 11 10:52:25 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=231519

            Bug ID: 231519
           Summary: [GStreamer] Crash in
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: bugs-noreply at webkitgtk.org

Created attachment 440806

  --> https://bugs.webkit.org/attachment.cgi?id=440806&action=review

Full backtrace

WebKit trunk is crashing when loading reddit.com:

(WebKitWebProcess:2): GLib-GObject-WARNING **: 12:44:29.407: invalid (NULL) pointer instance

(WebKitWebProcess:2): GLib-GObject-CRITICAL **: 12:44:29.407: g_signal_connect_data: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

Pretty sure WebCore::MediaPlayerPrivateGStreamer::sourceSetup is being called with an invalid sourceElement.

I'll attach a full backtrace and a GStreamer debug log. Here's the short backtrace:

#0  _g_log_abort (breakpoint=1) at ../../../../Projects/glib/glib/gmessages.c:559
#1  0x00007fa612eb28e9 in g_logv (log_domain=0x7fa612fed650 "GLib-GObject", log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7fa612f1dd15 "%s: assertion '%s' failed", args=0x7ffc1c9c2438)
    at ../../../../Projects/glib/glib/gmessages.c:1413
#2  0x00007fa612eb29dd in g_log (log_domain=0x7fa612fed650 "GLib-GObject", log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7fa612f1dd15 "%s: assertion '%s' failed") at ../../../../Projects/glib/glib/gmessages.c:1455
#3  0x00007fa612eb49ef in g_return_if_fail_warning (log_domain=0x7fa612fed650 "GLib-GObject", 
    pretty_function=0x7fa612fef450 <__func__.17> "g_signal_connect_data", 
    expression=0x7fa612fed880 "G_TYPE_CHECK_INSTANCE (instance)") at ../../../../Projects/glib/glib/gmessages.c:2891
#4  0x00007fa612fceb83 in g_signal_connect_data (instance=0x0, detailed_signal=0x7fa61a11f46b "element-added", 
    c_handler=0x7fa619e2a5e0 <WebCore::MediaPlayerPrivateGStreamer::uriDecodeBinElementAddedCallback(_GstBin*, _GstElement*, WebCore::MediaPlayerPrivateGStreamer*)>, data=0x7fa6003ed380, destroy_data=0x0, connect_flags=0)
    at ../../../../Projects/glib/gobject/gsignal.c:2571
#5  0x00007fa619e288cb in WebCore::MediaPlayerPrivateGStreamer::sourceSetup (this=0x7fa6003ed380, 
    sourceElement=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME/WTF/Headers/wtf/glib/GRefPtr.h:110
#6  0x00007fa612fb7db2 in g_cclosure_marshal_VOID__OBJECTv (closure=0x201a290, return_value=0x0, instance=0x1fd2070, 
    args=0x7ffc1c9c29b8, marshal_data=0x0, n_params=1, param_types=0x1ff6670)
    at ../../../../Projects/glib/gobject/gmarshal.c:1910
#7  0x00007fa612fb2a99 in _g_closure_invoke_va (closure=0x201a290, return_value=0x0, instance=0x1fd2070, 
    args=0x7ffc1c9c29b8, n_params=1, param_types=0x1ff6670) at ../../../../Projects/glib/gobject/gclosure.c:893
#8  0x00007fa612fd06b2 in g_signal_emit_valist (instance=0x1fd2070, signal_id=247, detail=0, var_args=0x7ffc1c9c29b8)
    at ../../../../Projects/glib/gobject/gsignal.c:3406
#9  0x00007fa612fd1944 in g_signal_emit (instance=0x1fd2070, signal_id=247, detail=0)
    at ../../../../Projects/glib/gobject/gsignal.c:3553
#10 0x00007fa612fb7db2 in g_cclosure_marshal_VOID__OBJECTv (closure=0x2061550, return_value=0x0, instance=0x1983350, 
    args=0x7ffc1c9c2e68, marshal_data=0x0, n_params=1, param_types=0x205be00)
    at ../../../../Projects/glib/gobject/gmarshal.c:1910
#11 0x00007fa612fb2a99 in _g_closure_invoke_va (closure=0x2061550, return_value=0x0, instance=0x1983350, 
    args=0x7ffc1c9c2e68, n_params=1, param_types=0x205be00) at ../../../../Projects/glib/gobject/gclosure.c:893
#12 0x00007fa612fd06b2 in g_signal_emit_valist (instance=0x1983350, signal_id=276, detail=0, var_args=0x7ffc1c9c2e68)
    at ../../../../Projects/glib/gobject/gsignal.c:3406
#13 0x00007fa612fd1944 in g_signal_emit (instance=0x1983350, signal_id=276, detail=0)
    at ../../../../Projects/glib/gobject/gsignal.c:3553
#14 0x00007fa568293cac in gen_source_element (decoder=0x1983350 [GstURIDecodeBin|uridecodebin0])
    at ../gst/playback/gsturidecodebin.c:1400
#15 setup_source (decoder=<optimized out>) at ../gst/playback/gsturidecodebin.c:2253
#16 gst_uri_decode_bin_change_state (element=<optimized out>, transition=<optimized out>)
    at ../gst/playback/gsturidecodebin.c:2876
#17 0x00007fa612094d69 in gst_element_change_state (element=element at entry=0x1983350 [GstURIDecodeBin|uridecodebin0], 
    transition=GST_STATE_CHANGE_READY_TO_PAUSED) at ../gst/gstelement.c:3077
#18 0x00007fa612094bfa in gst_element_continue_state (
    element=element at entry=0x1983350 [GstURIDecodeBin|uridecodebin0], ret=ret at entry=GST_STATE_CHANGE_SUCCESS)
    at ../gst/gstelement.c:2785
#19 0x00007fa612094daf in gst_element_change_state (element=element at entry=0x1983350 [GstURIDecodeBin|uridecodebin0], 
    transition=transition at entry=GST_STATE_CHANGE_NULL_TO_READY) at ../gst/gstelement.c:3116
#20 0x00007fa612095475 in gst_element_set_state_func (element=0x1983350 [GstURIDecodeBin|uridecodebin0], 
    state=GST_STATE_PAUSED) at ../gst/gstelement.c:3031
#21 0x00007fa5682d6edd in activate_group (target=GST_STATE_PAUSED, group=0x1fd2500, 
    playbin=0x1fd2070 [GstPlayBin|media-player-0]) at ../gst/playback/gstplaybin2.c:5513
#22 setup_next_source.constprop.0 (playbin=playbin at entry=0x1fd2070 [GstPlayBin|media-player-0], 
    target=<optimized out>) at ../gst/playback/gstplaybin2.c:5738
#23 0x00007fa5682a8daa in gst_play_bin_change_state (element=0x1fd2070 [GstPlayBin|media-player-0], 
    transition=GST_STATE_CHANGE_READY_TO_PAUSED) at ../gst/playback/gstplaybin2.c:5867
--Type <RET> for more, q to quit, c to continue without paging--c
#24 0x00007fa612094d69 in gst_element_change_state (element=element at entry=0x1fd2070 [GstPlayBin|media-player-0], transition=GST_STATE_CHANGE_READY_TO_PAUSED) at ../gst/gstelement.c:3077
#25 0x00007fa612094bfa in gst_element_continue_state (element=element at entry=0x1fd2070 [GstPlayBin|media-player-0], ret=ret at entry=GST_STATE_CHANGE_SUCCESS) at ../gst/gstelement.c:2785
#26 0x00007fa612094daf in gst_element_change_state (element=element at entry=0x1fd2070 [GstPlayBin|media-player-0], transition=transition at entry=GST_STATE_CHANGE_NULL_TO_READY) at ../gst/gstelement.c:3116
#27 0x00007fa612095475 in gst_element_set_state_func (element=0x1fd2070 [GstPlayBin|media-player-0], state=GST_STATE_PAUSED) at ../gst/gstelement.c:3031
#28 0x00007fa619e27536 in WebCore::MediaPlayerPrivateGStreamer::changePipelineState (this=0x7fa6003ed380, newState=GST_STATE_PAUSED) at /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME/WTF/Headers/wtf/glib/GRefPtr.h:110
#29 0x00007fa619e2b95e in WebCore::MediaPlayerPrivateGStreamer::commitLoad (this=0x7fa6003ed380) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1194
#30 0x00007fa619e37be0 in WebCore::MediaPlayerPrivateGStreamer::load (this=0x7fa6003ed380, urlString=...) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:341
#31 0x00007fa6197aef4f in WebCore::MediaPlayerPrivateInterface::load (url=..., this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/MediaPlayerPrivate.h:49
#32 WebCore::MediaPlayer::loadWithNextMediaEngine (this=this at entry=0x7fa5485b8570, current=current at entry=0x0) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/MediaPlayer.cpp:607
#33 0x00007fa6197af51d in WebCore::MediaPlayer::load (this=0x7fa5485b8570, url=..., contentType=..., keySystem=...) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/MediaPlayer.cpp:486
#34 0x00007fa619293b7b in WebCore::HTMLMediaElement::loadResource (this=<optimized out>, initialURL=..., contentType=..., keySystem=...) at /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME/WTF/Headers/wtf/RawPtrTraits.h:44
#35 0x00007fa619294b81 in WebCore::HTMLMediaElement::loadNextSourceChild (this=0x7fa58c725b70) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/html/HTMLMediaElement.cpp:1453
#36 0x00007fa6190a664a in WTF::Function<void ()>::operator()() const (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/WebKitBuild/GNOME/WTF/Headers/wtf/Function.h:82
#37 WebCore::EventLoopFunctionDispatchTask::execute (this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/dom/EventLoop.cpp:159
#38 WebCore::EventLoop::run (this=this at entry=0x7fa58c0a8a90) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/dom/EventLoop.cpp:123
#39 0x00007fa61912be5d in WebCore::WindowEventLoop::didReachTimeToRun (this=0x7fa58c0a8a90) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/dom/WindowEventLoop.cpp:120
#40 0x00007fa619713a7f in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x7fa601585668) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/ThreadTimers.cpp:127
#41 0x00007fa616528ba5 in operator() (__closure=0x0, userData=userData at entry=0x7fa61aeea2b0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:177
#42 _FUN () at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:181
#43 0x00007fa61652903f in operator() (__closure=0x0, userData=0x7fa61aeea2b0 <WebCore::MainThreadSharedTimer::singleton()::instance+16>, callback=0x7fa616528b30 <_FUN(gpointer)>, source=0x1d0d0c0) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#44 _FUN () at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:56
#45 0x00007fa612ea8004 in g_main_dispatch (context=0x198dd60) at ../../../../Projects/glib/glib/gmain.c:3381
#46 0x00007fa612ea8f57 in g_main_context_dispatch (context=0x198dd60) at ../../../../Projects/glib/glib/gmain.c:4099
#47 0x00007fa612ea9143 in g_main_context_iterate (context=0x198dd60, block=1, dispatch=1, self=0x1970150) at ../../../../Projects/glib/glib/gmain.c:4175
#48 0x00007fa612ea95e0 in g_main_loop_run (loop=0x1a38130) at ../../../../Projects/glib/glib/gmain.c:4373
#49 0x00007fa616529160 in WTF::RunLoop::run () at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#50 0x00007fa61846c33f in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run (argc=3, argv=0x7ffc1c9c3a98, this=0x7ffc1c9c38f0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:70
#51 WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run (argv=0x7ffc1c9c3a98, argc=3, this=0x7ffc1c9c38f0) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:57
#52 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk> (argc=3, argv=0x7ffc1c9c3a98) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:96
#53 0x00007fa612881560 in __libc_start_call_main (main=main at entry=0x400760 <main(int, char**)>, argc=argc at entry=3, argv=argv at entry=0x7ffc1c9c3a98) at ../sysdeps/nptl/libc_start_call_main.h:58
#54 0x00007fa61288160c in __libc_start_main_impl (main=0x400760 <main(int, char**)>, argc=3, argv=0x7ffc1c9c3a98, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffc1c9c3a88) at ../csu/libc-start.c:409
#55 0x0000000000400795 in _start ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211011/72a6c39e/attachment-0001.htm>

More information about the webkit-unassigned mailing list