Bug 223514 - [GStreamer] Crash in WebCore::MediaSourcePrivateGStreamer::removeSourceBuffer
Summary: [GStreamer] Crash in WebCore::MediaSourcePrivateGStreamer::removeSourceBuffer
Status: RESOLVED DUPLICATE of bug 220091
Alias: None
Product: WebKit
Classification: Unclassified
Component: Media (show other bugs)
Version: WebKit Nightly Build
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-19 07:44 PDT by Michael Catanzaro
Modified: 2021-03-21 10:53 PDT (History)
4 users (show)

See Also:


Attachments
bt full (309.87 KB, text/plain)
2021-03-19 07:46 PDT, Michael Catanzaro
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Catanzaro 2021-03-19 07:44:48 PDT
This happened after playing a YouTube video with 2.31.91, the web process crashed right after the video ended. Will attach a full backtrace. No GStreamer debug logs since I cannot reproduce it.

   #0  0x00007fe2e0d25804 in WTF::HashTable<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> >, WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> >, WTF::IdentityExtractor, WTF::DefaultHash<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > >, WTF::HashTraits<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > >, WTF::HashTraits<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > > >::find<WTF::IdentityHashTranslator<WTF::HashTraits<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > >, WTF::DefaultHash<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > > >, WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > >(WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > const&) const (this=0x30, key=...) at DerivedSources/ForwardingHeaders/wtf/HashTable.h:1079
#1  0x00007fe2e0d253f9 in WTF::HashTable<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> >, WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> >, WTF::IdentityExtractor, WTF::DefaultHash<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > >, WTF::HashTraits<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > >, WTF::HashTraits<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > > >::find(WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > const&) const (key=..., this=0x30) at DerivedSources/ForwardingHeaders/wtf/HashTable.h:476
#2  WTF::HashSet<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> >, WTF::DefaultHash<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > >, WTF::HashTraits<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > > >::find(WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > const&) const (value=..., this=0x30)
    at DerivedSources/ForwardingHeaders/wtf/HashSet.h:213
#3  WTF::HashSet<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> >, WTF::DefaultHash<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > >, WTF::HashTraits<WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > > >::remove(WTF::RefPtr<WebCore::SourceBufferPrivateGStreamer, WTF::RawPtrTraits<WebCore::SourceBufferPrivateGStreamer>, WTF::DefaultRefDerefTraits<WebCore::SourceBufferPrivateGStreamer> > const&) (value=..., this=0x30)
    at DerivedSources/ForwardingHeaders/wtf/HashSet.h:300
#4  WebCore::MediaSourcePrivateGStreamer::removeSourceBuffer(WebCore::SourceBufferPrivate*)
    (this=0x0, sourceBufferPrivate=sourceBufferPrivate@entry=0x7fe0d293e740)
    at ../Source/WebCore/platform/graphics/gstreamer/mse/MediaSourcePrivateGStreamer.cpp:92
#5  0x00007fe2e0d29481 in WebCore::SourceBufferPrivateGStreamer::removedFromMediaSource() (this=0x7fe0d293e740)
    at ../Source/WebCore/platform/graphics/gstreamer/mse/SourceBufferPrivateGStreamer.cpp:107
#6  0x00007fe2dfadc0ed in WebCore::SourceBuffer::removedFromMediaSource() (this=this@entry=0x7fe22421b950)
    at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#7  0x00007fe2dfad3556 in WebCore::MediaSource::removeSourceBuffer(WebCore::SourceBuffer&)
--Type <RET> for more, q to quit, c to continue without paging--c
    (this=this@entry=0x7fe26402e130, buffer=...) at ../Source/WebCore/Modules/mediasource/MediaSource.cpp:911
#8  0x00007fe2dfad37a6 in WebCore::MediaSource::detachFromElement(WebCore::HTMLMediaElement&) (this=0x7fe26402e130, element=...) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#9  0x00007fe2e0149c9c in WebCore::HTMLMediaElement::detachMediaSource() (this=this@entry=0x7fe264665840) at ../Source/WebCore/html/HTMLMediaElement.cpp:3591
#10 0x00007fe2e0150c3b in WebCore::HTMLMediaElement::mediaLoadingFailedFatally(WebCore::MediaPlayerEnums::NetworkState) (this=0x7fe264665840, error=<optimized out>) at ../Source/WebCore/html/HTMLMediaElement.cpp:2104
#11 0x00007fe2e0d25161 in WebCore::MediaSourcePrivateGStreamer::open(WebCore::MediaSourcePrivateClient&, WebCore::MediaPlayerPrivateGStreamerMSE&) (mediaSource=..., playerPrivate=...) at DerivedSources/ForwardingHeaders/wtf/Ref.h:268
#12 0x00007fe2e0d204eb in WebCore::MediaPlayerPrivateGStreamerMSE::sourceSetup(_GstElement*) (this=0x7fe100221700, sourceElement=0x558e87b06370 [WebKitMediaSrc]) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#13 0x00007fe2d9ff2f75 in ffi_call_unix64 () at ../src/x86/unix64.S:101
#14 0x00007fe2d9ff2369 in ffi_call_int (cif=<optimized out>, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:669
#19 0x00007fe2de0c79c3 in <emit signal ??? on instance 0x558e87ac0120 [GstPlayBin]> (instance=instance@entry=0x558e87ac0120, signal_id=<optimized out>, detail=detail@entry=0) at ../gobject/gsignal.c:3553
    #15 0x00007fe2de0aea0c in g_cclosure_marshal_generic (closure=closure@entry=0x558e87ac2810, return_gvalue=return_gvalue@entry=0x0, n_param_values=n_param_values@entry=2, param_values=param_values@entry=0x7ffc160386c0, invocation_hint=invocation_hint@entry=0x7ffc16038640, marshal_data=marshal_data@entry=0x0) at ../gobject/gclosure.c:1510
    #16 0x00007fe2de0adf3f in g_closure_invoke (closure=0x558e87ac2810, return_value=return_value@entry=0x0, n_param_values=2, param_values=param_values@entry=0x7ffc160386c0, invocation_hint=invocation_hint@entry=0x7ffc16038640) at ../gobject/gclosure.c:810
    #17 0x00007fe2de0c0d4b in signal_emit_unlocked_R (node=node@entry=0x558e873b1760, detail=detail@entry=0, instance=instance@entry=0x558e87ac0120, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc160386c0) at ../gobject/gsignal.c:3741
    #18 0x00007fe2de0c7861 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc16038860) at ../gobject/gsignal.c:3497
#20 0x00007fe25c5a877b in notify_source_cb (uridecodebin=<optimized out>, pspec=<optimized out>, group=<optimized out>) at ../gst/playback/gstplaybin2.c:5226
#24 0x00007fe2de0c79c3 in <emit signal notify:source on instance 0x558e873255b0 [GstURIDecodeBin]> (instance=instance@entry=0x558e873255b0, signal_id=<optimized out>, detail=<optimized out>) at ../gobject/gsignal.c:3553
    #21 0x00007fe2de0adf3f in g_closure_invoke (closure=0x558e8780a440, return_value=return_value@entry=0x0, n_param_values=2, param_values=param_values@entry=0x7ffc16038b00, invocation_hint=invocation_hint@entry=0x7ffc16038a80) at ../gobject/gclosure.c:810
    #22 0x00007fe2de0c0d4b in signal_emit_unlocked_R (node=node@entry=0x558e8730f990, detail=detail@entry=3090, instance=instance@entry=0x558e873255b0, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7ffc16038b00) at ../gobject/gsignal.c:3741
    #23 0x00007fe2de0c7861 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffc16038ca0) at ../gobject/gsignal.c:3497
#25 0x00007fe2de0b2b54 in g_object_dispatch_properties_changed (object=0x558e873255b0 [GstURIDecodeBin], n_pspecs=<optimized out>, pspecs=<optimized out>) at ../gobject/gobject.c:1206
#26 0x00007fe2db3cbb98 in gst_object_dispatch_properties_changed (object=0x558e873255b0 [GstURIDecodeBin], n_pspecs=1, pspecs=0x7ffc16038e10) at ../gst/gstobject.c:454
#27 0x00007fe2de0b4baa in g_object_notify_by_spec_internal (pspec=<optimized out>, object=0x558e873255b0 [GstURIDecodeBin]) at ../gobject/gobject.c:1299
#28 g_object_notify (object=0x558e873255b0 [GstURIDecodeBin], property_name=0x7fe25c5ddeae "source") at ../gobject/gobject.c:1347
#29 0x00007fe25c590d2a in setup_source (decoder=<optimized out>) at ../gst/playback/gsturidecodebin.c:2209
#30 gst_uri_decode_bin_change_state (element=<optimized out>, transition=<optimized out>) at ../gst/playback/gsturidecodebin.c:2821
#31 0x00007fe2db3f9b32 in gst_element_change_state (element=element@entry=0x558e873255b0 [GstURIDecodeBin], transition=transition@entry=GST_STATE_CHANGE_READY_TO_PAUSED) at ../gst/gstelement.c:2965
#32 0x00007fe2db3fa27d in gst_element_set_state_func (element=0x558e873255b0 [GstURIDecodeBin], state=GST_STATE_PAUSED) at ../gst/gstelement.c:2919
#33 0x00007fe25c5ac65a in activate_group (target=GST_STATE_PAUSED, group=0x558e87ac05a8, playbin=0x558e87ac0120 [GstPlayBin]) at ../gst/playback/gstplaybin2.c:5467
#34 setup_next_source (playbin=playbin@entry=0x558e87ac0120 [GstPlayBin], target=<optimized out>) at ../gst/playback/gstplaybin2.c:5691
#35 0x00007fe25c5ad39a in gst_play_bin_change_state (element=0x558e87ac0120 [GstPlayBin], transition=<optimized out>) at ../gst/playback/gstplaybin2.c:5820
#36 0x00007fe2db3f9b32 in gst_element_change_state (element=element@entry=0x558e87ac0120 [GstPlayBin], transition=transition@entry=GST_STATE_CHANGE_READY_TO_PAUSED) at ../gst/gstelement.c:2965
#37 0x00007fe2db3fa27d in gst_element_set_state_func (element=0x558e87ac0120 [GstPlayBin], state=GST_STATE_PLAYING) at ../gst/gstelement.c:2919
#38 0x00007fe2e0d04dae in WebCore::MediaPlayerPrivateGStreamer::changePipelineState(GstState) (this=0x7fe100221700, newState=GST_STATE_PLAYING) at DerivedSources/ForwardingHeaders/wtf/glib/GRefPtr.h:104
#39 0x00007fe2e0d08938 in WebCore::MediaPlayerPrivateGStreamer::play() (this=0x7fe100221700) at ../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:431
#40 0x00007fe2e016a2dd in WebCore::HTMLMediaElement::updatePlayState() (this=0x7fe264665840) at DerivedSources/ForwardingHeaders/wtf/RawPtrTraits.h:43
#41 WebCore::HTMLMediaElement::updatePlayState() (this=0x7fe264665840) at ../Source/WebCore/html/HTMLMediaElement.cpp:5287
#42 0x00007fe2e016a950 in WebCore::HTMLMediaElement::play(WebCore::DOMPromiseDeferred<void>&&) (this=0x7fe264665840, promise=...) at ../Source/WebCore/html/HTMLMediaElement.cpp:3440
#43 0x00007fe2df5217f7 in WebCore::jsHTMLMediaElementPrototypeFunction_playBody (lexicalGlobalObject=0x7fe2243f3068, callFrame=0x7ffc16039250, promise=..., castedThis=<optimized out>) at DerivedSources/ForwardingHeaders/wtf/Ref.h:127
#44 operator() (promise=..., callFrame=..., lexicalGlobalObject=..., this=<synthetic pointer>) at ../Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h:50
#45 WebCore::callPromiseFunction<WebCore::IDLOperationReturningPromise<JSClass>::call<WebCore::jsHTMLMediaElementPrototypeFunction_playBody, (WebCore::CastedThisErrorBehavior)2>::<lambda(JSC::JSGlobalObject&, JSC::CallFrame&, WTF::Ref<WebCore::DeferredPromise>&&)> > (functor=..., callFrame=..., lexicalGlobalObject=...) at ../Source/WebCore/bindings/js/JSDOMPromiseDeferred.h:340
#46 WebCore::IDLOperationReturningPromise<WebCore::JSHTMLMediaElement>::call<WebCore::jsHTMLMediaElementPrototypeFunction_playBody> (operationName=0x7fe2e1006f2a "play", callFrame=..., lexicalGlobalObject=...) at ../Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h:41
#47 WebCore::jsHTMLMediaElementPrototypeFunction_play(JSC::JSGlobalObject*, JSC::CallFrame*) (lexicalGlobalObject=0x7fe2243f3068, callFrame=0x7ffc16039250) at DerivedSources/WebCore/JSHTMLMediaElement.cpp:1467
#48 0x00007fe287fff1d8 in  ()
#49 0x00007ffc160392c0 in  ()
#50 0x00007fe2dcb73aa7 in llint_op_call () at /usr/lib/debug/source/sdk/webkitgtk.bst/Source/JavaScriptCore/llint/LowLevelInterpreter.asm:1093
#51 0x0000000000000000 in  ()
Comment 1 Michael Catanzaro 2021-03-19 07:46:00 PDT
Created attachment 423730 [details]
bt full
Comment 2 Philippe Normand 2021-03-21 09:32:05 PDT
Another dupe of bug 220091 I suspect.
Comment 3 Michael Catanzaro 2021-03-21 10:53:38 PDT
Let's assume so.

*** This bug has been marked as a duplicate of bug 220091 ***