After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 699124 - vorbisdec: crash on shutdown in webkit unit test
vorbisdec: crash on shutdown in webkit unit test
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-base
1.0.7
Other Linux
: Normal critical
: 1.1.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
: 700399 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2013-04-28 12:20 UTC by Xabier Rodríguez Calvar
Modified: 2013-05-28 06:58 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Pipeline graph (34.42 KB, image/png)
2013-04-30 11:45 UTC, Xabier Rodríguez Calvar
Details

Description Xabier Rodríguez Calvar 2013-04-28 12:20:15 UTC
I found the crash at vorbis decoder when running WebKit test media/W3C/video/paused/paused_true_during_pause.html as part of https://bugs.webkit.org/show_bug.cgi?id=115166

Backtrace is the following:

Thread 14 (Thread 0x7f283aa789a0 (LWP 23665))

  • #0 __lll_lock_wait
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S line 136
  • #1 _L_lock_997
    from /lib/x86_64-linux-gnu/libpthread.so.0
  • #2 __pthread_mutex_lock
    at pthread_mutex_lock.c line 82
  • #3 post_activate
    at gstpad.c line 886
  • #4 gst_pad_activate_mode
    at gstpad.c line 1067
  • #5 gst_pad_set_active
    at gstpad.c line 949
  • #6 activate_pads
    at gstelement.c line 2679
  • #7 gst_iterator_fold
    at gstiterator.c line 614
  • #8 iterator_activate_fold_with_resync
    at gstelement.c line 2699
  • #9 gst_element_pads_activate
    at gstelement.c line 2743
  • #10 gst_element_change_state_func
    at gstelement.c line 2807
  • #11 gst_audio_decoder_change_state
    at gstaudiodecoder.c line 2419
  • #12 gst_element_change_state
    at gstelement.c line 2594
  • #13 gst_element_set_state_func
    at gstelement.c line 2550
  • #14 gst_bin_element_set_state
    at gstbin.c line 2292
  • #15 gst_bin_change_state_func
    at gstbin.c line 2594
  • #16 gst_decode_bin_change_state
    at gstdecodebin2.c line 4189
  • #17 gst_element_change_state
    at gstelement.c line 2594
  • #18 gst_element_set_state_func
    at gstelement.c line 2550
  • #19 gst_bin_element_set_state
    at gstbin.c line 2292
  • #20 gst_bin_change_state_func
    at gstbin.c line 2594
  • #21 gst_uri_decode_bin_change_state
    at gsturidecodebin.c line 2579
  • #22 gst_element_change_state
    at gstelement.c line 2594
  • #23 gst_element_set_state_func
    at gstelement.c line 2550
  • #24 gst_bin_element_set_state
    at gstbin.c line 2292
  • #25 gst_bin_change_state_func
    at gstbin.c line 2594
  • #26 gst_pipeline_change_state
    at gstpipeline.c line 471
  • #27 gst_play_bin_change_state
    at gstplaybin2.c line 4151
  • #28 gst_element_change_state
    at gstelement.c line 2594
  • #29 gst_element_set_state_func
    at gstelement.c line 2550
  • #30 WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer
    at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp line 251
  • #31 WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer
    at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp line 263
  • #32 WTF::deleteOwnedPtr<WebCore::MediaPlayerPrivateInterface>
    at ../../Source/WTF/wtf/OwnPtrCommon.h line 63
  • #33 WTF::OwnPtr<WebCore::MediaPlayerPrivateInterface>::~OwnPtr
    at ../../Source/WTF/wtf/OwnPtr.h line 63
  • #34 WebCore::MediaPlayer::~MediaPlayer
    at ../../Source/WebCore/platform/graphics/MediaPlayer.cpp line 357
  • #35 WebCore::MediaPlayer::~MediaPlayer
    at ../../Source/WebCore/platform/graphics/MediaPlayer.cpp line 360
  • #36 WTF::deleteOwnedPtr<WebCore::MediaPlayer>
    at ../../Source/WTF/wtf/OwnPtrCommon.h line 63
  • #37 WTF::OwnPtr<WebCore::MediaPlayer>::clear
    at ../../Source/WTF/wtf/OwnPtr.h line 119
  • #38 WebCore::HTMLMediaElement::clearMediaPlayer
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4080
  • #39 WebCore::HTMLMediaElement::userCancelledLoad
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4023
  • #40 WebCore::HTMLMediaElement::stop
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4106
  • #41 WebCore::ScriptExecutionContext::stopActiveDOMObjects
    at ../../Source/WebCore/dom/ScriptExecutionContext.cpp line 219
  • #42 WebCore::Document::detach
    at ../../Source/WebCore/dom/Document.cpp line 2104
  • #43 WebCore::Document::prepareForDestruction
    at ../../Source/WebCore/dom/Document.cpp line 2171
  • #44 WebCore::Frame::setView
    at ../../Source/WebCore/page/Frame.cpp line 264
  • #45 WebCore::Frame::createView
    at ../../Source/WebCore/page/Frame.cpp line 775
  • #46 WebKit::FrameLoaderClient::transitionToCommittedForNewPage
    at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp line 1264
  • #47 WebCore::FrameLoader::transitionToCommitted
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1854
  • #48 WebCore::FrameLoader::commitProvisionalLoad
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1696
  • #49 WebCore::DocumentLoader::commitIfReady
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 322
  • #50 WebCore::DocumentLoader::finishedLoading
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 389
  • #51 WebCore::DocumentLoader::maybeLoadEmpty
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 1325
  • #52 WebCore::DocumentLoader::startLoadingMainResource
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 1337
  • #53 WebCore::FrameLoader::continueLoadAfterWillSubmitForm
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2216
  • #54 WebCore::FrameLoader::continueLoadAfterNavigationPolicy
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2827
  • #55 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2697
  • #56 WebCore::PolicyCallback::call
    at ../../Source/WebCore/loader/PolicyCallback.cpp line 103
  • #57 WebCore::PolicyChecker::continueAfterNavigationPolicy
    at ../../Source/WebCore/loader/PolicyChecker.cpp line 180
  • #58 webkit_web_policy_decision_use
    at ../../Source/WebKit/gtk/webkit/webkitwebpolicydecision.cpp line 88
  • #59 WebKit::FrameLoaderClient::dispatchDecidePolicyForNavigationAction
  • #60 WebCore::PolicyChecker::checkNavigationPolicy
  • #61 WebCore::FrameLoader::loadWithDocumentLoader
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1395
  • #62 WebCore::FrameLoader::load
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1336
  • #63 WebCore::FrameLoader::load
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1286
  • #64 webkit_web_frame_load_uri
    at ../../Source/WebKit/gtk/webkit/webkitwebframe.cpp line 679
  • #65 webkit_web_view_load_uri
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp line 4253
  • #66 webkit_web_view_open
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp line 4213
  • #67 runTest
    at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp line 791
  • #68 main
    at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp line 1514

Thread 1 (Thread 0x7f26cdb23700 (LWP 23706))

  • #0 copy_samples_s
    at gstvorbisdeclib.c line 55
  • #1 vorbis_handle_data_packet
    at gstvorbisdec.c line 498
  • #2 vorbis_dec_handle_frame
    at gstvorbisdec.c line 596
  • #3 gst_audio_decoder_push_buffers
    at gstaudiodecoder.c line 1271
  • #4 gst_audio_decoder_chain_forward
    at gstaudiodecoder.c line 1374
  • #5 gst_audio_decoder_chain
    at gstaudiodecoder.c line 1635
  • #6 gst_pad_chain_data_unchecked
    at gstpad.c line 3655
  • #7 gst_pad_push_data
    at gstpad.c line 3872
  • #8 gst_pad_push
    at gstpad.c line 3975
  • #9 gst_single_queue_push_one
    at gstmultiqueue.c line 1057
  • #10 gst_multi_queue_loop
    at gstmultiqueue.c line 1303
  • #11 gst_task_func
    at gsttask.c line 316
  • #12 g_thread_pool_thread_proxy
    at gthreadpool.c line 309
  • #13 g_thread_proxy
    at gthread.c line 798
  • #14 start_thread
    at pthread_create.c line 304
  • #15 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #16 ??

This causes a test timeout 18/1000 times and 6/1000 end up in a crash like this. With 1.0.4 this was working fine 1000/1000. If you need more info, I would be glad providing it.
Comment 1 Tim-Philipp Müller 2013-04-28 17:25:29 UTC
Do you get any criticals on stdout when that happens? Could you attach a xz -9 zipped GST_DEBUG=*:6 debug log?

Clearly the reason for the crash is that 'out' in copy_samples_s() is NULL, but I wonder if it happens because the allocator returned NULL or because the buffer could not be mapped as writable. It's a bit unfortunate that we can't differentiate between 'error' and 'shutting down/flushing' in the buffer/alloc API.
Comment 2 Sebastian Dröge (slomo) 2013-04-29 07:31:39 UTC
I can't remember any changes that could've caused a regression like this, especially there were no changes in the vorbis plugin since then.

If the allocator returned NULL there would've been a g_critical() when mapping, and mapping also never returns NULL for system memory (unless it's mapped already incompatibly with the requested mapping flags).

Is WebKit using/providing a custom allocator somewhere, and especially one that is used for the audio part of the pipeline?
Comment 3 Xabier Rodríguez Calvar 2013-04-29 10:27:10 UTC
(In reply to comment #2)
> Is WebKit using/providing a custom allocator somewhere, and especially one that
> is used for the audio part of the pipeline?

Nope.
Comment 4 Tim-Philipp Müller 2013-04-29 10:36:09 UTC
Sebastian: I don't think it's a regression, it sounds to me like it's only being noticed now because of timing changes in the unit test. I suspect the bug existed all along (we had similar issues in the video class IIRC).

I don't quite understand why the system memory allocator would return NULL though. Not sure that can happen. There must be some other issue then, like what I mentioned.

Could you provide the info I requested in comment #1 ?
Comment 5 Xabier Rodríguez Calvar 2013-04-29 19:07:20 UTC
(In reply to comment #1)
> Do you get any criticals on stdout when that happens?

(DumpRenderTree:19890): GStreamer-CRITICAL **: gst_buffer_map_range: assertion `GST_IS_BUFFER (buffer)' failed
Comment 6 Sebastian Dröge (slomo) 2013-04-29 19:11:41 UTC
Ok, could you get a debug log for this? It really shouldn't happen at all and currently I don't see how it could happen in this situation
Comment 7 Xabier Rodríguez Calvar 2013-04-30 07:52:09 UTC
Reproducing with log is harder, but I managed to do it with G_DEBUG=fatal_warnings


Thread 14 (Thread 0x7f71169789a0 (LWP 11118))

  • #0 __lll_lock_wait
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S line 136
  • #1 _L_lock_997
    from /lib/x86_64-linux-gnu/libpthread.so.0
  • #2 __pthread_mutex_lock
    at pthread_mutex_lock.c line 82
  • #3 post_activate
    at gstpad.c line 886
  • #4 gst_pad_activate_mode
    at gstpad.c line 1067
  • #5 gst_pad_set_active
    at gstpad.c line 949
  • #6 activate_pads
    at gstelement.c line 2679
  • #7 gst_iterator_fold
    at gstiterator.c line 614
  • #8 iterator_activate_fold_with_resync
    at gstelement.c line 2699
  • #9 gst_element_pads_activate
    at gstelement.c line 2743
  • #10 gst_element_change_state_func
    at gstelement.c line 2807
  • #11 gst_audio_decoder_change_state
    at gstaudiodecoder.c line 2419
  • #12 gst_element_change_state
    at gstelement.c line 2594
  • #13 gst_element_set_state_func
    at gstelement.c line 2550
  • #14 gst_bin_element_set_state
    at gstbin.c line 2292
  • #15 gst_bin_change_state_func
    at gstbin.c line 2594
  • #16 gst_decode_bin_change_state
    at gstdecodebin2.c line 4189
  • #17 gst_element_change_state
    at gstelement.c line 2594
  • #18 gst_element_set_state_func
    at gstelement.c line 2550
  • #19 gst_bin_element_set_state
    at gstbin.c line 2292
  • #20 gst_bin_change_state_func
    at gstbin.c line 2594
  • #21 gst_uri_decode_bin_change_state
    at gsturidecodebin.c line 2579
  • #22 gst_element_change_state
    at gstelement.c line 2594
  • #23 gst_element_set_state_func
    at gstelement.c line 2550
  • #24 gst_bin_element_set_state
    at gstbin.c line 2292
  • #25 gst_bin_change_state_func
    at gstbin.c line 2594
  • #26 gst_pipeline_change_state
    at gstpipeline.c line 471
  • #27 gst_play_bin_change_state
    at gstplaybin2.c line 4151
  • #28 gst_element_change_state
    at gstelement.c line 2594
  • #29 gst_element_set_state_func
    at gstelement.c line 2550
  • #30 WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer
    at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp line 251
  • #31 WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer
    at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp line 263
  • #32 WTF::deleteOwnedPtr<WebCore::MediaPlayerPrivateInterface>
    at ../../Source/WTF/wtf/OwnPtrCommon.h line 63
  • #33 WTF::OwnPtr<WebCore::MediaPlayerPrivateInterface>::~OwnPtr
    at ../../Source/WTF/wtf/OwnPtr.h line 63
  • #34 WebCore::MediaPlayer::~MediaPlayer
    at ../../Source/WebCore/platform/graphics/MediaPlayer.cpp line 357
  • #35 WebCore::MediaPlayer::~MediaPlayer
    at ../../Source/WebCore/platform/graphics/MediaPlayer.cpp line 360
  • #36 WTF::deleteOwnedPtr<WebCore::MediaPlayer>
    at ../../Source/WTF/wtf/OwnPtrCommon.h line 63
  • #37 WTF::OwnPtr<WebCore::MediaPlayer>::clear
    at ../../Source/WTF/wtf/OwnPtr.h line 119
  • #38 WebCore::HTMLMediaElement::clearMediaPlayer
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4080
  • #39 WebCore::HTMLMediaElement::userCancelledLoad
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4023
  • #40 WebCore::HTMLMediaElement::stop
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4106
  • #41 WebCore::ScriptExecutionContext::stopActiveDOMObjects
    at ../../Source/WebCore/dom/ScriptExecutionContext.cpp line 219
  • #42 WebCore::Document::detach
    at ../../Source/WebCore/dom/Document.cpp line 2051
  • #43 WebCore::Document::prepareForDestruction
    at ../../Source/WebCore/dom/Document.cpp line 2118
  • #44 WebCore::Frame::setView
    at ../../Source/WebCore/page/Frame.cpp line 264
  • #45 WebCore::Frame::createView
    at ../../Source/WebCore/page/Frame.cpp line 775
  • #46 WebKit::FrameLoaderClient::transitionToCommittedForNewPage
    at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp line 1264
  • #47 WebCore::FrameLoader::transitionToCommitted
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1854
  • #48 WebCore::FrameLoader::commitProvisionalLoad
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1696
  • #49 WebCore::DocumentLoader::commitIfReady
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 322
  • #50 WebCore::DocumentLoader::finishedLoading
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 389
  • #51 WebCore::DocumentLoader::maybeLoadEmpty
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 1325
  • #52 WebCore::DocumentLoader::startLoadingMainResource
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 1337
  • #53 WebCore::FrameLoader::continueLoadAfterWillSubmitForm
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2216
  • #54 WebCore::FrameLoader::continueLoadAfterNavigationPolicy
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2827
  • #55 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2697
  • #56 WebCore::PolicyCallback::call
    at ../../Source/WebCore/loader/PolicyCallback.cpp line 103
  • #57 WebCore::PolicyChecker::continueAfterNavigationPolicy
    at ../../Source/WebCore/loader/PolicyChecker.cpp line 180
  • #58 webkit_web_policy_decision_use
    at ../../Source/WebKit/gtk/webkit/webkitwebpolicydecision.cpp line 88
  • #59 WebKit::FrameLoaderClient::dispatchDecidePolicyForNavigationAction
  • #60 WebCore::PolicyChecker::checkNavigationPolicy
  • #61 WebCore::FrameLoader::loadWithDocumentLoader
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1395
  • #62 WebCore::FrameLoader::load
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1336
  • #63 WebCore::FrameLoader::load
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1286
  • #64 webkit_web_frame_load_uri
    at ../../Source/WebKit/gtk/webkit/webkitwebframe.cpp line 679
  • #65 webkit_web_view_load_uri
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp line 4253
  • #66 webkit_web_view_open
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp line 4213
  • #67 runTest
    at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp line 791
  • #68 main
    at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp line 1514

Thread 9 (Thread 0x7f6fba4a2700 (LWP 11158))

  • #0 _int_malloc
    at malloc.c line 4709
  • #1 __libc_calloc
    at malloc.c line 4065
  • #2 ??
    from /usr/lib/x86_64-linux-gnu/libtheoradec.so.1
  • #3 th_decode_alloc
    from /usr/lib/x86_64-linux-gnu/libtheoradec.so.1
  • #4 theora_handle_type_packet
    at gsttheoradec.c line 460
  • #5 theora_handle_header_packet
    at gsttheoradec.c line 539
  • #6 theora_dec_decode_buffer
    at gsttheoradec.c line 788
  • #7 theora_dec_handle_frame
    at gsttheoradec.c line 812
  • #8 gst_video_decoder_decode_frame
    at gstvideodecoder.c line 2689
  • #9 gst_video_decoder_have_frame
    at gstvideodecoder.c line 2626
  • #10 gst_video_decoder_chain_forward
    at gstvideodecoder.c line 1728
  • #11 gst_video_decoder_chain
    at gstvideodecoder.c line 1972
  • #12 gst_pad_chain_data_unchecked
    at gstpad.c line 3655
  • #13 gst_pad_push_data
    at gstpad.c line 3872
  • #14 gst_pad_push
    at gstpad.c line 3975
  • #15 gst_single_queue_push_one
    at gstmultiqueue.c line 1057
  • #16 gst_multi_queue_loop
    at gstmultiqueue.c line 1303
  • #17 gst_task_func
    at gsttask.c line 316
  • #18 g_thread_pool_thread_proxy
    at gthreadpool.c line 309
  • #19 g_thread_proxy
    at gthread.c line 798
  • #20 start_thread
    at pthread_create.c line 304
  • #21 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #22 ??

Thread 1 (Thread 0x7f6fb981e700 (LWP 11159))

  • #0 g_logv
    at gmessages.c line 981
  • #1 g_log
    at gmessages.c line 1010
  • #2 g_return_if_fail_warning
  • #3 gst_buffer_map_range
    at gstbuffer.c line 1402
  • #4 gst_buffer_map
    at gstbuffer.c line 1366
  • #5 vorbis_handle_data_packet
    at gstvorbisdec.c line 481
  • #6 vorbis_dec_handle_frame
    at gstvorbisdec.c line 596
  • #7 gst_audio_decoder_push_buffers
    at gstaudiodecoder.c line 1271
  • #8 gst_audio_decoder_chain_forward
    at gstaudiodecoder.c line 1374
  • #9 gst_audio_decoder_chain
    at gstaudiodecoder.c line 1635
  • #10 gst_pad_chain_data_unchecked
    at gstpad.c line 3655
  • #11 gst_pad_push_data
    at gstpad.c line 3872
  • #12 gst_pad_push
    at gstpad.c line 3975
  • #13 gst_single_queue_push_one
    at gstmultiqueue.c line 1057
  • #14 gst_multi_queue_loop
    at gstmultiqueue.c line 1303
  • #15 gst_task_func
    at gsttask.c line 316
  • #16 g_thread_pool_thread_proxy
    at gthreadpool.c line 309
  • #17 g_thread_proxy
    at gthread.c line 798
  • #18 start_thread
    at pthread_create.c line 304
  • #19 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #20 ??

Comment 8 Xabier Rodríguez Calvar 2013-04-30 11:45:26 UTC
Created attachment 242902 [details]
Pipeline graph

Attaching the png with the pipeline graph as suggested by Sebastian. I think the backtrace is the same, but just in case...

Thread 14 (Thread 0x7ffe8bd0f700 (LWP 3067))

  • #0 copy_samples_s
    at gstvorbisdeclib.c line 55
  • #1 vorbis_handle_data_packet
    at gstvorbisdec.c line 498
  • #2 vorbis_dec_handle_frame
    at gstvorbisdec.c line 596
  • #3 gst_audio_decoder_push_buffers
    at gstaudiodecoder.c line 1271
  • #4 gst_audio_decoder_chain_forward
    at gstaudiodecoder.c line 1374
  • #5 gst_audio_decoder_chain
    at gstaudiodecoder.c line 1635
  • #6 gst_pad_chain_data_unchecked
    at gstpad.c line 3655
  • #7 gst_pad_push_data
    at gstpad.c line 3872
  • #8 gst_pad_push
    at gstpad.c line 3975
  • #9 gst_single_queue_push_one
    at gstmultiqueue.c line 1057
  • #10 gst_multi_queue_loop
    at gstmultiqueue.c line 1303
  • #11 gst_task_func
    at gsttask.c line 316
  • #12 g_thread_pool_thread_proxy
    at gthreadpool.c line 309
  • #13 g_thread_proxy
    at gthread.c line 798
  • #14 start_thread
    at pthread_create.c line 304
  • #15 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #16 ??

Thread 1 (Thread 0x7fffe86589a0 (LWP 3007))

  • #0 __lll_lock_wait
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S line 136
  • #1 _L_lock_997
    from /lib/x86_64-linux-gnu/libpthread.so.0
  • #2 __pthread_mutex_lock
    at pthread_mutex_lock.c line 82
  • #3 post_activate
    at gstpad.c line 886
  • #4 gst_pad_activate_mode
    at gstpad.c line 1067
  • #5 gst_pad_set_active
    at gstpad.c line 949
  • #6 activate_pads
    at gstelement.c line 2679
  • #7 gst_iterator_fold
    at gstiterator.c line 614
  • #8 iterator_activate_fold_with_resync
    at gstelement.c line 2699
  • #9 gst_element_pads_activate
    at gstelement.c line 2743
  • #10 gst_element_change_state_func
    at gstelement.c line 2807
  • #11 gst_audio_decoder_change_state
    at gstaudiodecoder.c line 2419
  • #12 gst_element_change_state
    at gstelement.c line 2594
  • #13 gst_element_set_state_func
    at gstelement.c line 2550
  • #14 gst_bin_element_set_state
    at gstbin.c line 2292
  • #15 gst_bin_change_state_func
    at gstbin.c line 2594
  • #16 gst_decode_bin_change_state
    at gstdecodebin2.c line 4189
  • #17 gst_element_change_state
    at gstelement.c line 2594
  • #18 gst_element_set_state_func
    at gstelement.c line 2550
  • #19 gst_bin_element_set_state
    at gstbin.c line 2292
  • #20 gst_bin_change_state_func
    at gstbin.c line 2594
  • #21 gst_uri_decode_bin_change_state
    at gsturidecodebin.c line 2579
  • #22 gst_element_change_state
    at gstelement.c line 2594
  • #23 gst_element_set_state_func
    at gstelement.c line 2550
  • #24 gst_bin_element_set_state
    at gstbin.c line 2292
  • #25 gst_bin_change_state_func
    at gstbin.c line 2594
  • #26 gst_pipeline_change_state
    at gstpipeline.c line 471
  • #27 gst_play_bin_change_state
    at gstplaybin2.c line 4151
  • #28 gst_element_change_state
    at gstelement.c line 2594
  • #29 gst_element_set_state_func
    at gstelement.c line 2550
  • #30 WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer
    at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp line 251
  • #31 WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer
    at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp line 263
  • #32 WTF::deleteOwnedPtr<WebCore::MediaPlayerPrivateInterface>
    at ../../Source/WTF/wtf/OwnPtrCommon.h line 63
  • #33 WTF::OwnPtr<WebCore::MediaPlayerPrivateInterface>::~OwnPtr
    at ../../Source/WTF/wtf/OwnPtr.h line 63
  • #34 WebCore::MediaPlayer::~MediaPlayer
    at ../../Source/WebCore/platform/graphics/MediaPlayer.cpp line 357
  • #35 WebCore::MediaPlayer::~MediaPlayer
    at ../../Source/WebCore/platform/graphics/MediaPlayer.cpp line 360
  • #36 WTF::deleteOwnedPtr<WebCore::MediaPlayer>
    at ../../Source/WTF/wtf/OwnPtrCommon.h line 63
  • #37 WTF::OwnPtr<WebCore::MediaPlayer>::clear
    at ../../Source/WTF/wtf/OwnPtr.h line 119
  • #38 WebCore::HTMLMediaElement::clearMediaPlayer
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4080
  • #39 WebCore::HTMLMediaElement::userCancelledLoad
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4023
  • #40 WebCore::HTMLMediaElement::stop
    at ../../Source/WebCore/html/HTMLMediaElement.cpp line 4106
  • #41 WebCore::ScriptExecutionContext::stopActiveDOMObjects
    at ../../Source/WebCore/dom/ScriptExecutionContext.cpp line 219
  • #42 WebCore::Document::detach
    at ../../Source/WebCore/dom/Document.cpp line 2051
  • #43 WebCore::Document::prepareForDestruction
    at ../../Source/WebCore/dom/Document.cpp line 2118
  • #44 WebCore::Frame::setView
    at ../../Source/WebCore/page/Frame.cpp line 264
  • #45 WebCore::Frame::createView
    at ../../Source/WebCore/page/Frame.cpp line 775
  • #46 WebKit::FrameLoaderClient::transitionToCommittedForNewPage
    at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp line 1264
  • #47 WebCore::FrameLoader::transitionToCommitted
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1854
  • #48 WebCore::FrameLoader::commitProvisionalLoad
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1696
  • #49 WebCore::DocumentLoader::commitIfReady
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 322
  • #50 WebCore::DocumentLoader::finishedLoading
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 389
  • #51 WebCore::DocumentLoader::maybeLoadEmpty
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 1325
  • #52 WebCore::DocumentLoader::startLoadingMainResource
    at ../../Source/WebCore/loader/DocumentLoader.cpp line 1337
  • #53 WebCore::FrameLoader::continueLoadAfterWillSubmitForm
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2216
  • #54 WebCore::FrameLoader::continueLoadAfterNavigationPolicy
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2827
  • #55 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy
    at ../../Source/WebCore/loader/FrameLoader.cpp line 2697
  • #56 WebCore::PolicyCallback::call
    at ../../Source/WebCore/loader/PolicyCallback.cpp line 103
  • #57 WebCore::PolicyChecker::continueAfterNavigationPolicy
    at ../../Source/WebCore/loader/PolicyChecker.cpp line 180
  • #58 webkit_web_policy_decision_use
    at ../../Source/WebKit/gtk/webkit/webkitwebpolicydecision.cpp line 88
  • #59 WebKit::FrameLoaderClient::dispatchDecidePolicyForNavigationAction
  • #60 WebCore::PolicyChecker::checkNavigationPolicy
  • #61 WebCore::FrameLoader::loadWithDocumentLoader
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1395
  • #62 WebCore::FrameLoader::load
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1336
  • #63 WebCore::FrameLoader::load
    at ../../Source/WebCore/loader/FrameLoader.cpp line 1286
  • #64 webkit_web_frame_load_uri
    at ../../Source/WebKit/gtk/webkit/webkitwebframe.cpp line 679
  • #65 webkit_web_view_load_uri
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp line 4253
  • #66 webkit_web_view_open
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp line 4213
  • #67 runTest
    at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp line 791
  • #68 main
    at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp line 1514

Comment 9 Sebastian Dröge (slomo) 2013-04-30 12:06:19 UTC
The pipeline graph would only be really interesting for the case when gstreamer complains about a loop in the pipeline graph. For the crash it would be interesting to know what the negotiated allocator is and if the element is currently flushing and ...

From the backtrace it seems to me like the pipeline is currently shutting down and thus flushing, so it could very well be that allocation fails there and should be handled more gracefully. However the pipeline graph loop would be a serious other problem.
Comment 10 Xabier Rodríguez Calvar 2013-04-30 18:08:02 UTC
(In reply to comment #9)
> The pipeline graph would only be really interesting for the case when gstreamer
> complains about a loop in the pipeline graph.

I managed to find the loop warning. For logical reasons the method to dump the pipeline doesn't end and it doesn't even generate anything, so I can't upload the pipeline. Here you have the backtrace:

Thread 12 (Thread 0x7ffe7d39d700 (LWP 16413))

  • #0 __lll_lock_wait
    at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S line 136
  • #1 _L_lock_1145
    from /lib/x86_64-linux-gnu/libpthread.so.0
  • #2 __pthread_mutex_lock
    at pthread_mutex_lock.c line 101
  • #3 g_mutex_lock
    at gthread-posix.c line 210
  • #4 gst_bin_handle_message_func
    at gstbin.c line 3532
  • #5 bin_bus_handler
    at gstbin.c line 2871
  • #6 gst_bus_post
    at gstbus.c line 330
  • #7 gst_element_post_message_default
    at gstelement.c line 1689
  • #8 gst_pad_link_full
    at gstpad.c line 2270
  • #9 gst_pad_link
    at gstpad.c line 2320
  • #10 connect_pad
    at gstdecodebin2.c line 1991
  • #11 analyze_new_pad
    at gstdecodebin2.c line 1662
  • #12 pad_added_cb
    at gstdecodebin2.c line 2453
  • #13 g_cclosure_marshal_VOID__OBJECTv
    at gmarshal.c line 1312
  • #14 _g_closure_invoke_va
    at gclosure.c line 840
  • #15 g_signal_emit_valist
    at gsignal.c line 3234
  • #16 g_signal_emit
    at gsignal.c line 3384
  • #17 gst_element_add_pad
    at gstelement.c line 691
  • #18 gst_ogg_demux_activate_chain
    at gstoggdemux.c line 2621
  • #19 gst_ogg_demux_perform_seek_pull
    at gstoggdemux.c line 3239
  • #20 gst_ogg_demux_loop
    at gstoggdemux.c line 4439
  • #21 gst_task_func
    at gsttask.c line 316
  • #22 g_thread_pool_thread_proxy
    at gthreadpool.c line 309
  • #23 g_thread_proxy
    at gthread.c line 798
  • #24 start_thread
    at pthread_create.c line 304
  • #25 clone
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S line 112
  • #26 ??

Comment 11 Sebastian Dröge (slomo) 2013-04-30 18:36:14 UTC
Ok, that's also not very useful... what exactly is the bin in which the loop is detected (the message says that), and then we would need to find between which elements of that bin the loop actually happens
Comment 12 Xabier Rodríguez Calvar 2013-04-30 23:17:22 UTC
(In reply to comment #11)
> Ok, that's also not very useful... what exactly is the bin in which the loop is
> detected (the message says that), and then we would need to find between which
> elements of that bin the loop actually happens

"loop detected in the graph of bin 'decodebin0'!!" I couldn't investigate the elements.

After trying the gst_audio_decoder_negotiate solution, I let the program running 8671 times and I had 17 criticals. Only one was caused by the loop, the other 16 were "file gstdecodebin2.c: line 3698 (gst_decode_bin_expose): should not be reached". I'll try to provide the backtrace if useful.

I also had some timeouts, but I couldn't investigate the cause yet.
Comment 13 Sebastian Dröge (slomo) 2013-05-01 06:44:50 UTC
Ok, so my patch "fixed" the allocator problem. But now there's still

a) this weird loop. You should somehow try to inspect the elements yourself with gdb, grabbing the child elements out of decodebin, looking at the hierarchy of elements inside decodebin, checking what links to what.

b) the assertion in decode_bin_expose(). This basically happens when the internal state of decodebin is messed up, so might be related to a), might be something completely different. A backtrace won't be that useful unfortunately, but looking with gdb where the gst_decode_chain_expose() call before the assertion goes wrong and returns FALSE.


And of course of all this a debug log would be useful, but of course that's a bit difficult to get for timing related things like this :( So let's resort to gdb and manual inspection of the pipeline and what happens there for now.
Comment 14 Sebastian Dröge (slomo) 2013-05-04 11:34:50 UTC
(In reply to comment #13)
> Ok, so my patch "fixed" the allocator problem

The patch btw was to always let gst_video_decoder_allocate_output_buffer() return a buffer, even if negotiation failed.
Comment 15 Xabier Rodríguez Calvar 2013-05-08 14:49:45 UTC
As Tim had said, problem is also in 1.0.4 but it happens more often in 1.0.7. Once you solve the problem with the buffer, which I tested with Sebastian's workaround of always providing the buffer, crash still happens.
Comment 16 Xabier Rodríguez Calvar 2013-05-09 00:04:10 UTC
I just checked the different tags and the problem was almost inexistent in 1.0.4, but it began to be noticeable in 1.0.5 and it remained like that thru 1.0.6 and 1.0.7.
Comment 17 Sebastian Dröge (slomo) 2013-05-15 16:54:01 UTC
Probably related or equivalent to bug #700399 , and possibly related to bug #700342
Comment 18 Sebastian Dröge (slomo) 2013-05-23 20:46:55 UTC
*** Bug 700399 has been marked as a duplicate of this bug. ***
Comment 19 Sebastian Dröge (slomo) 2013-05-23 20:53:26 UTC
Xabier tracked this down to the change made in bug #690420 , which is very much related to bug #700342

Other part of this bug here is bug #700006


I'd prefer to keep this here open until these other bugs are fixed and we can confirm that everything works then.
Comment 20 Sebastian Dröge (slomo) 2013-05-27 12:18:55 UTC
This is confirmed to be fixed now as part of all the other bugs
Comment 21 Xabier Rodríguez Calvar 2013-05-28 06:58:08 UTC
(In reply to comment #20)
> This is confirmed to be fixed now as part of all the other bugs

\o/