Do you happen to have a stack trace with full debugging symbols as well by any chance?

(In reply to comment #1)
> Do you happen to have a stack trace with full debugging symbols as well by any
> chance?

Not off-hand. I didn't think to capture one at the time, but I can reproduce the crash and capture one for you. I'll have to rebuild gstreamer from git though because although I test against the latest git before reporting an error, I usually compile against the latest release.

I've reproduced the issue with the latest git updates as of today, and captured a backtrace through gdb which can be found here:

http://pastebin.com/raw.php?i=YzUnJrcE


Let me know if there is anything else I can do to help.

Pasting this here for posterity in case the pastebin ever expires:

gdb --args gst-launch-1.0 filesrc location=~/Videos/California-Gurls-5-sec.mkv ! decodebin ! videocrop right=996 top=568 ! videobox top=-8 ! xvimagesink display=:2
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-56.el6)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/gst-launch-1.0...done.
(gdb) r
Starting program: /usr/local/bin/gst-launch-1.0 filesrc location=/home/stirling/Videos/California-Gurls-5-sec.mkv \! decodebin \! videocrop right=996 top=568 \! videobox top=-8 \! xvimagesink display=:2
[Thread debugging using libthread_db enabled]
Setting pipeline to PAUSED ...
[New Thread 0x7ffff32e9700 (LWP 3292)]
[New Thread 0x7ffff28e8700 (LWP 3293)]
Pipeline is PREROLLING ...
[New Thread 0x7ffff1ee7700 (LWP 3294)]
[New Thread 0x7fffe3fff700 (LWP 3295)]
[New Thread 0x7fffe35fe700 (LWP 3296)]
[New Thread 0x7fffe2bfd700 (LWP 3297)]
[New Thread 0x7fffe0c70700 (LWP 3298)]
[New Thread 0x7fffd3fff700 (LWP 3299)]
[New Thread 0x7fffd35fe700 (LWP 3300)]
[New Thread 0x7fffd2bfd700 (LWP 3301)]
Redistribute latency...
Pipeline is PREROLLED ...
Setting pipeline to PLAYING ...
New clock: GstSystemClock

Program received signal SIGSEGV, Segmentation fault.

+ Trace 231540

Does this still happen with latest git master? There were some related changes in the last months

(In reply to comment #5)
> Does this still happen with latest git master? There were some related changes
> in the last months

I recently had to reformat my server, so its taking me a few days to rebuild my dev system to the point at which I can check to see if the bug is fixed. I'll let you know as soon as I can.

Sorry about the huge delay, but I *finally* got the time to put my server back together and build gstreamer from git. Alas, I still have the same problems:

sti@timelord:~/Work/src/userful-videowall/src$ gst-launch-1.0 --version
gst-launch-1.0 version 1.1.4
GStreamer 1.1.4 (GIT)
Unknown package origin

sti@timelord:~/Work/src/userful-videowall/src$ gst-launch-1.0 filesrc location=~/Videos/California-Gurls-5-sec.mkv ! decodebin ! videocrop right=996 top=568 ! videobox top=-8 ! xvimagesink display=:1
Setting pipeline to PAUSED ...
Pipeline is PREROLLING ...
Redistribute latency...
Caught SIGSEGV

+ Trace 232500

Can you make a stack trace of all threads ?

attach gdb and run:
thread apply all bt full

I should mention that I can't reproduce this bug or bug #689566 using Xephyr, so it's probably not the lack of a window manager that's causing it.

(In reply to comment #8)
> Can you make a stack trace of all threads ?
> 
> attach gdb and run:
> thread apply all bt full

No problem. Here it is: http://pastebin.com/DB6Wf2Jf

Nothing looking problematic in that backtrace and the segfault happens in g_main_context_poll() apparently. Could you run it in valgrind too to see if something suspicious shows up there? This looks like some kind of memory corruption

This is what I get with Valgrind:

sti@timelord:~/Work/src/gstreamer1.0/test$ ./bug689563.sh -M
Running with Valgrind --memcheck
valgrind '--suppressions=/home/sti/Work/src/gstreamer1.0/test/./gst.supp' '--suppressions=/home/sti/Work/src/gstreamer1.0/test/./gst-libav.supp' '--suppressions=/home/sti/Work/src/gstreamer1.0/test/./gst-plugins-base.supp' '--suppressions=/home/sti/Work/src/gstreamer1.0/test/./gst-plugins-good.supp' '--suppressions=/home/sti/Work/src/gstreamer1.0/test/./gst-plugins-bad.supp' '--suppressions=/home/sti/Work/src/gstreamer1.0/test/./gst-plugins-ugly.supp' '--read-var-info=yes' '--tool=memcheck' '--track-origins=yes' '--leak-check=full' '--show-reachable=no' '--show-possibly-lost=no' gst-launch-1.0 filesrc 'location=/home/sti/Videos/California-Gurls-5-sec.mkv' ! decodebin ! videocrop 'right=996' 'top=568' ! videobox 'top=-8' ! xvimagesink 'display=:1'
==7281== Memcheck, a memory error detector
==7281== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==7281== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==7281== Command: gst-launch-1.0 filesrc location=/home/sti/Videos/California-Gurls-5-sec.mkv ! decodebin ! videocrop right=996 top=568 ! videobox top=-8 ! xvimagesink display=:1
==7281== 
GStreamer has detected that it is running inside valgrind.
It might now take different code paths to ease debugging.
Of course, this may also lead to different bugs.
Setting pipeline to PAUSED ...
Pipeline is PREROLLING ...
Redistribute latency...
==7281== Thread 6:
==7281== Conditional jump or move depends on uninitialised value(s)
==7281==    at 0x8E1D2C8: copy_i420_i420 (gstvideobox.c:1421)
==7281==    by 0x8E23287: gst_video_box_transform_frame (gstvideobox.c:3290)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==    by 0x831809C: gst_video_decoder_finish_frame (gstvideodecoder.c:2498)
==7281==  Uninitialised value was created by a stack allocation
==7281==    at 0xF2EB872: ??? (h264_deblock.asm:839)
==7281== 
==7281== Conditional jump or move depends on uninitialised value(s)
==7281==    at 0x8E1D317: copy_i420_i420 (gstvideobox.c:1422)
==7281==    by 0x8E23287: gst_video_box_transform_frame (gstvideobox.c:3290)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==    by 0x831809C: gst_video_decoder_finish_frame (gstvideodecoder.c:2498)
==7281==  Uninitialised value was created by a stack allocation
==7281==    at 0xF2EB872: ??? (h264_deblock.asm:839)
==7281== 
==7281== Conditional jump or move depends on uninitialised value(s)
==7281==    at 0x8E1D365: copy_i420_i420 (gstvideobox.c:1424)
==7281==    by 0x8E23287: gst_video_box_transform_frame (gstvideobox.c:3290)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==    by 0x831809C: gst_video_decoder_finish_frame (gstvideodecoder.c:2498)
==7281==  Uninitialised value was created by a stack allocation
==7281==    at 0xF2EB872: ??? (h264_deblock.asm:839)
==7281== 
==7281== Conditional jump or move depends on uninitialised value(s)
==7281==    at 0x8E1D3B6: copy_i420_i420 (gstvideobox.c:1425)
==7281==    by 0x8E23287: gst_video_box_transform_frame (gstvideobox.c:3290)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==    by 0x831809C: gst_video_decoder_finish_frame (gstvideodecoder.c:2498)
==7281==  Uninitialised value was created by a stack allocation
==7281==    at 0xF2EB872: ??? (h264_deblock.asm:839)
==7281== 
==7281== Conditional jump or move depends on uninitialised value(s)
==7281==    at 0x8E1D48B: copy_i420_i420 (gstvideobox.c:1428)
==7281==    by 0x8E23287: gst_video_box_transform_frame (gstvideobox.c:3290)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==    by 0x831809C: gst_video_decoder_finish_frame (gstvideodecoder.c:2498)
==7281==  Uninitialised value was created by a stack allocation
==7281==    at 0xF2EB872: ??? (h264_deblock.asm:839)
==7281== 
==7281== Conditional jump or move depends on uninitialised value(s)
==7281==    at 0x8E1D494: copy_i420_i420 (gstvideobox.c:1428)
==7281==    by 0x8E23287: gst_video_box_transform_frame (gstvideobox.c:3290)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==    by 0x831809C: gst_video_decoder_finish_frame (gstvideodecoder.c:2498)
==7281==  Uninitialised value was created by a stack allocation
==7281==    at 0xF2EB872: ??? (h264_deblock.asm:839)
==7281== 
==7281== Conditional jump or move depends on uninitialised value(s)
==7281==    at 0x8E1D53F: copy_i420_i420 (gstvideobox.c:1432)
==7281==    by 0x8E23287: gst_video_box_transform_frame (gstvideobox.c:3290)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==    by 0x831809C: gst_video_decoder_finish_frame (gstvideodecoder.c:2498)
==7281==  Uninitialised value was created by a stack allocation
==7281==    at 0xF2EB872: ??? (h264_deblock.asm:839)
==7281== 
==7281== Conditional jump or move depends on uninitialised value(s)
==7281==    at 0x8E1D547: copy_i420_i420 (gstvideobox.c:1432)
==7281==    by 0x8E23287: gst_video_box_transform_frame (gstvideobox.c:3290)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==    by 0x831809C: gst_video_decoder_finish_frame (gstvideodecoder.c:2498)
==7281==  Uninitialised value was created by a stack allocation
==7281==    at 0xF2EB872: ??? (h264_deblock.asm:839)
==7281== 
Pipeline is PREROLLED ...
Setting pipeline to PLAYING ...
New clock: GstSystemClock
==7281== Invalid write of size 4
==7281==    at 0x4C2EBEF: memset (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7281==    by 0x8E223CD: fill_planar_yuv (gstvideobox.c:706)
==7281==    by 0x8E232B3: gst_video_box_transform_frame (gstvideobox.c:3273)
==7281==    by 0x830C13E: gst_video_filter_transform (gstvideofilter.c:270)
==7281==    by 0x7A110C6: gst_base_transform_handle_buffer (gstbasetransform.c:2094)
==7281==    by 0x7A11983: gst_base_transform_chain (gstbasetransform.c:2201)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x7A11B8A: gst_base_transform_chain (gstbasetransform.c:2237)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x4E862BA: gst_proxy_pad_chain_default (gstghostpad.c:128)
==7281==    by 0x4E945A4: gst_pad_push_data (gstpad.c:3711)
==7281==    by 0x83110CE: gst_video_decoder_clip_and_push_buf (gstvideodecoder.c:2583)
==7281==  Address 0x41dc000 is not stack'd, malloc'd or (recently) free'd
==7281== 
Caught SIGSEGV

+ Trace 232556

videobox here is working on the memory returned by xvimagesink (note that videobox can also do cropping). Could you check the stride expected by XV vs. the one that is used in videobox in that code?

(In reply to comment #13)
> videobox here is working on the memory returned by xvimagesink (note that
> videobox can also do cropping). Could you check the stride expected by XV vs.
> the one that is used in videobox in that code?

I just noticed that this bug has stalled at the Need Info stage. Was the above question directed at me? I had assumed not, as I am not familiar with the internals of either xvimagesink or videobox...  However if you could tell me how to determine the strides in question, I'll take a shot at it.

BTW, I just confirmed that this bug still exists in the latest git master for gstreamer.

I could not reproduce the crash, but I can confirm valgrind reports "jump or move depends on uninitialized value". I'm on Wayland, so xvimagesink is replaced glimagesink here, and valgrind reports load of "invalid read" within the GL stack. So clearly that can lead to crash and shall be fixed.

I could repro those valgrind reports in videobox too. Very annoyingly, the valgrind reports stopped once I rebuilt -good, as the "uninitialized" data came from videocrop, which is in -good.
Is there any chance -good was not rebuilt after a change in some structure size or the like ?

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/issues/78.