Bug 254622

Summary: [GStreamer] Critical warnings when browsing cnn.com
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: MediaAssignee: Philippe Normand <philn>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, mcatanzaro, philn, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Backtrace
none
Debug log
none
Another debug log
none
Newer backtrace
none
weird mp4
none
another weird mp4 none

Description Michael Catanzaro 2023-03-28 15:41:23 PDT 
Created attachment 465647 [details]
Backtrace

I see this crash quite regularly when loading https://cnn.com in MiniBrowser built in my jhbuild environment which uses G_DEBUG=fatal-criticals). The crash is preceded by this warning:

(WebKitWebProcess:2): GStreamer-WARNING **: 17:33:53.487: External plugin loader failed. This most likely means that the plugin loader helper binary was not found or could not be run. You might need to set the GST_PLUGIN_SCANNER environment variable if your setup is unusual. This should normally not be required though.

which might be related? Regardless, criticals always indicate programmer error, so it's a bug even if something is wrong with my jhbuild environment. Full backtrace attached, but the most interesting frame is here where we see that caps and element are both null:

#7  0x00007fd9d70d73d1 in WebCore::ImageDecoderGStreamer::pushEncodedData(WebCore::FragmentedSharedBuffer const&)::$_0::operator()<WTF::GRefPtr<_GstPad> const>(WTF::GRefPtr<_GstPad> const&) const (this=<optimized out>, pad=...) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:276
        caps = {m_ptr = 0x0}
        lookupResult = {isSupported = true, factory = {m_ptr = 0x1659880 [GstElementFactory|openh264dec]}}
        element = {m_ptr = 0x0 [_GstElement]}
        scanner = <optimized out>
        _g_boolean_var_255 = <optimized out>

Here's the short backtrace:

(gdb) bt
#0  _g_log_abort (breakpoint=1) at ../../../../Projects/gobject-introspection/subprojects/glib/glib/gmessages.c:558
#1  0x00007fd9d18fedd9 in g_logv (log_domain=0x7fd9d05d59ae "GStreamer", log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7fd9d197eab7 "%s: assertion '%s' failed", args=0x7ffe86a5a5b8)
    at ../../../../Projects/gobject-introspection/subprojects/glib/glib/gmessages.c:1418
#2  0x00007fd9d18feed0 in g_log (log_domain=0x7fd9d05d59ae "GStreamer", log_level=G_LOG_LEVEL_CRITICAL, 
    format=0x7fd9d197eab7 "%s: assertion '%s' failed")
    at ../../../../Projects/gobject-introspection/subprojects/glib/glib/gmessages.c:1460
#3  0x00007fd9d1901fa9 in g_return_if_fail_warning (log_domain=0x7fd9d05d59ae "GStreamer", 
    pretty_function=0x7fd9d05ea110 <__func__.44> "gst_event_new_caps", 
    expression=0x7fd9d05e8363 "gst_caps_is_fixed (caps)")
    at ../../../../Projects/gobject-introspection/subprojects/glib/glib/gmessages.c:2930
#4  0x00007fd9d05597ac in gst_event_new_caps (caps=0x24c4d10 [GstCaps]) at ../gst/gstevent.c:916
#5  0x00007fd9d71156ed in WebCore::GStreamerElementHarness::pushStickyEvents (this=<optimized out>, inputCaps=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/gstreamer/GStreamerElementHarness.cpp:196
#6  0x00007fd9d7115457 in WebCore::GStreamerElementHarness::start (
    this=<error reading variable: Unhandled dwarf expression opcode 0xff>, inputCaps=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/gstreamer/GStreamerElementHarness.cpp:188
#7  0x00007fd9d70d73d1 in WebCore::ImageDecoderGStreamer::pushEncodedData(WebCore::FragmentedSharedBuffer const&)::$_0::operator()<WTF::GRefPtr<_GstPad> const>(WTF::GRefPtr<_GstPad> const&) const (this=<optimized out>, pad=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:276
#8  WTF::Detail::CallableWrapper<WebCore::ImageDecoderGStreamer::pushEncodedData(WebCore::FragmentedSharedBuffer const&)::$_0, WTF::RefPtr<WebCore::GStreamerElementHarness, WTF::RawPtrTraits<WebCore::GStreamerElementHarness>, WTF::DefaultRefDerefTraits<WebCore::GStreamerElementHarness> >, WTF::GRefPtr<_GstPad> const&>::call(WTF::GRefPtr<_GstPad> const&) (this=<error reading variable: Unhandled dwarf expression opcode 0xff>, in=...) at WTF/Headers/wtf/Function.h:53
#9  0x00007fd9d7117f0e in WTF::Function<WTF::RefPtr<WebCore::GStreamerElementHarness, WTF::RawPtrTraits<WebCore::GStreamerElementHarness>, WTF::DefaultRefDerefTraits<WebCore::GStreamerElementHarness> > (WTF::GRefPtr<_GstPad> const&)>::operator()(WTF::GRefPtr<_GstPad> const&) const (this=0x7fbfad5a2b18, in=...) at WTF/Headers/wtf/Function.h:82
#10 WebCore::GStreamerElementHarness::GStreamerElementHarness(WTF::GRefPtr<_GstElement>&&, WTF::Function<void (WebCore::GStreamerElementHarness::Stream&, WTF::GRefPtr<_GstBuffer> const&)>&&, std::optional<WTF::Function<WTF::RefPtr<WebCore::GStreamerElementHarness, WTF::RawPtrTraits<WebCore::GStreamerElementHarness>, WTF::DefaultRefDerefTraits<WebCore::GStreamerElementHarness> > (WTF::GRefPtr<_GstPad> const&)> >&&)::$_1::operator()(_GstElement*, _GstPad*, void*) const
    (this=<optimized out>, element=<optimized out>, pad=<optimized out>, userData=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/gstreamer/GStreamerElementHarness.cpp:113
#11 WebCore::GStreamerElementHarness::GStreamerElementHarness(WTF::GRefPtr<_GstElement>&&, WTF::Function<void (WebCore::GStreamerElementHarness::Stream&, WTF::GRefPtr<_GstBuffer> const&)>&&, std::optional<WTF::Function<WTF::RefPtr<WebCore::GStreamerElementHarness, WTF::RawPtrTraits<WebCore::GStreamerElementHarness>, WTF::DefaultRefDerefTraits<WebCore::GStreamerElementHarness> > (WTF::GRefPtr<_GstPad> const&)> >&&)::$_1::__invoke(_GstElement*, _GstPad*, void*) (
    element=<optimized out>, pad=<optimized out>, userData=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/gstreamer/GStreamerElementHarness.cpp:113
#12 0x00007fd9d60b477b in g_cclosure_marshal_VOID__OBJECTv (closure=0x2451420, return_value=0x0, instance=0x2450e90, 
    args=0x7ffe86a5ac58, marshal_data=0x0, n_params=1, param_types=0x74fc10)
    at ../../../../Projects/gobject-introspection/subprojects/glib/gobject/gmarshal.c:1910
#13 0x00007fd9d60aeff3 in _g_closure_invoke_va (closure=0x2451420, return_value=0x0, instance=0x2450e90, 
    args=0x7ffe86a5ac58, n_params=1, param_types=0x74fc10)
    at ../../../../Projects/gobject-introspection/subprojects/glib/gobject/gclosure.c:895
#14 0x00007fd9d60cd5e7 in g_signal_emit_valist (instance=0x2450e90, signal_id=39, detail=0, var_args=0x7ffe86a5ac58)
    at ../../../../Projects/gobject-introspection/subprojects/glib/gobject/gsignal.c:3462
#15 0x00007fd9d60ce7e3 in g_signal_emit (instance=0x2450e90, signal_id=39, detail=0)
    at ../../../../Projects/gobject-introspection/subprojects/glib/gobject/gsignal.c:3612
#16 0x00007fd9d054f663 in gst_element_add_pad (element=element@entry=0x2450e90 [GstParseBin|image-decoder-parser-0], 
    pad=pad@entry=0x24844b0 [GstParsePad|src_0]) at ../gst/gstelement.c:802
#17 0x00007fd8f06f0d61 in gst_parse_bin_expose (parsebin=0x2450e90 [GstParseBin|image-decoder-parser-0])
--Type <RET> for more, q to quit, c to continue without paging--c
    at ../gst/playback/gstparsebin.c:3653
#18 0x00007fd8f06f5119 in no_more_pads_cb (element=<optimized out>, chain=0x23d0420)
    at ../gst/playback/gstparsebin.c:2557
#19 0x00007fd9d60b2a70 in g_cclosure_marshal_VOID__VOIDv (closure=0x24613e0, return_value=0x0, instance=0x245f930, 
    args=0x7ffe86a5b218, marshal_data=0x0, n_params=0, param_types=0x0)
    at ../../../../Projects/gobject-introspection/subprojects/glib/gobject/gmarshal.c:165
#20 0x00007fd9d60aeff3 in _g_closure_invoke_va (closure=0x24613e0, return_value=0x0, instance=0x245f930, 
    args=0x7ffe86a5b218, n_params=0, param_types=0x0)
    at ../../../../Projects/gobject-introspection/subprojects/glib/gobject/gclosure.c:895
#21 0x00007fd9d60cd5e7 in g_signal_emit_valist (instance=0x245f930, signal_id=41, detail=0, var_args=0x7ffe86a5b218)
    at ../../../../Projects/gobject-introspection/subprojects/glib/gobject/gsignal.c:3462
#22 0x00007fd9d60ce7e3 in g_signal_emit (instance=0x245f930, signal_id=41, detail=0)
    at ../../../../Projects/gobject-introspection/subprojects/glib/gobject/gsignal.c:3612
#23 0x00007fd9d0549c0d in gst_element_no_more_pads (element=element@entry=0x245f930 [GstQTDemux|qtdemux12])
    at ../gst/gstelement.c:967
#24 0x00007fd8e0053fdf in qtdemux_expose_streams (qtdemux=0x245f930 [GstQTDemux|qtdemux12])
    at ../gst/isomp4/qtdemux.c:13787
#25 0x00007fd8e004a793 in gst_qtdemux_process_adapter (demux=0x245f930 [GstQTDemux|qtdemux12], force=<optimized out>)
    at ../gst/isomp4/qtdemux.c:7500
#26 0x00007fd9d05764d5 in gst_pad_chain_data_unchecked (pad=pad@entry=0x245fd90 [GstPad|sink], type=type@entry=4112, 
    data=data@entry=0x2452f30) at ../gst/gstpad.c:4463
#27 0x00007fd9d0579e94 in gst_pad_push_data (pad=pad@entry=0x2451c70 [GstPad|src], type=type@entry=4112, 
    data=data@entry=0x2452f30) at ../gst/gstpad.c:4739
#28 0x00007fd9d057a25e in gst_pad_push (pad=0x2451c70 [GstPad|src], buffer=0x2452f30 [GstBuffer])
    at ../gst/gstpad.c:4858
#29 0x00007fd9d05764d5 in gst_pad_chain_data_unchecked (pad=pad@entry=0x2451880 [GstPad|sink], type=type@entry=4112, 
    data=data@entry=0x2452f30) at ../gst/gstpad.c:4463
#30 0x00007fd9d0579e94 in gst_pad_push_data (pad=pad@entry=0x2452380 [GstProxyPad|proxypad162], 
    type=type@entry=4112, data=data@entry=0x2452f30) at ../gst/gstpad.c:4739
#31 0x00007fd9d057a25e in gst_pad_push (pad=0x2452380 [GstProxyPad|proxypad162], buffer=0x2452f30 [GstBuffer])
    at ../gst/gstpad.c:4858
#32 0x00007fd9d055fefb in gst_proxy_pad_chain_default (pad=<optimized out>, parent=<optimized out>, 
    buffer=0x2452f30 [GstBuffer]) at ../gst/gstghostpad.c:127
#33 0x00007fd9d05764d5 in gst_pad_chain_data_unchecked (pad=pad@entry=0x24520b0 [GstGhostPad|sink], 
    type=type@entry=4112, data=data@entry=0x2452f30) at ../gst/gstpad.c:4463
#34 0x00007fd9d0579e94 in gst_pad_push_data (pad=pad@entry=0x2452690 [GstPad|src], type=type@entry=4112, 
    data=data@entry=0x2452f30) at ../gst/gstpad.c:4739
#35 0x00007fd9d057a25e in gst_pad_push (pad=0x2452690 [GstPad|src], buffer=0x2452f30 [GstBuffer])
    at ../gst/gstpad.c:4858
#36 0x00007fd9d7115adf in WebCore::GStreamerElementHarness::pushBufferFull (this=<optimized out>, buffer=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/gstreamer/GStreamerElementHarness.cpp:237
#37 0x00007fd9d7115a92 in WebCore::GStreamerElementHarness::pushBuffer (this=<optimized out>, buffer=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/gstreamer/GStreamerElementHarness.cpp:230
#38 0x00007fd9d70d6a8d in WebCore::ImageDecoderGStreamer::pushEncodedData (
    this=<error reading variable: Unhandled dwarf expression opcode 0x5>, sharedBuffer=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:288
#39 0x00007fd9d70d6764 in WebCore::ImageDecoderGStreamer::ImageDecoderGStreamer (this=<optimized out>, mimeType=..., 
    data=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:97
#40 WebCore::ImageDecoderGStreamer::create (data=<error reading variable: Unhandled dwarf expression opcode 0xff>, 
    mimeType=..., alphaOption=<error reading variable: Unhandled dwarf expression opcode 0xff>, 
    gammaAndColorProfileOption=<error reading variable: Unhandled dwarf expression opcode 0xff>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:86
#41 0x00007fd9d868dda5 in WebCore::ImageDecoder::create (data=..., mimeType=..., 
    alphaOption=WebCore::AlphaOption::Premultiplied, 
    gammaAndColorProfileOption=WebCore::GammaAndColorProfileOption::Applied)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/ImageDecoder.cpp:105
#42 WebCore::ImageSource::ensureDecoderAvailable (
    this=<error reading variable: Unhandled dwarf expression opcode 0x0>, data=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/ImageSource.cpp:75
#43 0x00007fd9d868e2ed in WebCore::ImageSource::setData (
    this=<error reading variable: DWARF-2 expression error: `DW_OP_stack_value' operations must be used either alone or in conjunction with DW_OP_piece or DW_OP_bit_piece.>, 
    data=<error reading variable: Unhandled dwarf expression opcode 0xff>, 
    allDataReceived=<error reading variable: Unhandled dwarf expression opcode 0x0>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/ImageSource.cpp:96
#44 WebCore::ImageSource::dataChanged (
    this=<error reading variable: Asked for position 0 of stack, stack only has 0 elements on it.>, 
    data=<error reading variable: Unhandled dwarf expression opcode 0x0>, allDataReceived=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/ImageSource.cpp:110
#45 0x00007fd9d83fe288 in WebCore::CachedImage::updateImageData (this=0x7fd81df9d620, allDataReceived=false)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/loader/cache/CachedImage.cpp:558
#46 WebCore::CachedImage::updateBufferInternal (this=<optimized out>, data=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/loader/cache/CachedImage.cpp:510
#47 0x00007fd9d83d3a3e in WebCore::SubresourceLoader::didReceiveBuffer (this=<optimized out>, 
    buffer=<error reading variable: Unhandled dwarf expression opcode 0xff>, encodedDataLength=<optimized out>, 
    dataPayloadType=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:562
#48 0x00007fd9d6fe546e in WebKit::WebResourceLoader::didReceiveData (
    this=<error reading variable: Unhandled dwarf expression opcode 0x0>, 
    data=<error reading variable: Unhandled dwarf expression opcode 0x0>, encodedDataLength=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:243
#49 0x00007fd9d6b2d733 in _ZZN3IPC18callMemberFunctionIN6WebKit17WebResourceLoaderES2_FvONS_21SharedBufferReferenceEmESt5tupleIJS3_mEEEEvPT_MT0_T1_OT2_ENKUlDpOT_E_clIJS3_mEEEDaSH_ (args=@0x7ffe86a5bba8: 18446744073709551615, 
    args=@0x7ffe86a5bba8: 18446744073709551615, this=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:136
#50 _ZSt13__invoke_implIvZN3IPC18callMemberFunctionIN6WebKit17WebResourceLoaderES3_FvONS0_21SharedBufferReferenceEmESt5tupleIJS4_mEEEEvPT_MT0_T1_OT2_EUlDpOT_E_JS4_mEES9_St14__invoke_otherOSB_DpOT1_ (
    __args=@0x7ffe86a5bba8: 18446744073709551615, __args=@0x7ffe86a5bba8: 18446744073709551615, __f=...)
    at /usr/bin/../lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:61
#51 _ZSt8__invokeIZN3IPC18callMemberFunctionIN6WebKit17WebResourceLoaderES3_FvONS0_21SharedBufferReferenceEmESt5tupleIJS4_mEEEEvPT_MT0_T1_OT2_EUlDpOT_E_JS4_mEENSt15__invoke_resultIS9_JDpT0_EE4typeEOS9_DpOSL_ (
    __args=@0x7ffe86a5bba8: 18446744073709551615, __args=@0x7ffe86a5bba8: 18446744073709551615, __fn=...)
    at /usr/bin/../lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/bits/invoke.h:96
#52 _ZSt12__apply_implIZN3IPC18callMemberFunctionIN6WebKit17WebResourceLoaderES3_FvONS0_21SharedBufferReferenceEmESt5tupleIJS4_mEEEEvPT_MT0_T1_OT2_EUlDpOT_E_S8_JLm0ELm1EEEDcOS9_OSB_St16integer_sequenceImJXspT1_EEE (__t=..., __f=...)
    at /usr/bin/../lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2288
#53 _ZSt5applyIZN3IPC18callMemberFunctionIN6WebKit17WebResourceLoaderES3_FvONS0_21SharedBufferReferenceEmESt5tupleIJS4_mEEEEvPT_MT0_T1_OT2_EUlDpOT_E_S8_EDcOS9_OSB_ (__t=..., __f=...)
    at /usr/bin/../lib/gcc/x86_64-redhat-linux/13/../../../../include/c++/13/tuple:2299
#54 IPC::callMemberFunction<WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long), std::tuple<IPC::SharedBufferReference, unsigned long> >(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long), std::tuple<IPC::SharedBufferReference, unsigned long>&&) (object=0x7fbff933c540, function=<optimized out>, tuple=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:134
#55 IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, WebKit::WebResourceLoader, void (IPC::SharedBufferReference&&, unsigned long)>(IPC::Connection&, IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::SharedBufferReference&&, unsigned long)) (connection=..., 
    decoder=<error reading variable: Unhandled dwarf expression opcode 0x1>, object=<optimized out>, 
    function=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/HandleMessage.h:236
#56 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage (this=<optimized out>, connection=..., decoder=...)
    at /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk4/DerivedSources/WebKit/WebResourceLoaderMessageReceiver.cpp:76
#57 0x00007fd9d6d468a6 in IPC::Connection::dispatchMessage (this=<optimized out>, message=...)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1245
#58 0x00007fd9d6d46a9e in IPC::Connection::dispatchOneIncomingMessage (this=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Platform/IPC/Connection.cpp:1310
#59 0x00007fd9d4ebc88c in WTF::Function<void ()>::operator()() const (this=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/Function.h:82
#60 WTF::RunLoop::performWork (this=0x7fd9a60100e0)
    at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/RunLoop.cpp:147
#61 0x00007fd9d4f1de46 in WTF::RunLoop::RunLoop()::$_1::operator()(void*) const (userData=0x1, 
    userData@entry=0x7fd9a60100e0, this=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:80
#62 WTF::RunLoop::RunLoop()::$_1::__invoke(void*) (userData=0x1, userData@entry=0x7fd9a60100e0)
    at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:79
#63 0x00007fd9d4f1d37a in WTF::RunLoop::$_0::operator() (source=0x4f1e80, 
    callback=0x7fd9d4f1de40 <WTF::RunLoop::RunLoop()::$_1::__invoke(void*)>, userData=0x7fd9a60100e0, 
    this=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:53
#64 WTF::RunLoop::$_0::__invoke (source=0x4f1e80, 
    callback=0x7fd9d4f1de40 <WTF::RunLoop::RunLoop()::$_1::__invoke(void*)>, userData=0x7fd9a60100e0)
    at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:45
#65 0x00007fd9d18f1c7e in g_main_dispatch (context=0x4b5cd0)
    at ../../../../Projects/gobject-introspection/subprojects/glib/glib/gmain.c:3460
#66 0x00007fd9d18f2bf2 in g_main_context_dispatch (context=0x4b5cd0)
    at ../../../../Projects/gobject-introspection/subprojects/glib/glib/gmain.c:4200
#67 0x00007fd9d18f2de5 in g_main_context_iterate (context=0x4b5cd0, block=1, dispatch=1, self=0x4c2dd0)
    at ../../../../Projects/gobject-introspection/subprojects/glib/glib/gmain.c:4276
#68 0x00007fd9d18f327f in g_main_loop_run (loop=0x4d34e0)
    at ../../../../Projects/gobject-introspection/subprojects/glib/glib/gmain.c:4479
#69 0x00007fd9d4f1d913 in WTF::RunLoop::run ()
    at /home/mcatanzaro/Projects/WebKit/Source/WTF/wtf/glib/RunLoopGLib.cpp:108
#70 0x00007fd9d7085b4b in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run (this=0x7ffe86a5c020, 
    argc=<optimized out>, argv=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:71
#71 WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk> (argc=<optimized out>, argv=<optimized out>)
    at /home/mcatanzaro/Projects/WebKit/Source/WebKit/Shared/AuxiliaryProcessMain.h:97
#72 WebKit::WebProcessMain (argc=<error reading variable: Unhandled dwarf expression opcode 0xff>, 
    argv=<optimized out>) at /home/mcatanzaro/Projects/WebKit/Source/WebKit/WebProcess/gtk/WebProcessMainGtk.cpp:98
#73 0x00007fd9d0c48b4a in __libc_start_call_main (main=main@entry=0x401130 <main(int, char**)>, argc=argc@entry=3, 
    argv=argv@entry=0x7ffe86a5c1a8) at ../sysdeps/nptl/libc_start_call_main.h:58
#74 0x00007fd9d0c48c0b in __libc_start_main_impl (main=0x401130 <main(int, char**)>, argc=3, argv=0x7ffe86a5c1a8, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe86a5c198)
    at ../csu/libc-start.c:360
#75 0x0000000000401065 in _start ()
Comment 1 Philippe Normand 2023-03-29 01:33:19 PDT 
#7  0x00007fd9d70d73d1 in WebCore::ImageDecoderGStreamer::pushEncodedData(WebCore::FragmentedSharedBuffer const&)::$_0::operator()<WTF::GRefPtr<_GstPad> const>(WTF::GRefPtr<_GstPad> const&) const (this=<optimized out>, pad=...) at /home/mcatanzaro/Projects/WebKit/Source/WebCore/platform/graphics/gstreamer/ImageDecoderGStreamer.cpp:276
        caps = {m_ptr = 0x0}
        lookupResult = {isSupported = true, factory = {m_ptr = 0x1659880 [GstElementFactory|openh264dec]}}
        element = {m_ptr = 0x0 [_GstElement]}
        scanner = <optimized out>
        _g_boolean_var_255 = <optimized out>


I think gdb is fooling you here. The vars mentioned have been WTFMoved away, so it's normal that their m_ptr is 0x0...
Comment 2 Philippe Normand 2023-03-29 01:40:58 PDT 
I can't trigger the image decoder here when browsing "cnn.com" so please, either:

- provide a debug log GST_DEBUG="3,webkitelementharness:9,webkitimage*:8"
- or share a specific URL triggering the issue, not a TLD.
Comment 3 Michael Catanzaro 2023-03-29 07:12:15 PDT 
https://cnn.com/ is the specific URL that triggers this issue. I'll get a debug log.
Comment 4 Michael Catanzaro 2023-03-29 07:17:58 PDT 
Created attachment 465658 [details]
Debug log

I noticed that it's a *lot* harder to trigger this crash today than it was yesterday, but it still happens. Just takes a lot longer.
Comment 5 Philippe Normand 2023-03-29 08:52:23 PDT 
(In reply to Michael Catanzaro from comment #4)
> Created attachment 465658 [details]
> Debug log
> 
> I noticed that it's a *lot* harder to trigger this crash today than it was
> yesterday, but it still happens. Just takes a lot longer.

Did it really happen? I see no duplicate caps event logged...
Comment 6 Philippe Normand 2023-03-29 08:55:29 PDT 
The only caps event I see in the log is

pushEvent:<image-decoder-parser-0> Pushing caps event: 0x1d0bb20, time 99:99:99.999999999, seq-num 12794, GstEventCaps, caps=(GstCaps)"video/quicktime\,\ variant\=\(string\)iso";

which afaict represents fixed caps...
Comment 7 Michael Catanzaro 2023-03-29 09:48:40 PDT 
(In reply to Philippe Normand from comment #5)
> Did it really happen? I see no duplicate caps event logged...

I have a crash in coredumpctl one minute before I uploaded that log to Bugzilla and it's crashing inside gst_event_new_caps, so yeah, I'd say that log corresponds to this issue. Is "pushing caps event" logged before or after gst_event_new_caps() is called? Probably after? Then it's expected that it doesn't get that far.
Comment 8 Philippe Normand 2023-03-29 09:52:13 PDT 
bool GStreamerElementHarness::pushEvent(GRefPtr<GstEvent>&& event)
{
    GST_TRACE_OBJECT(m_element.get(), "Pushing %" GST_PTR_FORMAT, event.get());
    auto result = gst_pad_push_event(m_srcPad.get(), event.leakRef());
    GST_TRACE_OBJECT(m_element.get(), "Result: %s", boolForPrinting(result));
    return result;
}

We do emit a trace message *before* pushing.
Comment 9 Philippe Normand 2023-03-29 09:53:06 PDT 
Ahh gst_event_new_caps() is what fails... sorry.
Comment 10 Philippe Normand 2023-03-29 09:54:43 PDT 
Ok, add GST_EVENT:4 in GST_DEBUG and we should have a better log please. Sorry again
Comment 11 Philippe Normand 2023-03-29 09:56:53 PDT 
Well, not going to be useful either...

GstEvent *
gst_event_new_caps (GstCaps * caps)
{
  GstEvent *event;

  g_return_val_if_fail (caps != NULL, NULL);
  g_return_val_if_fail (gst_caps_is_fixed (caps), NULL);

  GST_CAT_INFO (GST_CAT_EVENT, "creating caps event %" GST_PTR_FORMAT, caps);
...
Comment 12 Michael Catanzaro 2023-03-29 10:03:07 PDT 
I will try to unset G_DEBUG=fatal-criticals and see if I can catch it again. Maybe that would be helpful.
Comment 13 Philippe Normand 2023-03-29 10:25:17 PDT 
Can you add qtdemux:8 to GST_DEBUG?

I suspect the input data is a mp4 with more than one track and we're hitting a racy behavior when the demuxer adds its source pads...
Comment 14 Philippe Normand 2023-03-29 10:34:42 PDT 
Also which GStreamer version is this?
Comment 15 Michael Catanzaro 2023-03-29 10:36:14 PDT 
GStreamer 1.22.1
Comment 16 Michael Catanzaro 2023-03-30 12:00:03 PDT 
OK, sorry for the delay. I'm attaching a debug log taken with:

$ jhbuild run env G_DEBUG= WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 GST_DEBUG="3,webkitelementharness:9,webkitimage*:8,qtdemux:8" GST_DEBUG_FILE="$HOME/gst.log" GST_DEBUG_NO_COLOR=1 ~/Projects/GNOME/install/libexec/webkitgtk-6.0/MiniBrowser https://cnn.com 

(WebKitWebProcess:680298): GStreamer-CRITICAL **: 13:59:14.786: gst_event_new_caps: assertion 'gst_caps_is_fixed (caps)' failed

(WebKitWebProcess:680298): GStreamer-CRITICAL **: 13:59:14.786: gst_pad_push_event: assertion 'GST_IS_EVENT (event)' failed

(WebKitWebProcess:680298): GStreamer-WARNING **: 13:59:14.787: ../gst/gstpad.c:5366:store_sticky_event:<'':src> Sticky event misordering, got 'segment' before 'caps'

(WebKitWebProcess:680298): GStreamer-WARNING **: 13:59:14.787: ../gst/gstpad.c:5366:store_sticky_event:<openh264dec4:sink> Sticky event misordering, got 'segment' before 'caps'

(WebKitWebProcess:680298): GStreamer-CRITICAL **: 13:59:14.805: gst_event_new_caps: assertion 'gst_caps_is_fixed (caps)' failed

(WebKitWebProcess:680298): GStreamer-CRITICAL **: 13:59:14.805: gst_pad_push_event: assertion 'GST_IS_EVENT (event)' failed

(WebKitWebProcess:680298): GStreamer-WARNING **: 13:59:14.806: ../gst/gstpad.c:5366:store_sticky_event:<'':src> Sticky event misordering, got 'segment' before 'caps'

(WebKitWebProcess:680298): GStreamer-WARNING **: 13:59:14.806: ../gst/gstpad.c:5366:store_sticky_event:<openh264dec5:sink> Sticky event misordering, got 'segment' before 'caps'

(WebKitWebProcess:680298): GStreamer-CRITICAL **: 13:59:14.825: gst_event_new_caps: assertion 'gst_caps_is_fixed (caps)' failed

(WebKitWebProcess:680298): GStreamer-CRITICAL **: 13:59:14.825: gst_pad_push_event: assertion 'GST_IS_EVENT (event)' failed

(WebKitWebProcess:680298): GStreamer-WARNING **: 13:59:14.826: ../gst/gstpad.c:5366:store_sticky_event:<'':src> Sticky event misordering, got 'segment' before 'caps'

(WebKitWebProcess:680298): GStreamer-WARNING **: 13:59:14.826: ../gst/gstpad.c:5366:store_sticky_event:<openh264dec6:sink> Sticky event misordering, got 'segment' before 'caps'
Comment 17 Michael Catanzaro 2023-03-30 12:00:30 PDT 
Created attachment 465684 [details]
Another debug log
Comment 18 Philippe Normand 2023-03-30 12:48:57 PDT 
I see my old friend openh264dec returning not-negotiated... Can you try this? http://sprunge.us/IzQZnR
Comment 19 Michael Catanzaro 2023-03-31 06:00:41 PDT 
(In reply to Philippe Normand from comment #18)
> I see my old friend openh264dec returning not-negotiated... Can you try
> this? http://sprunge.us/IzQZnR

I think that fixes it (but not certain). Thanks.
Comment 20 Philippe Normand 2023-04-02 01:58:55 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/12290
Comment 21 Philippe Normand 2023-04-02 04:50:21 PDT 
(In reply to Philippe Normand from comment #20)
> Pull request: https://github.com/WebKit/WebKit/pull/12290

Can you test this please?
Comment 22 Michael Catanzaro 2023-04-03 13:04:24 PDT 
Unfortunately this is not fixed by #12290. It's possible that I got unlucky and failed to reproduce the problem by chance when testing the patch from comment #18. Or perhaps that patch was good but #12290 is not.

I'll attach a backtrace taken with #12290 applied.
Comment 23 Michael Catanzaro 2023-04-03 13:04:51 PDT 
Created attachment 465750 [details]
Newer backtrace
Comment 24 Philippe Normand 2023-04-15 03:05:31 PDT 
Can you provide a debug log please?
Comment 25 Philippe Normand 2023-04-15 03:48:58 PDT 
I still can't reproduce this after:

1. switching to a VPN in the US (europe doesn't get the same cnn.com)
2. disabling the jpeg xl support
3. disabling avdec_h264
4. updating to openh264 2.3.1

The image decoder is never tricked here...

So we'd need a use-case, can you download the mp4 file that fails to render in the image tag?
Comment 26 Michael Catanzaro 2023-04-15 10:35:11 PDT 
There is a debug log in comment #17.

I can no longer easily reproduce it on the homepage, but can still reproduce by visiting article pages, e.g. loading https://www.cnn.com/travel/article/italy-tourist-restrictions-alto-adige/index.html seems to reliably reproduce the crash.



Mucking around in the web inspector, I was able to download two mp4 files that both appear to be malformed, but I have no clue if they are used in img tags or if they are related to this bug.
Comment 27 Michael Catanzaro 2023-04-15 10:35:26 PDT 
Created attachment 465932 [details]
weird mp4
Comment 28 Michael Catanzaro 2023-04-15 10:35:37 PDT 
Created attachment 465933 [details]
another weird mp4
Comment 29 Philippe Normand 2023-04-16 03:49:03 PDT 
I have a reliable test-case now. The trick was to disable my pihole, the issue happens only in ads rendering, with openh264dec...
Comment 30 EWS 2023-04-19 08:58:28 PDT 
Committed 263134@main (c94b3642944f): <https://commits.webkit.org/263134@main>

Reviewed commits have been landed. Closing PR #12290 and removing active labels.
Comment 31 Radar WebKit Bug Importer 2023-04-19 08:59:23 PDT 
<rdar://problem/108263324>