Bug 255483

Summary: [GStreamer] fast/speechsynthesis/speech-synthesis-utterance-uses-voice.html is flaky crashing
Product: WebKit Reporter: Philippe Normand <philn>
Component: PlatformAssignee: Philippe Normand <philn>
Status: RESOLVED FIXED    
Severity: Normal CC: changseok, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Philippe Normand 2023-04-15 06:15:43 PDT 
Thread 1 (Thread 0x7f5423c94ec0 (LWP 76820)):
#0  g_type_check_instance_cast (type_instance=0x5612285ae170, iface_type=Python Exception <class 'TypeError'>: can only concatenate str (not "NoneType") to str
) at ../gobject/gtype.c:4125
#1  0x00007f542f6a0308 in WebCore::disconnectSimpleBusMessageCallback(_GstElement*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#2  0x00007f542f71ed52 in WebCore::GstSpeechSynthesisWrapper::~GstSpeechSynthesisWrapper() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#3  0x00007f542f71ef5c in WebCore::PlatformSpeechSynthesizer::~PlatformSpeechSynthesizer() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#4  0x00007f542f71edf8 in WebCore::GstSpeechSynthesisWrapper::~GstSpeechSynthesisWrapper() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#5  0x00007f542f71ef5c in WebCore::PlatformSpeechSynthesizer::~PlatformSpeechSynthesizer() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#6  0x00007f542f71f079 in WebCore::PlatformSpeechSynthesizer::~PlatformSpeechSynthesizer() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#7  0x00007f543056fe56 in WebCore::SpeechSynthesis::~SpeechSynthesis() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#8  0x00007f543056ff49 in WebCore::SpeechSynthesis::~SpeechSynthesis() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#9  0x00007f54305681c6 in WebCore::LocalDOMWindowSpeechSynthesis::~LocalDOMWindowSpeechSynthesis() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#10 0x00007f5430568319 in WebCore::LocalDOMWindowSpeechSynthesis::~LocalDOMWindowSpeechSynthesis() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#11 0x00007f54312efb22 in WebCore::LocalDOMWindow::~LocalDOMWindow() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#12 0x00007f54312eff99 in WebCore::LocalDOMWindow::~LocalDOMWindow() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#13 0x00007f5430b8b736 in WebCore::Document::~Document() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#14 0x00007f5430dcefb9 in WebCore::HTMLDocument::~HTMLDocument() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#15 0x00007f5430c0698d in WebCore::Node::~Node() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#16 0x00007f5430ddd193 in WebCore::HTMLDivElement::~HTMLDivElement() () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#17 0x00007f542bf49d5a in void JSC::MarkedBlock::Handle::specializedSweep<true, (JSC::MarkedBlock::Handle::EmptyMode)1, (JSC::MarkedBlock::Handle::SweepMode)1, (JSC::MarkedBlock::Handle::SweepDestructionMode)1, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)1, (JSC::MarkedBlock::Handle::MarksMode)1, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) [clone .isra.0] () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0
#18 0x00007f542ba4ab63 in JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0
#19 0x00007f542ba3e73b in JSC::LocalAllocator::tryAllocateWithoutCollecting() () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0
#20 0x00007f542ba40514 in JSC::LocalAllocator::allocateSlowCase(JSC::Heap&, JSC::GCDeferralContext*, JSC::AllocationFailureMode) () at /app/webkit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.1.so.0
#21 0x00007f542fc3ebf6 in void* JSC::allocateCell<WebCore::JSHTMLDivElement>(JSC::VM&, unsigned long) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#22 0x00007f542fc445dd in WebCore::JSDOMWrapperConverterTraits<WebCore::HTMLDivElement>::WrapperClass* WebCore::createWrapper<WebCore::HTMLDivElement, WebCore::HTMLElement>(WebCore::JSDOMGlobalObject*, WTF::Ref<WebCore::HTMLElement, WTF::RawPtrTraits<WebCore::HTMLElement> >&&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#23 0x00007f5430784a6c in WebCore::toJS(JSC::JSGlobalObject*, WebCore::JSDOMGlobalObject*, WebCore::Element&) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#24 0x00007f542fa7a3b4 in WebCore::jsDocumentPrototypeFunction_getElementById(JSC::JSGlobalObject*, JSC::CallFrame*) () at /app/webkit/WebKitBuild/Release/lib/libwebkit2gtk-4.1.so.0
#25 0x00007f53d91c41b8 in  ()
#26 0x00007ffe27e5a8a0 in  ()
#27 0x00007f53d91e20b2 in  ()
#28 0x0000000000000000 in  ()

we have a circular reference between GstSpeechSynthesisWrapper and PlatformSpeechSynthesizer, which doesn't seem like a great thing.
Comment 1 Philippe Normand 2023-04-15 06:21:21 PDT 
fast/speechsynthesis/speech-synthesis-voices.html also crashing:

(gdb) bt                                                                                                                                                                                                             
#0  0x00007faa5564aefe in WTFCrash() () at /app/webkit/Source/WTF/wtf/Assertions.cpp:327                                                                                                                             
#1  0x00007faa5cfcc5db in WTFCrashWithInfo(int, char const*, char const*, int) () at WTF/Headers/wtf/Assertions.h:758                                                                                                
#2  0x00007faa5cfd3a48 in WTF::RefCountedBase::hasOneRef() const (this=0x7faa412f8908) at WTF/Headers/wtf/RefCounted.h:55                                                                                            
#3  0x00007faa5cfd3929 in WTF::RefCountedBase::applyRefDerefThreadingCheck() const (this=0x7faa412f8908) at WTF/Headers/wtf/RefCounted.h:106                                                                         
#4  0x00007faa5cfd3799 in WTF::RefCountedBase::derefBase() const (this=0x7faa412f8908) at WTF/Headers/wtf/RefCounted.h:130                                                                                           
#5  0x00007faa5e02e699 in WTF::RefCounted<WebCore::PlatformSpeechSynthesizer, std::default_delete<WebCore::PlatformSpeechSynthesizer> >::deref() const (this=0x7faa412f8908) at WTF/Headers/wtf/RefCounted.h:189     
#6  0x00007faa5e02e47d in WTF::Ref<WebCore::PlatformSpeechSynthesizer, WTF::RawPtrTraits<WebCore::PlatformSpeechSynthesizer> >::~Ref() (this=0x7faa4137da48) at WTF/Headers/wtf/Ref.h:61                             
#7  0x00007faa5ed649a0 in WebCore::GstSpeechSynthesisWrapper::~GstSpeechSynthesisWrapper() (this=0x7faa4137da40) at /app/webkit/Source/WebCore/platform/gstreamer/PlatformSpeechSynthesizerGStreamer.cpp:127         
#8  0x00007faa5ed68d6b in std::default_delete<WebCore::GstSpeechSynthesisWrapper>::operator()(WebCore::GstSpeechSynthesisWrapper*) const (this=0x7faa412f8930, __ptr=0x7faa4137da40) at /usr/lib/gcc/x86_64-unknown-l
inux-gnu/12.2.0/../../../../include/c++/12.2.0/bits/unique_ptr.h:95                                                                                                                                                  
#9  0x00007faa5ed6851d in std::unique_ptr<WebCore::GstSpeechSynthesisWrapper, std::default_delete<WebCore::GstSpeechSynthesisWrapper> >::~unique_ptr() (this=0x7faa412f8930) at /usr/lib/gcc/x86_64-unknown-linux-gnu
/12.2.0/../../../../include/c++/12.2.0/bits/unique_ptr.h:396                                                                                                                                                         
#10 0x00007faa5ed6514b in WebCore::PlatformSpeechSynthesizer::~PlatformSpeechSynthesizer() (this=0x7faa412f8900) at /app/webkit/Source/WebCore/platform/gstreamer/PlatformSpeechSynthesizerGStreamer.cpp:218         
#11 0x00007faa5ed65189 in WebCore::PlatformSpeechSynthesizer::~PlatformSpeechSynthesizer() (this=0x7faa412f8900) at /app/webkit/Source/WebCore/platform/gstreamer/PlatformSpeechSynthesizerGStreamer.cpp:218         
#12 0x00007faa5e02e6ec in std::default_delete<WebCore::PlatformSpeechSynthesizer>::operator()(WebCore::PlatformSpeechSynthesizer*) const (this=0x7ffd92d685d0, __ptr=0x7faa412f8900) at /usr/lib/gcc/x86_64-unknown-l
inux-gnu/12.2.0/../../../../include/c++/12.2.0/bits/unique_ptr.h:95                                                                                                                                                  
#13 0x00007faa5e02e6b7 in WTF::RefCounted<WebCore::PlatformSpeechSynthesizer, std::default_delete<WebCore::PlatformSpeechSynthesizer> >::deref() const (this=0x7faa412f8908) at WTF/Headers/wtf/RefCounted.h:190     
#14 0x00007faa60d786c2 in WTF::DefaultRefDerefTraits<WebCore::PlatformSpeechSynthesizer>::derefIfNotNull(WebCore::PlatformSpeechSynthesizer*) (ptr=0x7faa412f8900) at WTF/Headers/wtf/RefPtr.h:42                    
#15 0x00007faa60d758c9 in WTF::RefPtr<WebCore::PlatformSpeechSynthesizer, WTF::RawPtrTraits<WebCore::PlatformSpeechSynthesizer>, WTF::DefaultRefDerefTraits<WebCore::PlatformSpeechSynthesizer> >::~RefPtr() (this=0x
7fa8e200ac38) at WTF/Headers/wtf/RefPtr.h:74                                                                                                                                                                         
#16 0x00007faa60d71035 in WebCore::SpeechSynthesis::~SpeechSynthesis() (this=0x7fa8e200abe0) at /app/webkit/Source/WebCore/Modules/speech/SpeechSynthesis.cpp:75                                                     
#17 0x00007faa60d710f9 in WebCore::SpeechSynthesis::~SpeechSynthesis() (this=0x7fa8e200abe0) at /app/webkit/Source/WebCore/Modules/speech/SpeechSynthesis.cpp:75                                                     
#18 0x00007faa603e704c in std::default_delete<WebCore::SpeechSynthesis>::operator()(WebCore::SpeechSynthesis*) const (this=0x7ffd92d686b0, __ptr=0x7fa8e200abe0) at /usr/lib/gcc/x86_64-unknown-linux-gnu/12.2.0/../.
./../../include/c++/12.2.0/bits/unique_ptr.h:95                                                                                                                                                                      
#19 0x00007faa603e7017 in WTF::RefCounted<WebCore::SpeechSynthesis, std::default_delete<WebCore::SpeechSynthesis> >::deref() const (this=0x7fa8e200ac00) at WTF/Headers/wtf/RefCounted.h:190                         
#20 0x00007faa60d6d962 in WTF::DefaultRefDerefTraits<WebCore::SpeechSynthesis>::derefIfNotNull(WebCore::SpeechSynthesis*) (ptr=0x7fa8e200abe0) at WTF/Headers/wtf/RefPtr.h:42                                        
#21 0x00007faa60d6bab9 in WTF::RefPtr<WebCore::SpeechSynthesis, WTF::RawPtrTraits<WebCore::SpeechSynthesis>, WTF::DefaultRefDerefTraits<WebCore::SpeechSynthesis> >::~RefPtr() (this=0x7faa412f1198) at WTF/Headers/w
tf/RefPtr.h:74                                                                                                                                                                                                       
#22 0x00007faa60d6945b in WebCore::LocalDOMWindowSpeechSynthesis::~LocalDOMWindowSpeechSynthesis() (this=0x7faa412f1180) at /app/webkit/Source/WebCore/Modules/speech/LocalDOMWindowSpeechSynthesis.cpp:46           
#23 0x00007faa60d69499 in WebCore::LocalDOMWindowSpeechSynthesis::~LocalDOMWindowSpeechSynthesis() (this=0x7faa412f1180) at /app/webkit/Source/WebCore/Modules/speech/LocalDOMWindowSpeechSynthesis.cpp:46           
#24 0x00007faa6094b89c in std::default_delete<WebCore::Supplement<WebCore::LocalDOMWindow> >::operator()(WebCore::Supplement<WebCore::LocalDOMWindow>*) const (this=0x7faa411f8458, __ptr=0x7faa412f1180) at /usr/lib
/gcc/x86_64-unknown-linux-gnu/12.2.0/../../../../include/c++/12.2.0/bits/unique_ptr.h:95
...
Comment 2 Philippe Normand 2023-04-15 06:33:16 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/12770
Comment 3 EWS 2023-04-17 03:19:00 PDT 
Committed 263021@main (61e71fb6931b): <https://commits.webkit.org/263021@main>

Reviewed commits have been landed. Closing PR #12770 and removing active labels.
Comment 4 Radar WebKit Bug Importer 2023-04-17 03:20:17 PDT 
<rdar://problem/108128909>