[Webkit-unassigned] [Bug 213197] New: [GStreamer] Rare racy crash when a sync bus message is handled during pipeline destruction

Mon Jun 15 08:20:52 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=213197

            Bug ID: 213197
           Summary: [GStreamer] Rare racy crash when a sync bus message is
                    handled during pipeline destruction
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: aboya at igalia.com
                CC: bugs-noreply at webkitgtk.org

I found this crash once while bisecting gstreamer, after running the same tests thousands of times, so it's probably a bit rare in practice.

It crashes on ASSERT(m_isValid.load()) in MainThreadNotifier::notify().

m_isValid is set to false as part of MediaPlayerPrivateGStreamer.cpp destructor, *after* removing GstBus message handlers but *before* the pipeline is set to NULL state.

But, even if the main thread just removed all the GstBus message handlers, a streaming thread may happen already be executing MediaPlayerPrivateGStreamer::handleSyncMessage() since before the handlers were removed, and then it could use m_notifier->notify(), just after it has been invalidated, making the assert fail.

Thread 1 (Thread 0x7f1cdeffe700 (LWP 253)):
#0  0x00007f1d410fda26 in WTFCrash() () at ../../Source/WTF/wtf/Assertions.cpp:293
#1  0x00007f1d4f20cad2 in CRASH_WITH_INFO(...) () at DerivedSources/ForwardingHeaders/wtf/Assertions.h:713
#2  0x00007f1d53a3517c in WebCore::MainThreadNotifier<WebCore::MediaPlayerPrivateGStreamer::MainThreadNotification>::notify<WebCore::MediaPlayerPrivateGStreamer::handleSyncMessage(GstMessage*)::<lambda()> >(WebCore::MediaPlayerPrivateGStreamer::MainThreadNotification, WebCore::MediaPlayerPrivateGStreamer::<lambda()> &&) (this=0x7f1cdde80430, notificationType=WebCore::MediaPlayerPrivateGStreamer::StreamCollectionChanged, callbackFunctor=...) at ../../Source/WebCore/platform/graphics/gstreamer/MainThreadNotifier.h:48
#3  0x00007f1d53a2a086 in WebCore::MediaPlayerPrivateGStreamer::handleSyncMessage(_GstMessage*) (this=0x7f1cdde77b40, message=0x7f1ccc00f410 [GstMessage]) at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1611
#4  0x00007f1d53a29bb3 in WebCore::MediaPlayerPrivateGStreamer::<lambda(GstBus*, GstMessage*, gpointer)>::operator()(GstBus *, GstMessage *, gpointer) const (__closure=0x0, message=0x7f1ccc00f410 [GstMessage], userData=0x7f1cdde77b40) at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1578
#5  0x00007f1d53a29bfe in WebCore::MediaPlayerPrivateGStreamer::<lambda(GstBus*, GstMessage*, gpointer)>::_FUN(GstBus *, GstMessage *, gpointer) () at ../../Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1584
#6  0x00007f1d3ae85d0b in gst_bus_post (bus=bus at entry=0x559fe9a9ef30 [GstBus], message=message at entry=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbus.c:359
#7  0x00007f1d3ae9acb6 in gst_element_post_message_default (element=element at entry=0x559fe9e6c460 [GstPlayBin3], message=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstelement.c:2067
#8  0x00007f1d3ae76b9e in gst_bin_post_message (element=0x559fe9e6c460 [GstPlayBin3], msg=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstmessage.h:376
#9  0x00007f1d3ae9e16a in gst_element_post_message (element=element at entry=0x559fe9e6c460 [GstPlayBin3], message=message at entry=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstelement.c:2110
#10 0x00007f1d3ae76ecb in gst_bin_handle_message_func (bin=0x559fe9e6c460 [GstPlayBin3], message=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbin.c:4076
#11 0x00007f1d3aec6d64 in gst_pipeline_handle_message (bin=0x559fe9e6c460 [GstPlayBin3], message=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpipeline.c:647
#12 0x00007f1cf4101115 in gst_play_bin3_handle_message (bin=0x559fe9e6c460 [GstPlayBin3], msg=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gst-plugins-base/gst/playback/gstplaybin3.c:2556
#13 0x00007f1d3ae744c8 in bin_bus_handler (bus=<optimized out>, message=<optimized out>, bin=<optimized out>) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbin.c:3286
#14 0x00007f1d3ae85d0b in gst_bus_post (bus=bus at entry=0x559fe9da8040 [GstBus], message=message at entry=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbus.c:359
#15 0x00007f1d3ae9acb6 in gst_element_post_message_default (element=element at entry=0x559fe9e86e80 [GstURIDecodeBin3], message=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstelement.c:2067
#16 0x00007f1d3ae76b9e in gst_bin_post_message (element=0x559fe9e86e80 [GstURIDecodeBin3], msg=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstmessage.h:376
#17 0x00007f1d3ae9e16a in gst_element_post_message (element=element at entry=0x559fe9e86e80 [GstURIDecodeBin3], message=message at entry=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstelement.c:2110
#18 0x00007f1d3ae76ecb in gst_bin_handle_message_func (bin=0x559fe9e86e80 [GstURIDecodeBin3], message=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbin.c:4076
#19 0x00007f1d3ae744c8 in bin_bus_handler (bus=<optimized out>, message=<optimized out>, bin=<optimized out>) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbin.c:3286
#20 0x00007f1d3ae85d0b in gst_bus_post (bus=bus at entry=0x7f1cd0002e80 [GstBus], message=message at entry=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbus.c:359
#21 0x00007f1d3ae9acb6 in gst_element_post_message_default (element=element at entry=0x559fea20a030 [GstDecodebin3], message=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstelement.c:2067
#22 0x00007f1d3ae76b9e in gst_bin_post_message (element=0x559fea20a030 [GstDecodebin3], msg=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstmessage.h:376
#23 0x00007f1d3ae9e16a in gst_element_post_message (element=element at entry=0x559fea20a030 [GstDecodebin3], message=message at entry=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstelement.c:2110
#24 0x00007f1d3ae76ecb in gst_bin_handle_message_func (bin=0x559fea20a030 [GstDecodebin3], message=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbin.c:4076
#25 0x00007f1cf40d5527 in gst_decodebin3_handle_message (bin=0x559fea20a030 [GstDecodebin3], message=0x7f1ccc00f410 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gst-plugins-base/gst/playback/gstdecodebin3.c:1494
#26 0x00007f1d3ae744c8 in bin_bus_handler (bus=<optimized out>, message=<optimized out>, bin=<optimized out>) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbin.c:3286
#27 0x00007f1d3ae85d0b in gst_bus_post (bus=bus at entry=0x7f1cd0002b80 [GstBus], message=message at entry=0x7f1ccc00f090 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstbus.c:359
#28 0x00007f1d3ae9acb6 in gst_element_post_message_default (element=element at entry=0x7f1c10010920 [GstParseBin], message=0x7f1ccc00f090 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstelement.c:2067
#29 0x00007f1d3ae76b9e in gst_bin_post_message (element=0x7f1c10010920 [GstParseBin], msg=0x7f1ccc00f090 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstmessage.h:376
#30 0x00007f1d3ae9e16a in gst_element_post_message (element=0x7f1c10010920 [GstParseBin], message=message at entry=0x7f1ccc00f090 [GstMessage]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstelement.c:2110
#31 0x00007f1cf40ed26b in gst_parse_bin_expose (parsebin=parsebin at entry=0x7f1c10010920 [GstParseBin]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gst-plugins-base/gst/playback/gstparsebin.c:3524
#32 0x00007f1cf40edb90 in source_pad_blocked_cb (pad=pad at entry=0x7f1ccc012040 [GstPad], info=info at entry=0x7f1cdeffd050, user_data=<optimized out>) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gst-plugins-base/gst/playback/gstparsebin.c:3880
#33 0x00007f1d3aeb7a7e in probe_hook_marshal (hook=0x7f1ccc00a300, data=0x7f1cdeffcf20) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:3637
#34 0x00007f1d3a57b896 in g_hook_list_marshal (hook_list=hook_list at entry=0x7f1ccc0120d8, may_recurse=may_recurse at entry=1, marshaller=marshaller at entry=0x7f1d3aeb7660 <probe_hook_marshal>, data=data at entry=0x7f1cdeffcf20) at ../glib/ghook.c:672
#35 0x00007f1d3aeb70fe in do_probe_callbacks (pad=pad at entry=0x7f1ccc012040 [GstPad], info=info at entry=0x7f1cdeffd050, defaultval=defaultval at entry=GST_FLOW_OK) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:3800
#36 0x00007f1d3aebb47b in gst_pad_push_data (pad=pad at entry=0x7f1ccc012040 [GstPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4633
#37 0x00007f1d3aec27f3 in gst_pad_push (pad=0x7f1ccc012040 [GstPad], buffer=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4774
#38 0x00007f1d3aeb963f in gst_pad_chain_data_unchecked (pad=pad at entry=0x559fea211d80 [GstPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4399
#39 0x00007f1d3aebb7a1 in gst_pad_push_data (pad=pad at entry=0x7f1ccc010510 [GstProxyPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4655
#40 0x00007f1d3aec27f3 in gst_pad_push (pad=pad at entry=0x7f1ccc010510 [GstProxyPad], buffer=buffer at entry=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4774
#41 0x00007f1d3aea6853 in gst_proxy_pad_chain_default (pad=<optimized out>, parent=<optimized out>, buffer=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstghostpad.c:127
#42 0x00007f1d3aeb963f in gst_pad_chain_data_unchecked (pad=pad at entry=0x559fe9e85cb0 [GstGhostPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4399
#43 0x00007f1d3aebb7a1 in gst_pad_push_data (pad=pad at entry=0x7f1ccc0102b0 [GstProxyPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4655
#44 0x00007f1d3aec27f3 in gst_pad_push (pad=pad at entry=0x7f1ccc0102b0 [GstProxyPad], buffer=buffer at entry=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4774
#45 0x00007f1d3aea6853 in gst_proxy_pad_chain_default (pad=<optimized out>, parent=<optimized out>, buffer=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstghostpad.c:127
#46 0x00007f1d3aeb963f in gst_pad_chain_data_unchecked (pad=pad at entry=0x559fe9e85a30 [GstGhostPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4399
#47 0x00007f1d3aebb7a1 in gst_pad_push_data (pad=pad at entry=0x559fe9e857b0 [GstGhostPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4655
#48 0x00007f1d3aec27f3 in gst_pad_push (pad=pad at entry=0x559fe9e857b0 [GstGhostPad], buffer=buffer at entry=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4774
#49 0x00007f1d3aea6853 in gst_proxy_pad_chain_default (pad=<optimized out>, parent=<optimized out>, buffer=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstghostpad.c:127
#50 0x00007f1d3aeb963f in gst_pad_chain_data_unchecked (pad=pad at entry=0x7f1ccc010050 [GstProxyPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4399
#51 0x00007f1d3aebb7a1 in gst_pad_push_data (pad=pad at entry=0x559fea211b30 [GstPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4655
#52 0x00007f1d3aec27f3 in gst_pad_push (pad=0x559fea211b30 [GstPad], buffer=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4774
#53 0x00007f1d3aeb963f in gst_pad_chain_data_unchecked (pad=pad at entry=0x559fea2118e0 [GstPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4399
#54 0x00007f1d3aebb7a1 in gst_pad_push_data (pad=pad at entry=0x559fe9e85530 [GstGhostPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4655
#55 0x00007f1d3aec27f3 in gst_pad_push (pad=pad at entry=0x559fe9e85530 [GstGhostPad], buffer=buffer at entry=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4774
#56 0x00007f1d3aea6853 in gst_proxy_pad_chain_default (pad=<optimized out>, parent=<optimized out>, buffer=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstghostpad.c:127
#57 0x00007f1d50917aa7 in WebCore::webkitMediaStreamSrcChain(GstPad*, GstObject*, GstBuffer*) (pad=0x559fe9e87cf0 [GstProxyPad], parent=0x559fe9e85530 [GstGhostPad], buffer=0x7f1c1000b7e0 [GstBuffer]) at ../../Source/WebCore/platform/mediastream/gstreamer/GStreamerMediaStreamSource.cpp:479
#58 0x00007f1d3aeb963f in gst_pad_chain_data_unchecked (pad=pad at entry=0x559fe9e87cf0 [GstProxyPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4399
#59 0x00007f1d3aebb7a1 in gst_pad_push_data (pad=pad at entry=0x559fea210660 [GstPad], type=type at entry=4112, data=data at entry=0x7f1c1000b7e0) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4655
#60 0x00007f1d3aec27f3 in gst_pad_push (pad=pad at entry=0x559fea210660 [GstPad], buffer=0x7f1c1000b7e0 [GstBuffer]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gstpad.c:4774
#61 0x00007f1d3afc1e3d in gst_base_src_loop (pad=0x559fea210660 [GstPad]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/libs/gst/base/gstbasesrc.c:2974
#62 0x00007f1d3aef0f0f in gst_task_func (task=0x559fe9e7a5f0 [GstTask]) at ../../../home/ntrrgc/Apps/gst-1.16/subprojects/gstreamer/gst/gsttask.c:328
#63 0x00007f1d3a5b6004 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354
#64 0x00007f1d3a5b5761 in g_thread_proxy (data=0x559fe9db2360) at ../glib/gthread.c:807
#65 0x00007f1d3b6185e2 in start_thread (arg=<optimized out>) at pthread_create.c:479
#66 0x00007f1d39299473 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200615/be448096/attachment-0001.htm>