[Webkit-unassigned] [Bug 260796] New: [GStreamer][MSE] Crash after 10 seconds on watchdog thread due to deadlock deep inside GStreamer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 28 08:00:28 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=260796

            Bug ID: 260796
           Summary: [GStreamer][MSE] Crash after 10 seconds on watchdog
                    thread due to deadlock deep inside GStreamer
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at redhat.com

Created attachment 467457

  --> https://bugs.webkit.org/attachment.cgi?id=467457&action=review

All-threads backtrace and full all-threads backtrace

Here's another crash after 10 seconds on the web process watchdog thread due to a deadlock deep inside GStreamer that has locked up the main thread. This is using Ephy Tech Preview with WebKitGTK 2.41.91 and GStreamer 1.22.5. This one looks different from the various other bugs I've reported about GStreamer deadlocking the main thread.

The top frames on the main thread are:

#0  futex_wait (private=0, expected=2, futex_word=0x7fe814223b50) at ../sysdeps/nptl/futex-internal.h:146
#1  __GI___lll_lock_wait (futex=futex at entry=0x7fe814223b50, private=0) at lowlevellock.c:49
#2  0x00007fe900092527 in lll_mutex_lock_optimized (mutex=0x7fe814223b50) at pthread_mutex_lock.c:48
#3  ___pthread_mutex_lock (mutex=0x7fe814223b50) at pthread_mutex_lock.c:128
#4  0x00007fe8fbf1658d in g_rec_mutex_lock (mutex=mutex at entry=0x7fe8142239b0) at ../glib/gthread-posix.c:397
#5  0x00007fe8fcb4b90f in gst_pad_pause_task (pad=0x7fe814223940 [GstPad|sink]) at ../gst/gstpad.c:6396
#6  0x00007fe850726307 in gst_qtdemux_do_seek (event=0x55d65103c4e0 [GstEvent], pad=0x7fe808002bc0 [GstPad|video_0], qtdemux=0x7fe814223370 [GstQTDemux|qtdemux0]) at ../gst/isomp4/qtdemux.c:1536
#7  gst_qtdemux_handle_src_event (pad=0x7fe808002bc0 [GstPad|video_0], parent=0x7fe814223370 [GstQTDemux|qtdemux0], event=0x55d65103c4e0 [GstEvent]) at ../gst/isomp4/qtdemux.c:1683
#8  0x00007fe8fcb4762d in gst_pad_send_event_unchecked (pad=pad at entry=0x7fe808002bc0 [GstPad|video_0], event=event at entry=0x55d65103c4e0 [GstEvent], type=<optimized out>, type at entry=GST_PAD_PROBE_TYPE_EVENT_UPSTREAM) at ../gst/gstpad.c:5939
#9  0x00007fe8fcb47d13 in gst_pad_push_event_unchecked (pad=pad at entry=0x7fe80800aa80 [GstMultiQueuePad|sink_0], event=event at entry=0x55d65103c4e0 [GstEvent], type=<optimized out>, type at entry=GST_PAD_PROBE_TYPE_EVENT_UPSTREAM) at ../gst/gstpad.c:5572
#10 0x00007fe8fcb4b186 in gst_pad_push_event (pad=pad at entry=0x7fe80800aa80 [GstMultiQueuePad|sink_0], event=event at entry=0x55d65103c4e0 [GstEvent]) at ../gst/gstpad.c:5711

Another thread that's also using GstPad:

Thread 28 (Thread 0x7fe8227fc6c0 (LWP 99)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1  0x00007fe8fbf172fd in g_cond_wait (cond=cond at entry=0x7fe818028528, mutex=mutex at entry=0x7fe818028518) at ../glib/gthread-posix.c:1552
#2  0x00007fe8683a45a3 in gst_download_buffer_wait_for_data (length=<optimized out>, offset=<optimized out>, dlbuf=<optimized out>) at ../plugins/elements/gstdownloadbuffer.c:725
#3  gst_download_buffer_read_buffer (dlbuf=dlbuf at entry=0x7fe818028340 [GstDownloadBuffer|downloadbuffer0], offset=offset at entry=193539, length=<optimized out>, length at entry=16, buffer=buffer at entry=0x7fe8227fb1e8) at ../plugins/elements/gstdownloadbuffer.c:808
#4  0x00007fe8683a8009 in gst_download_buffer_get_range (pad=<optimized out>, parent=0x7fe818028340 [GstDownloadBuffer|downloadbuffer0], offset=193539, length=16, buffer=0x7fe8227fb1e8) at ../plugins/elements/gstdownloadbuffer.c:1651
#5  0x00007fe8fcb49f6b in gst_pad_get_range_unchecked (pad=pad at entry=0x7fe818028b90 [GstPad|src], offset=offset at entry=193539, size=size at entry=16, buffer=buffer at entry=0x7fe8227fb2b8) at ../gst/gstpad.c:4948
#6  0x00007fe8fcb4a8da in gst_pad_pull_range (pad=0x7fe8180257a0 [GstGhostPad|sink], offset=193539, size=16, buffer=0x7fe8227fb3a8) at ../gst/gstpad.c:5193
#7  0x00007fe8fcb2adb7 in gst_proxy_pad_getrange_default (pad=<optimized out>, parent=<optimized out>, offset=193539, size=16, buffer=0x7fe8227fb3a8) at ../gst/gstghostpad.c:185
#8  0x00007fe8fcb49f6b in gst_pad_get_range_unchecked (pad=pad at entry=0x7fe818025b50 [GstProxyPad|proxypad10], offset=offset at entry=193539, size=size at entry=16, buffer=buffer at entry=0x7fe8227fb478) at ../gst/gstpad.c:4948
#9  0x00007fe8fcb4a8da in gst_pad_pull_range (pad=0x7fe818023c80 [GstPad|sink], offset=193539, size=16, buffer=0x7fe8227fb538) at ../gst/gstpad.c:5193
#10 0x00007fe8fcb49f6b in gst_pad_get_range_unchecked (pad=pad at entry=0x7fe818024180 [GstPad|src], offset=offset at entry=193539, size=size at entry=16, buffer=buffer at entry=0x7fe8227fb608) at ../gst/gstpad.c:4948

Another thread:

Thread 19 (Thread 0x7fe8217fa6c0 (LWP 101)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1  0x00007fe8fbf172fd in g_cond_wait (cond=cond at entry=0x7fe810006db8, mutex=mutex at entry=0x7fe810006da8) at ../glib/gthread-posix.c:1552
#2  0x00007fe8683a45a3 in gst_download_buffer_wait_for_data (length=<optimized out>, offset=<optimized out>, dlbuf=<optimized out>) at ../plugins/elements/gstdownloadbuffer.c:725
#3  gst_download_buffer_read_buffer (dlbuf=dlbuf at entry=0x7fe810006bd0 [GstDownloadBuffer|downloadbuffer1], offset=offset at entry=1391565, length=<optimized out>, length at entry=371, buffer=buffer at entry=0x7fe8217f9238) at ../plugins/elements/gstdownloadbuffer.c:808
#4  0x00007fe8683a8009 in gst_download_buffer_get_range (pad=<optimized out>, parent=0x7fe810006bd0 [GstDownloadBuffer|downloadbuffer1], offset=1391565, length=371, buffer=0x7fe8217f9238) at ../plugins/elements/gstdownloadbuffer.c:1651
#5  0x00007fe8fcb49f6b in gst_pad_get_range_unchecked (pad=pad at entry=0x7fe8100073b0 [GstPad|src], offset=offset at entry=1391565, size=size at entry=371, buffer=buffer at entry=0x7fe8217f9308) at ../gst/gstpad.c:4948
#6  0x00007fe8fcb4a8da in gst_pad_pull_range (pad=0x7fe810005df0 [GstGhostPad|sink], offset=1391565, size=371, buffer=0x7fe8217f93f8) at ../gst/gstpad.c:5193
#7  0x00007fe8fcb2adb7 in gst_proxy_pad_getrange_default (pad=<optimized out>, parent=<optimized out>, offset=1391565, size=371, buffer=0x7fe8217f93f8) at ../gst/gstghostpad.c:185
#8  0x00007fe8fcb49f6b in gst_pad_get_range_unchecked (pad=pad at entry=0x7fe810006170 [GstProxyPad|proxypad12], offset=offset at entry=1391565, size=size at entry=371, buffer=buffer at entry=0x7fe8217f94c8) at ../gst/gstpad.c:4948
#9  0x00007fe8fcb4a8da in gst_pad_pull_range (pad=0x7fe810004070 [GstPad|sink], offset=1391565, size=371, buffer=0x7fe8217f9588) at ../gst/gstpad.c:5193
#10 0x00007fe8fcb49f6b in gst_pad_get_range_unchecked (pad=pad at entry=0x7fe810004570 [GstPad|src], offset=offset at entry=1391565, size=size at entry=371, buffer=buffer at entry=0x7fe8217f9658) at ../gst/gstpad.c:4948

I'll attach the all-threads backtrace first, followed by the full all-threads backtrace.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230828/dcd70fc5/attachment-0001.htm>

More information about the webkit-unassigned mailing list