[Webkit-unassigned] [Bug 257551] New: [GStreamer] Crash after 10 seconds on watchdog thread due to hang in gst_deinit()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 31 11:06:13 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=257551

            Bug ID: 257551
           Summary: [GStreamer] Crash after 10 seconds on watchdog thread
                    due to hang in gst_deinit()
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Media
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at redhat.com
                CC: bugs-noreply at webkitgtk.org

Here's another case of us hitting the WebKit::crashAfter10Seconds crash that we added in bug #249272 (WebProcess.cpp:281). Instead of posting the backtrace for the watchdog thread where the crash occurs, which is useless, I'm instead going to post the backtrace for the main thread since that's the thread where we have a problem:

Thread 29 (Thread 0x7f649d287a00 (LWP 2)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1  0x00007f64a0c8d78e in g_cond_wait (cond=cond at entry=0x563e7ac1bd10, mutex=0x563e7ac1b670) at ../glib/gthread-posix.c:1475
#2  0x00007f64a0c5ff3d in g_thread_pool_free (pool=0x563e7ac1bcf0, immediate=0, wait_=<optimized out>) at ../glib/gthreadpool.c:931
#3  0x00007f64a1502645 in gst_task_cleanup_all () at ../gst/gsttask.c:439
#4  0x00007f64a147860d in gst_deinit () at ../gst/gst.c:1123
#5  gst_deinit () at ../gst/gst.c:1101
#6  0x00007f64a58523b1 in WebKit::AuxiliaryProcessMainBase<WebKit::WebProcess, true>::run(int, char**) (this=0x7fff97241480, argc=3, argv=0x7fff97241618) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:73
#7  WebKit::AuxiliaryProcessMain<WebKit::WebProcessMainGtk>(int, char**) (argc=3, argv=0x7fff97241618) at /buildstream/gnome/sdk/webkitgtk-6.0.bst/Source/WebKit/Shared/AuxiliaryProcessMain.h:98
#8  0x00007f64a462954a in __libc_start_call_main (main=main at entry=0x563e78ff4150 <main>, argc=argc at entry=3, argv=argv at entry=0x7fff97241618) at ../sysdeps/nptl/libc_start_call_main.h:58
#9  0x00007f64a462960b in __libc_start_main_impl (main=0x563e78ff4150 <main>, argc=3, argv=0x7fff97241618, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=<optimized out>) at ../csu/libc-start.c:389
#10 0x0000563e78ff4085 in _start (

We hang when freeing a thread pool in gst_deinit(). Although the wait_ argument here is optimized out, I checked gstthreadpool.c to confirm that it's TRUE, causing GLib to wait until all threads finish before returning. So one of the GStreamer threads has deadlocked. There are only two such threads:

Thread 18 (Thread 0x7f625e7fc640 (LWP 102)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1  0x00007f64a0c8d78e in g_cond_wait (cond=cond at entry=0x563e7ad4b320, mutex=mutex at entry=0x563e7ad4b330) at ../glib/gthread-posix.c:1475
#2  0x00007f64a8cc8578 in gst_app_src_create (bsrc=0x563e7ad4b5f0 [GstAppSrc|appsrc3], offset=<optimized out>, size=<optimized out>, buf=<optimized out>) at ../gst-libs/gst/app/gstappsrc.c:1785
#3  0x00007f64a15c4b58 in gst_base_src_get_range (src=src at entry=0x563e7ad4b5f0 [GstAppSrc|appsrc3], offset=361643, length=<optimized out>, buf=buf at entry=0x7f625e7fba70) at ../libs/gst/base/gstbasesrc.c:2587
#4  0x00007f64a15cab09 in gst_base_src_loop (pad=0x563e7ad4b8f0 [GstPad|src]) at ../libs/gst/base/gstbasesrc.c:2911
#5  0x00007f64a14fa211 in gst_task_func (task=0x563e7ab40c70 [GstTask|appsrc3:src]) at ../gst/gsttask.c:384
#6  0x00007f64a0c5f452 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:350
#7  0x00007f64a0c5ea19 in g_thread_proxy (data=0x7f6490004ea0) at ../glib/gthread.c:831
#8  0x00007f64a468f1da in start_thread (arg=<optimized out>) at pthread_create.c:442
#9  0x00007f64a4717f44 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
Warning: the current language does not match this frame.

Thread 10 (Thread 0x7f625effd640 (LWP 101)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
#1  0x00007f64a0c8d78e in g_cond_wait (cond=cond at entry=0x563e7ac80390, mutex=mutex at entry=0x563e7ac803a0) at ../glib/gthread-posix.c:1475
#2  0x00007f64a8cc8578 in gst_app_src_create (bsrc=0x563e7ac80660 [GstAppSrc|appsrc2], offset=<optimized out>, size=<optimized out>, buf=<optimized out>) at ../gst-libs/gst/app/gstappsrc.c:1785
#3  0x00007f64a15c4b58 in gst_base_src_get_range (src=src at entry=0x563e7ac80660 [GstAppSrc|appsrc2], offset=3903, length=<optimized out>, buf=buf at entry=0x7f625effca70) at ../libs/gst/base/gstbasesrc.c:2587
#4  0x00007f64a15cab09 in gst_base_src_loop (pad=0x563e7ac7ed70 [GstPad|src]) at ../libs/gst/base/gstbasesrc.c:2911
#5  0x00007f64a14fa211 in gst_task_func (task=0x563e7acb7170 [GstTask|appsrc2:src]) at ../gst/gsttask.c:384
#6  0x00007f64a0c5f452 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:350
#7  0x00007f64a0c5ea19 in g_thread_proxy (data=0x7f6490004bf0) at ../glib/gthread.c:831
#8  0x00007f64a468f1da in start_thread (arg=<optimized out>) at pthread_create.c:442
#9  0x00007f64a4717f44 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100
Warning: the current language does not match this frame.

Is something going wrong in GstAppSrc?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230531/765bc392/attachment-0001.htm>

More information about the webkit-unassigned mailing list