Bug 244288

Summary: [GStreamer][MediaStream] Racy deadlock upon track removal request
Product: WebKit Reporter: Philippe Normand <philn>
Component: PlatformAssignee: Philippe Normand <philn>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Philippe Normand 2022-08-24 02:50:49 PDT 
/app/webkit/WebKitBuild/Release/bin/WebKitTestRunner --no-timeout file:///app/webkit/LayoutTests/fast/mediastream/RTCPeerConnection-icecandidate-event.html


(gdb) bt
#0  futex_wait (private=0, expected=2, futex_word=0x557b7a8e8970) at ../sysdeps/nptl/futex-internal.h:146
#1  __lll_lock_wait (futex=0x557b7a8e8970, futex@entry=<error reading variable: Cannot access memory at address 0x7ffd957b51b8>, private=0) at lowlevellock.c:52
#2  0x00007f9cc311d71d in __GI___pthread_mutex_lock (mutex=0x557b7a8e8970) at ../nptl/pthread_mutex_lock.c:115
#3  0x00007f9cc31fab5c in post_activate (new_mode=GST_PAD_MODE_NONE, pad=0x557b7a89e110) at ../gst/gstpad.c:1045
#4  activate_mode_internal (pad=pad@entry=0x557b7a89e110, parent=parent@entry=0x557b7a8a4050, mode=mode@entry=GST_PAD_MODE_PUSH, active=active@entry=0) at ../gst/gstpad.c:1223
#5  0x00007f9cc31fb56c in gst_pad_activate_mode (pad=pad@entry=0x557b7a89e110, mode=mode@entry=GST_PAD_MODE_PUSH, active=active@entry=0) at ../gst/gstpad.c:1321
#6  0x00007f9cc31e1a4d in gst_ghost_pad_activate_push_default (pad=<optimized out>, parent=<optimized out>, active=0) at ../gst/gstghostpad.c:371
#7  0x00007f9cc31fab1a in activate_mode_internal (pad=pad@entry=0x557b7a8a4050, parent=parent@entry=0x557b7a87f0d0, mode=mode@entry=GST_PAD_MODE_PUSH, active=active@entry=0) at ../gst/gstpad.c:1216
#8  0x00007f9cc31fb308 in gst_pad_set_active (pad=pad@entry=0x557b7a8a4050, active=0) at ../gst/gstpad.c:1114
#9  0x00007f9cc31aecd5 in activate_pads (vpad=<optimized out>, ret=0x7ffd957b53e0, active=0x7ffd957b53dc) at ../gst/gstbin.c:2622
#10 0x00007f9cc31ea38b in gst_iterator_fold (it=it@entry=0x557b7a7e1a20, func=func@entry=0x7f9cc31aecb0 <activate_pads>, ret=ret@entry=0x7ffd957b53e0, user_data=user_data@entry=0x7ffd957b53dc) at ../gst/gstiterator.c:617
#11 0x00007f9cc31ade19 in iterator_activate_fold_with_resync (user_data=0x7ffd957b53dc, iter=0x557b7a7e1a20) at ../gst/gstbin.c:2645
#12 gst_bin_src_pads_activate (bin=bin@entry=0x557b7a87f0d0, active=<optimized out>, active@entry=0) at ../gst/gstbin.c:2679
#13 0x00007f9cc31b477e in gst_bin_change_state_funcPython Exception <class 'gdb.MemoryError'>: Cannot access memory at address 0x7ffd957b5498
 (element=0x557b7a87f0d0, transition=#14 0x00007f9cc31d8a12 in gst_element_change_state (element=0x557b7a87f0d0,
    element@entry=<error reading variable: Cannot access memory at address 0x7ffd957b5518>, transition=GST_STATE_CHANGE_PAUSED_TO_READY) at ../gst/gstelement.c:3083
#15 0x00007f9cc31d948a in gst_element_continue_state (element=<error reading variable: Cannot access memory at address 0x7ffd957b5518>, ret=ret@entry=GST_STATE_CHANGE_SUCCESS) at ../gst/gstelement.c:2791
#16 0x00007f9cc31d8a5b in gst_element_change_state (element=<error reading variable: Cannot access memory at address 0x7ffd957b5518>, element@entry=0x557b7a87f0d0, transition=transition@entry=GST_STATE_CHANGE_PLAYING_TO_PAUSED) at ../gst/gstelement.c:3122
#17 0x00007f9cc31d9155 in gst_element_set_state_func (element=0x557b7a87f0d0, state=GST_STATE_NULL) at ../gst/gstelement.c:3037
#18 0x00007f9cc6f28242 in WebCore::RealtimeOutgoingMediaSourceGStreamer::~RealtimeOutgoingMediaSourceGStreamer() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#19 0x00007f9cc6f29028 in WebCore::RealtimeOutgoingVideoSourceGStreamer::~RealtimeOutgoingVideoSourceGStreamer() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#20 0x00007f9cc6e9093a in WebCore::GStreamerRtpSenderBackend::~GStreamerRtpSenderBackend() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#21 0x00007f9cc7c207c0 in WebCore::RTCPeerConnection::doClose() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#22 0x00007f9cc7c2482d in non-virtual thunk to WebCore::RTCPeerConnection::stop() () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#23 0x00007f9cc828bfad in WTF::Detail::CallableWrapper<WebCore::ScriptExecutionContext::stopActiveDOMObjects()::{lambda(auto:1&)#1}, WebCore::ScriptExecutionContext::ShouldContinue, WebCore::ActiveDOMObject&>::call(WebCore::ActiveDOMObject&) ()
    at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
#24 0x00007f9cc828e852 in WebCore::ScriptExecutionContext::forEachActiveDOMObject(WTF::Function<WebCore::ScriptExecutionContext::ShouldContinue (WebCore::ActiveDOMObject&)> const&) const () at /app/webkit/WebKitBuild/Release/lib/libWPEWebKit-1.1.so.0
Comment 1 Philippe Normand 2022-08-24 02:52:31 PDT 
Removal is requested from the main thread, while the appsrc stream lock might be taken already because a buffer or event is being pushed downstream.
Comment 2 Philippe Normand 2022-08-24 06:53:32 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/3609
Comment 3 EWS 2022-08-30 07:18:36 PDT 
Committed 253940@main (262bd3311741): <https://commits.webkit.org/253940@main>

Reviewed commits have been landed. Closing PR #3609 and removing active labels.
Comment 4 Radar WebKit Bug Importer 2022-08-30 07:19:16 PDT 
<rdar://problem/99329830>