MSE: Crash following call to MediaSourceReader::BreakCycle

RESOLVED WORKSFORME

Status

()

P1
normal
RESOLVED WORKSFORME
4 years ago
4 years ago

People

(Reporter: jya, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
Found while investigating bug 1115190

(lldb) bt
* thread #1: tid = 0x79b8c, 0x00000001035c08d5 XUL`nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::DestructRange(this=0x000000012e6e63a8, aStart=0, aCount=541214) + 53 at nsTArray.h:1700, queue = 'com.apple.main-thread', stop reason = signal SIGPIPE
  * frame #0: 0x00000001035c08d5 XUL`nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::DestructRange(this=0x000000012e6e63a8, aStart=0, aCount=541214) + 53 at nsTArray.h:1700
    frame #1: 0x00000001035b1dac XUL`nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::RemoveElementsAt(this=0x000000012e6e63a8, aStart=0, aCount=541214) + 396 at nsTArray.h:1397
    frame #2: 0x00000001035b1bb5 XUL`nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::Clear(this=0x000000012e6e63a8) + 53 at nsTArray.h:1406
    frame #3: 0x00000001035bb2e9 XUL`nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::~nsTArray_Impl(this=0x000000012e6e63a8) + 25 at nsTArray.h:785
    frame #4: 0x00000001035bb2c5 XUL`nsTArray<unsigned char>::~nsTArray(this=0x000000012e6e63a8) + 21 at nsTArray.h:1775
    frame #5: 0x00000001035c1475 XUL`nsTArray<unsigned char>::~nsTArray(this=0x000000012e6e63a8) + 21 at nsTArray.h:1775
    frame #6: 0x00000001061cb265 XUL`mozilla::ResourceItem::~ResourceItem(this=0x000000012e6e63a8) + 21 at ResourceQueue.h:38
    frame #7: 0x00000001061cb245 XUL`mozilla::ResourceItem::~ResourceItem(this=0x000000012e6e63a8) + 21 at ResourceQueue.h:38
    frame #8: 0x00000001061cb19e XUL`mozilla::ResourceQueueDeallocator::operator(this=0x000000012e6e6358, aObject=0x000000012e6e63a8)(void*) + 46 at ResourceQueue.h:58
    frame #9: 0x000000010374ed69 XUL`nsDeque::ForEach(this=0x0000000141b6a0e0, aFunctor=0x000000012e6e6358) const + 89 at nsDeque.cpp:422
    frame #10: 0x000000010374eb32 XUL`nsDeque::Erase(this=0x0000000141b6a0e0) + 66 at nsDeque.cpp:151
    frame #11: 0x000000010374ea85 XUL`nsDeque::~nsDeque(this=0x0000000141b6a0e0) + 53 at nsDeque.cpp:89
    frame #12: 0x00000001061cb285 XUL`mozilla::ResourceQueue::~ResourceQueue(this=0x0000000141b6a0e0) + 21 at ResourceQueue.h:63
    frame #13: 0x00000001061bea95 XUL`mozilla::ResourceQueue::~ResourceQueue(this=0x0000000141b6a0e0) + 21 at ResourceQueue.h:63
    frame #14: 0x00000001061ba146 XUL`mozilla::SourceBufferResource::~SourceBufferResource(this=0x0000000141b6a090) + 134 at SourceBufferResource.cpp:185
    frame #15: 0x00000001061ba195 XUL`mozilla::SourceBufferResource::~SourceBufferResource(this=0x0000000141b6a090) + 21 at SourceBufferResource.cpp:182
    frame #16: 0x00000001061ba1b9 XUL`mozilla::SourceBufferResource::~SourceBufferResource(this=0x0000000141b6a090) + 25 at SourceBufferResource.cpp:182
    frame #17: 0x00000001060da02d XUL`mozilla::MediaResource::Destroy(this=0x0000000141b6a090) + 397 at MediaResource.cpp:68
    frame #18: 0x00000001060da364 XUL`mozilla::MediaResource::Release(this=0x0000000141b6a090) + 484 at MediaResource.cpp:73
    frame #19: 0x0000000105fa77b1 XUL`nsRefPtr<mozilla::MediaResource>::~nsRefPtr(this=0x000000013588e7b0) + 49 at nsRefPtr.h:59
    frame #20: 0x0000000105fa2945 XUL`nsRefPtr<mozilla::MediaResource>::~nsRefPtr(this=0x000000013588e7b0) + 21 at nsRefPtr.h:57
    frame #21: 0x00000001061b8637 XUL`mozilla::SourceBufferDecoder::~SourceBufferDecoder(this=0x000000013588e790) + 119 at SourceBufferDecoder.cpp:49
    frame #22: 0x00000001061b8665 XUL`mozilla::SourceBufferDecoder::~SourceBufferDecoder(this=0x000000013588e790) + 21 at SourceBufferDecoder.cpp:47
    frame #23: 0x00000001061b8689 XUL`mozilla::SourceBufferDecoder::~SourceBufferDecoder(this=0x000000013588e790) + 25 at SourceBufferDecoder.cpp:47
    frame #24: 0x00000001061b83cc XUL`mozilla::SourceBufferDecoder::Release(this=0x000000013588e790) + 508 at SourceBufferDecoder.cpp:33
    frame #25: 0x00000001061c68dd XUL`nsRefPtr<mozilla::SourceBufferDecoder>::~nsRefPtr(this=0x000000010049f110) + 45 at nsRefPtr.h:59
    frame #26: 0x00000001061bd525 XUL`nsRefPtr<mozilla::SourceBufferDecoder>::~nsRefPtr(this=0x000000010049f110) + 21 at nsRefPtr.h:57
    frame #27: 0x00000001061c1c05 XUL`nsTArrayElementTraits<nsRefPtr<mozilla::SourceBufferDecoder> >::Destruct(aE=0x000000010049f110) + 21 at nsTArray.h:488
    frame #28: 0x00000001061c1bd6 XUL`nsTArray_Impl<nsRefPtr<mozilla::SourceBufferDecoder>, nsTArrayInfallibleAllocator>::DestructRange(this=0x000000013dd75c20, aStart=0, aCount=2) + 86 at nsTArray.h:1701
    frame #29: 0x00000001061c1b2c XUL`nsTArray_Impl<nsRefPtr<mozilla::SourceBufferDecoder>, nsTArrayInfallibleAllocator>::RemoveElementsAt(this=0x000000013dd75c20, aStart=0, aCount=2) + 396 at nsTArray.h:1397
    frame #30: 0x00000001061bf005 XUL`nsTArray_Impl<nsRefPtr<mozilla::SourceBufferDecoder>, nsTArrayInfallibleAllocator>::Clear(this=0x000000013dd75c20) + 53 at nsTArray.h:1406
    frame #31: 0x00000001061b26be XUL`mozilla::TrackBuffer::BreakCycles(this=0x000000013dd75c00) + 222 at TrackBuffer.cpp:547
    frame #32: 0x00000001061b25ab XUL`mozilla::MediaSourceReader::BreakCycles(this=0x0000000135ac0c00) + 683 at MediaSourceReader.cpp:367
    frame #33: 0x000000010613db54 XUL`mozilla::MediaDecoderStateMachine::BreakCycles(this=0x0000000135ac1c00) + 84 at MediaDecoderStateMachine.h:326
    frame #34: 0x000000010613d9d3 XUL`mozilla::nsDecoderDisposeEvent::Run(this=0x00000001004030a0) + 323 at MediaDecoderStateMachine.cpp:2496
    frame #35: 0x00000001037022f8 XUL`nsThread::ProcessNextEvent(this=0x0000000100437310, aMayWait=false, aResult=0x00007fff5fbfd093) + 2088 at nsThread.cpp:855
    frame #36: 0x000000010375b99a XUL`NS_ProcessPendingEvents(aThread=0x0000000100437310, aTimeout=20) + 154 at nsThreadUtils.cpp:207
    frame #37: 0x00000001069b5c69 XUL`nsBaseAppShell::NativeEventCallback(this=0x000000011b5baf20) + 201 at nsBaseAppShell.cpp:98
    frame #38: 0x0000000106a2d9ed XUL`nsAppShell::ProcessGeckoEvents(aInfo=0x000000011b5baf20) + 445 at nsAppShell.mm:373
    frame #39: 0x00007fff91ae9661 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
    frame #40: 0x00007fff91adb7ed CoreFoundation`__CFRunLoopDoSources0 + 269
    frame #41: 0x00007fff91adae1f CoreFoundation`__CFRunLoopRun + 927
    frame #42: 0x00007fff91ada838 CoreFoundation`CFRunLoopRunSpecific + 296
    frame #43: 0x00007fff8a02543f HIToolbox`RunCurrentEventLoopInMode + 235
    frame #44: 0x00007fff8a0251ba HIToolbox`ReceiveNextEventCommon + 431
    frame #45: 0x00007fff8a024ffb HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 71
    frame #46: 0x00007fff843086d1 AppKit`_DPSNextEvent + 964
    frame #47: 0x00007fff84307e80 AppKit`-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 194
    frame #48: 0x0000000106a2c537 XUL`-[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:](self=0x00000001180435e0, _cmd=0x00007fff84c5bb88, mask=18446744073709551615, expiration=0x422d63c37f00000d, mode=0x00007fff7624df60, flag='\x01') + 119 at nsAppShell.mm:118
    frame #49: 0x00007fff842fbe23 AppKit`-[NSApplication run] + 594
    frame #50: 0x0000000106a2e3a7 XUL`nsAppShell::Run(this=0x000000011b5baf20) + 167 at nsAppShell.mm:647
    frame #51: 0x000000010790fffc XUL`nsAppStartup::Run(this=0x000000011b5c3150) + 156 at nsAppStartup.cpp:281
    frame #52: 0x00000001079bff80 XUL`XREMain::XRE_mainRun(this=0x00007fff5fbff018) + 6208 at nsAppRunner.cpp:4150
    frame #53: 0x00000001079c082e XUL`XREMain::XRE_main(this=0x00007fff5fbff018, argc=5, argv=0x00007fff5fbff948, aAppData=0x00007fff5fbff2c8) + 798 at nsAppRunner.cpp:4226
    frame #54: 0x00000001079c0cf2 XUL`XRE_main(argc=5, argv=0x00007fff5fbff948, aAppData=0x00007fff5fbff2c8, aFlags=0) + 98 at nsAppRunner.cpp:4446
    frame #55: 0x0000000100002d0e firefox`do_main(argc=5, argv=0x00007fff5fbff948, xreDirectory=0x000000010040de00) + 1950 at nsBrowserApp.cpp:292
    frame #56: 0x0000000100002073 firefox`main(argc=5, argv=0x00007fff5fbff948) + 323 at nsBrowserApp.cpp:661
    frame #57: 0x0000000100001ad4 firefox`start + 52
(lldb) 

Appears to me that that they both have the same cause, just crashing differently.

To Reproduce:
Start a YouTube MSE, once playback start, go to about:memory, click on minimize memory usage to force a GC.
(Reporter)

Comment 1

4 years ago
Can't reproduce it consistently.

it appears to occur more often than not if a change of resolution occurred during playback
Priority: -- → P1
Does this still occur?
(Reporter)

Comment 3

4 years ago
I can't say for certain.

At the time, I already had the locking fixes applied in my patch queue.
This only occurred to me twice after several attempts.

I haven't had it since. Not sure that means much
(In reply to Jean-Yves Avenard [:jya] from comment #3)
> I can't say for certain.
> 
> At the time, I already had the locking fixes applied in my patch queue.

Which locking fixes?

> This only occurred to me twice after several attempts.
> 
> I haven't had it since. Not sure that means much

Can you give it 10 tries or so, and then either confirm the bug still exists or resolve it WFM?
Flags: needinfo?(jyavenard)
(Reporter)

Updated

4 years ago
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Flags: needinfo?(jyavenard)
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.