Closed Bug 1294492 Opened 8 years ago Closed 8 years ago

Assertion failure at MediaStreamGraph.h in ASAN debug builds

Categories

(Core :: Web Audio, defect, P2)

Product:
Core
Component:
Web Audio
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: dminor, Assigned: padenot)

References

Details

(Whiteboard: [needinfo 2016/08/12 to karlt]) 

[Child 11606] ###!!! ASSERTION: Bad seconds: '0 <= aSeconds && aSeconds <= TRACK_TICKS_MAX/TRACK_RATE_MAX', file /home/dminor/src/firefox-asan/dom/media/MediaStreamGraph.h, line 475
#01: /usr/bin/addr2line: Dwarf Error: Info pointer extends beyond end of attributes (/usr/bin/addr2line: Dwarf Error: Info pointer extends beyond end of attributes)
#02: /usr/bin/addr2line: Dwarf Error: Info pointer extends beyond end of attributes (/usr/bin/addr2line: Dwarf Error: Info pointer extends beyond end of attributes)
#03: /usr/bin/addr2line: Dwarf Error: Info pointer extends beyond end of attributes (/usr/bin/addr2line: Dwarf Error: Info pointer extends beyond end of attributes)
#04: mozilla::dom::AudioTimelineEvent::SetTimeInTicks(long) (/home/dminor/src/firefox-asan/dom/media/webaudio/AudioEventTimeline.h:94)
#05: mozilla::dom::GainNodeEngine::RecvTimelineEvent(unsigned int, mozilla::dom::AudioTimelineEvent&) (/home/dminor/src/firefox-asan/dom/media/webaudio/GainNode.cpp:48)
#06: nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_CopyWithMemutils>::Length() const (/home/dminor/src/firefox-asan/objdir-ff-asan/dist/include/nsTArray.h:356)
#07: pa_stream_update_timing_info (/usr/lib/x86_64-linux-gnu/libpulse.so.0)
#08: pa_pdispatch_ref (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so)
#09: pa_pdispatch_run (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so)
#10: pa_context_unref (/usr/lib/x86_64-linux-gnu/libpulse.so.0)
#11: pa_pstream_send_simple_ack (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so)
#12: pa_pstream_unref (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so)
#13: pa_pstream_unref (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so)
#14: pa_random (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so)
#15: pa_mainloop_dispatch (/usr/lib/x86_64-linux-gnu/libpulse.so.0)
#16: pa_mainloop_iterate (/usr/lib/x86_64-linux-gnu/libpulse.so.0)
#17: pa_mainloop_run (/usr/lib/x86_64-linux-gnu/libpulse.so.0)
#18: pa_context_set_subscribe_callback (/usr/lib/x86_64-linux-gnu/libpulse.so.0)
#19: pa_thread_self (/usr/lib/x86_64-linux-gnu/pulseaudio/libpulsecommon-8.0.so)
#20: start_thread (/build/glibc-GKVZIf/glibc-2.23/nptl/pthread_create.c:333)
#21: __clone (/build/glibc-GKVZIf/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:111)
#22: ??? (???:???)

Shows up in the following tests when running an ASAN debug build:

3683 INFO TEST-UNEXPECTED-ERROR | dom/media/webaudio/test/test_disconnectAudioParam.html | Assertion count 2 is greater than expected range 0-0 assertions.
{u'max_asserts': 0, u'assertions': 2, u'min_asserts': 0}
TEST-INFO 
3684 INFO TEST-UNEXPECTED-ERROR | dom/media/webaudio/test/test_disconnectAudioParamFromOutput.html | Assertion count 2 is greater than expected range 0-0 assertions.
{u'max_asserts': 0, u'assertions': 2, u'min_asserts': 0}
TEST-INFO 
3685 INFO TEST-UNEXPECTED-ERROR | dom/media/webaudio/test/test_nodeToParamConnection.html | Assertion count 1 is greater than expected range 0-0 assertions.
{u'max_asserts': 0, u'assertions': 1, u'min_asserts': 0}

This might be related to the changes made in Bug 1130010.
Hi Dan -- I'm looking to triage this.  What are the implications of this assertion failure?  (cc'ing Karl in case he wants to weigh in.)
Flags: needinfo?(dminor)
Whiteboard: [needinfo 2016/08/11 to dminor]
To be honest, I'm not familiar enough with the MSG code yet to be able to say.
Flags: needinfo?(dminor) → needinfo?(karlt)
Whiteboard: [needinfo 2016/08/11 to dminor] → [needinfo 2016/08/12 to karlt]
Assigning default values until :karlt can assess.
Rank: 25
Priority: -- → P2
The stack trace is somewhat confused, and so I don't know what is happening here.
The assertion failure could be from a UaF (which presumably ASAN would have detected) or from inconsistent time range checking.

Dan, would you be able to run the tests again now that bug 1130010 changes have been reverted?

The tests added in bug 1130010 are no longer there, but test_nodeToParamConnection.html has not changed.
Blocks: 1130010
Flags: needinfo?(karlt) → needinfo?(dminor)
Sure enough this no longer reproduces after the backout.
Flags: needinfo?(dminor)
Assignee: nobody → padenot
No longer reproduces with Paul's new patch applied.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.