Closed Bug 1499426 Opened 7 years ago Closed 6 years ago

Intermitent AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:1042:7 in mozilla::AudioInputProcessing::Pull(RefPtr<mozilla::AllocationHandle const> const&, RefPtr<mozilla::SourceMediaStrea

Categories

(Core :: WebRTC: Audio/Video, defect, P1)

Product:
Core
Component:
WebRTC: Audio/Video
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox63 --- unaffected
firefox64 + wontfix
firefox65 + fixed
firefox66 + fixed

People

(Reporter: aiakab, Assigned: padenot)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-uaf, intermittent-failure, sec-high, Whiteboard: [post-critsmash-triage][adv-main65+])

Attachments

(1 file, 1 obsolete file)

Bug 1499426 - Align the lifetime of AudioInputProcessing with the lifetime of MediaEngineWebRTCAudio. r?achronop
47 bytes, text/x-phabricator-request
abillings
: approval-mozilla-beta+
abillings
: sec-approval+
Details | Review
Failure log https://treeherder.mozilla.org/logviewer.html#?job_id=205822861&repo=mozilla-inbound Part of that log: 13:48:26 INFO - GECKO(1075) | TEST DEVICES: Got loopback audio: Monitor of Null Output [task 2018-10-16T13:48:26.244Z] 13:48:26 INFO - GECKO(1075) | TEST DEVICES: Got loopback video: Dummy video device (0x0000) [task 2018-10-16T13:48:27.269Z] 13:48:27 INFO - GECKO(1075) | (stun/INFO) STUN-CLIENT(consent): Received response; processing [task 2018-10-16T13:48:27.270Z] 13:48:27 INFO - GECKO(1075) | (ice/INFO) ICE(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter)/STREAM(1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter transport-id=transport_0 - e94ee357:d995db5196b4ce0d5ce469b2f74fcfbd)/COMP(1): Consent refreshed [task 2018-10-16T13:48:28.073Z] 13:48:28 INFO - GECKO(1075) | (stun/INFO) STUN-CLIENT(consent): Received response; processing [task 2018-10-16T13:48:28.074Z] 13:48:28 INFO - GECKO(1075) | (ice/INFO) ICE(PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter)/STREAM(1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter transport-id=transport_0 - 7a2bba14:588e2034f1f778480efc95efcf599f89)/COMP(1): Consent refreshed [task 2018-10-16T13:48:28.338Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|sdp_config] sdp_config.c:86: SDP: Initialized config pointer: 0x60b000a0c990 [task 2018-10-16T13:48:28.338Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/jsep [1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter]: stable -> have-local-offer [task 2018-10-16T13:48:28.341Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Socket Thread]: E/mtransport Couldn't set proxy for 'PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter': 4 [task 2018-10-16T13:48:28.343Z] 13:48:28 INFO - GECKO(1075) | (ice/WARNING) ICE(PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter): local addresses already set, no work to do [task 2018-10-16T13:48:28.361Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|sdp_config] sdp_config.c:86: SDP: Initialized config pointer: 0x60b000a2a340 [task 2018-10-16T13:48:28.362Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/jsep [1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter]: stable -> have-remote-offer [task 2018-10-16T13:48:28.364Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|PeerConnectionImpl] PeerConnectionImpl.cpp:1608: SetRemoteDescription: pc = e18f90f099a16e82, asking JS to create transceiver for {2753c93f-978f-4a0f-80ce-51da5ca55035} [task 2018-10-16T13:48:28.445Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|sdp_config] sdp_config.c:86: SDP: Initialized config pointer: 0x60b000a16de0 [task 2018-10-16T13:48:28.448Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/jsep [1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter]: have-remote-offer -> stable [task 2018-10-16T13:48:28.452Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Socket Thread]: E/mtransport Couldn't set proxy for 'PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter': 4 [task 2018-10-16T13:48:28.454Z] 13:48:28 INFO - GECKO(1075) | (ice/WARNING) ICE(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter): local addresses already set, no work to do [task 2018-10-16T13:48:28.456Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Socket Thread]: D/mtransport Couldn't get default ICE candidate for '1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter transport-id=transport_0', no candidates. [task 2018-10-16T13:48:28.459Z] 13:48:28 INFO - GECKO(1075) | (ice/INFO) ICE-PEER(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter:default): all checks completed success=1 fail=0 [task 2018-10-16T13:48:28.469Z] 13:48:28 INFO - GECKO(1075) | (ice/ERR) ICE(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter): peer (PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter:default) in nr_ice_peer_ctx_start_checks2 all streams were done [task 2018-10-16T13:48:28.472Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|sdp_config] sdp_config.c:86: SDP: Initialized config pointer: 0x60b000a09130 [task 2018-10-16T13:48:28.472Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/jsep [1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter]: have-local-offer -> stable [task 2018-10-16T13:48:28.472Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|WebrtcAudioSessionConduit] AudioConduit.cpp:255: SetDtmfPayloadType : setting dtmf payload 101 [task 2018-10-16T13:48:28.477Z] 13:48:28 INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|WebrtcAudioSessionConduit] AudioConduit.cpp:255: SetDtmfPayloadType : setting dtmf payload 101 [task 2018-10-16T13:48:28.477Z] 13:48:28 INFO - GECKO(1075) | (ice/INFO) ICE-PEER(PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter:default): all checks completed success=1 fail=0 [task 2018-10-16T13:48:28.477Z] 13:48:28 INFO - GECKO(1075) | (ice/ERR) ICE(PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter): peer (PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter:default) in nr_ice_peer_ctx_start_checks2 all streams were done [task 2018-10-16T13:48:31.840Z] 13:48:31 INFO - GECKO(1075) | (stun/INFO) STUN-CLIENT(consent): Received response; processing [task 2018-10-16T13:48:31.842Z] 13:48:31 INFO - GECKO(1075) | (ice/INFO) ICE(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter)/STREAM(1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter transport-id=transport_0 - e94ee357:d995db5196b4ce0d5ce469b2f74fcfbd)/COMP(1): Consent refreshed [task 2018-10-16T13:48:31.965Z] 13:48:31 INFO - GECKO(1075) | ================================================================= [task 2018-10-16T13:48:31.965Z] 13:48:31 ERROR - GECKO(1075) | ==1182==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000754789 at pc 0x7facff2ceeb9 bp 0x7face75ac630 sp 0x7face75ac628 [task 2018-10-16T13:48:31.966Z] 13:48:31 INFO - GECKO(1075) | READ of size 1 at 0x611000754789 thread T25 (AudioIPC1) [task 2018-10-16T13:48:32.680Z] 13:48:32 INFO - GECKO(1075) | #0 0x7facff2ceeb8 in mozilla::AudioInputProcessing::Pull(RefPtr<mozilla::AllocationHandle const> const&, RefPtr<mozilla::SourceMediaStream> const&, int, long, nsMainThreadPtrHandle<nsIPrincipal> const&) /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:1042:7 [task 2018-10-16T13:48:32.698Z] 13:48:32 INFO - GECKO(1075) | #1 0x7facfeb321ed in Pull /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:1185:12 [task 2018-10-16T13:48:32.699Z] 13:48:32 INFO - GECKO(1075) | #2 0x7facfeb321ed in mozilla::SourceListener::NotifyPull(mozilla::MediaStreamGraph*, long) /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4726 [task 2018-10-16T13:48:32.704Z] 13:48:32 INFO - GECKO(1075) | #3 0x7facfec2eb71 in mozilla::SourceMediaStream::PullNewData(long) /builds/worker/workspace/build/src/dom/media/MediaStreamGraph.cpp:2922:10 [task 2018-10-16T13:48:32.705Z] 13:48:32 INFO - GECKO(1075) | #4 0x7facfec2db71 in mozilla::MediaStreamGraphImpl::UpdateGraph(long) /builds/worker/workspace/build/src/dom/media/MediaStreamGraph.cpp:1290:34 [task 2018-10-16T13:48:32.706Z] 13:48:32 INFO - GECKO(1075) | #5 0x7facfec3181a in mozilla::MediaStreamGraphImpl::OneIteration(long) /builds/worker/workspace/build/src/dom/media/MediaStreamGraph.cpp:1480:3 [task 2018-10-16T13:48:32.708Z] 13:48:32 INFO - GECKO(1075) | #6 0x7facfe9aec73 in mozilla::AudioCallbackDriver::DataCallback(float const*, float*, long) /builds/worker/workspace/build/src/dom/media/GraphDriver.cpp:1017:36 [task 2018-10-16T13:48:32.717Z] 13:48:32 INFO - GECKO(1075) | #7 0x7fad05de2b30 in _$LT$audioipc_client..stream..CallbackServer$u20$as$u20$audioipc..rpc..server..Server$GT$::process::_$u7b$$u7b$closure$u7d$$u7d$::hb8c8380a5ae4f794 /builds/worker/workspace/build/src/media/audioipc/client/src/stream.rs:110:24 [task 2018-10-16T13:48:32.719Z] 13:48:32 INFO - GECKO(1075) | #8 0x7fad05de2b30 in _$LT$futures..future..lazy..Lazy$LT$F$C$$u20$R$GT$$GT$::get::h675983f0b10bc42f /builds/worker/workspace/build/src/third_party/rust/futures/src/future/lazy.rs:64 [task 2018-10-16T13:48:32.723Z] 13:48:32 INFO - GECKO(1075) | #9 0x7fad05de2b30 in _$LT$futures..future..lazy..Lazy$LT$F$C$$u20$R$GT$$u20$as$u20$futures..future..Future$GT$::poll::hbc63bc18b907e3ed /builds/worker/workspace/build/src/third_party/rust/futures/src/future/lazy.rs:82 [task 2018-10-16T13:48:32.723Z] 13:48:32 INFO - GECKO(1075) | #10 0x7fad05de2b30 in futures::future::catch_unwind::_$LT$impl$u20$futures..future..Future$u20$for$u20$std..panic..AssertUnwindSafe$LT$F$GT$$GT$::poll::h43f8784ac26f8878 /builds/worker/workspace/build/src/third_party/rust/futures/src/future/catch_unwind.rs:49 [task 2018-10-16T13:48:32.723Z] 13:48:32 INFO - GECKO(1075) | #11 0x7fad05de2b30 in _$LT$futures..future..catch_unwind..CatchUnwind$LT$F$GT$$u20$as$u20$futures..future..Future$GT$::poll::_$u7b$$u7b$closure$u7d$$u7d$::h7a67ef38d8228654 /builds/worker/workspace/build/src/third_party/rust/futures/src/future/catch_unwind.rs:32 [task 2018-10-16T13:48:32.724Z] 13:48:32 INFO - GECKO(1075) | #12 0x7fad05de2b30 in std::panicking::try::do_call::hd921f12bcabcb4d8 /checkout/src/libstd/panicking.rs:310 [task 2018-10-16T13:48:32.726Z] 13:48:32 INFO - GECKO(1075) | #13 0x7fad05de2b30 in __rust_maybe_catch_panic /checkout/src/libpanic_abort/lib.rs:39 [task 2018-10-16T13:48:32.728Z] 13:48:32 INFO - GECKO(1075) | #14 0x7fad05de2b30 in std::panicking::try::hc3e3ceaa6cbb24cc /checkout/src/libstd/panicking.rs:289 [task 2018-10-16T13:48:32.730Z] 13:48:32 INFO - GECKO(1075) | #15 0x7fad05de2b30 in std::panic::catch_unwind::hf8f5f6b9d5fff67e /checkout/src/libstd/panic.rs:392 [task 2018-10-16T13:48:32.731Z] 13:48:32 INFO - GECKO(1075) | #16 0x7fad05de2b30 in _$LT$futures..future..catch_unwind..CatchUnwind$LT$F$GT$$u20$as$u20$futures..future..Future$GT$::poll::h9875596160d98992 /builds/worker/workspace/build/src/third_party/rust/futures/src/future/catch_unwind.rs:32 [task 2018-10-16T13:48:32.732Z] 13:48:32 INFO - GECKO(1075) | #17 0x7fad05de2b30 in _$LT$futures_cpupool..MySender$LT$F$C$$u20$core..result..Result$LT$$LT$F$u20$as$u20$futures..future..Future$GT$..Item$C$$u20$$LT$F$u20$as$u20$futures..future..Future$GT$..Error$GT$$GT$$u20$as$u20$futures..future..Future$GT$::poll::h28872905fe35039a /builds/worker/workspace/build/src/third_party/rust/futures-cpupool/src/lib.rs:325 [task 2018-10-16T13:48:32.735Z] 13:48:32 INFO - GECKO(1075) | #18 0x7fad05df7780 in _$LT$alloc..boxed..Box$LT$F$GT$$u20$as$u20$futures..future..Future$GT$::poll::h644a5e47165a2c68 /builds/worker/workspace/build/src/third_party/rust/futures/src/future/mod.rs:113:12 [task 2018-10-16T13:48:32.738Z] 13:48:32 INFO - GECKO(1075) | #19 0x7fad05df7780 in _$LT$futures..task_impl..Spawn$LT$T$GT$$GT$::poll_future_notify::_$u7b$$u7b$closure$u7d$$u7d$::h5904c75564ea2b63 /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/mod.rs:289 [task 2018-10-16T13:48:32.740Z] 13:48:32 INFO - GECKO(1075) | #20 0x7fad05df7780 in _$LT$futures..task_impl..Spawn$LT$T$GT$$GT$::enter::_$u7b$$u7b$closure$u7d$$u7d$::h1b1078111cc7b73a /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/mod.rs:363 [task 2018-10-16T13:48:32.741Z] 13:48:32 INFO - GECKO(1075) | #21 0x7fad05df7780 in futures::task_impl::std::set::h07ec201e1f095c67 /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/std/mod.rs:78 [task 2018-10-16T13:48:32.743Z] 13:48:32 INFO - GECKO(1075) | #22 0x7fad05df7780 in _$LT$futures..task_impl..Spawn$LT$T$GT$$GT$::enter::h8019cea08c9ddbfb /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/mod.rs:363 [task 2018-10-16T13:48:32.744Z] 13:48:32 INFO - GECKO(1075) | #23 0x7fad05df7780 in _$LT$futures..task_impl..Spawn$LT$T$GT$$GT$::poll_future_notify::h4ab45d7b2ac6c51b /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/mod.rs:289 [task 2018-10-16T13:48:32.746Z] 13:48:32 INFO - GECKO(1075) | #24 0x7fad05df7780 in futures::task_impl::std::Run::run::h65b702aba83ce2ad /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/std/mod.rs:450 [task 2018-10-16T13:48:32.755Z] 13:48:32 INFO - GECKO(1075) | #25 0x7fad05df7780 in futures_cpupool::Inner::work::h8a5b4bffeba6b3c4 /builds/worker/workspace/build/src/third_party/rust/futures-cpupool/src/lib.rs:257 [task 2018-10-16T13:48:32.756Z] 13:48:32 INFO - GECKO(1075) | #26 0x7fad05df7780 in futures_cpupool::Builder::create::_$u7b$$u7b$closure$u7d$$u7d$::h5d9360920a712044 /builds/worker/workspace/build/src/third_party/rust/futures-cpupool/src/lib.rs:427 [task 2018-10-16T13:48:32.756Z] 13:48:32 INFO - GECKO(1075) | #27 0x7fad05df7780 in std::sys_common::backtrace::__rust_begin_short_backtrace::hb23cbd55170464ca /checkout/src/libstd/sys_common/backtrace.rs:136 [task 2018-10-16T13:48:32.757Z] 13:48:32 INFO - GECKO(1075) | #28 0x7fad05df661d in std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::hf6e88a5b6bc04a0d /checkout/src/libstd/thread/mod.rs:409:20 [task 2018-10-16T13:48:32.758Z] 13:48:32 INFO - GECKO(1075) | #29 0x7fad05df661d in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h114bfe3a744a6135 /checkout/src/libstd/panic.rs:313 [task 2018-10-16T13:48:32.759Z] 13:48:32 INFO - GECKO(1075) | #30 0x7fad05df661d in std::panicking::try::do_call::hac5f5677baa68db3 /checkout/src/libstd/panicking.rs:310 [task 2018-10-16T13:48:32.760Z] 13:48:32 INFO - GECKO(1075) | #31 0x7fad05df661d in __rust_maybe_catch_panic /checkout/src/libpanic_abort/lib.rs:39 [task 2018-10-16T13:48:32.762Z] 13:48:32 INFO - GECKO(1075) | #32 0x7fad05df661d in std::panicking::try::he9642d51295b5be5 /checkout/src/libstd/panicking.rs:289 [task 2018-10-16T13:48:32.764Z] 13:48:32 INFO - GECKO(1075) | #33 0x7fad05df661d in std::panic::catch_unwind::h0da2e14d6d8eb1cd /checkout/src/libstd/panic.rs:392 [task 2018-10-16T13:48:32.765Z] 13:48:32 INFO - GECKO(1075) | #34 0x7fad05df661d in std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::h46336af32520d244 /checkout/src/libstd/thread/mod.rs:408 [task 2018-10-16T13:48:32.766Z] 13:48:32 INFO - GECKO(1075) | #35 0x7fad05df661d in _$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::hc064f4650c2cac03 /checkout/src/liballoc/boxed.rs:642 [task 2018-10-16T13:48:32.769Z] 13:48:32 INFO - GECKO(1075) | #36 0x7fad0636e451 in _$LT$alloc..boxed..Box$LT$$LP$dyn$u20$alloc..boxed..FnBox$LT$A$C$$u20$Output$u3d$R$GT$$u20$$u2b$$u20$$u27$a$RP$$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h940efee7335c8f36 /checkout/src/liballoc/boxed.rs:652:8 [task 2018-10-16T13:48:32.770Z] 13:48:32 INFO - GECKO(1075) | #37 0x7fad0636e451 in std::sys_common::thread::start_thread::hac18b9ed82bd359d /checkout/src/libstd/sys_common/thread.rs:24 [task 2018-10-16T13:48:32.771Z] 13:48:32 INFO - GECKO(1075) | #38 0x7fad0636e451 in std::sys::unix::thread::Thread::new::thread_start::ha15fdd35f58285a3 /checkout/src/libstd/sys/unix/thread.rs:90 [task 2018-10-16T13:48:32.772Z] 13:48:32 INFO - GECKO(1075) | #39 0x7fad181e56b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) [task 2018-10-16T13:48:32.831Z] 13:48:32 INFO - GECKO(1075) | #40 0x7fad1726e41c in clone /build/glibc-Cl5G7W/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109 [task 2018-10-16T13:48:32.833Z] 13:48:32 INFO - GECKO(1075) | 0x611000754789 is located 201 bytes inside of 208-byte region [0x6110007546c0,0x611000754790) [task 2018-10-16T13:48:32.833Z] 13:48:32 INFO - GECKO(1075) | freed by thread T20 (MediaManager) here: [task 2018-10-16T13:48:32.838Z] 13:48:32 INFO - GECKO(1075) | #0 0x5620cd4d5f22 in __interceptor_free /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:68:3 [task 2018-10-16T13:48:32.839Z] 13:48:32 INFO - GECKO(1075) | #1 0x7facff2d1b2f in Release /builds/worker/workspace/build/src/dom/media/MediaStreamGraph.h:142:3 [task 2018-10-16T13:48:32.840Z] 13:48:32 INFO - GECKO(1075) | #2 0x7facff2d1b2f in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:47 [task 2018-10-16T13:48:32.842Z] 13:48:32 INFO - GECKO(1075) | #3 0x7facff2d1b2f in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:418 [task 2018-10-16T13:48:32.844Z] 13:48:32 INFO - GECKO(1075) | #4 0x7facff2d1b2f in assign_assuming_AddRef /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:72 [task 2018-10-16T13:48:32.844Z] 13:48:32 INFO - GECKO(1075) | #5 0x7facff2d1b2f in assign_with_AddRef /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:63 [task 2018-10-16T13:48:32.847Z] 13:48:32 INFO - GECKO(1075) | #6 0x7facff2d1b2f in operator= /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:202 [task 2018-10-16T13:48:32.848Z] 13:48:32 INFO - GECKO(1075) | #7 0x7facff2d1b2f in mozilla::MediaEngineWebRTCMicrophoneSource::Start(RefPtr<mozilla::AllocationHandle const> const&) /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:725 [task 2018-10-16T13:48:32.849Z] 13:48:32 INFO - GECKO(1075) | #8 0x7facfec09920 in Start /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:1134:19 [task 2018-10-16T13:48:32.850Z] 13:48:32 INFO - GECKO(1075) | #9 0x7facfec09920 in operator() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4614 [task 2018-10-16T13:48:32.853Z] 13:48:32 INFO - GECKO(1075) | #10 0x7facfec09920 in operator() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:2390 [task 2018-10-16T13:48:32.855Z] 13:48:32 INFO - GECKO(1075) | #11 0x7facfec09920 in mozilla::detail::RunnableFunction<RefPtr<mozilla::MozPromise<nsresult, bool, true> > mozilla::MediaManager::PostTask<mozilla::MozPromise<nsresult, bool, true>, mozilla::SourceListener::SetEnabledFor(int, bool)::$_48::operator()()::{lambda(mozilla::MozPromiseHolder<mozilla::MozPromise<nsresult, bool, true> >&)#1}>(char const*, mozilla::SourceListener::SetEnabledFor(int, bool)::$_48::operator()()::{lambda(mozilla::MozPromiseHolder<mozilla::MozPromise<nsresult, bool, true> >&)#1}&&)::{lambda()#1}>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:577 [task 2018-10-16T13:48:32.863Z] 13:48:32 INFO - GECKO(1075) | #12 0x7facf8316309 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1252:14 [task 2018-10-16T13:48:32.865Z] 13:48:32 INFO - GECKO(1075) | #13 0x7facf831d3e8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:530:10 [task 2018-10-16T13:48:32.865Z] 13:48:32 INFO - GECKO(1075) | #14 0x7facf927cfdd in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:364:5 [task 2018-10-16T13:48:32.869Z] 13:48:32 INFO - GECKO(1075) | #15 0x7facf91cf93c in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10 [task 2018-10-16T13:48:32.870Z] 13:48:32 INFO - GECKO(1075) | #16 0x7facf91cf93c in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318 [task 2018-10-16T13:48:32.871Z] 13:48:32 INFO - GECKO(1075) | #17 0x7facf91cf93c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298 [task 2018-10-16T13:48:32.873Z] 13:48:32 INFO - GECKO(1075) | #18 0x7facf91ec896 in base::Thread::ThreadMain() /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:198:16 [task 2018-10-16T13:48:32.875Z] 13:48:32 INFO - GECKO(1075) | #19 0x7facf91e0d8c in ThreadFunc(void*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:40:13 [task 2018-10-16T13:48:32.879Z] 13:48:32 INFO - GECKO(1075) | #20 0x7fad181e56b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) [task 2018-10-16T13:48:32.880Z] 13:48:32 INFO - GECKO(1075) | previously allocated by thread T20 (MediaManager) here: [task 2018-10-16T13:48:32.881Z] 13:48:32 INFO - GECKO(1075) | #0 0x5620cd4d6263 in malloc /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3 [task 2018-10-16T13:48:32.882Z] 13:48:32 INFO - GECKO(1075) | #1 0x5620cd50760d in moz_xmalloc /builds/worker/workspace/build/src/memory/mozalloc/mozalloc.cpp:70:17 [task 2018-10-16T13:48:32.884Z] 13:48:32 INFO - GECKO(1075) | #2 0x7facff2d17ce in operator new /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/mozalloc.h:139:12 [task 2018-10-16T13:48:32.885Z] 13:48:32 INFO - GECKO(1075) | #3 0x7facff2d17ce in mozilla::MediaEngineWebRTCMicrophoneSource::Start(RefPtr<mozilla::AllocationHandle const> const&) /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:725 [task 2018-10-16T13:48:32.887Z] 13:48:32 INFO - GECKO(1075) | #4 0x7facfebfe776 in Start /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:1134:19 [task 2018-10-16T13:48:32.888Z] 13:48:32 INFO - GECKO(1075) | #5 0x7facfebfe776 in operator() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4318 [task 2018-10-16T13:48:32.890Z] 13:48:32 INFO - GECKO(1075) | #6 0x7facfebfe776 in operator() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:2390 [task 2018-10-16T13:48:32.891Z] 13:48:32 INFO - GECKO(1075) | #7 0x7facfebfe776 in mozilla::detail::RunnableFunction<RefPtr<mozilla::MozPromise<bool, RefPtr<mozilla::MediaMgrError>, true> > mozilla::MediaManager::PostTask<mozilla::MozPromise<bool, RefPtr<mozilla::MediaMgrError>, true>, mozilla::SourceListener::InitializeAsync()::$_43>(char const*, mozilla::SourceListener::InitializeAsync()::$_43&&)::{lambda()#1}>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:577 [task 2018-10-16T13:48:32.892Z] 13:48:32 INFO - GECKO(1075) | #8 0x7facf8316309 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1252:14 [task 2018-10-16T13:48:32.893Z] 13:48:32 INFO - GECKO(1075) | #9 0x7facf831d3e8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:530:10 [task 2018-10-16T13:48:32.894Z] 13:48:32 INFO - GECKO(1075) | #10 0x7facf927cfdd in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:364:5 [task 2018-10-16T13:48:32.895Z] 13:48:32 INFO - GECKO(1075) | #11 0x7facf91cf93c in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10 [task 2018-10-16T13:48:32.896Z] 13:48:32 INFO - GECKO(1075) | #12 0x7facf91cf93c in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318 [task 2018-10-16T13:48:32.898Z] 13:48:32 INFO - GECKO(1075) | #13 0x7facf91cf93c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298 [task 2018-10-16T13:48:32.898Z] 13:48:32 INFO - GECKO(1075) | #14 0x7facf91ec896 in base::Thread::ThreadMain() /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:198:16 [task 2018-10-16T13:48:32.899Z] 13:48:32 INFO - GECKO(1075) | #15 0x7facf91e0d8c in ThreadFunc(void*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:40:13 [task 2018-10-16T13:48:32.901Z] 13:48:32 INFO - GECKO(1075) | #16 0x7fad181e56b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) [task 2018-10-16T13:48:32.901Z] 13:48:32 INFO - GECKO(1075) | Thread T25 (AudioIPC1) created by T20 (MediaManager) here: [task 2018-10-16T13:48:32.906Z] 13:48:32 INFO - GECKO(1075) | #0 0x5620cd4bf2ed in __interceptor_pthread_create /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:204:3 [task 2018-10-16T13:48:32.907Z] 13:48:32 INFO - GECKO(1075) | #1 0x7fad0636e17c in std::sys::unix::thread::Thread::new::h7a2147c32829a17b /checkout/src/libstd/sys/unix/thread.rs:78:18 [task 2018-10-16T13:48:32.910Z] 13:48:32 INFO - GECKO(1075) | Thread T20 (MediaManager) created by T0 (Web Content) here: [task 2018-10-16T13:48:32.911Z] 13:48:32 INFO - GECKO(1075) | #0 0x5620cd4bf2ed in __interceptor_pthread_create /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:204:3 [task 2018-10-16T13:48:32.912Z] 13:48:32 INFO - GECKO(1075) | #1 0x7facf91de80c in CreateThread /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:127:14 [task 2018-10-16T13:48:32.913Z] 13:48:32 INFO - GECKO(1075) | #2 0x7facf91de80c in PlatformThread::Create(unsigned long, PlatformThread::Delegate*, unsigned long*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:138 [task 2018-10-16T13:48:32.914Z] 13:48:32 INFO - GECKO(1075) | #3 0x7facf91ebfb3 in base::Thread::StartWithOptions(base::Thread::Options const&) /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:102:8 [task 2018-10-16T13:48:32.915Z] 13:48:32 INFO - GECKO(1075) | #4 0x7facfeb0d9b9 in mozilla::MediaManager::Get() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:2255:36 [task 2018-10-16T13:48:32.932Z] 13:48:32 INFO - GECKO(1075) | #5 0x7facfea2e959 in mozilla::dom::MediaDevices::EnumerateDevices(mozilla::dom::CallerType, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/media/MediaDevices.cpp:205:9 [task 2018-10-16T13:48:32.940Z] 13:48:32 INFO - GECKO(1075) | #6 0x7facfbdef591 in enumerateDevices /builds/worker/workspace/build/src/obj-firefox/dom/bindings/MediaDevicesBinding.cpp:150:45 [task 2018-10-16T13:48:32.940Z] 13:48:32 INFO - GECKO(1075) | #7 0x7facfbdef591 in mozilla::dom::MediaDevices_Binding::enumerateDevices_promiseWrapper(JSContext*, JS::Handle<JSObject*>, mozilla::dom::MediaDevices*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/MediaDevicesBinding.cpp:164 [task 2018-10-16T13:48:32.942Z] 13:48:32 INFO - GECKO(1075) | #8 0x7facfdd3a50a in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ConvertExceptionsToPromises>(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3315:13 [task 2018-10-16T13:48:32.952Z] 13:48:32 INFO - GECKO(1075) | #9 0x7fad05ab144b in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:468:15 [task 2018-10-16T13:48:32.953Z] 13:48:32 INFO - GECKO(1075) | #10 0x7fad05ab144b in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:560 [task 2018-10-16T13:48:32.962Z] 13:48:32 INFO - GECKO(1075) | #11 0x7fad05a9a3ce in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:620:12 [task 2018-10-16T13:48:32.962Z] 13:48:32 INFO - GECKO(1075) | #12 0x7fad05a9a3ce in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3458 [task 2018-10-16T13:48:32.962Z] 13:48:32 INFO - GECKO(1075) | #13 0x7fad05a7f69b in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:447:12 [task 2018-10-16T13:48:32.964Z] 13:48:32 INFO - GECKO(1075) | #14 0x7fad05ab1f5e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:587:15 [task 2018-10-16T13:48:32.964Z] 13:48:32 INFO - GECKO(1075) | #15 0x7fad05ab3cf2 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:633:10 [task 2018-10-16T13:48:32.983Z] 13:48:32 INFO - GECKO(1075) | #16 0x7fad05186010 in js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/SelfHosting.cpp:1874:12 [task 2018-10-16T13:48:32.983Z] 13:48:32 INFO - GECKO(1075) | #17 0x7fad04d4e45c in AsyncFunctionResume(JSContext*, JS::Handle<js::PromiseObject*>, JS::Handle<JS::Value>, ResumeKind, JS::Handle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/AsyncFunction.cpp:200:10 [task 2018-10-16T13:48:32.984Z] 13:48:32 INFO - GECKO(1075) | #18 0x7fad04d4d539 in AsyncFunctionStart /builds/worker/workspace/build/src/js/src/vm/AsyncFunction.cpp:215:12 [task 2018-10-16T13:48:32.985Z] 13:48:32 INFO - GECKO(1075) | #19 0x7fad04d4d539 in WrappedAsyncFunction(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/js/src/vm/AsyncFunction.cpp:92 [task 2018-10-16T13:48:32.985Z] 13:48:32 INFO - GECKO(1075) | #20 0x7fad05ab144b in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:468:15 [task 2018-10-16T13:48:32.990Z] 13:48:32 INFO - GECKO(1075) | #21 0x7fad05ab144b in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:560 [task 2018-10-16T13:48:32.992Z] 13:48:32 INFO - GECKO(1075) | #22 0x7fad05a9a3ce in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:620:12 [task 2018-10-16T13:48:32.993Z] 13:48:32 INFO - GECKO(1075) | #23 0x7fad05a9a3ce in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3458 [task 2018-10-16T13:48:32.994Z] 13:48:32 INFO - GECKO(1075) | #24 0x7fad05a7f69b in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:447:12 [task 2018-10-16T13:48:32.995Z] 13:48:32 INFO - GECKO(1075) | #25 0x7fad05ab1f5e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:587:15 [task 2018-10-16T13:48:32.997Z] 13:48:32 INFO - GECKO(1075) | #26 0x7fad05ab3cf2 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:633:10 [task 2018-10-16T13:48:32.997Z] 13:48:32 INFO - GECKO(1075) | #27 0x7fad05186010 in js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/SelfHosting.cpp:1874:12 [task 2018-10-16T13:48:32.999Z] 13:48:32 INFO - GECKO(1075) | #28 0x7fad04d4e45c in AsyncFunctionResume(JSContext*, JS::Handle<js::PromiseObject*>, JS::Handle<JS::Value>, ResumeKind, JS::Handle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/AsyncFunction.cpp:200:10 [task 2018-10-16T13:48:33.000Z] 13:48:32 INFO - GECKO(1075) | #29 0x7fad042314ab in AsyncFunctionPromiseReactionJob /builds/worker/workspace/build/src/js/src/builtin/Promise.cpp:1464:14 [task 2018-10-16T13:48:33.002Z] 13:48:33 INFO - GECKO(1075) | #30 0x7fad042314ab in PromiseReactionJob(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/js/src/builtin/Promise.cpp:1580 [task 2018-10-16T13:48:33.003Z] 13:48:33 INFO - GECKO(1075) | #31 0x7fad05ab144b in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:468:15 [task 2018-10-16T13:48:33.004Z] 13:48:33 INFO - GECKO(1075) | #32 0x7fad05ab144b in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:560 [task 2018-10-16T13:48:33.004Z] 13:48:33 INFO - GECKO(1075) | #33 0x7fad05ab3cf2 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:633:10 [task 2018-10-16T13:48:33.021Z] 13:48:33 INFO - GECKO(1075) | #34 0x7fad04be6b5d in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:2979:12 [task 2018-10-16T13:48:33.055Z] 13:48:33 INFO - GECKO(1075) | #35 0x7facfc2b69d6 in mozilla::dom::PromiseJobCallback::Call(JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PromiseBinding.cpp:26:8 [task 2018-10-16T13:48:33.058Z] 13:48:33 INFO - GECKO(1075) | #36 0x7facf816bb85 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:91:12 [task 2018-10-16T13:48:33.059Z] 13:48:33 INFO - GECKO(1075) | #37 0x7facf816bb85 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:104 [task 2018-10-16T13:48:33.061Z] 13:48:33 INFO - GECKO(1075) | #38 0x7facf816bb85 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:247 [task 2018-10-16T13:48:33.063Z] 13:48:33 INFO - GECKO(1075) | #39 0x7facf814b2a1 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:603:17 [task 2018-10-16T13:48:33.064Z] 13:48:33 INFO - GECKO(1075) | #40 0x7facfdd5d345 in LeaveMicroTask /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/CycleCollectedJSContext.h:210:7 [task 2018-10-16T13:48:33.066Z] 13:48:33 INFO - GECKO(1075) | #41 0x7facfdd5d345 in mozilla::dom::CallbackObject::CallSetup::~CallSetup() /builds/worker/workspace/build/src/dom/bindings/CallbackObject.cpp:355 [task 2018-10-16T13:48:33.067Z] 13:48:33 INFO - GECKO(1075) | #42 0x7facfb311e1e in void mozilla::dom::Function::Call<nsCOMPtr<nsISupports> >(nsCOMPtr<nsISupports> const&, nsTArray<JS::Value> const&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/FunctionBinding.h:74:3 [task 2018-10-16T13:48:33.071Z] 13:48:33 INFO - GECKO(1075) | #43 0x7facfb310820 in nsGlobalWindowInner::RunTimeoutHandler(mozilla::dom::Timeout*, nsIScriptContext*) /builds/worker/workspace/build/src/dom/base/nsGlobalWindowInner.cpp:6491:17 [task 2018-10-16T13:48:33.072Z] 13:48:33 INFO - GECKO(1075) | #44 0x7facfb54d1a6 in mozilla::dom::TimeoutManager::RunTimeout(mozilla::TimeStamp const&, mozilla::TimeStamp const&) /builds/worker/workspace/build/src/dom/base/TimeoutManager.cpp:837:42 [task 2018-10-16T13:48:33.073Z] 13:48:33 INFO - GECKO(1075) | #45 0x7facfb54c43d in mozilla::dom::TimeoutExecutor::MaybeExecute() /builds/worker/workspace/build/src/dom/base/TimeoutExecutor.cpp:172:11 [task 2018-10-16T13:48:33.075Z] 13:48:33 INFO - GECKO(1075) | #46 0x7facfb54e822 in mozilla::dom::TimeoutExecutor::Run() /builds/worker/workspace/build/src/dom/base/TimeoutExecutor.cpp:229:5 [task 2018-10-16T13:48:33.078Z] 13:48:33 INFO - GECKO(1075) | #47 0x7facf832addb in mozilla::ThrottledEventQueue::Inner::ExecuteRunnable() /builds/worker/workspace/build/src/xpcom/threads/ThrottledEventQueue.cpp:188:22 [task 2018-10-16T13:48:33.079Z] 13:48:33 INFO - GECKO(1075) | #48 0x7facf832aa0f in mozilla::ThrottledEventQueue::Inner::Executor::Run() /builds/worker/workspace/build/src/xpcom/threads/ThrottledEventQueue.cpp:72:15 [task 2018-10-16T13:48:33.081Z] 13:48:33 INFO - GECKO(1075) | #49 0x7facf82e8601 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/workspace/build/src/xpcom/threads/SchedulerGroup.cpp:337:32 [task 2018-10-16T13:48:33.082Z] 13:48:33 INFO - GECKO(1075) | #50 0x7facf8316309 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1252:14 [task 2018-10-16T13:48:33.084Z] 13:48:33 INFO - GECKO(1075) | #51 0x7facf831d3e8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:530:10 [task 2018-10-16T13:48:33.086Z] 13:48:33 INFO - GECKO(1075) | #52 0x7facf927bdbb in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21 [task 2018-10-16T13:48:33.090Z] 13:48:33 INFO - GECKO(1075) | #53 0x7facf91cf93c in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10 [task 2018-10-16T13:48:33.092Z] 13:48:33 INFO - GECKO(1075) | #54 0x7facf91cf93c in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318 [task 2018-10-16T13:48:33.093Z] 13:48:33 INFO - GECKO(1075) | #55 0x7facf91cf93c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298 [task 2018-10-16T13:48:33.093Z] 13:48:33 INFO - GECKO(1075) | #56 0x7fad001ed1a9 in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:158:27 [task 2018-10-16T13:48:33.094Z] 13:48:33 INFO - GECKO(1075) | #57 0x7fad03ea503f in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:939:22 [task 2018-10-16T13:48:33.095Z] 13:48:33 INFO - GECKO(1075) | #58 0x7facf91cf93c in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10 [task 2018-10-16T13:48:33.096Z] 13:48:33 INFO - GECKO(1075) | #59 0x7facf91cf93c in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318 [task 2018-10-16T13:48:33.096Z] 13:48:33 INFO - GECKO(1075) | #60 0x7facf91cf93c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298 [task 2018-10-16T13:48:33.097Z] 13:48:33 INFO - GECKO(1075) | #61 0x7fad03ea48f6 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:765:34 [task 2018-10-16T13:48:33.097Z] 13:48:33 INFO - GECKO(1075) | #62 0x5620cd5066f4 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30 [task 2018-10-16T13:48:33.097Z] 13:48:33 INFO - GECKO(1075) | #63 0x5620cd5066f4 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:287 [task 2018-10-16T13:48:33.098Z] 13:48:33 INFO - GECKO(1075) | #64 0x7fad1718782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291 [task 2018-10-16T13:48:33.099Z] 13:48:33 INFO - GECKO(1075) | SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:1042:7 in mozilla::AudioInputProcessing::Pull(RefPtr<mozilla::AllocationHandle const> const&, RefPtr<mozilla::SourceMediaStream> const&, int, long, nsMainThreadPtrHandle<nsIPrincipal> const&) [task 2018-10-16T13:48:33.100Z] 13:48:33 INFO - GECKO(1075) | Shadow bytes around the buggy address: [task 2018-10-16T13:48:33.100Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e28a0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa [task 2018-10-16T13:48:33.101Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e28b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-10-16T13:48:33.101Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e28c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa [task 2018-10-16T13:48:33.101Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e28d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd [task 2018-10-16T13:48:33.102Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e28e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-10-16T13:48:33.102Z] 13:48:33 INFO - GECKO(1075) | =>0x0c22800e28f0: fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa fa [task 2018-10-16T13:48:33.103Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e2900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-10-16T13:48:33.104Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e2910: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa [task 2018-10-16T13:48:33.105Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e2920: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd [task 2018-10-16T13:48:33.106Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e2930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd [task 2018-10-16T13:48:33.107Z] 13:48:33 INFO - GECKO(1075) | 0x0c22800e2940: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa [task 2018-10-16T13:48:33.108Z] 13:48:33 INFO - GECKO(1075) | Shadow byte legend (one shadow byte represents 8 application bytes): [task 2018-10-16T13:48:33.108Z] 13:48:33 INFO - GECKO(1075) | Addressable: 00 [task 2018-10-16T13:48:33.109Z] 13:48:33 INFO - GECKO(1075) | Partially addressable: 01 02 03 04 05 06 07 [task 2018-10-16T13:48:33.109Z] 13:48:33 INFO - GECKO(1075) | Heap left redzone: fa [task 2018-10-16T13:48:33.110Z] 13:48:33 INFO - GECKO(1075) | Freed heap region: fd [task 2018-10-16T13:48:33.110Z] 13:48:33 INFO - GECKO(1075) | Stack left redzone: f1 [task 2018-10-16T13:48:33.111Z] 13:48:33 INFO - GECKO(1075) | Stack mid redzone: f2 [task 2018-10-16T13:48:33.112Z] 13:48:33 INFO - GECKO(1075) | Stack right redzone: f3 [task 2018-10-16T13:48:33.113Z] 13:48:33 INFO - GECKO(1075) | Stack after return: f5 [task 2018-10-16T13:48:33.113Z] 13:48:33 INFO - GECKO(1075) | Stack use after scope: f8 [task 2018-10-16T13:48:33.114Z] 13:48:33 INFO - GECKO(1075) | Global redzone: f9 [task 2018-10-16T13:48:33.114Z] 13:48:33 INFO - GECKO(1075) | Global init order: f6 [task 2018-10-16T13:48:33.115Z] 13:48:33 INFO - GECKO(1075) | Poisoned by user: f7 [task 2018-10-16T13:48:33.116Z] 13:48:33 INFO - GECKO(1075) | Container overflow: fc [task 2018-10-16T13:48:33.118Z] 13:48:33 INFO - GECKO(1075) | Array cookie: ac [task 2018-10-16T13:48:33.119Z] 13:48:33 INFO - GECKO(1075) | Intra object redzone: bb [task 2018-10-16T13:48:33.120Z] 13:48:33 INFO - GECKO(1075) | ASan internal: fe [task 2018-10-16T13:48:33.121Z] 13:48:33 INFO - GECKO(1075) | Left alloca redzone: ca [task 2018-10-16T13:48:33.122Z] 13:48:33 INFO - GECKO(1075) | Right alloca redzone: cb [task 2018-10-16T13:48:33.122Z] 13:48:33 INFO - GECKO(1075) | ==1182==ABORTING [task 2018-10-16T13:48:33.151Z] 13:48:33 INFO - GECKO(1075) | [Parent 1075, Gecko_IOThread] WARNING: pipe error (97): Connection reset by peer: file /builds/worker/workspace/build/src/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 363 [task 2018-10-16T13:48:33.166Z] 13:48:33 INFO - GECKO(1075) | ###!!! [Parent][MessageChannel] Error: (msgtype=0x190084,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv [task 2018-10-16T13:48:33.358Z] 13:48:33 INFO - GECKO(1075) | A content process crashed and MOZ_CRASHREPORTER_SHUTDOWN is set, shutting down
:padenot could you please take a look?
Flags: needinfo?(padenot)
Group: media-core-security
Group: core-security
Flags: needinfo?(padenot) → needinfo?(drno)
Paul do you know who is the best person to look into this? Since sec-high need an owner, I'm assigning to you until we have the final owner.
Assignee: nobody → padenot
Flags: needinfo?(drno) → needinfo?(padenot)
Priority: -- → P1
I think we just need to skip re-creating the object. pehrsons, what do you think?
Flags: needinfo?(padenot) → needinfo?(apehrson)
Yes, that should do it. I think the only possible failure mode here is a race after Start(); Stop(); Start(); between assigning mInputProcessing [1] and calling mInputProcessing->Pull() [2]. [1] https://searchfox.org/mozilla-central/rev/0ec9f5972ef3e4a479720630ad7285a03776cdfc/dom/media/webrtc/MediaEngineWebRTCAudio.cpp#677-678 [2] https://searchfox.org/mozilla-central/rev/0ec9f5972ef3e4a479720630ad7285a03776cdfc/dom/media/webrtc/MediaEngineWebRTCAudio.cpp#224
Flags: needinfo?(apehrson)
Comment on attachment 9021194 [details] Bug 1499426 - Only create AudioInputProcessing once in MediaEngineWebRTCAudio::Start. r?pehrsons [Security Approval Request] How easily could an exploit be constructed based on the patch?: Hard to get the timing right: multiple system level constructs with various timing characteristics have to align: multi-threaded message queues processing, system level audio stream, and, depending on the platform, IPC communication via sockets and shared memory. Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: No Which older supported branches are affected by this flaw?: 64 If not all supported branches, which bug introduced the flaw?: Bug 1487057 Do you have backports for the affected branches?: Yes If not, how different, hard to create, and risky will they be?: N/A How likely is this patch to cause regressions; how much testing does it need?: It will be fine.
Attachment #9021194 - Flags: sec-approval?
sec-approval+ for trunk. We'll want a beta patch nominated as well so we can avoid shipping the security issue.
status-firefox63: --- → unaffected
status-firefox64: --- → affected
status-firefox65: --- → affected
status-firefox-esr60: --- → unaffected
tracking-firefox64: --- → +
tracking-firefox65: --- → +
Attachment #9021194 - Flags: sec-approval? → sec-approval+
Comment on attachment 9021194 [details] Bug 1499426 - Only create AudioInputProcessing once in MediaEngineWebRTCAudio::Start. r?pehrsons [Beta/Release Uplift Approval Request] Feature/Bug causing the regression: Bug 1487057 User impact if declined: We've seen one crash Is this code covered by automated tests?: Yes Has the fix been verified in Nightly?: No Needs manual test from QE?: No If yes, steps to reproduce: List of other uplifts needed: None Risk to taking this patch: Low Why is the change risky/not risky? (and alternatives if risky): String changes made/needed:
Attachment #9021194 - Flags: approval-mozilla-beta?
Comment on attachment 9021194 [details] Bug 1499426 - Only create AudioInputProcessing once in MediaEngineWebRTCAudio::Start. r?pehrsons approved for 64.0beta
Attachment #9021194 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Backed out from inbound due to mda perma assertion on Linux debug: https://hg.mozilla.org/integration/mozilla-inbound/rev/957a743c4ca2907d8e357fce43fbcd9f619f1122 Failures on inbound: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&resultStatus=pending%2Crunning%2Csuccess%2Ctestfailed%2Cbusted%2Cexception&group_state=expanded&searchStr=mochitest%2Cmedia%2Cdebug&platform=linux&job_type_symbol=mda3&fromchange=86ab0cd2855c06099abce0a68700127dcbd26193&selectedJob=209857781 Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=209857781&repo=mozilla-inbound [task 2018-11-05T17:11:24.761Z] 17:11:24 INFO - GECKO(1056) | Assertion failure: aStream->GraphImpl()->IterationEnd() > mLastCallbackAppendTime, at /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:1024 [task 2018-11-05T17:12:58.673Z] 17:12:58 INFO - GECKO(1056) | #01: mozilla::AudioInputProcessing::Pull(RefPtr<mozilla::SourceMediaStream> const&, int, long long, nsMainThreadPtrHandle<nsIPrincipal> const&) [dom/media/webrtc/MediaEngineWebRTCAudio.cpp:0] [task 2018-11-05T17:12:58.675Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.676Z] 17:12:58 INFO - GECKO(1056) | #02: mozilla::MediaEngineWebRTCMicrophoneSource::Pull(RefPtr<mozilla::AllocationHandle const> const&, RefPtr<mozilla::SourceMediaStream> const&, int, long long, nsMainThreadPtrHandle<nsIPrincipal> const&) [dom/media/webrtc/MediaEngineWebRTCAudio.cpp:223] [task 2018-11-05T17:12:58.678Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.680Z] 17:12:58 INFO - GECKO(1056) | #03: mozilla::MediaDevice::Pull(RefPtr<mozilla::SourceMediaStream> const&, int, long long, nsMainThreadPtrHandle<nsIPrincipal> const&) [dom/media/MediaManager.cpp:1185] [task 2018-11-05T17:12:58.682Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.685Z] 17:12:58 INFO - GECKO(1056) | #04: mozilla::SourceListener::NotifyPull(mozilla::MediaStreamGraph*, long long) [dom/media/MediaManager.cpp:4726] [task 2018-11-05T17:12:58.687Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.690Z] 17:12:58 INFO - GECKO(1056) | #05: mozilla::SourceListener::SourceStreamListener::NotifyPull(mozilla::MediaStreamGraph*, long long) [dom/media/MediaManager.cpp:500] [task 2018-11-05T17:12:58.692Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.695Z] 17:12:58 INFO - GECKO(1056) | #06: mozilla::SourceMediaStream::PullNewData(long long) [xpcom/threads/Mutex.h:250] [task 2018-11-05T17:12:58.697Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.699Z] 17:12:58 INFO - GECKO(1056) | #07: mozilla::MediaStreamGraphImpl::UpdateGraph(long long) [dom/media/MediaStreamGraph.cpp:1282] [task 2018-11-05T17:12:58.701Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.705Z] 17:12:58 INFO - GECKO(1056) | #08: mozilla::MediaStreamGraphImpl::OneIteration(long long) [dom/media/MediaStreamGraph.cpp:1473] [task 2018-11-05T17:12:58.708Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.709Z] 17:12:58 INFO - GECKO(1056) | #09: mozilla::AudioCallbackDriver::DataCallback(float const*, float*, long) [dom/media/GraphDriver.cpp:1008] [task 2018-11-05T17:12:58.709Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.710Z] 17:12:58 INFO - GECKO(1056) | #10: mozilla::AudioCallbackDriver::DataCallback_s(cubeb_stream*, void*, void const*, void*, long) [dom/media/GraphDriver.cpp:882] [task 2018-11-05T17:12:58.711Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.712Z] 17:12:58 INFO - GECKO(1056) | #11: std::panicking::try::do_call [media/audioipc/client/src/stream.rs:110] [task 2018-11-05T17:12:58.712Z] 17:12:58 INFO - [task 2018-11-05T17:12:58.713Z] 17:12:58 INFO - GECKO(1056) | #12: __rust_maybe_catch_panic [/rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libpanic_abort/lib.rs:43] [task 2018-11-05T17:12:58.715Z] 17:12:58 INFO - Conflict with bug 1503536?
Flags: needinfo?(padenot)
This is being backed out of 64 in bug 1503536.
status-firefox64: fixedwontfix
Flags: needinfo?(padenot)
What's the story for 65 here?
Flags: needinfo?(padenot)
Attachment #9021194 - Attachment is obsolete: true
Flags: needinfo?(padenot)

Comment on attachment 9035651 [details]
Bug 1499426 - Align the lifetime of AudioInputProcessing with the lifetime of MediaEngineWebRTCAudio. r?achronop

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1487057

User impact if declined: Rare crash maybe (5 occurrences on treeherder in 2 months)

Is this code covered by automated tests?: Yes

Has the fix been verified in Nightly?: No

Needs manual test from QE?: No

If yes, steps to reproduce:

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): If it's green on try it's going to be fine, this code is very how in our test suite. Last patch was wrong and all the test broke.

String changes made/needed: none

[Security Approval Request]

How easily could an exploit be constructed based on the patch?: Quite hard I think, you have to align 3 threads, including a real-time thread, the main thread, and another thread.

Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: Yes

Which older supported branches are affected by this flaw?: beta

If not all supported branches, which bug introduced the flaw?: Bug 1487057

Do you have backports for the affected branches?: Yes

If not, how different, hard to create, and risky will they be?:

How likely is this patch to cause regressions; how much testing does it need?: If it's green it's fine.

Attachment #9035651 - Flags: sec-approval?
Attachment #9035651 - Flags: approval-mozilla-beta?

sec-approval+ for trunk and on beta after talking to Ryan.

status-firefox66: --- → affected
tracking-firefox66: --- → +
Attachment #9035651 - Flags: sec-approval?
Attachment #9035651 - Flags: sec-approval+
Attachment #9035651 - Flags: approval-mozilla-beta?
Attachment #9035651 - Flags: approval-mozilla-beta+

Hrm forgot to update the variable that let us assert, new patch up shortly.

Flags: needinfo?(padenot)
Attachment #9035651 - Attachment description: Bug 1499426 - Align the lifetime of AudioInputProcessing with the lifetime of MediaEngineWebRTCAudio. r?pehrsons → Bug 1499426 - Align the lifetime of AudioInputProcessing with the lifetime of MediaEngineWebRTCAudio. r?achronop

https://hg.mozilla.org/mozilla-central/rev/2f4288c49610

Group: media-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox66: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main65+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: