Closed Bug 1499426 Opened 6 years ago Closed 5 years ago

Intermitent AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:1042:7 in mozilla::AudioInputProcessing::Pull(RefPtr<mozilla::AllocationHandle const> const&, RefPtr<mozilla::SourceMediaStrea

Categories

(Core :: WebRTC: Audio/Video, defect, P1)

Product:
Core
Component:
WebRTC: Audio/Video
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
firefox-esr60 --- unaffected
firefox63 --- unaffected
firefox64 + wontfix
firefox65 + fixed
firefox66 + fixed

People

(Reporter: aiakab, Assigned: padenot)

References

(Blocks 1 open bug)

Details

(Keywords: csectype-uaf, intermittent-failure, sec-high, Whiteboard: [post-critsmash-triage][adv-main65+])

Attachments

(1 file, 1 obsolete file)

Bug 1499426 - Align the lifetime of AudioInputProcessing with the lifetime of MediaEngineWebRTCAudio. r?achronop
47 bytes, text/x-phabricator-request
abillings
: approval-mozilla-beta+
abillings
: sec-approval+
Details | Review 
Failure log https://treeherder.mozilla.org/logviewer.html#?job_id=205822861&repo=mozilla-inbound

Part of that log: 
 13:48:26     INFO - GECKO(1075) | TEST DEVICES: Got loopback audio: Monitor of Null Output
[task 2018-10-16T13:48:26.244Z] 13:48:26     INFO - GECKO(1075) | TEST DEVICES: Got loopback video: Dummy video device (0x0000)
[task 2018-10-16T13:48:27.269Z] 13:48:27     INFO - GECKO(1075) | (stun/INFO) STUN-CLIENT(consent): Received response; processing
[task 2018-10-16T13:48:27.270Z] 13:48:27     INFO - GECKO(1075) | (ice/INFO) ICE(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter)/STREAM(1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter transport-id=transport_0 - e94ee357:d995db5196b4ce0d5ce469b2f74fcfbd)/COMP(1): Consent refreshed
[task 2018-10-16T13:48:28.073Z] 13:48:28     INFO - GECKO(1075) | (stun/INFO) STUN-CLIENT(consent): Received response; processing
[task 2018-10-16T13:48:28.074Z] 13:48:28     INFO - GECKO(1075) | (ice/INFO) ICE(PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter)/STREAM(1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter transport-id=transport_0 - 7a2bba14:588e2034f1f778480efc95efcf599f89)/COMP(1): Consent refreshed
[task 2018-10-16T13:48:28.338Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|sdp_config] sdp_config.c:86: SDP: Initialized config pointer: 0x60b000a0c990
[task 2018-10-16T13:48:28.338Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/jsep [1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter]: stable -> have-local-offer
[task 2018-10-16T13:48:28.341Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Socket Thread]: E/mtransport Couldn't set proxy for 'PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter': 4
[task 2018-10-16T13:48:28.343Z] 13:48:28     INFO - GECKO(1075) | (ice/WARNING) ICE(PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter): local addresses already set, no work to do
[task 2018-10-16T13:48:28.361Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|sdp_config] sdp_config.c:86: SDP: Initialized config pointer: 0x60b000a2a340
[task 2018-10-16T13:48:28.362Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/jsep [1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter]: stable -> have-remote-offer
[task 2018-10-16T13:48:28.364Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|PeerConnectionImpl] PeerConnectionImpl.cpp:1608: SetRemoteDescription: pc = e18f90f099a16e82, asking JS to create transceiver for {2753c93f-978f-4a0f-80ce-51da5ca55035}
[task 2018-10-16T13:48:28.445Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|sdp_config] sdp_config.c:86: SDP: Initialized config pointer: 0x60b000a16de0
[task 2018-10-16T13:48:28.448Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/jsep [1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter]: have-remote-offer -> stable
[task 2018-10-16T13:48:28.452Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Socket Thread]: E/mtransport Couldn't set proxy for 'PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter': 4
[task 2018-10-16T13:48:28.454Z] 13:48:28     INFO - GECKO(1075) | (ice/WARNING) ICE(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter): local addresses already set, no work to do
[task 2018-10-16T13:48:28.456Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Socket Thread]: D/mtransport Couldn't get default ICE candidate for '1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter transport-id=transport_0', no candidates.
[task 2018-10-16T13:48:28.459Z] 13:48:28     INFO - GECKO(1075) | (ice/INFO) ICE-PEER(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter:default): all checks completed success=1 fail=0
[task 2018-10-16T13:48:28.469Z] 13:48:28     INFO - GECKO(1075) | (ice/ERR) ICE(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter): peer (PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter:default) in nr_ice_peer_ctx_start_checks2 all streams were done
[task 2018-10-16T13:48:28.472Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|sdp_config] sdp_config.c:86: SDP: Initialized config pointer: 0x60b000a09130
[task 2018-10-16T13:48:28.472Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/jsep [1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter]: have-local-offer -> stable
[task 2018-10-16T13:48:28.472Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|WebrtcAudioSessionConduit] AudioConduit.cpp:255: SetDtmfPayloadType : setting dtmf payload 101
[task 2018-10-16T13:48:28.477Z] 13:48:28     INFO - GECKO(1075) | [Child 1182: Main Thread]: I/signaling [main|WebrtcAudioSessionConduit] AudioConduit.cpp:255: SetDtmfPayloadType : setting dtmf payload 101
[task 2018-10-16T13:48:28.477Z] 13:48:28     INFO - GECKO(1075) | (ice/INFO) ICE-PEER(PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter:default): all checks completed success=1 fail=0
[task 2018-10-16T13:48:28.477Z] 13:48:28     INFO - GECKO(1075) | (ice/ERR) ICE(PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter): peer (PC:1539697700618992 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter:default) in nr_ice_peer_ctx_start_checks2 all streams were done
[task 2018-10-16T13:48:31.840Z] 13:48:31     INFO - GECKO(1075) | (stun/INFO) STUN-CLIENT(consent): Received response; processing
[task 2018-10-16T13:48:31.842Z] 13:48:31     INFO - GECKO(1075) | (ice/INFO) ICE(PC:1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter)/STREAM(1539697700630441 (id=4294967380 url=http://mochi.test:8888/tests/dom/media/tests/mochitest/test_peerConnection_verifyAudioAfter transport-id=transport_0 - e94ee357:d995db5196b4ce0d5ce469b2f74fcfbd)/COMP(1): Consent refreshed
[task 2018-10-16T13:48:31.965Z] 13:48:31     INFO - GECKO(1075) | =================================================================
[task 2018-10-16T13:48:31.965Z] 13:48:31    ERROR - GECKO(1075) | ==1182==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000754789 at pc 0x7facff2ceeb9 bp 0x7face75ac630 sp 0x7face75ac628
[task 2018-10-16T13:48:31.966Z] 13:48:31     INFO - GECKO(1075) | READ of size 1 at 0x611000754789 thread T25 (AudioIPC1)
[task 2018-10-16T13:48:32.680Z] 13:48:32     INFO - GECKO(1075) |     #0 0x7facff2ceeb8 in mozilla::AudioInputProcessing::Pull(RefPtr<mozilla::AllocationHandle const> const&, RefPtr<mozilla::SourceMediaStream> const&, int, long, nsMainThreadPtrHandle<nsIPrincipal> const&) /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:1042:7
[task 2018-10-16T13:48:32.698Z] 13:48:32     INFO - GECKO(1075) |     #1 0x7facfeb321ed in Pull /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:1185:12
[task 2018-10-16T13:48:32.699Z] 13:48:32     INFO - GECKO(1075) |     #2 0x7facfeb321ed in mozilla::SourceListener::NotifyPull(mozilla::MediaStreamGraph*, long) /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4726
[task 2018-10-16T13:48:32.704Z] 13:48:32     INFO - GECKO(1075) |     #3 0x7facfec2eb71 in mozilla::SourceMediaStream::PullNewData(long) /builds/worker/workspace/build/src/dom/media/MediaStreamGraph.cpp:2922:10
[task 2018-10-16T13:48:32.705Z] 13:48:32     INFO - GECKO(1075) |     #4 0x7facfec2db71 in mozilla::MediaStreamGraphImpl::UpdateGraph(long) /builds/worker/workspace/build/src/dom/media/MediaStreamGraph.cpp:1290:34
[task 2018-10-16T13:48:32.706Z] 13:48:32     INFO - GECKO(1075) |     #5 0x7facfec3181a in mozilla::MediaStreamGraphImpl::OneIteration(long) /builds/worker/workspace/build/src/dom/media/MediaStreamGraph.cpp:1480:3
[task 2018-10-16T13:48:32.708Z] 13:48:32     INFO - GECKO(1075) |     #6 0x7facfe9aec73 in mozilla::AudioCallbackDriver::DataCallback(float const*, float*, long) /builds/worker/workspace/build/src/dom/media/GraphDriver.cpp:1017:36
[task 2018-10-16T13:48:32.717Z] 13:48:32     INFO - GECKO(1075) |     #7 0x7fad05de2b30 in _$LT$audioipc_client..stream..CallbackServer$u20$as$u20$audioipc..rpc..server..Server$GT$::process::_$u7b$$u7b$closure$u7d$$u7d$::hb8c8380a5ae4f794 /builds/worker/workspace/build/src/media/audioipc/client/src/stream.rs:110:24
[task 2018-10-16T13:48:32.719Z] 13:48:32     INFO - GECKO(1075) |     #8 0x7fad05de2b30 in _$LT$futures..future..lazy..Lazy$LT$F$C$$u20$R$GT$$GT$::get::h675983f0b10bc42f /builds/worker/workspace/build/src/third_party/rust/futures/src/future/lazy.rs:64
[task 2018-10-16T13:48:32.723Z] 13:48:32     INFO - GECKO(1075) |     #9 0x7fad05de2b30 in _$LT$futures..future..lazy..Lazy$LT$F$C$$u20$R$GT$$u20$as$u20$futures..future..Future$GT$::poll::hbc63bc18b907e3ed /builds/worker/workspace/build/src/third_party/rust/futures/src/future/lazy.rs:82
[task 2018-10-16T13:48:32.723Z] 13:48:32     INFO - GECKO(1075) |     #10 0x7fad05de2b30 in futures::future::catch_unwind::_$LT$impl$u20$futures..future..Future$u20$for$u20$std..panic..AssertUnwindSafe$LT$F$GT$$GT$::poll::h43f8784ac26f8878 /builds/worker/workspace/build/src/third_party/rust/futures/src/future/catch_unwind.rs:49
[task 2018-10-16T13:48:32.723Z] 13:48:32     INFO - GECKO(1075) |     #11 0x7fad05de2b30 in _$LT$futures..future..catch_unwind..CatchUnwind$LT$F$GT$$u20$as$u20$futures..future..Future$GT$::poll::_$u7b$$u7b$closure$u7d$$u7d$::h7a67ef38d8228654 /builds/worker/workspace/build/src/third_party/rust/futures/src/future/catch_unwind.rs:32
[task 2018-10-16T13:48:32.724Z] 13:48:32     INFO - GECKO(1075) |     #12 0x7fad05de2b30 in std::panicking::try::do_call::hd921f12bcabcb4d8 /checkout/src/libstd/panicking.rs:310
[task 2018-10-16T13:48:32.726Z] 13:48:32     INFO - GECKO(1075) |     #13 0x7fad05de2b30 in __rust_maybe_catch_panic /checkout/src/libpanic_abort/lib.rs:39
[task 2018-10-16T13:48:32.728Z] 13:48:32     INFO - GECKO(1075) |     #14 0x7fad05de2b30 in std::panicking::try::hc3e3ceaa6cbb24cc /checkout/src/libstd/panicking.rs:289
[task 2018-10-16T13:48:32.730Z] 13:48:32     INFO - GECKO(1075) |     #15 0x7fad05de2b30 in std::panic::catch_unwind::hf8f5f6b9d5fff67e /checkout/src/libstd/panic.rs:392
[task 2018-10-16T13:48:32.731Z] 13:48:32     INFO - GECKO(1075) |     #16 0x7fad05de2b30 in _$LT$futures..future..catch_unwind..CatchUnwind$LT$F$GT$$u20$as$u20$futures..future..Future$GT$::poll::h9875596160d98992 /builds/worker/workspace/build/src/third_party/rust/futures/src/future/catch_unwind.rs:32
[task 2018-10-16T13:48:32.732Z] 13:48:32     INFO - GECKO(1075) |     #17 0x7fad05de2b30 in _$LT$futures_cpupool..MySender$LT$F$C$$u20$core..result..Result$LT$$LT$F$u20$as$u20$futures..future..Future$GT$..Item$C$$u20$$LT$F$u20$as$u20$futures..future..Future$GT$..Error$GT$$GT$$u20$as$u20$futures..future..Future$GT$::poll::h28872905fe35039a /builds/worker/workspace/build/src/third_party/rust/futures-cpupool/src/lib.rs:325
[task 2018-10-16T13:48:32.735Z] 13:48:32     INFO - GECKO(1075) |     #18 0x7fad05df7780 in _$LT$alloc..boxed..Box$LT$F$GT$$u20$as$u20$futures..future..Future$GT$::poll::h644a5e47165a2c68 /builds/worker/workspace/build/src/third_party/rust/futures/src/future/mod.rs:113:12
[task 2018-10-16T13:48:32.738Z] 13:48:32     INFO - GECKO(1075) |     #19 0x7fad05df7780 in _$LT$futures..task_impl..Spawn$LT$T$GT$$GT$::poll_future_notify::_$u7b$$u7b$closure$u7d$$u7d$::h5904c75564ea2b63 /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/mod.rs:289
[task 2018-10-16T13:48:32.740Z] 13:48:32     INFO - GECKO(1075) |     #20 0x7fad05df7780 in _$LT$futures..task_impl..Spawn$LT$T$GT$$GT$::enter::_$u7b$$u7b$closure$u7d$$u7d$::h1b1078111cc7b73a /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/mod.rs:363
[task 2018-10-16T13:48:32.741Z] 13:48:32     INFO - GECKO(1075) |     #21 0x7fad05df7780 in futures::task_impl::std::set::h07ec201e1f095c67 /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/std/mod.rs:78
[task 2018-10-16T13:48:32.743Z] 13:48:32     INFO - GECKO(1075) |     #22 0x7fad05df7780 in _$LT$futures..task_impl..Spawn$LT$T$GT$$GT$::enter::h8019cea08c9ddbfb /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/mod.rs:363
[task 2018-10-16T13:48:32.744Z] 13:48:32     INFO - GECKO(1075) |     #23 0x7fad05df7780 in _$LT$futures..task_impl..Spawn$LT$T$GT$$GT$::poll_future_notify::h4ab45d7b2ac6c51b /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/mod.rs:289
[task 2018-10-16T13:48:32.746Z] 13:48:32     INFO - GECKO(1075) |     #24 0x7fad05df7780 in futures::task_impl::std::Run::run::h65b702aba83ce2ad /builds/worker/workspace/build/src/third_party/rust/futures/src/task_impl/std/mod.rs:450
[task 2018-10-16T13:48:32.755Z] 13:48:32     INFO - GECKO(1075) |     #25 0x7fad05df7780 in futures_cpupool::Inner::work::h8a5b4bffeba6b3c4 /builds/worker/workspace/build/src/third_party/rust/futures-cpupool/src/lib.rs:257
[task 2018-10-16T13:48:32.756Z] 13:48:32     INFO - GECKO(1075) |     #26 0x7fad05df7780 in futures_cpupool::Builder::create::_$u7b$$u7b$closure$u7d$$u7d$::h5d9360920a712044 /builds/worker/workspace/build/src/third_party/rust/futures-cpupool/src/lib.rs:427
[task 2018-10-16T13:48:32.756Z] 13:48:32     INFO - GECKO(1075) |     #27 0x7fad05df7780 in std::sys_common::backtrace::__rust_begin_short_backtrace::hb23cbd55170464ca /checkout/src/libstd/sys_common/backtrace.rs:136
[task 2018-10-16T13:48:32.757Z] 13:48:32     INFO - GECKO(1075) |     #28 0x7fad05df661d in std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::_$u7b$$u7b$closure$u7d$$u7d$::hf6e88a5b6bc04a0d /checkout/src/libstd/thread/mod.rs:409:20
[task 2018-10-16T13:48:32.758Z] 13:48:32     INFO - GECKO(1075) |     #29 0x7fad05df661d in _$LT$std..panic..AssertUnwindSafe$LT$F$GT$$u20$as$u20$core..ops..function..FnOnce$LT$$LP$$RP$$GT$$GT$::call_once::h114bfe3a744a6135 /checkout/src/libstd/panic.rs:313
[task 2018-10-16T13:48:32.759Z] 13:48:32     INFO - GECKO(1075) |     #30 0x7fad05df661d in std::panicking::try::do_call::hac5f5677baa68db3 /checkout/src/libstd/panicking.rs:310
[task 2018-10-16T13:48:32.760Z] 13:48:32     INFO - GECKO(1075) |     #31 0x7fad05df661d in __rust_maybe_catch_panic /checkout/src/libpanic_abort/lib.rs:39
[task 2018-10-16T13:48:32.762Z] 13:48:32     INFO - GECKO(1075) |     #32 0x7fad05df661d in std::panicking::try::he9642d51295b5be5 /checkout/src/libstd/panicking.rs:289
[task 2018-10-16T13:48:32.764Z] 13:48:32     INFO - GECKO(1075) |     #33 0x7fad05df661d in std::panic::catch_unwind::h0da2e14d6d8eb1cd /checkout/src/libstd/panic.rs:392
[task 2018-10-16T13:48:32.765Z] 13:48:32     INFO - GECKO(1075) |     #34 0x7fad05df661d in std::thread::Builder::spawn::_$u7b$$u7b$closure$u7d$$u7d$::h46336af32520d244 /checkout/src/libstd/thread/mod.rs:408
[task 2018-10-16T13:48:32.766Z] 13:48:32     INFO - GECKO(1075) |     #35 0x7fad05df661d in _$LT$F$u20$as$u20$alloc..boxed..FnBox$LT$A$GT$$GT$::call_box::hc064f4650c2cac03 /checkout/src/liballoc/boxed.rs:642
[task 2018-10-16T13:48:32.769Z] 13:48:32     INFO - GECKO(1075) |     #36 0x7fad0636e451 in _$LT$alloc..boxed..Box$LT$$LP$dyn$u20$alloc..boxed..FnBox$LT$A$C$$u20$Output$u3d$R$GT$$u20$$u2b$$u20$$u27$a$RP$$GT$$u20$as$u20$core..ops..function..FnOnce$LT$A$GT$$GT$::call_once::h940efee7335c8f36 /checkout/src/liballoc/boxed.rs:652:8
[task 2018-10-16T13:48:32.770Z] 13:48:32     INFO - GECKO(1075) |     #37 0x7fad0636e451 in std::sys_common::thread::start_thread::hac18b9ed82bd359d /checkout/src/libstd/sys_common/thread.rs:24
[task 2018-10-16T13:48:32.771Z] 13:48:32     INFO - GECKO(1075) |     #38 0x7fad0636e451 in std::sys::unix::thread::Thread::new::thread_start::ha15fdd35f58285a3 /checkout/src/libstd/sys/unix/thread.rs:90
[task 2018-10-16T13:48:32.772Z] 13:48:32     INFO - GECKO(1075) |     #39 0x7fad181e56b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
[task 2018-10-16T13:48:32.831Z] 13:48:32     INFO - GECKO(1075) |     #40 0x7fad1726e41c in clone /build/glibc-Cl5G7W/glibc-2.23/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:109
[task 2018-10-16T13:48:32.833Z] 13:48:32     INFO - GECKO(1075) | 0x611000754789 is located 201 bytes inside of 208-byte region [0x6110007546c0,0x611000754790)
[task 2018-10-16T13:48:32.833Z] 13:48:32     INFO - GECKO(1075) | freed by thread T20 (MediaManager) here:
[task 2018-10-16T13:48:32.838Z] 13:48:32     INFO - GECKO(1075) |     #0 0x5620cd4d5f22 in __interceptor_free /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:68:3
[task 2018-10-16T13:48:32.839Z] 13:48:32     INFO - GECKO(1075) |     #1 0x7facff2d1b2f in Release /builds/worker/workspace/build/src/dom/media/MediaStreamGraph.h:142:3
[task 2018-10-16T13:48:32.840Z] 13:48:32     INFO - GECKO(1075) |     #2 0x7facff2d1b2f in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:47
[task 2018-10-16T13:48:32.842Z] 13:48:32     INFO - GECKO(1075) |     #3 0x7facff2d1b2f in Release /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:418
[task 2018-10-16T13:48:32.844Z] 13:48:32     INFO - GECKO(1075) |     #4 0x7facff2d1b2f in assign_assuming_AddRef /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:72
[task 2018-10-16T13:48:32.844Z] 13:48:32     INFO - GECKO(1075) |     #5 0x7facff2d1b2f in assign_with_AddRef /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:63
[task 2018-10-16T13:48:32.847Z] 13:48:32     INFO - GECKO(1075) |     #6 0x7facff2d1b2f in operator= /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:202
[task 2018-10-16T13:48:32.848Z] 13:48:32     INFO - GECKO(1075) |     #7 0x7facff2d1b2f in mozilla::MediaEngineWebRTCMicrophoneSource::Start(RefPtr<mozilla::AllocationHandle const> const&) /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:725
[task 2018-10-16T13:48:32.849Z] 13:48:32     INFO - GECKO(1075) |     #8 0x7facfec09920 in Start /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:1134:19
[task 2018-10-16T13:48:32.850Z] 13:48:32     INFO - GECKO(1075) |     #9 0x7facfec09920 in operator() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4614
[task 2018-10-16T13:48:32.853Z] 13:48:32     INFO - GECKO(1075) |     #10 0x7facfec09920 in operator() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:2390
[task 2018-10-16T13:48:32.855Z] 13:48:32     INFO - GECKO(1075) |     #11 0x7facfec09920 in mozilla::detail::RunnableFunction<RefPtr<mozilla::MozPromise<nsresult, bool, true> > mozilla::MediaManager::PostTask<mozilla::MozPromise<nsresult, bool, true>, mozilla::SourceListener::SetEnabledFor(int, bool)::$_48::operator()()::{lambda(mozilla::MozPromiseHolder<mozilla::MozPromise<nsresult, bool, true> >&)#1}>(char const*, mozilla::SourceListener::SetEnabledFor(int, bool)::$_48::operator()()::{lambda(mozilla::MozPromiseHolder<mozilla::MozPromise<nsresult, bool, true> >&)#1}&&)::{lambda()#1}>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:577
[task 2018-10-16T13:48:32.863Z] 13:48:32     INFO - GECKO(1075) |     #12 0x7facf8316309 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1252:14
[task 2018-10-16T13:48:32.865Z] 13:48:32     INFO - GECKO(1075) |     #13 0x7facf831d3e8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:530:10
[task 2018-10-16T13:48:32.865Z] 13:48:32     INFO - GECKO(1075) |     #14 0x7facf927cfdd in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:364:5
[task 2018-10-16T13:48:32.869Z] 13:48:32     INFO - GECKO(1075) |     #15 0x7facf91cf93c in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10
[task 2018-10-16T13:48:32.870Z] 13:48:32     INFO - GECKO(1075) |     #16 0x7facf91cf93c in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318
[task 2018-10-16T13:48:32.871Z] 13:48:32     INFO - GECKO(1075) |     #17 0x7facf91cf93c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298
[task 2018-10-16T13:48:32.873Z] 13:48:32     INFO - GECKO(1075) |     #18 0x7facf91ec896 in base::Thread::ThreadMain() /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:198:16
[task 2018-10-16T13:48:32.875Z] 13:48:32     INFO - GECKO(1075) |     #19 0x7facf91e0d8c in ThreadFunc(void*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:40:13
[task 2018-10-16T13:48:32.879Z] 13:48:32     INFO - GECKO(1075) |     #20 0x7fad181e56b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
[task 2018-10-16T13:48:32.880Z] 13:48:32     INFO - GECKO(1075) | previously allocated by thread T20 (MediaManager) here:
[task 2018-10-16T13:48:32.881Z] 13:48:32     INFO - GECKO(1075) |     #0 0x5620cd4d6263 in malloc /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:88:3
[task 2018-10-16T13:48:32.882Z] 13:48:32     INFO - GECKO(1075) |     #1 0x5620cd50760d in moz_xmalloc /builds/worker/workspace/build/src/memory/mozalloc/mozalloc.cpp:70:17
[task 2018-10-16T13:48:32.884Z] 13:48:32     INFO - GECKO(1075) |     #2 0x7facff2d17ce in operator new /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/mozalloc.h:139:12
[task 2018-10-16T13:48:32.885Z] 13:48:32     INFO - GECKO(1075) |     #3 0x7facff2d17ce in mozilla::MediaEngineWebRTCMicrophoneSource::Start(RefPtr<mozilla::AllocationHandle const> const&) /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:725
[task 2018-10-16T13:48:32.887Z] 13:48:32     INFO - GECKO(1075) |     #4 0x7facfebfe776 in Start /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:1134:19
[task 2018-10-16T13:48:32.888Z] 13:48:32     INFO - GECKO(1075) |     #5 0x7facfebfe776 in operator() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:4318
[task 2018-10-16T13:48:32.890Z] 13:48:32     INFO - GECKO(1075) |     #6 0x7facfebfe776 in operator() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:2390
[task 2018-10-16T13:48:32.891Z] 13:48:32     INFO - GECKO(1075) |     #7 0x7facfebfe776 in mozilla::detail::RunnableFunction<RefPtr<mozilla::MozPromise<bool, RefPtr<mozilla::MediaMgrError>, true> > mozilla::MediaManager::PostTask<mozilla::MozPromise<bool, RefPtr<mozilla::MediaMgrError>, true>, mozilla::SourceListener::InitializeAsync()::$_43>(char const*, mozilla::SourceListener::InitializeAsync()::$_43&&)::{lambda()#1}>::Run() /builds/worker/workspace/build/src/obj-firefox/dist/include/nsThreadUtils.h:577
[task 2018-10-16T13:48:32.892Z] 13:48:32     INFO - GECKO(1075) |     #8 0x7facf8316309 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1252:14
[task 2018-10-16T13:48:32.893Z] 13:48:32     INFO - GECKO(1075) |     #9 0x7facf831d3e8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:530:10
[task 2018-10-16T13:48:32.894Z] 13:48:32     INFO - GECKO(1075) |     #10 0x7facf927cfdd in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:364:5
[task 2018-10-16T13:48:32.895Z] 13:48:32     INFO - GECKO(1075) |     #11 0x7facf91cf93c in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10
[task 2018-10-16T13:48:32.896Z] 13:48:32     INFO - GECKO(1075) |     #12 0x7facf91cf93c in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318
[task 2018-10-16T13:48:32.898Z] 13:48:32     INFO - GECKO(1075) |     #13 0x7facf91cf93c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298
[task 2018-10-16T13:48:32.898Z] 13:48:32     INFO - GECKO(1075) |     #14 0x7facf91ec896 in base::Thread::ThreadMain() /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:198:16
[task 2018-10-16T13:48:32.899Z] 13:48:32     INFO - GECKO(1075) |     #15 0x7facf91e0d8c in ThreadFunc(void*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:40:13
[task 2018-10-16T13:48:32.901Z] 13:48:32     INFO - GECKO(1075) |     #16 0x7fad181e56b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
[task 2018-10-16T13:48:32.901Z] 13:48:32     INFO - GECKO(1075) | Thread T25 (AudioIPC1) created by T20 (MediaManager) here:
[task 2018-10-16T13:48:32.906Z] 13:48:32     INFO - GECKO(1075) |     #0 0x5620cd4bf2ed in __interceptor_pthread_create /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:204:3
[task 2018-10-16T13:48:32.907Z] 13:48:32     INFO - GECKO(1075) |     #1 0x7fad0636e17c in std::sys::unix::thread::Thread::new::h7a2147c32829a17b /checkout/src/libstd/sys/unix/thread.rs:78:18
[task 2018-10-16T13:48:32.910Z] 13:48:32     INFO - GECKO(1075) | Thread T20 (MediaManager) created by T0 (Web Content) here:
[task 2018-10-16T13:48:32.911Z] 13:48:32     INFO - GECKO(1075) |     #0 0x5620cd4bf2ed in __interceptor_pthread_create /builds/worker/workspace/moz-toolchain/src/llvm/projects/compiler-rt/lib/asan/asan_interceptors.cc:204:3
[task 2018-10-16T13:48:32.912Z] 13:48:32     INFO - GECKO(1075) |     #1 0x7facf91de80c in CreateThread /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:127:14
[task 2018-10-16T13:48:32.913Z] 13:48:32     INFO - GECKO(1075) |     #2 0x7facf91de80c in PlatformThread::Create(unsigned long, PlatformThread::Delegate*, unsigned long*) /builds/worker/workspace/build/src/ipc/chromium/src/base/platform_thread_posix.cc:138
[task 2018-10-16T13:48:32.914Z] 13:48:32     INFO - GECKO(1075) |     #3 0x7facf91ebfb3 in base::Thread::StartWithOptions(base::Thread::Options const&) /builds/worker/workspace/build/src/ipc/chromium/src/base/thread.cc:102:8
[task 2018-10-16T13:48:32.915Z] 13:48:32     INFO - GECKO(1075) |     #4 0x7facfeb0d9b9 in mozilla::MediaManager::Get() /builds/worker/workspace/build/src/dom/media/MediaManager.cpp:2255:36
[task 2018-10-16T13:48:32.932Z] 13:48:32     INFO - GECKO(1075) |     #5 0x7facfea2e959 in mozilla::dom::MediaDevices::EnumerateDevices(mozilla::dom::CallerType, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/media/MediaDevices.cpp:205:9
[task 2018-10-16T13:48:32.940Z] 13:48:32     INFO - GECKO(1075) |     #6 0x7facfbdef591 in enumerateDevices /builds/worker/workspace/build/src/obj-firefox/dom/bindings/MediaDevicesBinding.cpp:150:45
[task 2018-10-16T13:48:32.940Z] 13:48:32     INFO - GECKO(1075) |     #7 0x7facfbdef591 in mozilla::dom::MediaDevices_Binding::enumerateDevices_promiseWrapper(JSContext*, JS::Handle<JSObject*>, mozilla::dom::MediaDevices*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/MediaDevicesBinding.cpp:164
[task 2018-10-16T13:48:32.942Z] 13:48:32     INFO - GECKO(1075) |     #8 0x7facfdd3a50a in bool mozilla::dom::binding_detail::GenericMethod<mozilla::dom::binding_detail::NormalThisPolicy, mozilla::dom::binding_detail::ConvertExceptionsToPromises>(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3315:13
[task 2018-10-16T13:48:32.952Z] 13:48:32     INFO - GECKO(1075) |     #9 0x7fad05ab144b in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:468:15
[task 2018-10-16T13:48:32.953Z] 13:48:32     INFO - GECKO(1075) |     #10 0x7fad05ab144b in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:560
[task 2018-10-16T13:48:32.962Z] 13:48:32     INFO - GECKO(1075) |     #11 0x7fad05a9a3ce in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:620:12
[task 2018-10-16T13:48:32.962Z] 13:48:32     INFO - GECKO(1075) |     #12 0x7fad05a9a3ce in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3458
[task 2018-10-16T13:48:32.962Z] 13:48:32     INFO - GECKO(1075) |     #13 0x7fad05a7f69b in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:447:12
[task 2018-10-16T13:48:32.964Z] 13:48:32     INFO - GECKO(1075) |     #14 0x7fad05ab1f5e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:587:15
[task 2018-10-16T13:48:32.964Z] 13:48:32     INFO - GECKO(1075) |     #15 0x7fad05ab3cf2 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:633:10
[task 2018-10-16T13:48:32.983Z] 13:48:32     INFO - GECKO(1075) |     #16 0x7fad05186010 in js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/SelfHosting.cpp:1874:12
[task 2018-10-16T13:48:32.983Z] 13:48:32     INFO - GECKO(1075) |     #17 0x7fad04d4e45c in AsyncFunctionResume(JSContext*, JS::Handle<js::PromiseObject*>, JS::Handle<JS::Value>, ResumeKind, JS::Handle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/AsyncFunction.cpp:200:10
[task 2018-10-16T13:48:32.984Z] 13:48:32     INFO - GECKO(1075) |     #18 0x7fad04d4d539 in AsyncFunctionStart /builds/worker/workspace/build/src/js/src/vm/AsyncFunction.cpp:215:12
[task 2018-10-16T13:48:32.985Z] 13:48:32     INFO - GECKO(1075) |     #19 0x7fad04d4d539 in WrappedAsyncFunction(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/js/src/vm/AsyncFunction.cpp:92
[task 2018-10-16T13:48:32.985Z] 13:48:32     INFO - GECKO(1075) |     #20 0x7fad05ab144b in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:468:15
[task 2018-10-16T13:48:32.990Z] 13:48:32     INFO - GECKO(1075) |     #21 0x7fad05ab144b in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:560
[task 2018-10-16T13:48:32.992Z] 13:48:32     INFO - GECKO(1075) |     #22 0x7fad05a9a3ce in CallFromStack /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:620:12
[task 2018-10-16T13:48:32.993Z] 13:48:32     INFO - GECKO(1075) |     #23 0x7fad05a9a3ce in Interpret(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:3458
[task 2018-10-16T13:48:32.994Z] 13:48:32     INFO - GECKO(1075) |     #24 0x7fad05a7f69b in js::RunScript(JSContext*, js::RunState&) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:447:12
[task 2018-10-16T13:48:32.995Z] 13:48:32     INFO - GECKO(1075) |     #25 0x7fad05ab1f5e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:587:15
[task 2018-10-16T13:48:32.997Z] 13:48:32     INFO - GECKO(1075) |     #26 0x7fad05ab3cf2 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:633:10
[task 2018-10-16T13:48:32.997Z] 13:48:32     INFO - GECKO(1075) |     #27 0x7fad05186010 in js::CallSelfHostedFunction(JSContext*, JS::Handle<js::PropertyName*>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/SelfHosting.cpp:1874:12
[task 2018-10-16T13:48:32.999Z] 13:48:32     INFO - GECKO(1075) |     #28 0x7fad04d4e45c in AsyncFunctionResume(JSContext*, JS::Handle<js::PromiseObject*>, JS::Handle<JS::Value>, ResumeKind, JS::Handle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/AsyncFunction.cpp:200:10
[task 2018-10-16T13:48:33.000Z] 13:48:32     INFO - GECKO(1075) |     #29 0x7fad042314ab in AsyncFunctionPromiseReactionJob /builds/worker/workspace/build/src/js/src/builtin/Promise.cpp:1464:14
[task 2018-10-16T13:48:33.002Z] 13:48:33     INFO - GECKO(1075) |     #30 0x7fad042314ab in PromiseReactionJob(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/js/src/builtin/Promise.cpp:1580
[task 2018-10-16T13:48:33.003Z] 13:48:33     INFO - GECKO(1075) |     #31 0x7fad05ab144b in CallJSNative /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:468:15
[task 2018-10-16T13:48:33.004Z] 13:48:33     INFO - GECKO(1075) |     #32 0x7fad05ab144b in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:560
[task 2018-10-16T13:48:33.004Z] 13:48:33     INFO - GECKO(1075) |     #33 0x7fad05ab3cf2 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/vm/Interpreter.cpp:633:10
[task 2018-10-16T13:48:33.021Z] 13:48:33     INFO - GECKO(1075) |     #34 0x7fad04be6b5d in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/workspace/build/src/js/src/jsapi.cpp:2979:12
[task 2018-10-16T13:48:33.055Z] 13:48:33     INFO - GECKO(1075) |     #35 0x7facfc2b69d6 in mozilla::dom::PromiseJobCallback::Call(JSContext*, JS::Handle<JS::Value>, mozilla::ErrorResult&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/PromiseBinding.cpp:26:8
[task 2018-10-16T13:48:33.058Z] 13:48:33     INFO - GECKO(1075) |     #36 0x7facf816bb85 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:91:12
[task 2018-10-16T13:48:33.059Z] 13:48:33     INFO - GECKO(1075) |     #37 0x7facf816bb85 in Call /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/PromiseBinding.h:104
[task 2018-10-16T13:48:33.061Z] 13:48:33     INFO - GECKO(1075) |     #38 0x7facf816bb85 in mozilla::PromiseJobRunnable::Run(mozilla::AutoSlowOperation&) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:247
[task 2018-10-16T13:48:33.063Z] 13:48:33     INFO - GECKO(1075) |     #39 0x7facf814b2a1 in mozilla::CycleCollectedJSContext::PerformMicroTaskCheckPoint(bool) /builds/worker/workspace/build/src/xpcom/base/CycleCollectedJSContext.cpp:603:17
[task 2018-10-16T13:48:33.064Z] 13:48:33     INFO - GECKO(1075) |     #40 0x7facfdd5d345 in LeaveMicroTask /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/CycleCollectedJSContext.h:210:7
[task 2018-10-16T13:48:33.066Z] 13:48:33     INFO - GECKO(1075) |     #41 0x7facfdd5d345 in mozilla::dom::CallbackObject::CallSetup::~CallSetup() /builds/worker/workspace/build/src/dom/bindings/CallbackObject.cpp:355
[task 2018-10-16T13:48:33.067Z] 13:48:33     INFO - GECKO(1075) |     #42 0x7facfb311e1e in void mozilla::dom::Function::Call<nsCOMPtr<nsISupports> >(nsCOMPtr<nsISupports> const&, nsTArray<JS::Value> const&, JS::MutableHandle<JS::Value>, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/FunctionBinding.h:74:3
[task 2018-10-16T13:48:33.071Z] 13:48:33     INFO - GECKO(1075) |     #43 0x7facfb310820 in nsGlobalWindowInner::RunTimeoutHandler(mozilla::dom::Timeout*, nsIScriptContext*) /builds/worker/workspace/build/src/dom/base/nsGlobalWindowInner.cpp:6491:17
[task 2018-10-16T13:48:33.072Z] 13:48:33     INFO - GECKO(1075) |     #44 0x7facfb54d1a6 in mozilla::dom::TimeoutManager::RunTimeout(mozilla::TimeStamp const&, mozilla::TimeStamp const&) /builds/worker/workspace/build/src/dom/base/TimeoutManager.cpp:837:42
[task 2018-10-16T13:48:33.073Z] 13:48:33     INFO - GECKO(1075) |     #45 0x7facfb54c43d in mozilla::dom::TimeoutExecutor::MaybeExecute() /builds/worker/workspace/build/src/dom/base/TimeoutExecutor.cpp:172:11
[task 2018-10-16T13:48:33.075Z] 13:48:33     INFO - GECKO(1075) |     #46 0x7facfb54e822 in mozilla::dom::TimeoutExecutor::Run() /builds/worker/workspace/build/src/dom/base/TimeoutExecutor.cpp:229:5
[task 2018-10-16T13:48:33.078Z] 13:48:33     INFO - GECKO(1075) |     #47 0x7facf832addb in mozilla::ThrottledEventQueue::Inner::ExecuteRunnable() /builds/worker/workspace/build/src/xpcom/threads/ThrottledEventQueue.cpp:188:22
[task 2018-10-16T13:48:33.079Z] 13:48:33     INFO - GECKO(1075) |     #48 0x7facf832aa0f in mozilla::ThrottledEventQueue::Inner::Executor::Run() /builds/worker/workspace/build/src/xpcom/threads/ThrottledEventQueue.cpp:72:15
[task 2018-10-16T13:48:33.081Z] 13:48:33     INFO - GECKO(1075) |     #49 0x7facf82e8601 in mozilla::SchedulerGroup::Runnable::Run() /builds/worker/workspace/build/src/xpcom/threads/SchedulerGroup.cpp:337:32
[task 2018-10-16T13:48:33.082Z] 13:48:33     INFO - GECKO(1075) |     #50 0x7facf8316309 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/workspace/build/src/xpcom/threads/nsThread.cpp:1252:14
[task 2018-10-16T13:48:33.084Z] 13:48:33     INFO - GECKO(1075) |     #51 0x7facf831d3e8 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/workspace/build/src/xpcom/threads/nsThreadUtils.cpp:530:10
[task 2018-10-16T13:48:33.086Z] 13:48:33     INFO - GECKO(1075) |     #52 0x7facf927bdbb in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/workspace/build/src/ipc/glue/MessagePump.cpp:97:21
[task 2018-10-16T13:48:33.090Z] 13:48:33     INFO - GECKO(1075) |     #53 0x7facf91cf93c in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10
[task 2018-10-16T13:48:33.092Z] 13:48:33     INFO - GECKO(1075) |     #54 0x7facf91cf93c in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318
[task 2018-10-16T13:48:33.093Z] 13:48:33     INFO - GECKO(1075) |     #55 0x7facf91cf93c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298
[task 2018-10-16T13:48:33.093Z] 13:48:33     INFO - GECKO(1075) |     #56 0x7fad001ed1a9 in nsBaseAppShell::Run() /builds/worker/workspace/build/src/widget/nsBaseAppShell.cpp:158:27
[task 2018-10-16T13:48:33.094Z] 13:48:33     INFO - GECKO(1075) |     #57 0x7fad03ea503f in XRE_RunAppShell() /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:939:22
[task 2018-10-16T13:48:33.095Z] 13:48:33     INFO - GECKO(1075) |     #58 0x7facf91cf93c in RunInternal /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:325:10
[task 2018-10-16T13:48:33.096Z] 13:48:33     INFO - GECKO(1075) |     #59 0x7facf91cf93c in RunHandler /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:318
[task 2018-10-16T13:48:33.096Z] 13:48:33     INFO - GECKO(1075) |     #60 0x7facf91cf93c in MessageLoop::Run() /builds/worker/workspace/build/src/ipc/chromium/src/base/message_loop.cc:298
[task 2018-10-16T13:48:33.097Z] 13:48:33     INFO - GECKO(1075) |     #61 0x7fad03ea48f6 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/workspace/build/src/toolkit/xre/nsEmbedFunctions.cpp:765:34
[task 2018-10-16T13:48:33.097Z] 13:48:33     INFO - GECKO(1075) |     #62 0x5620cd5066f4 in content_process_main /builds/worker/workspace/build/src/browser/app/../../ipc/contentproc/plugin-container.cpp:50:30
[task 2018-10-16T13:48:33.097Z] 13:48:33     INFO - GECKO(1075) |     #63 0x5620cd5066f4 in main /builds/worker/workspace/build/src/browser/app/nsBrowserApp.cpp:287
[task 2018-10-16T13:48:33.098Z] 13:48:33     INFO - GECKO(1075) |     #64 0x7fad1718782f in __libc_start_main /build/glibc-Cl5G7W/glibc-2.23/csu/../csu/libc-start.c:291
[task 2018-10-16T13:48:33.099Z] 13:48:33     INFO - GECKO(1075) | SUMMARY: AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:1042:7 in mozilla::AudioInputProcessing::Pull(RefPtr<mozilla::AllocationHandle const> const&, RefPtr<mozilla::SourceMediaStream> const&, int, long, nsMainThreadPtrHandle<nsIPrincipal> const&)
[task 2018-10-16T13:48:33.100Z] 13:48:33     INFO - GECKO(1075) | Shadow bytes around the buggy address:
[task 2018-10-16T13:48:33.100Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e28a0: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
[task 2018-10-16T13:48:33.101Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e28b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[task 2018-10-16T13:48:33.101Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e28c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa
[task 2018-10-16T13:48:33.101Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e28d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
[task 2018-10-16T13:48:33.102Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e28e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[task 2018-10-16T13:48:33.102Z] 13:48:33     INFO - GECKO(1075) | =>0x0c22800e28f0: fd[fd]fa fa fa fa fa fa fa fa fa fa fa fa fa fa
[task 2018-10-16T13:48:33.103Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e2900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[task 2018-10-16T13:48:33.104Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e2910: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
[task 2018-10-16T13:48:33.105Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e2920: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
[task 2018-10-16T13:48:33.106Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e2930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
[task 2018-10-16T13:48:33.107Z] 13:48:33     INFO - GECKO(1075) |   0x0c22800e2940: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa
[task 2018-10-16T13:48:33.108Z] 13:48:33     INFO - GECKO(1075) | Shadow byte legend (one shadow byte represents 8 application bytes):
[task 2018-10-16T13:48:33.108Z] 13:48:33     INFO - GECKO(1075) |   Addressable:           00
[task 2018-10-16T13:48:33.109Z] 13:48:33     INFO - GECKO(1075) |   Partially addressable: 01 02 03 04 05 06 07
[task 2018-10-16T13:48:33.109Z] 13:48:33     INFO - GECKO(1075) |   Heap left redzone:       fa
[task 2018-10-16T13:48:33.110Z] 13:48:33     INFO - GECKO(1075) |   Freed heap region:       fd
[task 2018-10-16T13:48:33.110Z] 13:48:33     INFO - GECKO(1075) |   Stack left redzone:      f1
[task 2018-10-16T13:48:33.111Z] 13:48:33     INFO - GECKO(1075) |   Stack mid redzone:       f2
[task 2018-10-16T13:48:33.112Z] 13:48:33     INFO - GECKO(1075) |   Stack right redzone:     f3
[task 2018-10-16T13:48:33.113Z] 13:48:33     INFO - GECKO(1075) |   Stack after return:      f5
[task 2018-10-16T13:48:33.113Z] 13:48:33     INFO - GECKO(1075) |   Stack use after scope:   f8
[task 2018-10-16T13:48:33.114Z] 13:48:33     INFO - GECKO(1075) |   Global redzone:          f9
[task 2018-10-16T13:48:33.114Z] 13:48:33     INFO - GECKO(1075) |   Global init order:       f6
[task 2018-10-16T13:48:33.115Z] 13:48:33     INFO - GECKO(1075) |   Poisoned by user:        f7
[task 2018-10-16T13:48:33.116Z] 13:48:33     INFO - GECKO(1075) |   Container overflow:      fc
[task 2018-10-16T13:48:33.118Z] 13:48:33     INFO - GECKO(1075) |   Array cookie:            ac
[task 2018-10-16T13:48:33.119Z] 13:48:33     INFO - GECKO(1075) |   Intra object redzone:    bb
[task 2018-10-16T13:48:33.120Z] 13:48:33     INFO - GECKO(1075) |   ASan internal:           fe
[task 2018-10-16T13:48:33.121Z] 13:48:33     INFO - GECKO(1075) |   Left alloca redzone:     ca
[task 2018-10-16T13:48:33.122Z] 13:48:33     INFO - GECKO(1075) |   Right alloca redzone:    cb
[task 2018-10-16T13:48:33.122Z] 13:48:33     INFO - GECKO(1075) | ==1182==ABORTING
[task 2018-10-16T13:48:33.151Z] 13:48:33     INFO - GECKO(1075) | [Parent 1075, Gecko_IOThread] WARNING: pipe error (97): Connection reset by peer: file /builds/worker/workspace/build/src/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 363
[task 2018-10-16T13:48:33.166Z] 13:48:33     INFO - GECKO(1075) | ###!!! [Parent][MessageChannel] Error: (msgtype=0x190084,name=PBrowser::Msg_Destroy) Channel error: cannot send/recv
[task 2018-10-16T13:48:33.358Z] 13:48:33     INFO - GECKO(1075) | A content process crashed and MOZ_CRASHREPORTER_SHUTDOWN is set, shutting down
:padenot could you please take a look?
Flags: needinfo?(padenot)
Group: media-core-security
Group: core-security
Flags: needinfo?(padenot) → needinfo?(drno)
Paul do you know who is the best person to look into this?

Since sec-high need an owner, I'm assigning to you until we have the final owner.
Assignee: nobody → padenot
Flags: needinfo?(drno) → needinfo?(padenot)
Priority: -- → P1
I think we just need to skip re-creating the object. pehrsons, what do you think?
Flags: needinfo?(padenot) → needinfo?(apehrson)
Yes, that should do it. I think the only possible failure mode here is a race after Start(); Stop(); Start(); between assigning mInputProcessing [1] and calling mInputProcessing->Pull() [2].


[1] https://searchfox.org/mozilla-central/rev/0ec9f5972ef3e4a479720630ad7285a03776cdfc/dom/media/webrtc/MediaEngineWebRTCAudio.cpp#677-678
[2] https://searchfox.org/mozilla-central/rev/0ec9f5972ef3e4a479720630ad7285a03776cdfc/dom/media/webrtc/MediaEngineWebRTCAudio.cpp#224
Flags: needinfo?(apehrson)
Comment on attachment 9021194 [details]
Bug 1499426 - Only create AudioInputProcessing once in MediaEngineWebRTCAudio::Start. r?pehrsons

[Security Approval Request]

How easily could an exploit be constructed based on the patch?: Hard to get the timing right: multiple system level constructs with various timing characteristics have to align: multi-threaded message queues processing, system level audio stream, and, depending on the platform, IPC communication via sockets and shared memory.

Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: No

Which older supported branches are affected by this flaw?: 64

If not all supported branches, which bug introduced the flaw?: Bug 1487057

Do you have backports for the affected branches?: Yes

If not, how different, hard to create, and risky will they be?: N/A

How likely is this patch to cause regressions; how much testing does it need?: It will be fine.
Attachment #9021194 - Flags: sec-approval?
sec-approval+ for trunk. We'll want a beta patch nominated as well so we can avoid shipping the security issue.
status-firefox63: --- → unaffected
status-firefox64: --- → affected
status-firefox65: --- → affected
status-firefox-esr60: --- → unaffected
tracking-firefox64: --- → +
tracking-firefox65: --- → +
Attachment #9021194 - Flags: sec-approval? → sec-approval+
Comment on attachment 9021194 [details]
Bug 1499426 - Only create AudioInputProcessing once in MediaEngineWebRTCAudio::Start. r?pehrsons

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1487057

User impact if declined: We've seen one crash

Is this code covered by automated tests?: Yes

Has the fix been verified in Nightly?: No

Needs manual test from QE?: No

If yes, steps to reproduce: 

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): 

String changes made/needed:
Attachment #9021194 - Flags: approval-mozilla-beta?
Comment on attachment 9021194 [details]
Bug 1499426 - Only create AudioInputProcessing once in MediaEngineWebRTCAudio::Start. r?pehrsons

approved for 64.0beta
Attachment #9021194 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Backed out from inbound due to mda perma assertion on Linux debug:

https://hg.mozilla.org/integration/mozilla-inbound/rev/957a743c4ca2907d8e357fce43fbcd9f619f1122

Failures on inbound: https://treeherder.mozilla.org/#/jobs?repo=mozilla-inbound&resultStatus=pending%2Crunning%2Csuccess%2Ctestfailed%2Cbusted%2Cexception&group_state=expanded&searchStr=mochitest%2Cmedia%2Cdebug&platform=linux&job_type_symbol=mda3&fromchange=86ab0cd2855c06099abce0a68700127dcbd26193&selectedJob=209857781

Failure log: https://treeherder.mozilla.org/logviewer.html#?job_id=209857781&repo=mozilla-inbound

[task 2018-11-05T17:11:24.761Z] 17:11:24     INFO - GECKO(1056) | Assertion failure: aStream->GraphImpl()->IterationEnd() > mLastCallbackAppendTime, at /builds/worker/workspace/build/src/dom/media/webrtc/MediaEngineWebRTCAudio.cpp:1024
[task 2018-11-05T17:12:58.673Z] 17:12:58     INFO - GECKO(1056) | #01: mozilla::AudioInputProcessing::Pull(RefPtr<mozilla::SourceMediaStream> const&, int, long long, nsMainThreadPtrHandle<nsIPrincipal> const&) [dom/media/webrtc/MediaEngineWebRTCAudio.cpp:0]
[task 2018-11-05T17:12:58.675Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.676Z] 17:12:58     INFO - GECKO(1056) | #02: mozilla::MediaEngineWebRTCMicrophoneSource::Pull(RefPtr<mozilla::AllocationHandle const> const&, RefPtr<mozilla::SourceMediaStream> const&, int, long long, nsMainThreadPtrHandle<nsIPrincipal> const&) [dom/media/webrtc/MediaEngineWebRTCAudio.cpp:223]
[task 2018-11-05T17:12:58.678Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.680Z] 17:12:58     INFO - GECKO(1056) | #03: mozilla::MediaDevice::Pull(RefPtr<mozilla::SourceMediaStream> const&, int, long long, nsMainThreadPtrHandle<nsIPrincipal> const&) [dom/media/MediaManager.cpp:1185]
[task 2018-11-05T17:12:58.682Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.685Z] 17:12:58     INFO - GECKO(1056) | #04: mozilla::SourceListener::NotifyPull(mozilla::MediaStreamGraph*, long long) [dom/media/MediaManager.cpp:4726]
[task 2018-11-05T17:12:58.687Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.690Z] 17:12:58     INFO - GECKO(1056) | #05: mozilla::SourceListener::SourceStreamListener::NotifyPull(mozilla::MediaStreamGraph*, long long) [dom/media/MediaManager.cpp:500]
[task 2018-11-05T17:12:58.692Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.695Z] 17:12:58     INFO - GECKO(1056) | #06: mozilla::SourceMediaStream::PullNewData(long long) [xpcom/threads/Mutex.h:250]
[task 2018-11-05T17:12:58.697Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.699Z] 17:12:58     INFO - GECKO(1056) | #07: mozilla::MediaStreamGraphImpl::UpdateGraph(long long) [dom/media/MediaStreamGraph.cpp:1282]
[task 2018-11-05T17:12:58.701Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.705Z] 17:12:58     INFO - GECKO(1056) | #08: mozilla::MediaStreamGraphImpl::OneIteration(long long) [dom/media/MediaStreamGraph.cpp:1473]
[task 2018-11-05T17:12:58.708Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.709Z] 17:12:58     INFO - GECKO(1056) | #09: mozilla::AudioCallbackDriver::DataCallback(float const*, float*, long) [dom/media/GraphDriver.cpp:1008]
[task 2018-11-05T17:12:58.709Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.710Z] 17:12:58     INFO - GECKO(1056) | #10: mozilla::AudioCallbackDriver::DataCallback_s(cubeb_stream*, void*, void const*, void*, long) [dom/media/GraphDriver.cpp:882]
[task 2018-11-05T17:12:58.711Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.712Z] 17:12:58     INFO - GECKO(1056) | #11: std::panicking::try::do_call [media/audioipc/client/src/stream.rs:110]
[task 2018-11-05T17:12:58.712Z] 17:12:58     INFO - 
[task 2018-11-05T17:12:58.713Z] 17:12:58     INFO - GECKO(1056) | #12: __rust_maybe_catch_panic [/rustc/da5f414c2c0bfe5198934493f04c676e2b23ff2e/src/libpanic_abort/lib.rs:43]
[task 2018-11-05T17:12:58.715Z] 17:12:58     INFO - 

Conflict with bug 1503536?
Flags: needinfo?(padenot)
This is being backed out of 64 in bug 1503536.
status-firefox64: fixedwontfix
Flags: needinfo?(padenot)
What's the story for 65 here?
Flags: needinfo?(padenot)
Attachment #9021194 - Attachment is obsolete: true
Flags: needinfo?(padenot)

Comment on attachment 9035651 [details]
Bug 1499426 - Align the lifetime of AudioInputProcessing with the lifetime of MediaEngineWebRTCAudio. r?achronop

[Beta/Release Uplift Approval Request]

Feature/Bug causing the regression: Bug 1487057

User impact if declined: Rare crash maybe (5 occurrences on treeherder in 2 months)

Is this code covered by automated tests?: Yes

Has the fix been verified in Nightly?: No

Needs manual test from QE?: No

If yes, steps to reproduce:

List of other uplifts needed: None

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): If it's green on try it's going to be fine, this code is very how in our test suite. Last patch was wrong and all the test broke.

String changes made/needed: none

[Security Approval Request]

How easily could an exploit be constructed based on the patch?: Quite hard I think, you have to align 3 threads, including a real-time thread, the main thread, and another thread.

Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?: Yes

Which older supported branches are affected by this flaw?: beta

If not all supported branches, which bug introduced the flaw?: Bug 1487057

Do you have backports for the affected branches?: Yes

If not, how different, hard to create, and risky will they be?:

How likely is this patch to cause regressions; how much testing does it need?: If it's green it's fine.

Attachment #9035651 - Flags: sec-approval?
Attachment #9035651 - Flags: approval-mozilla-beta?

sec-approval+ for trunk and on beta after talking to Ryan.

status-firefox66: --- → affected
tracking-firefox66: --- → +
Attachment #9035651 - Flags: sec-approval?
Attachment #9035651 - Flags: sec-approval+
Attachment #9035651 - Flags: approval-mozilla-beta?
Attachment #9035651 - Flags: approval-mozilla-beta+

Hrm forgot to update the variable that let us assert, new patch up shortly.

Flags: needinfo?(padenot)
Attachment #9035651 - Attachment description: Bug 1499426 - Align the lifetime of AudioInputProcessing with the lifetime of MediaEngineWebRTCAudio. r?pehrsons → Bug 1499426 - Align the lifetime of AudioInputProcessing with the lifetime of MediaEngineWebRTCAudio. r?achronop

https://hg.mozilla.org/mozilla-central/rev/2f4288c49610

Group: media-core-security → core-security-release
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox66: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
Flags: qe-verify-
Whiteboard: [post-critsmash-triage]
Whiteboard: [post-critsmash-triage] → [post-critsmash-triage][adv-main65+]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: