Closed
Bug 1618908
Opened 4 years ago
Closed 4 years ago
Assertion failure: mSentFirstFrameLoadedEvent, at /builds/worker/workspace/build/src/dom/media/MediaDecoderStateMachine.cpp:2875
Categories
(Core :: Audio/Video, defect, P3)
Core
Audio/Video
Tracking
()
RESOLVED
FIXED
mozilla75
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox73 | --- | unaffected |
| firefox74 | --- | unaffected |
| firefox75 | --- | fixed |
People
(Reporter: jkratzer, Assigned: alwu)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase, Whiteboard: [bugmon:confirm])
Attachments
(4 files)
Testcase found while fuzzing mozilla-central rev fb4f281c1c54 (built with --enable-debug). Testcase must be served over HTTP in order to reproduce.
Assertion failure: mSentFirstFrameLoadedEvent, at /builds/worker/workspace/build/src/dom/media/MediaDecoderStateMachine.cpp:2875
rax = 0x0000556c8157d380 rdx = 0x0000000000000000
rcx = 0x00007fa71c58a173 rbx = 0x00007fa70cab5000
rsi = 0x00007fa7281028b0 rdi = 0x00007fa728101680
rbp = 0x00007fa70c988380 rsp = 0x00007fa70c988320
r8 = 0x00007fa7281028b0 r9 = 0x00007fa70c989700
r10 = 0x0000000000000002 r11 = 0x0000000000000000
r12 = 0x00007fa70c988390 r13 = 0x00007fa70c988408
r14 = 0x00007fa70c9883f8 r15 = 0x00007fa70c9883f0
rip = 0x00007fa71820d864
OS|Linux|0.0.0 Linux 5.3.0-28-generic #30~18.04.1-Ubuntu SMP Fri Jan 17 06:14:09 UTC 2020 x86_64
CPU|amd64|family 6 model 94 stepping 3|8
GPU|||
Crash|SIGSEGV|0x0|34
34|0|libxul.so|mozilla::MediaDecoderStateMachine::MaybeStartPlayback()|hg:hg.mozilla.org/mozilla-central:dom/media/MediaDecoderStateMachine.cpp:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|2875|0x32
34|1|libxul.so|mozilla::MediaDecoderStateMachine::ResumeMediaSink()|hg:hg.mozilla.org/mozilla-central:dom/media/MediaDecoderStateMachine.cpp:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|3688|0x8
34|2|libxul.so|mozilla::detail::RunnableMethodImpl<mozilla::MediaDecoderStateMachine*, void (mozilla::MediaDecoderStateMachine::*)(), true, (mozilla::RunnableKind)0>::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.h:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|1210|0x5
34|3|libxul.so|mozilla::AutoTaskDispatcher::TaskGroupRunnable::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskDispatcher.h:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|197|0x3
34|4|libxul.so|mozilla::TaskQueue::Runner::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/TaskQueue.cpp:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|207|0x15
34|5|libxul.so|nsThreadPool::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadPool.cpp:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|299|0x12
34|6|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|1220|0xe
34|7|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|481|0x11
34|8|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|332|0xd
34|9|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|315|0x19
34|10|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|290|0x8
34|11|libxul.so|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|464|0x8
34|12|libnspr4.so|_pt_root|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/pthreads/ptthread.c:fb4f281c1c54a5199e6e713c1b8115f80d7faa37|201|0x7
34|13|libpthread-2.27.so||||0x76db
34|14|libc-2.27.so||||0x12188f
Flags: in-testsuite?
|
Reporter | |
Comment 1•4 years ago
|
||
|
|
Reporter | |
Comment 2•4 years ago
|
||
|
|
Reporter | |
Comment 3•4 years ago
|
||
Testcase bisects to the following range:
Start: 81f420f057e45d76c2ea5a9533588341154c92fb (20200225094028)
End: f3da8ae9d1a3e74cd273746da51a035ddc572bee (20200225214332)
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=81f420f057e45d76c2ea5a9533588341154c92fb&tochange=f3da8ae9d1a3e74cd273746da51a035ddc572bee
|
Assignee | |
Comment 4•4 years ago
|
||
Although I can't reproduce this issue, I think it's a regression caused by bug1571513. I'll take it.
Assignee: nobody → alwu
Regressed by: 1571513
|
||
Updated•4 years ago
|
Has Regression Range: --- → yes
|
|
Assignee | |
Updated•4 years ago
|
Priority: -- → P3
|
|
Assignee | |
Comment 5•4 years ago
|
||
Resuming media sink could happen before the state machine finishs loading the first frame, so MaybeStartPlayback can be called when mSentFirstFrameLoadedEvent is still false. Therefore, we should replace the assertion of mSentFirstFrameLoadedEvent with an early return in order to ensure only starting playback after loading first frame.
|
||
Updated•4 years ago
|
Keywords: regression
Pushed by alwu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/7fe89b09ec9b use early return to replace the assertion of 'mSentFirstFrameLoadedEvent' r=achronop
|
||
Comment 7•4 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla75
|
||
Updated•4 years ago
|
status-firefox73:
--- → unaffected
status-firefox74:
--- → unaffected
status-firefox-esr68:
--- → unaffected
|
||
Updated•4 years ago
|
QA Whiteboard: [qa-75b-p2]
You need to log in
before you can comment on or make changes to this bug.
Description
•