Closed
Bug 1646601
Opened 4 years ago
Closed 4 years ago
Assertion failure: mAudioContextOperation == AudioContextOperation::Close (We should be reviving the graph?), at /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:3432
Categories
(Core :: Web Audio, defect)
Core
Web Audio
Tracking
()
VERIFIED
FIXED
82 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr68 | --- | unaffected |
| firefox-esr78 | --- | unaffected |
| firefox79 | --- | wontfix |
| firefox80 | --- | wontfix |
| firefox81 | --- | wontfix |
| firefox82 | --- | fixed |
People
(Reporter: jkratzer, Assigned: karlt)
References
(Blocks 2 open bugs)
Details
(Keywords: assertion, testcase, Whiteboard: [bugmon:bisected,confirmed][fuzzblocker], [wptsync upstream])
Crash Data
Attachments
(7 files, 1 obsolete file)
|
382 bytes,
text/html
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review | |
|
47 bytes,
text/x-phabricator-request
|
Details | Review |
Testcase found while fuzzing mozilla-central rev 567a8768593e (built with --enable-debug). Testcase must be served over HTTP in order to reproduce.
Assertion failure: mAudioContextOperation == AudioContextOperation::Close (We should be reviving the graph?), at /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:3432
rax = 0x00007f00e51d0181 rdx = 0x0000000000000000
rcx = 0x0000563d016fca58 rbx = 0x0000563d02b785f0
rsi = 0x00007f00f633f8b0 rdi = 0x00007f00f633e680
rbp = 0x00007fffe41e9440 rsp = 0x00007fffe41e9420
r8 = 0x00007f00f633f8b0 r9 = 0x00007f00f7499780
r10 = 0x0000000000000002 r11 = 0x0000000000000000
r12 = 0x0000000000000020 r13 = 0x0000563d029796e0
r14 = 0x0000000000000001 r15 = 0x0000563d02b785f0
rip = 0x00007f00defe56d4
OS|Linux|0.0.0 Linux 5.3.0-59-generic #53~18.04.1-Ubuntu SMP Thu Jun 4 14:58:26 UTC 2020 x86_64
CPU|amd64|family 6 model 158 stepping 10|12
GPU|||
Crash|SIGSEGV /SEGV_MAPERR|0x0|0
0|0|libxul.so|mozilla::AudioContextOperationControlMessage::RunDuringShutdown()|hg:hg.mozilla.org/mozilla-central:dom/media/MediaTrackGraph.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|3431|0x2f
0|1|libxul.so|mozilla::MediaTrackGraphImpl::RunInStableState(bool)|hg:hg.mozilla.org/mozilla-central:dom/media/MediaTrackGraph.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|1798|0x36
0|2|libxul.so|mozilla::(anonymous namespace)::MediaTrackGraphStableStateRunnable::Run()|hg:hg.mozilla.org/mozilla-central:dom/media/MediaTrackGraph.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|1646|0x25
0|3|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|1234|0xe
0|4|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|501|0xc
0|5|libxul.so|mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|87|0x7
0|6|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:567a8768593eb06a86deb263f94d9de2d3d3e8fa|315|0x17
0|7|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:567a8768593eb06a86deb263f94d9de2d3d3e8fa|290|0x8
0|8|libxul.so|nsBaseAppShell::Run()|hg:hg.mozilla.org/mozilla-central:widget/nsBaseAppShell.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|137|0xd
0|9|libxul.so|XRE_RunAppShell()|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|913|0xe
0|10|libxul.so|mozilla::ipc::MessagePumpForChildProcess::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|237|0x5
0|11|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:567a8768593eb06a86deb263f94d9de2d3d3e8fa|315|0x17
0|12|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:567a8768593eb06a86deb263f94d9de2d3d3e8fa|290|0x8
0|13|libxul.so|XRE_InitChildProcess(int, char**, XREChildData const*)|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|744|0x5
0|14|firefox-bin|content_process_main(mozilla::Bootstrap*, int, char**)|hg:hg.mozilla.org/mozilla-central:ipc/contentproc/plugin-container.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|56|0x11
0|15|firefox-bin|main|hg:hg.mozilla.org/mozilla-central:browser/app/nsBrowserApp.cpp:567a8768593eb06a86deb263f94d9de2d3d3e8fa|303|0x20
0|16|libc.so.6||||0x21b97
0|17|firefox-bin|<name omitted>|hg:hg.mozilla.org/mozilla-central:mfbt/UniquePtr.h:567a8768593eb06a86deb263f94d9de2d3d3e8fa|253|0x17
Flags: in-testsuite?
|
Reporter | |
Updated•4 years ago
|
Whiteboard: [bugmon:confirm] → [bugmon:bisected,confirmed]
|
|
Reporter | |
Comment 1•4 years ago
|
||
Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20200618094105-f291dd9e075c.
The bug appears to have been introduced in the following build range:
> Start: fe147898a052291f6796dd8ff28c80c1358899d6 (20200613093747)
> End: 6e07f51a5fac103603705f6e191aca458090d4a7 (20200613072901)
> Pushlog: https://hg.mozilla.org/mozilla-unified/pushloghtml?fromchange=fe147898a052291f6796dd8ff28c80c1358899d6&tochange=6e07f51a5fac103603705f6e191aca458090d4a7
| Comment hidden (Intermittent Failures Robot) |
|
Assignee | |
Updated•4 years ago
|
Assignee: nobody → karlt
Severity: normal → S3
Status: NEW → ASSIGNED
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
|
||
Comment 5•4 years ago
|
||
The fuzzers are frequently tripping over this issue, marking as fuzzblocker[1]. Please prioritize this issue accordingly.
[1] https://firefox-source-docs.mozilla.org/tools/fuzzing/index.html#fuzz-blockers
status-firefox80:
--- → affected
Whiteboard: [bugmon:bisected,confirmed] → [bugmon:bisected,confirmed][fuzzblocker]
|
|
||
Comment 6•4 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/CKS-O4BmdSLnJK9wZnJD5w/index.html
| Comment hidden (Intermittent Failures Robot) |
|
|
Assignee | |
Comment 8•4 years ago
|
||
|
|
Assignee | |
Comment 9•4 years ago
|
||
Depends on D84300
|
|
Assignee | |
Comment 10•4 years ago
|
||
|
|
Assignee | |
Comment 11•4 years ago
|
||
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
| Comment hidden (Intermittent Failures Robot) |
|
|
Assignee | |
Comment 18•4 years ago
|
||
|
|
Assignee | |
Comment 19•4 years ago
|
||
|
|
Assignee | |
Comment 20•4 years ago
|
||
Depends on D90216
|
|
Assignee | |
Comment 21•4 years ago
|
||
|
|
Assignee | |
Comment 22•4 years ago
|
||
Tested when using --enable-fission with audiocontext-not-fully-active.html "frame in removed remote-site frame".
https://phabricator.services.mozilla.com/D90218#C3004773NL58
|
||
Updated•4 years ago
|
Crash Signature: [@ mozilla::AudioContextOperationControlMessage::RunDuringShutdown()]
|
||
Comment 24•4 years ago
|
||
Pushed by ktomlinson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cb981617a64f document as const some WindowContext members r=farre https://hg.mozilla.org/integration/autoland/rev/269855b55786 move fully active predicate to nsPIDOMWindowInner r=farre https://hg.mozilla.org/integration/autoland/rev/308379f9ee0e throw InvalidStateError on (Offline)AudioContext construction when not fully active r=padenot https://hg.mozilla.org/integration/autoland/rev/104d93996c65 add crashtest with AudioContext after unload r=padenot
|
|
Assignee | |
Updated•4 years ago
|
Keywords: leave-open
|
||
Comment 25•4 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Updated•4 years ago
|
Flags: in-testsuite? → in-testsuite+
Keywords: leave-open
|
|
||
Comment 26•4 years ago
|
||
Pushed by ktomlinson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b0ef6aa3f4f1 test AudioContext constructor throws when not fully active r=padenot https://hg.mozilla.org/integration/autoland/rev/ad0e25b984f4 don't assume fully active when ancestor BrowsingContext is discarded r=kmag
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/25583 for changes under testing/web-platform/tests
Whiteboard: [bugmon:bisected,confirmed][fuzzblocker] → [bugmon:bisected,confirmed][fuzzblocker], [wptsync upstream]
|
||
Comment 28•4 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/b0ef6aa3f4f1
https://hg.mozilla.org/mozilla-central/rev/ad0e25b984f4
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox82:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 82 Branch
|
|
||
Comment 29•4 years ago
|
||
Since the status are different for nightly and release, what's the status for beta?
For more information, please visit auto_nag documentation.
status-firefox81:
--- → ?
|
||
Updated•4 years ago
|
Upstream PR merged by moz-wptsync-bot
|
||
Updated•4 years ago
|
status-firefox-esr68:
--- → unaffected
status-firefox-esr78:
--- → unaffected
|
||
Updated•4 years ago
|
Attachment #9164956 -
Attachment is obsolete: true
|
|
||
Comment 31•3 years ago
|
||
:karlt, since this bug contains a bisection range, could you fill (if possible) the regressed_by field?
For more information, please visit auto_nag documentation.
Flags: needinfo?(karlt)
|
|
Assignee | |
Comment 32•3 years ago
|
||
The regression range does not appear to be accurate.
Flags: needinfo?(karlt)
|
|
Reporter | |
Comment 33•3 years ago
|
||
Bugmon Analysis
Verified bug as fixed on rev mozilla-central 20200917100940-5f3283738794.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Status: RESOLVED → VERIFIED
Keywords: bugmon
You need to log in
before you can comment on or make changes to this bug.
Description
•