Media fuzzer interface hangs when running a valid sample
Categories
(Core :: Fuzzing, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox81 | --- | fixed |
People
(Reporter: tsmith, Assigned: kinetik)
Details
(Whiteboard: [fuzzblocker])
Attachments
(2 files)
To Reproduce run the MediaWebM fuzzer:
FUZZER=MediaWebM ./firefox -timeout=5 test.webm
A Pernosco session is available here: https://pernos.co/debug/n6GJbvFIZL1oKse3oyZG1g/index.html
|
Assignee | |
Comment 1•4 years ago
•
|
||
(In reply to Tyson Smith [:tsmith] from comment #0)
A Pernosco session is available here: https://pernos.co/debug/n6GJbvFIZL1oKse3oyZG1g/index.html
The main thread is blocked in media::Await. The media pool thread is blocked in PDMFactory::EnsureInit waiting on the main thread.
Since PDMFactory::EnsureInit only needs to run once, I initially tried calling it directly from Benchmark::Init so that later calls could early-exit. That avoids the initial fuzzer hang, but reveals a latent shutdown hang when xpcom-shutdown-threads is waiting for the media thread pool to close. The media thread pool is kept alive via the reference held in sFuzzThreadPool added in bug 1567170.
Also per bug 1567170 comment 3, Jean-Yves suggests media::Await not be used on the main thread due to the blocking behaviour. So it seems like removing sFuzzThreadPool and switching from media::Await to a spin-wait (i.e. reverting to the code suggested by Christian in bug 1567170 comment 0) in avoids both the leaking threads issue in bug 1567170 and the blocking PDMFactory initialization seen here.
|
|
Assignee | |
Comment 2•4 years ago
|
||
|
||
Updated•4 years ago
|
Pushed by mgregan@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/164f54ec7aff Spin-wait on completion event rather than blocking main thread. r=jya
|
||
Comment 4•4 years ago
|
||
| bugherder | ||
Description
•