MOZ_DIAGNOSTIC_ASSERT(mSendStreamConfig.rtp.ssrcs.size() == mEncoderConfig.number_of_streams) in some cases
Categories
(Core :: WebRTC: Audio/Video, defect, P1)
Tracking
()
People
(Reporter: nazar, Assigned: bwc)
References
Details
Crash Data
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0
Steps to reproduce:
- Use VP8 codec
- Enable 4-layer simulcast like this:
[
{ scaleResolutionDownBy: 4, maxBitrate: 100_000 },
{ scaleResolutionDownBy: 3, maxBitrate: 350_000 },
{ scaleResolutionDownBy: 2, maxBitrate: 1_250_000 },
{ scaleResolutionDownBy: 1, maxBitrate: 1_500_000 },
]
Actual results:
Browser tab crashes.
Stable: https://crash-stats.mozilla.org/report/index/4fc88169-88ee-4246-b88b-a06050201222
Nightly: https://crash-stats.mozilla.org/report/index/b22b3750-22ad-421a-9548-26da90201222
Expected results:
Browser shouldn't ever crash
Comment 1•3 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
Comment 2•3 years ago
|
||
Thanks for the bug report!
Looks like a release assert is failing in libwebrtc here: https://hg.mozilla.org/mozilla-central/file/fbdb6c91bd6256415a54c5198fb1e3bff8dd7c64/third_party/libwebrtc/webrtc/modules/video_coding/generic_encoder.cc#l407.
Andreas, any thoughts on this one?
Updated•3 years ago
|
Comment 3•3 years ago
|
||
Nothing immediate. It rings a bit like an ordering issue, but I'm not very familiar with this upstream code so I cannot really say.
I'll try to reproduce within a mochitest.
Comment 4•3 years ago
|
||
That was easy to reproduce in test_peerConnection_simulcastAnswer_lowResFirst.html
by adding two more encodings.
Pernosco recording: https://pernos.co/debug/4-NL4PI6qdYxF34mrir0iw/index.html
Comment 5•3 years ago
|
||
Uhm, so yeah, this is a Chrome experiment (?!).
The assertion fails because the simulcast id field only allows two bits for the id, and 0
means no simulcast. In those two bits only three unique simulcast streams can be represented. Upstream looks fundamentally similar, though paths are unclear.
But why?
Well this field ends up setting an extension field on the last packet of every keyframe. It only takes effect if the extension was negotiated.
The docs for that extension are here. I'm not sure what it's needed for. Originally it seems to be for distinguishing a screenshare stream from a non-screenshare one, but somewhere along the way simulcast and experiment ids were added (and undocumented).
What's disturbing is that we hit this release assert even when this extension is not part of signaling. Then the content type would simply be ignored. I wouldn't be surprised if we don't support signalling this extension either.
Dan, thoughts?
Comment 6•3 years ago
|
||
I dug through this a bit more and it looks like maybe this is (or was?) used for stats. I'm not sure if this is something we want to fix while we are doing an update.
Comment 7•3 years ago
|
||
Closing because no crashes reported for 12 weeks.
Reporter | ||
Comment 8•3 years ago
|
||
No crashes reported probably because no one bothered to trigger it, but it doesn't mean the issue is fixed.
Comment 9•3 years ago
|
||
Closing because no crashes reported for 12 weeks.
Reporter | ||
Comment 10•3 years ago
|
||
Looks like no one bothered to trigger it again, but I believe the issue is still present and needs to be fixed properly.
Comment 11•2 years ago
|
||
Closing because no crashes reported for 12 weeks.
Reporter | ||
Updated•2 years ago
|
Assignee | ||
Comment 12•2 years ago
|
||
So this function no longer exists after the libwebrtc update. Maybe this bug is gone now? I'll try testing as described in comment 4.
Assignee | ||
Comment 13•2 years ago
|
||
So we hit a different crash now, here: https://searchfox.org/mozilla-central/rev/25d26b0a62cc5bb4aa3bb90a11f3b0b7c52859c4/dom/media/webrtc/libwebrtcglue/VideoConduit.cpp#930-932
This is because there is a hard limit, here: https://searchfox.org/mozilla-central/rev/25d26b0a62cc5bb4aa3bb90a11f3b0b7c52859c4/dom/media/webrtc/libwebrtcglue/VideoConduit.cpp#661-662
Which happens to be 3: https://searchfox.org/mozilla-central/rev/25d26b0a62cc5bb4aa3bb90a11f3b0b7c52859c4/third_party/libwebrtc/api/video/video_codec_constants.h#17
Comment 14•2 years ago
|
||
Closing because no crashes reported for 12 weeks.
Updated•2 years ago
|
Updated•2 years ago
|
Comment 16•2 years ago
|
||
I see in the spec,
Under 4.4.1.5 Set the session description:
Let supportedEncodings be the maximum number of encodings that the implementation can support. If the length of proposedSendEncodings is greater than supportedEncodings, truncate proposedSendEncodings so that its length is supportedEncodings.
And in the addTransceiver algorithm:
If the number of encodings stored in sendEncodings exceeds maxN, then trim sendEncodings from the tail until its length is maxN.
Byron, would bug 1401592 affect putting these guards in place?
Assignee | ||
Comment 17•2 years ago
|
||
(In reply to Andreas Pehrson [:pehrsons] from comment #16)
I see in the spec,
Under 4.4.1.5 Set the session description:
Let supportedEncodings be the maximum number of encodings that the implementation can support. If the length of proposedSendEncodings is greater than supportedEncodings, truncate proposedSendEncodings so that its length is supportedEncodings.
And in the addTransceiver algorithm:
If the number of encodings stored in sendEncodings exceeds maxN, then trim sendEncodings from the tail until its length is maxN.
Byron, would bug 1401592 affect putting these guards in place?
Yes, it does.
Comment 18•1 year ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 5 desktop browser crashes on Mac on beta
:bwc, could you consider increasing the severity of this top-crash bug?
For more information, please visit auto_nag documentation.
Comment 19•1 year ago
|
||
Based on the topcrash criteria, the crash signatures linked to this bug are not in the topcrash signatures anymore.
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 20•1 year ago
•
|
||
Bug 1401592 fixed more-than-3 hitting this assertion, but there are apparently other ways.
Comment 21•1 year ago
|
||
Is this a duplicate of bug 1799978 now?
Assignee | ||
Comment 22•1 year ago
|
||
It might be. It might also be that bug 1401592 happened to fix 1799978 as well.
Assignee | ||
Updated•1 year ago
|
Description
•