Closed
Bug 1851803
Opened 1 year ago
Closed 1 year ago
Intermittent SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:2534:7 in ApplyTrackDisabling
Categories
(Core :: Audio/Video: MediaStreamGraph, defect, P2)
Core
Audio/Video: MediaStreamGraph
Tracking
()
RESOLVED
FIXED
119 Branch
People
(Reporter: intermittent-bug-filer, Assigned: pehrsons)
References
(Regression)
Details
(4 keywords, Whiteboard: [adv-main119+r])
Attachments
(2 files)
Filed by: smolnar [at] mozilla.com
Parsed log: https://treeherder.mozilla.org/logviewer?job_id=428117688&repo=autoland
Full log: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/Iw9E_2DRSJGmhcsNpvKz4w/runs/0/artifacts/public/logs/live_backing.log
TEST-START | browser/base/content/test/webrtc/browser_global_mute_toggles.js
[task 2023-09-06T11:06:28.649Z] 11:06:28 INFO - GECKO(3905) | TEST DEVICES: Using media devices:
[task 2023-09-06T11:06:28.650Z] 11:06:28 INFO - GECKO(3905) | audio:
[task 2023-09-06T11:06:28.650Z] 11:06:28 INFO - GECKO(3905) | video:
[task 2023-09-06T11:06:30.154Z] 11:06:30 INFO - GECKO(3905) | JavaScript error: resource:///actors/WebRTCChild.sys.mjs, line 502: InvalidStateError: JSWindowActorChild.sendAsyncMessage: JSWindowActorChild cannot send at the moment
[task 2023-09-06T11:06:30.596Z] 11:06:30 INFO - GECKO(3905) | TEST DEVICES: Using media devices:
[task 2023-09-06T11:06:30.596Z] 11:06:30 INFO - GECKO(3905) | audio:
[task 2023-09-06T11:06:30.596Z] 11:06:30 INFO - GECKO(3905) | video:
[task 2023-09-06T11:06:32.748Z] 11:06:32 INFO - GECKO(3905) | TEST DEVICES: Using media devices:
[task 2023-09-06T11:06:32.748Z] 11:06:32 INFO - GECKO(3905) | audio:
[task 2023-09-06T11:06:32.748Z] 11:06:32 INFO - GECKO(3905) | video:
[task 2023-09-06T11:06:35.025Z] 11:06:35 INFO - GECKO(3905) | TEST DEVICES: Using media devices:
[task 2023-09-06T11:06:35.026Z] 11:06:35 INFO - GECKO(3905) | audio:
[task 2023-09-06T11:06:35.027Z] 11:06:35 INFO - GECKO(3905) | video:
[task 2023-09-06T11:06:36.902Z] 11:06:36 INFO - GECKO(3905) | ==================
[task 2023-09-06T11:06:36.903Z] 11:06:36 INFO - GECKO(3905) | WARNING: ThreadSanitizer: data race (pid=5680)
[task 2023-09-06T11:06:36.903Z] 11:06:36 INFO - GECKO(3905) | Read of size 4 at 0x7b3800010b40 by thread T22 (mutexes: write M0):
[task 2023-09-06T11:06:36.906Z] 11:06:36 INFO - GECKO(3905) | #0 ApplyTrackDisabling /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:2534:7 (libxul.so+0x7281000) (BuildId: aae31bb572c22f6aa66ee2385764143c7a55f690)
<...>
#41 main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:375:18 (firefox-bin+0x134b01)
[task 2023-09-06T11:06:37.189Z] 11:06:37 INFO - GECKO(3905) | SUMMARY: ThreadSanitizer: data race /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:2534:7 in ApplyTrackDisabling
[task 2023-09-06T11:06:37.189Z] 11:06:37 INFO - GECKO(3905) | ==================
[task 2023-09-06T11:06:37.190Z] 11:06:37 INFO - GECKO(3905) | console.error:
[task 2023-09-06T11:06:37.191Z] 11:06:37 INFO - GECKO(3905) | remote browser crashed while on
[task 2023-09-06T11:06:37.191Z] 11:06:37 INFO - GECKO(3905) | https://example.com/browser/browser/base/content/test/webrtc/get_user_media.html
[task 2023-09-06T11:06:37.192Z] 11:06:37 INFO - TEST-INFO | started process screentopng
[task 2023-09-06T11:06:37.217Z] 11:06:37 INFO - TEST-INFO | screentopng: exit 0
[task 2023-09-06T11:06:37.217Z] 11:06:37 INFO - <snipped 10 output lines - if you need more context, please use SimpleTest.requestCompleteLog() in your test>
[task 2023-09-06T11:06:37.217Z] 11:06:37 INFO - Buffered messages logged at 11:06:29
[task 2023-09-06T11:06:37.217Z] 11:06:37 INFO - TEST-PASS | browser/base/content/test/webrtc/browser_global_mute_toggles.js | Camera selector label should not be hidden. -
|
||
Updated•1 year ago
|
Group: core-security → media-core-security
Keywords: csectype-race
|
|
||
Comment 1•1 year ago
|
||
|
|
||
Comment 2•1 year ago
|
||
Here's a few frames from the TSan report:
Read of size 4 at 0x7b3800010b40 by thread T22 (mutexes: write M0):
#0 ApplyTrackDisabling /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:2534:7
#1 mozilla::SourceMediaTrack::ApplyTrackDisabling(mozilla::MediaSegment*, mozilla::MediaSegment*) /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.h:664:17
#2 mozilla::SourceMediaTrack::AppendData(mozilla::MediaSegment*, mozilla::MediaSegment*) /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:2869:3
#3 mozilla::MediaEngineFakeVideoSource::GenerateFrame() /builds/worker/checkouts/gecko/dom/media/webrtc/MediaEngineFake.cpp:410:11
Previous write of size 4 at 0x7b3800010b40 by thread T25 (mutexes: write M1):
#0 SetDisabledTrackModeImpl /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:2511:17
#1 mozilla::SourceMediaTrack::SetDisabledTrackModeImpl(mozilla::DisabledTrackMode) /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:3029:15
#2 mozilla::MediaTrack::SetDisabledTrackMode(mozilla::DisabledTrackMode)::Message::Run() /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:2522:15
#3 mozilla::MediaTrackGraphImpl::RunMessagesInQueue() /builds/worker/checkouts/gecko/dom/media/MediaTrackGraph.cpp:1292:20
|
|
||
Comment 3•1 year ago
|
||
It looks like this is a race on MediaTrack::mDisabledMode. This doesn't seem super dangerous so I'll mark it sec-moderate.
Keywords: sec-moderate
|
|
||
Updated•1 year ago
|
Component: WebRTC → Audio/Video: MediaStreamGraph
|
Assignee | |
Comment 4•1 year ago
|
||
Ah, thanks, well that is a trivial fix.
Assignee: nobody → apehrson
Severity: -- → S2
Status: NEW → ASSIGNED
Priority: -- → P2
|
|
Assignee | |
Comment 5•1 year ago
|
||
This is an old regression. I can't find a motivation for it in the bug, unfortunately. But a quick audit at least doesn't render any path that would deadlock -- there are some callbacks that would be called under the SourceMediaTrack mutex.
Keywords: regression
Regressed by: 1266644
|
|
Assignee | |
Comment 6•1 year ago
|
||
|
||
Comment 7•1 year ago
|
||
Set release status flags based on info from the regressing bug 1266644
status-firefox117:
--- → affected
status-firefox118:
--- → affected
status-firefox119:
--- → affected
status-firefox-esr102:
--- → affected
status-firefox-esr115:
--- → affected
|
||
Comment 8•1 year ago
|
||
See the duplicate bug 1701452 comment 3 for analysis.
|
||
Updated•1 year ago
|
Attachment #9351796 -
Attachment description: Bug 1851803 - Protect SourceMediaTrack's disabled mode. r?karlt → Bug 1851803 - Introduce SourceMediaTrack::TrackData::mDisabledMode. r?karlt!
|
|
||
Updated•1 year ago
|
Attachment #9351796 -
Attachment description: Bug 1851803 - Introduce SourceMediaTrack::TrackData::mDisabledMode. r?karlt! → Bug 1851803 - Introduce SourceMediaTrack::mDirectDisabledMode. r?karlt!
Pushed by pehrsons@gmail.com: https://hg.mozilla.org/integration/autoland/rev/589b8056178b Introduce SourceMediaTrack::mDirectDisabledMode. r=karlt
|
||
Comment 11•1 year ago
|
||
Group: media-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → 119 Branch
|
|
||
Comment 12•1 year ago
|
||
The patch landed in nightly and beta is affected.
:pehrsons, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox118towontfix.
For more information, please visit BugBot documentation.
Flags: needinfo?(apehrson)
|
||
Updated•1 year ago
|
QA Whiteboard: [post-critsmash-triage]
Flags: qe-verify-
|
||
Updated•11 months ago
|
Whiteboard: [adv-main119+r]
|
||
Comment 14•5 months ago
|
||
Bulk-unhiding security bugs fixed in Firefox 119-121 (Fall 2023). Use "moo-doctrine-subsidy" to filter
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•