Closed
Bug 802982
Opened 12 years ago
Closed 12 years ago
Crash with excessive getUserMedia calls [crashtest checkin]
Categories
(Core :: WebRTC, defect)
Tracking
()
VERIFIED
FIXED
mozilla19
Tracking | Status | |
---|---|---|
firefox18 | --- | disabled |
firefox19 | --- | verified |
firefox-esr10 | --- | unaffected |
firefox-esr17 | --- | unaffected |
People
(Reporter: jruderman, Unassigned)
References
Details
(Keywords: crash, sec-other, testcase, Whiteboard: [adv-main19-][sg:dupe 803093])
Attachments
(3 files)
With: user_pref("media.navigator.enabled", true); The testcases causes a bunch of invalid frees, and usually crashes. (Also: so many threads!)
Reporter | ||
Comment 1•12 years ago
|
||
Nightly: bp-3547f59f-8322-4069-9ab8-0d6472121018
Reporter | ||
Comment 2•12 years ago
|
||
Hmm, this testcase ended up pretty similar to the one in bug 798829.
Comment 3•12 years ago
|
||
The threading thing is already covered by bug 798323. But looks like that you hit the crash I was looking for. I will add it as dependency.
Depends on: 798323
Comment 4•12 years ago
|
||
I still can't get it to crash with the latest nightly build on OS X.
Comment 5•12 years ago
|
||
I see some of these on a linux build: 322660160[7f4213161150]: WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x8007000E: file nsThreadUtils.cpp, line 58 WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x8007000E: file nsThreadUtils.cpp, line 58 322660160[7f4213161150]: WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x8007000E: file ../../../dom/media/MediaManager.cpp, line 875 WARNING: NS_ENSURE_SUCCESS(rv, rv) failed with result 0x8007000E: file ../../../dom/media/MediaManager.cpp, line 875 322660160[7f4213161150]: WARNING: NS_ENSURE_TRUE(thread) failed: file ../../../xpcom/threads/nsThreadPool.cpp, line 83 WARNING: NS_ENSURE_TRUE(thread) failed: file ../../../xpcom/threads/nsThreadPool.cpp, line 83 when repeatedly reloading the testcase. Which isn't horribly surprising. When reopening and FF loaded it as the last page loaded, I got a string of these from the hash code: -333572352[7f9d078fe570]: ###!!! ASSERTION: op == PL_DHASH_LOOKUP || RECURSION_LEVEL(table) == 0: 'op == PL_DHASH_LOOKUP || RECURSION_LEVEL(table) == 0', file pldhash.cpp, line 574 ###!!! ASSERTION: op == PL_DHASH_LOOKUP || RECURSION_LEVEL(table) == 0: 'op == PL_DHASH_LOOKUP || RECURSION_LEVEL(table) == 0', file pldhash.cpp, line 574 -585353472[7f9cfe5c06a0]: ###!!! ASSERTION: op == PL_DHASH_LOOKUP || RECURSION_LEVEL(table) == 0: 'op == PL_DHASH_LOOKUP || RECURSION_LEVEL(table) == 0', file pldhash.cpp, line 574 ###!!! ASSERTION: op == PL_DHASH_LOOKUP || RECURSION_LEVEL(table) == 0: 'op == PL_DHASH_LOOKUP || RECURSION_LEVEL(table) == 0', file pldhash.cpp, line 574 The backtrace for those is: #0 NS_DebugBreak_P (aSeverity=1, aStr=0x7ffff50181cb "RECURSION_LEVEL(table_) > 0", aExpr= 0x7ffff50181b0 "RECURSION_LEVEL(table) > 0", aFile=0x7ffff501811a "pldhash.cpp", aLine=669) at ../../../xpcom/base/nsDebugImpl.cpp:286 #1 0x00007ffff390bed0 in PL_DHashTableOperate (table=0x7fffde156d50, key=0x7fff5bb36a00, op= PL_DHASH_LOOKUP) at pldhash.cpp:669 #2 0x00007ffff2da0ef3 in nsTHashtable<nsBaseHashtableET<nsStringHashKey, nsRefPtr<mozilla::MediaEngineWebRTCAudioSource> > >::GetEntry (this=0x7fffde156d50, aKey=...) at ../../../dist/include/nsTHashtable.h:148 #3 0x00007ffff2da0a27 in nsRefPtrHashtable<nsStringHashKey, mozilla::MediaEngineWebRTCAudioSource>::Get (this=0x7fffde156d50, aKey=..., pRefPtr=0x7fff5bb36ba0) at ../../../dist/include/nsRefPtrHashtable.h:83 #4 0x00007ffff2da05ff in mozilla::MediaEngineWebRTC::EnumerateAudioDevices (this=0x7fffde156d00, aASources=0x7fff5bb36c30) at ../../../../content/media/webrtc/MediaEngineWebRTC.cpp:165 #5 0x00007ffff2aaa76d in mozilla::GetUserMediaDevicesRunnable::Run (this=0x7fffdee98130) at ../../../dom/media/MediaManager.cpp:623 #6 0x00007ffff397a408 in nsThread::ProcessNextEvent (this=0x7fffba2ed7a0, mayWait=true, result= 0x7fff5bb36def) at ../../../xpcom/threads/nsThread.cpp:612 #7 0x00007ffff3909b6e in NS_ProcessNextEvent_P (thread=0x7fffba2ed7a0, mayWait=true) at nsThreadUtils.cpp:220 #8 0x00007ffff39792ce in nsThread::ThreadFunc (arg=0x7fffba2ed7a0) at ../../../xpcom/threads/nsThread.cpp:256 #9 0x00007ffff7ae70c9 in _pt_root (arg=0x7fffba2e4020) at ../../../../../nsprpub/pr/src/pthreads/ptthread.c:156 #10 0x0000003151a07b41 in start_thread (arg=0x7fff5bb37700) at pthread_create.c:305 #11 0x00000031516e0e6d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 This appears to be a lack of locking for access to EnumerateAudioDevices/EnumerateVideoDevices. I'll spawn a normal bug for that. None more on reload, and eventually we hit the thread failures. Also saw a few errors from nsContentUtils.cpp nsCxPusher::Push()
Comment 6•12 years ago
|
||
Spawned lock issue as bug 803093
Updated•12 years ago
|
Flags: in-testsuite?
Comment 7•12 years ago
|
||
Jesse - please retest with the bug 803093 patch (currently on inbound). It's still leaking threads, but I'm interested if the invalid frees go away. Thanks
Reporter | ||
Comment 8•12 years ago
|
||
Yeah, this testcase is doing okay now that bug 780790 and bug 803093 are fixed. I'm still seeing lots of leaks. And once, after reloading the testcase many times and quitting, I managed to hit: Assertion failure: 0 == rv, at nsprpub/pr/src/pthreads/ptsynch.c:162 But I'm expecting bug 798323 to take care of that.
Reporter | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Flags: in-testsuite?
Comment 9•12 years ago
|
||
Marking verified per Jesse's comment in comment 8.
Status: RESOLVED → VERIFIED
Updated•12 years ago
|
status-firefox-esr10:
--- → unaffected
Updated•12 years ago
|
status-firefox18:
--- → disabled
status-firefox19:
--- → affected
Updated•12 years ago
|
Updated•12 years ago
|
Flags: in-testsuite?
Updated•12 years ago
|
status-firefox-esr17:
--- → unaffected
Updated•12 years ago
|
Target Milestone: --- → mozilla19
Comment 10•12 years ago
|
||
Comment 11•12 years ago
|
||
Comment on attachment 687659 [details] [diff] [review] Crashtest v1 This is an exact copy of Jesse's testcase as a crashtest.
Attachment #687659 -
Flags: review?(rjesup)
Comment 12•12 years ago
|
||
Comment on attachment 687659 [details] [diff] [review] Crashtest v1 Review of attachment 687659 [details] [diff] [review]: ----------------------------------------------------------------- Just one note. Please stick to the same coding style as the other tests have. That makes it easier for contributors and lessens the confusion. Thanks.
Attachment #687659 -
Flags: feedback+
Reporter | ||
Comment 13•12 years ago
|
||
If there are coding styles for crashtests, I'd like to know what they are!
Updated•12 years ago
|
Attachment #687659 -
Flags: review?(rjesup) → review+
Comment 14•12 years ago
|
||
(In reply to Jesse Ruderman from comment #13) > If there are coding styles for crashtests, I'd like to know what they are! It's most likely off-topic here but just in short. There are no specific coding styles for crashtests but for js code as you know. I know we enforce this only for core code but it would help a lot if at least we could take care of and make it easier for contributors to step in.
Comment 15•12 years ago
|
||
The only thing I see consistent style-wise on these tests I think I already did, which was: 1. Add a reference to the crash bug number in a comment 2. Use a lot of the same boilerplate HTML 3. Use a useful name for the test Other things (like indentation) even vary by the test. I'm not inclined to think this is critical for a crashtest (a mochitest it would be, however).
Keywords: checkin-needed
Comment 16•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/10a3208b7a9d
Flags: in-testsuite? → in-testsuite+
Updated•12 years ago
|
Keywords: checkin-needed
Updated•11 years ago
|
Whiteboard: [adv-main19-]
Updated•11 years ago
|
Group: core-security
Keywords: sec-other
Summary: Crash with excessive getUserMedia calls → Crash with excessive getUserMedia calls [crashtest checkin]
Whiteboard: [adv-main19-] → [adv-main19-][sg:dupe 803093]
You need to log in
before you can comment on or make changes to this bug.
Description
•