Closed
Bug 820709
Opened 12 years ago
Closed 12 years ago
test_peerConnection_basicVideo.html crashes [@ signal2<mozilla::TransportLayer *,mozilla::TransportLayer::State,sigslot::single_threaded>::operator()(mozilla::TransportLayer *,mozilla::TransportLayer::State)]
Categories
(Core :: WebRTC, defect, P1)
Tracking
()
RESOLVED
FIXED
People
(Reporter: whimboo, Unassigned)
References
()
Details
(4 keywords, Whiteboard: [WebRTC][blocking-webrtc+][qa-][adv-main20-])
Crash Data
Running my patch (attachment 690603 [details] [diff] [review]) from bug 796888 on try causes a crash on Windows XP. We are trying to access memory which we are not allowed to. Marking as security sensitive.
https://tbpl.mozilla.org/php/getParsedLog.php?id=17807062&tree=Try
CPU: x86
GenuineIntel family 6 model 23 stepping 10
2 CPUs
Crash reason: EXCEPTION_ACCESS_VIOLATION_READ
Crash address: 0x384adf9b
> Thread 6 (crashed)
> 0 xul.dll!sigslot::signal2<mozilla::TransportLayer *,mozilla::TransportLayer::State,sigslot::single_threaded>::operator()(mozilla::TransportLayer *,mozilla::TransportLayer::State) [sigslot.h:0fadda3187f9 : 2411 + 0xf]
> eip = 0x01c28e7d esp = 0x03afcda4 ebp = 0x03afcdb8 ebx = 0x0a5bc09c
> esi = 0x07ce61b0 edi = 0x006f0070 eax = 0x07ce0000 ecx = 0x07ce0000
> edx = 0x384adf93 efl = 0x00010202
> Found by: given as instruction pointer in context
> 1 xul.dll!mozilla::TransportFlow::StateChange(mozilla::TransportLayer *,mozilla::TransportLayer::State) [transportflow.cpp:0fadda3187f9 : 88 + 0xb]
> eip = 0x01c28b05 esp = 0x03afcdc0 ebp = 0x03afcdc8
> Found by: call frame info
> 2 xul.dll!sigslot::signal2<mozilla::TransportLayer *,mozilla::TransportLayer::State,sigslot::single_threaded>::operator()(mozilla::TransportLayer *,mozilla::TransportLayer::State) [sigslot.h:0fadda3187f9 : 2411 + 0x11]
> eip = 0x01c28e80 esp = 0x03afcdd0 ebp = 0x03afcde4
> Found by: call frame info
> 3 xul.dll!mozilla::TransportLayer::SetState(mozilla::TransportLayer::State) [transportlayer.cpp:0fadda3187f9 : 48 + 0xc]
> eip = 0x01c28f76 esp = 0x03afcdec ebp = 0x03afcec4
> Found by: call frame info
> 4 xul.dll!mozilla::TransportLayerDtls::Handshake() [transportlayerdtls.cpp:0fadda3187f9 : 673 + 0x8]
> eip = 0x01c2a2d8 esp = 0x03afcecc ebp = 0x03afd01c
> Found by: call frame info
> 5 xul.dll!mozilla::TransportLayerDtls::PacketReceived(mozilla::TransportLayer *,unsigned char const *,unsigned int) [transportlayerdtls.cpp:0fadda3187f9 : 694 + 0x6]
> eip = 0x01c2b3ab esp = 0x03afd024 ebp = 0x03afd8d0
> Found by: call frame info
> 6 xul.dll!sigslot::signal3<mozilla::TransportFlow *,unsigned char const *,unsigned int,sigslot::single_threaded>::operator()(mozilla::TransportFlow *,unsigned char const *,unsigned int) [sigslot.h:0fadda3187f9 : 2477 + 0x14]
> eip = 0x01c2925e esp = 0x03afd8d8 ebp = 0x03afd8f0
> Found by: call frame info
> 7 xul.dll!mozilla::TransportLayerIce::IcePacketReceived(mozilla::NrIceMediaStream *,int,unsigned char const *,int) [transportlayerice.cpp:0fadda3187f9 : 147 + 0xe]
> eip = 0x01c29389 esp = 0x03afd8f8 ebp = 0x03afd9e0
> Found by: call frame info
> 8 xul.dll!sigslot::signal4<mozilla::NrIceMediaStream *,int,unsigned char const *,int,sigslot::single_threaded>::operator()(mozilla::NrIceMediaStream *,int,unsigned char const *,int) [sigslot.h:0fadda3187f9 : 2544 + 0x17]
> eip = 0x01c26d1a esp = 0x03afd9e8 ebp = 0x03afda04
This is a blocker for us given that we can't land even a basic peer connection test. Can we get it prioritized please?
|
||
Updated•12 years ago
|
Keywords: testcase
Whiteboard: [WebRTC][automation-blocked] → [WebRTC][automation-blocked][blocking-webrtc+]
|
||
Comment 1•12 years ago
|
||
WebRTC use-after-free crash [@mozilla::TransportLayer::SetState]
https://bugzilla.mozilla.org/show_bug.cgi?id=810626
|
Reporter | |
Comment 2•12 years ago
|
||
Randell or Eric, feel free to dupe if you feel it's the same.
|
|
Reporter | |
Comment 3•12 years ago
|
||
Some more crashes happened with yesterdays try server build:
https://tbpl.mozilla.org/php/getParsedLog.php?id=17891381&tree=Try#error0 (winxp debug)
> Assertion failure: !rtcp_send_srtp_ && !rtcp_recv_srtp_, at e:/builds/moz2_slave/try-w32-dbg/build/obj-firefox/media/webrtc/signaling/signaling_ecc/../../../../../media/webrtc/signaling/src/mediapipeline/MediaPipeline.cpp:211
> 0 xul.dll!mozilla::MediaPipeline::TransportReadyInt(mozilla::TransportFlow *) [MediaPipeline.cpp:f389e5644dee : 211 + 0x27]
> eip = 0x03122101 esp = 0x0572c234 ebp = 0x0572ca54 ebx = 0x7c80e00d
> esi = 0x0000007b edi = 0x7c801e16 eax = 0x00000000 ecx = 0xa4845ea4
> edx = 0x10361f48 efl = 0x00000212
> Found by: given as instruction pointer in context
> 1 xul.dll!mozilla::runnable_args_m_1_ret<mozilla::MediaPipeline *,tag_nsresult ( mozilla::MediaPipeline::*)(mozilla::TransportFlow *),mozilla::TransportFlow *,tag_nsresult>::Run() [runnable_utils_generated.h:f389e5644dee : 141 + 0xe]
> eip = 0x0311f138 esp = 0x0572ca5c ebp = 0x0572ca64
> Found by: call frame info
> 2 xul.dll!nsThreadSyncDispatch::Run() [nsThread.cpp:f389e5644dee : 774 + 0xd]
> eip = 0x02f54409 esp = 0x0572ca6c ebp = 0x0572ca78
> Found by: call frame info
> 3 xul.dll!nsThread::ProcessNextEvent(bool,bool *) [nsThread.cpp:f389e5644dee : 627 + 0xd]
> eip = 0x02f54bd0 esp = 0x0572ca80 ebp = 0x0572caac
> Found by: call frame info
> 4 xul.dll!NS_ProcessNextEvent_P(nsIThread *,bool) [nsThreadUtils.cpp:f389e5644dee : 221 + 0xc]
> eip = 0x02f021e3 esp = 0x0572cab4 ebp = 0x0572cac0
> Found by: call frame info
> 5 xul.dll!nsThread::Dispatch(nsIRunnable *,unsigned int) [nsThread.cpp:f389e5644dee : 410 + 0x7]
> eip = 0x02f548c1 esp = 0x0572cac8 ebp = 0x0572cadc
> Found by: call frame info
> 6 xul.dll!nsSocketTransportService::Dispatch(nsIRunnable *,unsigned int) [nsSocketTransportService2.cpp:f389e5644dee : 124 + 0x13]
> eip = 0x01c2ca03 esp = 0x0572cae4 ebp = 0x0572caf8
> Found by: call frame info
> 7 xul.dll!mozilla::MediaPipeline::TransportReady(mozilla::TransportFlow *) [MediaPipeline.cpp:f389e5644dee : 101 + 0x50]
> eip = 0x031226b3 esp = 0x0572cb00 ebp = 0x0572cb28
> Found by: call frame info
> 8 xul.dll!mozilla::MediaPipeline::StateChange(mozilla::TransportFlow *,mozilla::TransportLayer::State) [MediaPipeline.cpp:f389e5644dee : 88 + 0x7]
> eip = 0x0311f97a esp = 0x0572cb30 ebp = 0x0572cc08
https://tbpl.mozilla.org/php/getParsedLog.php?id=17891952&tree=Try#error0 (win debug)
> PROCESS-CRASH | /tests/dom/media/tests/mochitest/test_peerConnection_basicVideo.html | application crashed [@ mozilla::MediaPipelineTransmit::PipelineListener::NotifyQueuedTrackChanges(mozilla::MediaStreamGraph *,int,int,__int64,unsigned int,mozilla::MediaSegment const &)]
> 0 xul.dll!mozilla::MediaPipelineTransmit::PipelineListener::NotifyQueuedTrackChanges(mozilla::MediaStreamGraph *,int,int,__int64,unsigned int,mozilla::MediaSegment const &) [MediaPipeline.cpp:f389e5644dee : 570 + 0xc]
> eip = 0x6b9f0c34 esp = 0x18bff5a0 ebp = 0x18bff67c ebx = 0x00000001
> esi = 0x2968dfe0 edi = 0x2b914fd0 eax = 0x41a90bf0 ecx = 0x00000000
> edx = 0x18bfef95 efl = 0x00010296
> Found by: given as instruction pointer in context
> 1 xul.dll!mozilla::MediaStreamGraphImpl::ExtractPendingInput(mozilla::SourceMediaStream *,__int64,bool *) [MediaStreamGraph.cpp:f389e5644dee : 617 + 0x24]
> eip = 0x6af3eeee esp = 0x18bff684 ebp = 0x18bff6cc
> Found by: call frame info
> 2 xul.dll!mozilla::MediaStreamGraphImpl::RunThread() [MediaStreamGraph.cpp:f389e5644dee : 1399 + 0xf]
> eip = 0x6af3f772 esp = 0x18bff6d4 ebp = 0x18bff768
> Found by: call frame info
> 3 xul.dll!mozilla::`anonymous namespace'::MediaStreamGraphThreadRunnable::Run() [MediaStreamGraph.cpp:f389e5644dee : 1531 + 0xa]
> eip = 0x6af3fbd5 esp = 0x18bff770 ebp = 0x18bff7a0
> Found by: call frame info
> 4 xul.dll!nsThread::ProcessNextEvent(bool,bool *) [nsThread.cpp:f389e5644dee : 627 + 0xd]
> eip = 0x6b824bd0 esp = 0x18bff774 ebp = 0x18bff7a0
> Found by: call frame info
> 5 xul.dll!NS_ProcessNextEvent_P(nsIThread *,bool) [nsThreadUtils.cpp:f389e5644dee : 221 + 0xc]
> eip = 0x6b7d21e3 esp = 0x18bff7a8 ebp = 0x18bff7b4
> Found by: call frame info
> 6 xul.dll!nsThread::ThreadFunc(void *) [nsThread.cpp:f389e5644dee : 265 + 0x7]
> eip = 0x6b8241d8 esp = 0x18bff7bc ebp = 0x18bff7dc
> Found by: call frame info
> 7 nspr4.dll!_PR_NativeRunThread [pruthr.c:f389e5644dee : 395 + 0x8]
> eip = 0x737e934b esp = 0x18bff7e4 ebp = 0x18bff83c
> Found by: call frame info
> 8 nspr4.dll!pr_root [w95thred.c:f389e5644dee : 90 + 0xc]
> eip = 0x737eb78d esp = 0x18bff800 ebp = 0x18bff83c
Crash Signature: [@ signal2<mozilla::TransportLayer *,mozilla::TransportLayer::State,sigslot::single_threaded>::operator()(mozilla::TransportLayer * mozilla::TransportLayer::State)]
[@ mozilla::MediaPipeline::TransportReadyInt(mozilla::TransportFlow *)]
[@ mozilla::Medi…
Summary: test_peerConnection_basicVideo.html crashes [@ signal2<mozilla::TransportLayer *,mozilla::TransportLayer::State,sigslot::single_threaded>::operator()(mozilla::TransportLayer *,mozilla::TransportLayer::State) → test_peerConnection_basicVideo.html crashes [@ signal2<mozilla::TransportLayer *,mozilla::TransportLayer::State,sigslot::single_threaded>::operator()(mozilla::TransportLayer *,mozilla::TransportLayer::State)]
|
||
Comment 4•12 years ago
|
||
ekr: can you give any evaluation about these signatures? Is this anything that is expected to be fixed by the pipeline fix? If so, please dup or mark as a dependency
Flags: needinfo?(ekr)
Priority: -- → P1
|
|
||
Updated•12 years ago
|
Assignee: nobody → ekr
|
||
Comment 5•12 years ago
|
||
A number of these should be fixed when I fix bug https://bugzilla.mozilla.org/show_bug.cgi?id=820102
Depends on: 820102
Flags: needinfo?(ekr)
|
|
Reporter | |
Updated•12 years ago
|
Keywords: intermittent-failure
|
||
Updated•12 years ago
|
Whiteboard: [WebRTC][automation-blocked][blocking-webrtc+] → [retest when bug 820102 fixed][WebRTC][automation-blocked][blocking-webrtc+]
|
|
||
Comment 7•12 years ago
|
||
Can we retest now that bug 820102 has landed? (jason or whimboo) Thanks!
|
|
Reporter | |
Comment 8•12 years ago
|
||
None of those crashes I have seen anymore in the last days. Whether on try nor the alder branch. So we might call this fixed. When I see it again I will reopen.
Assignee: jsmith → nobody
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: needinfo?(hskupin)
Keywords: qawanted
Resolution: --- → FIXED
Whiteboard: [retest when bug 820102 fixed][WebRTC][automation-blocked][blocking-webrtc+] → [WebRTC][automation-blocked][blocking-webrtc+]
|
||
Updated•12 years ago
|
status-firefox-esr10:
--- → unaffected
status-firefox-esr17:
--- → disabled
|
||
Updated•12 years ago
|
status-b2g18:
--- → disabled
status-firefox19:
--- → disabled
status-firefox20:
--- → fixed
status-firefox21:
--- → fixed
|
|
||
Updated•12 years ago
|
Whiteboard: [WebRTC][automation-blocked][blocking-webrtc+] → [WebRTC][automation-blocked][blocking-webrtc+][qa-]
|
|
||
Comment 9•12 years ago
|
||
Already covered by an existing test checked into moz central.
Flags: in-testsuite+
|
||
Updated•12 years ago
|
Whiteboard: [WebRTC][automation-blocked][blocking-webrtc+][qa-] → [WebRTC][automation-blocked][blocking-webrtc+][qa-][adv-main20-]
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: [WebRTC][automation-blocked][blocking-webrtc+][qa-][adv-main20-] → [WebRTC][blocking-webrtc+][qa-][adv-main20-]
You need to log in
before you can comment on or make changes to this bug.
Description
•