Closed
Bug 845741
Opened 11 years ago
Closed 11 years ago
TSan: Thread data race in mozilla::MediaStreamGraphImpl::ExtractPendingInput() vs. mozilla::SourceMediaStream::FinishWithLockHeld()
Categories
(Core :: WebRTC, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: posidron, Assigned: jesup)
References
Details
(Keywords: sec-want, Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][qa-])
Attachments
(2 files)
12.71 KB,
text/plain
|
Details | |
1.27 KB,
patch
|
roc
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
During initial fuzz tests with ThreadSanitizer (LLVM version), we get a data race reported as described in the attached log. Trace was created on mozilla-central with changeset 122820:c233837cce08. According to the TSan devs, most of the reported traces should be real data races, even though they can be "benign". We need to determine if the race can/should be fixed, or put on the ignore list. Even for benign races, TSan devs suggest to fix them (second priority), as they can also cause problems [1]. [1] http://software.intel.com/en-us/blogs/2013/01/06/benign-data-races-what-could-possibly-go-wrong
Reporter | ||
Comment 1•11 years ago
|
||
This happened during fuzzing the JSEP in two separate windows.
Assignee | ||
Comment 2•11 years ago
|
||
This is almost certainly a data race on mUpdateFinished. It's set on the caller side (Mainthread) and read in MSG without any locking. This could be resolved by having Finish operate on the MSG thread by inserting a message instead of just setting a flag. (I'm not sure if that would cause any other issues, however) I haven't checked all the versions, but I think this affects all the way back to FF19, probably before. I suspect the downside might be MSG thread taking longer to notice that Finish() or EndAllTracksAndFinish() was called. I don't know if that would cause any real problems so long as they eventually synchronize; I haven't thought it through. (Tim?)
Assignee: nobody → roc
status-firefox19:
--- → affected
status-firefox20:
--- → affected
status-firefox21:
--- → affected
status-firefox22:
--- → affected
Priority: -- → P2
Whiteboard: [tsan][tsan-test-blocker] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+]
Assignee | ||
Comment 3•11 years ago
|
||
Looked at this several times before seeing my mistake: when I switched to FinishWithLockHeld(), I didn't remove the level of braces around the AutoLock
Assignee | ||
Updated•11 years ago
|
Attachment #734235 -
Flags: review?(roc)
Assignee | ||
Updated•11 years ago
|
Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][webrtc-uplift]
Comment on attachment 734235 [details] [diff] [review] Set mUpdateFinished under lock Review of attachment 734235 [details] [diff] [review]: ----------------------------------------------------------------- thanks for taking this!!
Attachment #734235 -
Flags: review?(roc) → review+
Assignee | ||
Comment 5•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/59e93bff76d4 We'll want this for Aurora/22, and it's a small-enough/safe-enough bug to consider for Beta/21
Assignee: roc → rjesup
Target Milestone: --- → mozilla22
Comment 6•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/59e93bff76d4
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: mozilla22 → mozilla23
Updated•11 years ago
|
Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][webrtc-uplift] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][webrtc-uplift][qa-]
Assignee | ||
Comment 7•11 years ago
|
||
Comment on attachment 734235 [details] [diff] [review] Set mUpdateFinished under lock [Approval Request Comment] Bug caused by (feature/regressing bug #): 803976 User impact if declined: TSAN bugs are inherently risky and compiler/optimizer and runtime timing dependent. Nuclear missiles could be launched (to borrow a phrase from the "there are no such things as benign data races" article. Testing completed (on m-c, etc.): on m-c Risk to taking this patch (and alternatives if risky): No appreciable risk String or IDL/UUID changes made by this patch: none
Attachment #734235 -
Flags: approval-mozilla-aurora?
Updated•11 years ago
|
Attachment #734235 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 8•11 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/76f7efd3e9c1
Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][webrtc-uplift][qa-] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][qa-][webrtc-uplift]
Target Milestone: mozilla23 → mozilla22
I think it's probably not worth it.
Flags: needinfo?(roc)
Assignee | ||
Comment 11•11 years ago
|
||
Thanks!
status-firefox23:
--- → fixed
Whiteboard: [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][qa-][webrtc-uplift] → [tsan][tsan-test-blocker][webrtc][blocking-webrtc+][qa-]
You need to log in
before you can comment on or make changes to this bug.
Description
•