alloc: ./obj-ff64-asan-opt/dom/bindings/AudioContextBinding.cpp:320 static bool createBufferSource(JSContext* cx, JSHandleObject obj, mozilla::dom::AudioContext* self, unsigned argc, JS::Value* vp) { nsRefPtr<mozilla::dom::AudioBufferSourceNode > result; result = self->CreateBufferSource(); free: ./content/media/webaudio/AudioNode.cpp:36 AudioNode::Release() { if (mRefCnt.get() == 1) { // We are about to be deleted, disconnect the object from the graph before // the derived type is destroyed. DisconnectFromGraph(); } * nsrefcnt r = nsDOMEventTargetHelper::Release(); re-use: ./content/media/webaudio/AudioNode.cpp:159 void AudioNode::SendDoubleParameterToStream(uint32_t aIndex, double aValue) { * AudioNodeStream* ns = static_cast<AudioNodeStream*>(mStream.get()); The attached testcase is not reliable, sometime we get the following after some reloads: Assertion failure: op == PL_DHASH_LOOKUP || (*(uint32_t*)(table->entryStore + ((uint32_t)1 << (32 - (table)->hashShift)) * table->entrySize)) == 0, at /Users/cdiehl/dev/repos/mozilla/mozilla-inbound/obj-ff64-asan-opt/xpcom/build/pldhash.cpp:573 Tested with m-i changeset: 130337:5447d49a2c6f

If I'm reading the code write, we never delete a buffer source node from mSources, which is, pretty broken!

Comment on attachment 743925 [details] [diff] [review] Patch (v1) I'd like to land this soonish...

Comment on attachment 743925 [details] [diff] [review] Patch (v1) Review of attachment 743925 [details] [diff] [review]: ----------------------------------------------------------------- I'd like to see some documentation for mPannerNode!

(In reply to Robert O'Callahan (:roc) (Mozilla Corporation) from comment #6) > Comment on attachment 743925 [details] [diff] [review] > Patch (v1) > > Review of attachment 743925 [details] [diff] [review]: > ----------------------------------------------------------------- > > I'd like to see some documentation for mPannerNode! In addition to what we have in AudioContext.h?

In lieu of providing explanation on why we have an |mPannerNode| member, here is a patch that removes it, because it is actually useless. Not sure why I even added it in the first place.

Comment on attachment 744634 [details] [diff] [review] Remove useless mPannerNode member in AudioBufferSourceNode. r= Review of attachment 744634 [details] [diff] [review]: ----------------------------------------------------------------- Ah, mPannerNode, not mPannerNodes!

https://hg.mozilla.org/integration/mozilla-inbound/rev/b66017604bdd https://hg.mozilla.org/integration/mozilla-inbound/rev/2938c2e1f7e7

This and a bunch of others have been backed out for causing permaorange Android mochitest-2, which resulted in the closure of multiple trees, since it had been merged all over the place :-( Had to back out more than the likely cause (bug 867174) due to conflicts & incorrect disabling of Android tests. Backout: https://hg.mozilla.org/integration/mozilla-inbound/rev/698f6059ef47 https://hg.mozilla.org/integration/mozilla-inbound/rev/396f66db6b55

https://hg.mozilla.org/integration/mozilla-inbound/rev/860daba85518 https://hg.mozilla.org/integration/mozilla-inbound/rev/3f5a76354adb

https://hg.mozilla.org/mozilla-central/rev/860daba85518 https://hg.mozilla.org/mozilla-central/rev/3f5a76354adb

Mass moving Web Audio bugs to the Web Audio component. Filter on duckityduck.