Open Bug 1595453 Opened 3 months ago Updated 2 months ago

Crash in [@ mozilla::BufferList<T>::IterImpl::Advance]


(Core :: IPC, defect, P2)





(Reporter: gsvelto, Assigned: mccr8)



(Keywords: crash)

Crash Data

This bug is for crash report bp-9bc8b49b-ccd2-4fdc-b3bf-cef220191111.

Top 10 frames of crashing thread:

0 xul.dll mozilla::BufferList&lt;InfallibleAllocPolicy>::IterImpl::Advance mfbt/BufferList.h:247
1 xul.dll IPC::Channel::ChannelImpl::ProcessOutgoingMessages ipc/chromium/src/chrome/common/
2 xul.dll base::MessagePumpForIO::WaitForIOCompletion ipc/chromium/src/base/
3 xul.dll void base::MessagePumpForIO::DoRunLoop ipc/chromium/src/base/
4 xul.dll base::MessagePumpWin::Run ipc/chromium/src/base/message_pump_win.h:79
5 xul.dll void MessageLoop::RunHandler ipc/chromium/src/base/
6 xul.dll MessageLoop::Run ipc/chromium/src/base/
7 xul.dll base::Thread::ThreadMain ipc/chromium/src/base/
8 xul.dll `anonymous namespace'::ThreadFunc ipc/chromium/src/base/
9 kernel32.dll BaseThreadInitThunk 

The raw crash reason is MOZ_RELEASE_ASSERT(mData &lt; mDataEnd)

Note that there's a bunch of crashes that are obviously bogus; but this stack is the most common and more importantly it appears in all nightly crashes starting with buildid 20191108095936.

I can try adding some asserts to Nightly so we can crash earlier and hopefully figure out where the bad value is coming from.

Assignee: nobody → continuation
Priority: -- → P2

I actually hit this crash locally. It looks like maybe every content process crashed with it, and there was no parent crash? I don't think I noticed a crash, so maybe it is some kind of shutdown issue where the parent goes away too fast? Fission was enabled (but it isn't in most of the crashes in crash-stats).

Also reported on Mac, so not Windows specific. (And on Linux, but with a different signature because of inlining, maybe?)

OS: Windows 10 → Unspecified
Duplicate of this bug: 1595187
Crash Signature: [@ mozilla::BufferList<T>::IterImpl::Advance] → [@ mozilla::BufferList<T>::IterImpl::Advance] [@ mozilla::BufferList<InfallibleAllocPolicy>::IterImpl::Advance(mozilla::BufferList<InfallibleAllocPolicy> const &,unsigned __int64)]
You need to log in before you can comment on or make changes to this bug.