Crash in [@ audioipc2::ipccore::impl$5::flush_outbound<T>] | [@ audioipc2::rpccore::Proxy<T>::call<T>]
Categories
(Core :: Audio/Video: cubeb, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr91 | --- | unaffected |
firefox97 | --- | unaffected |
firefox98 | --- | wontfix |
firefox99 | --- | fixed |
People
(Reporter: kinetik, Assigned: kinetik)
References
(Regression)
Details
(Keywords: crash, regression)
Crash Data
Maybe Fission related. (DOMFissionEnabled=1)
Crash report: https://crash-stats.mozilla.org/report/index/d6ed0054-35db-4c06-a0c3-520210220209
Reason: EXCEPTION_ACCESS_VIOLATION_WRITE
Top 9 frames of crashing thread:
0 xul.dll audioipc2::ipccore::impl$5::flush_outbound<audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> > third_party/rust/audioipc2/src/ipccore.rs:615
1 xul.dll audioipc2::ipccore::EventLoop::poll third_party/rust/audioipc2/src/ipccore.rs:264
2 xul.dll std::sys_common::backtrace::__rust_begin_short_backtrace<audioipc2::ipccore::impl$7::new::closure$0, enum$<core::result::Result<tuple$<>, std::io::error::Error>, 0, 3, Err> > ../02072b482a8b5357f7fb5e5637444ae30e423c40/library/std/src/sys_common/backtrace.rs:123
3 xul.dll core::ops::function::FnOnce::call_once<std::thread::impl$0::spawn_unchecked::closure$1, tuple$<> > ../02072b482a8b5357f7fb5e5637444ae30e423c40/library/core/src/ops/function.rs:227
4 xul.dll std::sys::windows::thread::impl$0::new::thread_start ../02072b482a8b5357f7fb5e5637444ae30e423c40//library/std/src/sys/windows/thread.rs:58
5 kernel32.dll kernel32.dll@0x0000000000017033
6 xul.dll xul.dll@0x000000000057eaef
7 mozglue.dll patched_BaseThreadInitThunk toolkit/xre/dllservices/mozglue/WindowsDllBlocklist.cpp:572
8 ntdll.dll RtlUserThreadStart
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
From WinDbg:
xul!alloc::collections::vec_deque::wrap_index+0x2 [inlined in xul!audioipc2::ipccore::impl$5::flush_outbound<audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> >+0x16f]:
00007fff`f4cba54f c8488946 enter 8948h,46h
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 00007ffff4cba54f (xul!alloc::collections::vec_deque::wrap_index+0x0000000000000002)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 000000cd56016840
Attempt to write to address 000000cd56016840
# Child-SP RetAddr Call Site
00 (Inline Function) --------`-------- xul!alloc::collections::vec_deque::wrap_index(
unsigned int64 index = 0x000002c9`11d0d000,
unsigned int64 size = <Value unavailable error>)+0x2 [/rustc/02072b482a8b5357f7fb5e5637444ae30e423c40\library\alloc\src\collections\vec_deque\mod.rs @ 2726]
01 (Inline Function) --------`-------- xul!alloc::collections::vec_deque::VecDeque<std::sync::mpsc::Sender<enum$<audioipc2::messages::CallbackResp> >,alloc::alloc::Global>::wrap_add(
struct alloc::collections::vec_deque::VecDeque<std::sync::mpsc::Sender<enum$<audioipc2::messages::CallbackResp> >,alloc::alloc::Global> * self = <Value unavailable error>,
unsigned int64 idx = 0x3a,
unsigned int64 addend = <Value unavailable error>)+0x6 [/rustc/02072b482a8b5357f7fb5e5637444ae30e423c40\library\alloc\src\collections\vec_deque\mod.rs @ 227]
02 (Inline Function) --------`-------- xul!alloc::collections::vec_deque::VecDeque<std::sync::mpsc::Sender<enum$<audioipc2::messages::CallbackResp> >,alloc::alloc::Global>::push_back(
struct alloc::collections::vec_deque::VecDeque<std::sync::mpsc::Sender<enum$<audioipc2::messages::CallbackResp> >,alloc::alloc::Global> * self = <Value unavailable error>)+0x2d [/rustc/02072b482a8b5357f7fb5e5637444ae30e423c40\library\alloc\src\collections\vec_deque\mod.rs @ 1527]
03 (Inline Function) --------`-------- xul!audioipc2::rpccore::impl$4::produce(
struct audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> * self = <Value unavailable error>)+0x12b [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/rpccore.rs @ 157]
04 000000cd`5601f1c0 00007fff`f17ff896 xul!audioipc2::ipccore::impl$5::flush_outbound<audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> >(
struct audioipc2::ipccore::FramedDriver<audioipc2::rpccore::ClientHandler<audioipc2_server::server::CallbackClient> > * self = 0x000002c9`1272cb50,
struct audioipc2::sys::windows::ConnectionBuffer * outbound = 0x000002c9`11dbb0a8)+0x16f [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs @ 615]
05 (Inline Function) --------`-------- xul!audioipc2::ipccore::Connection::flush_outbound(
struct audioipc2::ipccore::Connection * self = <Value unavailable error>)+0x16 [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs @ 510]
06 (Inline Function) --------`-------- xul!audioipc2::ipccore::Connection::handle_wake(
struct audioipc2::ipccore::Connection * self = <Value unavailable error>,
struct mio::poll::Registry * registry = <Value unavailable error>)+0x16 [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs @ 451]
07 000000cd`5601f320 00007fff`f4cb36f2 xul!audioipc2::ipccore::EventLoop::poll(
struct audioipc2::ipccore::EventLoop * self = <Value unavailable error>)+0x3b6 [/builds/worker/checkouts/gecko/third_party/rust/audioipc2/src/ipccore.rs @ 264]
The crash itself seems to be caused by enter
attempting to use stack space beyond the thread's stack limit, but there are several strange things about this crash. The crashing instruction (enter
) doesn't exist in the crashing code when the function is fully disassembled - seems like the instruction pointer is one byte off a valid instruction. idx
of 0x3a
becoming index
of 0x000002c911d0d000
in the next stack frame doesn't seem possible, unless caused by a trashed stack.
I'll keep monitoring this crash stack for additional reports and gather more clues.
Updated•3 years ago
|
Comment 2•3 years ago
|
||
Set release status flags based on info from the regressing bug 1726279
Updated•3 years ago
|
Comment 3•3 years ago
|
||
Few crashes on beta 98, fix-optional for this version.
Assignee | ||
Comment 4•3 years ago
|
||
Three new crashes (all on beta 98), plus https://crash-stats.mozilla.org/report/index/ec7e7875-0b89-4ece-bab0-62eef0220214 is likely to be the same issue.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 5•3 years ago
•
|
||
The fixes in bug 1757473 may address this crash. I'll watch crash-stats.
Comment 6•3 years ago
|
||
Resolving as fixed based no crash reports in 99 since the depends on bug 1757473 landed
Description
•