Closed Bug 1009039 Opened 10 years ago Closed 9 years ago

crash in mozilla::ipc::SerializeInputStream(nsIInputStream*, mozilla::ipc::InputStreamParams&, nsTArray<mozilla::ipc::FileDescriptor>&)

Categories

(Core :: DOM: Content Processes, defect)

Product:
Core
Component:
DOM: Content Processes
Version:
28 Branch
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 902271

People

(Reporter: nhirata, Assigned: jdm)

References

Details

(Keywords: crash, Whiteboard: [b2g-crash])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-bd1b00ce-5b71-4c63-96f6-81c272140508.
=============================================================
Frame 	Module 	Signature 	Source
0 	libxul.so 	mozilla::ipc::SerializeInputStream(nsIInputStream*, mozilla::ipc::InputStreamParams&, nsTArray<mozilla::ipc::FileDescriptor>&) 	ipc/glue/InputStreamUtils.cpp
1 	libxul.so 	nsMultiplexInputStream::Serialize(mozilla::ipc::InputStreamParams&, nsTArray<mozilla::ipc::FileDescriptor>&) 	xpcom/io/nsMultiplexInputStream.cpp
2 	libxul.so 	mozilla::ipc::SerializeInputStream(nsIInputStream*, mozilla::ipc::InputStreamParams&, nsTArray<mozilla::ipc::FileDescriptor>&) 	ipc/glue/InputStreamUtils.cpp
3 	libxul.so 	mozilla::dom::ContentChild::GetOrCreateActorForBlob(nsIDOMBlob*) 	dom/ipc/ContentChild.cpp
4 	libxul.so 	DeviceStorageRequest::Allow(JS::Handle<JS::Value>) 	dom/devicestorage/nsDeviceStorage.cpp
5 	libxul.so 	DeviceStorageRequest::Recv__delete__(bool const&, nsTArray<mozilla::dom::PermissionChoice> const&) 	dom/devicestorage/nsDeviceStorage.cpp
6 	libxul.so 	mozilla::dom::PContentPermissionRequestChild::OnMessageReceived(IPC::Message const&) 	/builds/slave/b2g_m-cen_flame_eng_ntly-00000/build/objdir-gecko/ipc/ipdl/PContentPermissionRequestChild.cpp
7 	libxul.so 	mozilla::dom::PContentChild::OnMessageReceived(IPC::Message const&) 	/builds/slave/b2g_m-cen_flame_eng_ntly-00000/build/objdir-gecko/ipc/ipdl/PContentChild.cpp
8 	libxul.so 	mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) 	ipc/glue/MessageChannel.cpp
9 	libxul.so 	mozilla::ipc::MessageChannel::OnMaybeDequeueOne() 	ipc/glue/MessageChannel.cpp
10 	libxul.so 	RunnableMethod<FdWatcher, void (FdWatcher::*)(), Tuple0>::Run() 	ipc/chromium/src/base/tuple.h
11 	libxul.so 	mozilla::ipc::MessageChannel::DequeueTask::Run() 	/builds/slave/b2g_m-cen_flame_eng_ntly-00000/build/objdir-gecko/ipc/glue/../../dist/include/mozilla/ipc/MessageChannel.h
12 	libxul.so 	MessageLoop::RunTask(Task*) 	ipc/chromium/src/base/message_loop.cc
13 	libxul.so 	MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) 	ipc/chromium/src/base/message_loop.cc
14 	libxul.so 	MessageLoop::DoWork() 	ipc/chromium/src/base/message_loop.cc
15 	libxul.so 	mozilla::ipc::DoWorkRunnable::Run() 	ipc/glue/MessagePump.cpp
16 	libxul.so 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
17 	libxul.so 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
18 	libxul.so 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
19 	libxul.so 	MessageLoop::RunInternal() 	ipc/chromium/src/base/message_loop.cc
20 	libxul.so 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
21 	libxul.so 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
22 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp
23 	libxul.so 	MessageLoop::RunInternal() 	ipc/chromium/src/base/message_loop.cc
24 	libxul.so 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
25 	libxul.so 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp
26 	plugin-container 	main 	ipc/app/MozillaRuntimeMain.cpp
27 	libc.so 	__libc_init 	/home/duanxiaodong/8x10_AP_20140430/boot/bionic/libc/bionic/libc_init_dynamic.cpp
28 	plugin-container 	plugin-container@0x672 	
29 	linker 	set_soinfo_pool_protection 	/builds/slave/b2g_m-cen_flame_ntly-000000000/build/bionic/linker/linker.cpp
30 		@0xbef61a97 	

More Reports : https://crash-stats.mozilla.com/report/list?product=B2G&signature=mozilla%3A%3Aipc%3A%3ASerializeInputStream%28nsIInputStream*%2C+mozilla%3A%3Aipc%3A%3AInputStreamParams%26%2C+nsTArray%3Cmozilla%3A%3Aipc%3A%3AFileDescriptor%3E%26%29

URL :  	app://a948426a-6c05-48a9-a5a2-40ee01125468/manifest.webapp -
http://hg.mozilla.org/mozilla-central/annotate/3285e030d9c0/ipc/glue/InputStreamUtils.cpp#l51

MOZ_CRASH("Input stream is not serializable!");

Called on a DOM blob GetInternalStream: http://hg.mozilla.org/mozilla-central/annotate/3285e030d9c0/dom/ipc/ContentChild.cpp#l948

This sounds familiar, but I don't remember whether it was subsequently fixed. bent do you remember, or know who should take this?
Flags: needinfo?(bent.mozilla)
Oh, maybe bug 902271?
Seems likely.

Josh, are you going to try this again? Or do we need to find another owner?
Flags: needinfo?(bent.mozilla) → needinfo?(josh)
Yeah, I'll start looking at this again this week.
Flags: needinfo?(josh)
Assignee: nobody → josh
Component: IPC → DOM: Content Processes
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
See Also: → 1167730
You need to log in before you can comment on or make changes to this bug.