Closed Bug 1284249 Opened 4 years ago Closed 3 years ago

Crash in IPCError-browser | (msgtype=0xAC0005,name=PNecko::Msg_PHttpChannelConstructor) Value error: message was deserialized, b

Categories

(Core :: Networking: HTTP, defect, critical)

Unspecified
All
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 1289001
Tracking Status
firefox50 --- affected

People

(Reporter: Usul, Assigned: valentin)

References

Details

(Keywords: crash, nightly-community, reproducible, Whiteboard: [necko-active])

Crash Data

This bug was filed from the Socorro interface and is 
report bp-4a703c20-3ff5-452e-8c08-c79b72160704.
=============================================================
Gtk 3.20
0 	libc-2.23.so 	libc-2.23.so@0xf732d 	
1 	libxul.so 	PollWrapper 	widget/gtk/nsAppShell.cpp:42
Ø 2 	libglib-2.0.so.0.4800.1 	libglib-2.0.so.0.4800.1@0x49a45 	
Ø 3 	linux-gate.so 	linux-gate.so@0xc7e 	
Ø 4 	libglib-2.0.so.0.4800.1 	libglib-2.0.so.0.4800.1@0x49b5b 	
5 	libxul.so 	nsAppShell::ProcessNextNativeEvent 	widget/gtk/nsAppShell.cpp:270
6 	libxul.so 	nsBaseAppShell::OnProcessNextEvent 	widget/nsBaseAppShell.cpp:138
7 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:1044
8 	plugin-container 	je_free 	memory/mozjemalloc/jemalloc.c:4673
9 	libxul.so 	_fini 	
10 	libxul.so 	NS_ProcessNextEvent 	xpcom/glue/nsThreadUtils.cpp:290
11 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:132
12 	libxul.so 	_fini 	
13 	libxul.so 	_fini 	
14 	libxul.so 	_fini 	
15 	libxul.so 	_fini 	
16 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:235
17 	libxul.so 	nsBaseAppShell::Run 	widget/nsBaseAppShell.cpp:156
18 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:837
19 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:235
20 	libxul.so 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:667
21 	libxul.so 	_fini


STR:

go to http://www.flamesofwar.com/hobby.aspx?art_id=3547 click on "Download a PDF version of the German Army List sheet here... " -> crash
I ran into this several times today while going through the STR I mentioned below. I tried getting a stack via a debug m-c build but I couldn't reproduce it after about an hour of attempts.

STR:

* launch the latest version of m-c
* open https://bitcoin.org/bitcoin.pdf (tab will crash sometimes)

Crashes on OSX:

* bp-ba24c3d4-943c-4bc8-9d0c-030fe2160706
* bp-2fdda21f-a689-4f8f-bde5-8c8082160706
* bp-4dd2d54f-ebc7-426f-95f9-097a72160706
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active]
Nothing in regression range looks promising.  Also, we're no longer seeing a crash in the STR in comment 0.  

Ludovic: can you still reproduce the crash with the STR you gave?
Flags: needinfo?(ludovic)
This is still happening, I've managed to reproduce it several times using the STR from comment#1. Used the following build:
* https://archive.mozilla.org/pub/firefox/nightly/2016/08/2016-08-04-03-04-41-mozilla-central/
** fx51.0a1, buildId: 20160804030441, changeset: 1576e7bc1bec

Crashes:

* bp-2a32dd30-b594-4108-9295-491662160804
* bp-b8a3e394-9bdd-435c-903b-5940a2160804
* bp-7df7c34b-d684-4435-a4b3-bc75b2160804
* bp-294a34c9-aba6-4b90-a01c-62b782160804

I couldn't reproduce the issue with a debug enabled build :(
Hiding this bug as it might be related to bug#1291190. Please unhide if that's not the case.
Group: gfx-core-security
See Also: → 1291190
I've attempted to reproduce the crash via an asan [1] build on an Ubuntu 14.04.5 LTS VM but I've only managed to reproduce it once. Unfortunately it didn't display any crash information in the terminal when it occurred. I haven't been able to reproduce it again :/ I also tried reproducing the crash while disabling e10s, but I couldn't reproduce either.

However, I've manage to reproduce it here and there using macOS 10.11.6 pretty consistently.
* bp-ceaa5917-a568-4e5c-b242-c446c2160808

[1] https://tools.taskcluster.net/index/artifacts/#gecko.v2.mozilla-central.latest.firefox/gecko.v2.mozilla-central.latest.firefox.linux64-asan
Nick, I'm having no luck with the STR on Linux. Could you check if you can reproduce it on Mac? It might be platform dependent. Although I can see a few reports for Linux and Windows as well.
Flags: needinfo?(valentin.gosu) → needinfo?(hurley)
I haven't had any luck reproducing this on mac, unfortunately.
Flags: needinfo?(hurley)
(In reply to Jason Duell [:jduell] (needinfo me) from comment #3)
> Nothing in regression range looks promising.  Also, we're no longer seeing a
> crash in the STR in comment 0.  
> 
> Ludovic: can you still reproduce the crash with the STR you gave?

No - sorry for the delay I was on paternity leave.
Flags: needinfo?(ludovic)
Based on crash-stats it seems that this issue was limited to Firefox 50a1 and is now fixed, possibly by 1268559.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
The signature actually had changed to the one in bug 1289001. In any case, this bug is not longer applies, and I am quite sure it didn't need to be hidden.
Resolution: WORKSFORME → DUPLICATE
Duplicate of bug: 1289001
Group: gfx-core-security
You need to log in before you can comment on or make changes to this bug.