1284249 - Crash in IPCError-browser | (msgtype=0xAC0005,name=PNecko::Msg_PHttpChannelConstructor) Value error: message was deserialized, b

Status: RESOLVED DUPLICATE of bug 1289001

(Core :: Networking: HTTP, defect, critical)

Description

[Ludovic Hirlimann [:Usul]]

This bug was filed from the Socorro interface and is 
report bp-4a703c20-3ff5-452e-8c08-c79b72160704.
=============================================================
Gtk 3.20
0 	libc-2.23.so 	libc-2.23.so@0xf732d 	
1 	libxul.so 	PollWrapper 	widget/gtk/nsAppShell.cpp:42
Ø 2 	libglib-2.0.so.0.4800.1 	libglib-2.0.so.0.4800.1@0x49a45 	
Ø 3 	linux-gate.so 	linux-gate.so@0xc7e 	
Ø 4 	libglib-2.0.so.0.4800.1 	libglib-2.0.so.0.4800.1@0x49b5b 	
5 	libxul.so 	nsAppShell::ProcessNextNativeEvent 	widget/gtk/nsAppShell.cpp:270
6 	libxul.so 	nsBaseAppShell::OnProcessNextEvent 	widget/nsBaseAppShell.cpp:138
7 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:1044
8 	plugin-container 	je_free 	memory/mozjemalloc/jemalloc.c:4673
9 	libxul.so 	_fini 	
10 	libxul.so 	NS_ProcessNextEvent 	xpcom/glue/nsThreadUtils.cpp:290
11 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:132
12 	libxul.so 	_fini 	
13 	libxul.so 	_fini 	
14 	libxul.so 	_fini 	
15 	libxul.so 	_fini 	
16 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:235
17 	libxul.so 	nsBaseAppShell::Run 	widget/nsBaseAppShell.cpp:156
18 	libxul.so 	XRE_RunAppShell 	toolkit/xre/nsEmbedFunctions.cpp:837
19 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:235
20 	libxul.so 	XRE_InitChildProcess 	toolkit/xre/nsEmbedFunctions.cpp:667
21 	libxul.so 	_fini


STR:

go to http://www.flamesofwar.com/hobby.aspx?art_id=3547 click on "Download a PDF version of the German Army List sheet here... " -> crash

Comment 1

[Kamil Jozwiak [:kjozwiak]]

I ran into this several times today while going through the STR I mentioned below. I tried getting a stack via a debug m-c build but I couldn't reproduce it after about an hour of attempts.

STR:

* launch the latest version of m-c
* open https://bitcoin.org/bitcoin.pdf (tab will crash sometimes)

Crashes on OSX:

* bp-ba24c3d4-943c-4bc8-9d0c-030fe2160706
* bp-2fdda21f-a689-4f8f-bde5-8c8082160706
* bp-4dd2d54f-ebc7-426f-95f9-097a72160706

Comment 2

[Kan-Ru Chen [:kanru] (UTC+8)]

This is #9 crash on windows nightly 20160711034039. The signature first appeared on 2016-07-03.
https://crash-stats.mozilla.com/signature/?product=Firefox&release_channel=nightly&platform=Windows&date=%3E%3D2016-01-01&signature=IPCError-browser%20%7C%20%28msgtype%3D0xAC0005%2Cname%3DPNecko%3A%3AMsg_PHttpChannelConstructor%29%20Value%20error%3A%20message%20was%20deserialized%2C%20b&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=url&_sort=-date&page=1#graphs

Possible regression range:
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=fdcee57b4e4f66a82831ab01e61500da98a858e8&tochange=39dffbba764210b25bfc1e749b4f16db77fa0d46

Comment 3

[Jason Duell]

Nothing in regression range looks promising.  Also, we're no longer seeing a crash in the STR in comment 0.  

Ludovic: can you still reproduce the crash with the STR you gave?

Comment 4

[Kamil Jozwiak [:kjozwiak]]

This is still happening, I've managed to reproduce it several times using the STR from comment#1. Used the following build:
* https://archive.mozilla.org/pub/firefox/nightly/2016/08/2016-08-04-03-04-41-mozilla-central/
** fx51.0a1, buildId: 20160804030441, changeset: 1576e7bc1bec

Crashes:

* bp-2a32dd30-b594-4108-9295-491662160804
* bp-b8a3e394-9bdd-435c-903b-5940a2160804
* bp-7df7c34b-d684-4435-a4b3-bc75b2160804
* bp-294a34c9-aba6-4b90-a01c-62b782160804

I couldn't reproduce the issue with a debug enabled build :(

Comment 5

[Kamil Jozwiak [:kjozwiak]]

Hiding this bug as it might be related to bug#1291190. Please unhide if that's not the case.

Comment 6

[Kamil Jozwiak [:kjozwiak]]

I've attempted to reproduce the crash via an asan [1] build on an Ubuntu 14.04.5 LTS VM but I've only managed to reproduce it once. Unfortunately it didn't display any crash information in the terminal when it occurred. I haven't been able to reproduce it again :/ I also tried reproducing the crash while disabling e10s, but I couldn't reproduce either.

However, I've manage to reproduce it here and there using macOS 10.11.6 pretty consistently.
* bp-ceaa5917-a568-4e5c-b242-c446c2160808

[1] https://tools.taskcluster.net/index/artifacts/#gecko.v2.mozilla-central.latest.firefox/gecko.v2.mozilla-central.latest.firefox.linux64-asan

Comment 7

[Valentin Gosu [:valentin] (he/him)]

Nick, I'm having no luck with the STR on Linux. Could you check if you can reproduce it on Mac? It might be platform dependent. Although I can see a few reports for Linux and Windows as well.

Comment 8

[u408661]

I haven't had any luck reproducing this on mac, unfortunately.

Comment 9

[Ludovic Hirlimann [:Usul]]

(In reply to Jason Duell [:jduell] (needinfo me) from comment #3)
> Nothing in regression range looks promising.  Also, we're no longer seeing a
> crash in the STR in comment 0.  
> 
> Ludovic: can you still reproduce the crash with the STR you gave?

No - sorry for the delay I was on paternity leave.

Comment 10

[Valentin Gosu [:valentin] (he/him)]

Based on crash-stats it seems that this issue was limited to Firefox 50a1 and is now fixed, possibly by 1268559.

Comment 11

[Valentin Gosu [:valentin] (he/him)]

The signature actually had changed to the one in bug 1289001. In any case, this bug is not longer applies, and I am quite sure it didn't need to be hidden.