Closed Bug 1336417 Opened 9 years ago Closed 9 years ago

[e10s] Crash in IPCError-browser | (msgtype=0xFFFB,name=???) Payload error: message could not be deserialized

Categories

(Core :: DOM: Copy & Paste and Drag & Drop, defect)

Product:
Core
Component:
DOM: Copy & Paste and Drag & Drop
Version:
49 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1295272
Tracking Flags:
Tracking Status
firefox51 --- wontfix
firefox52 --- fixed
firefox53 --- fixed
firefox54 --- fixed

People

(Reporter: philipp, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

This bug was filed from the Socorro interface and is report bp-09c702a3-6cbf-47ce-a203-a063b2161214. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 libsystem_platform.dylib longcopy 1 libsystem_platform.dylib _platform_memmove$VARIANT$Merom 2 XUL nsContentUtils::GetSurfaceData(mozilla::gfx::DataSourceSurface*, unsigned long*, int*, mozilla::ipc::IShmemAllocator*, mozilla::ipc::Shmem*) dom/base/nsContentUtils.cpp:7832 3 XUL nsContentUtils::TransferableToIPCTransferable(nsITransferable*, mozilla::dom::IPCDataTransfer*, bool, mozilla::dom::nsIContentChild*, mozilla::dom::nsIContentParent*) dom/base/nsContentUtils.cpp:7637 4 XUL nsContentUtils::TransferablesToIPCTransferables(nsISupportsArray*, nsTArray<mozilla::dom::IPCDataTransfer>&, bool, mozilla::dom::nsIContentChild*, mozilla::dom::nsIContentParent*) dom/base/nsContentUtils.cpp:7417 5 XUL nsDragServiceProxy::InvokeDragSessionImpl(nsISupportsArray*, nsIScriptableRegion*, unsigned int) widget/nsDragServiceProxy.cpp:40 6 XUL nsBaseDragService::InvokeDragSession(nsIDOMNode*, nsISupportsArray*, nsIScriptableRegion*, unsigned int, unsigned int) widget/nsBaseDragService.cpp:234 7 XUL nsBaseDragService::InvokeDragSessionWithImage(nsIDOMNode*, nsISupportsArray*, nsIScriptableRegion*, unsigned int, nsIDOMNode*, int, int, nsIDOMDragEvent*, nsIDOMDataTransfer*) widget/nsBaseDragService.cpp:270 8 XUL mozilla::EventStateManager::DoDefaultDragStart(nsPresContext*, mozilla::WidgetDragEvent*, mozilla::dom::DataTransfer*, nsIContent*, nsISelection*) dom/events/EventStateManager.cpp:2003 9 XUL mozilla::EventStateManager::GenerateDragGesture(nsPresContext*, mozilla::WidgetMouseEvent*) dom/events/EventStateManager.cpp:1808 10 XUL mozilla::EventStateManager::PreHandleEvent(nsPresContext*, mozilla::WidgetEvent*, nsIFrame*, nsIContent*, nsEventStatus*) dom/events/EventStateManager.cpp:697 11 XUL PresShell::HandleEventInternal(mozilla::WidgetEvent*, nsEventStatus*, bool) layout/base/nsPresShell.cpp:8235 12 XUL PresShell::HandlePositionedEvent(nsIFrame*, mozilla::WidgetGUIEvent*, nsEventStatus*) layout/base/nsPresShell.cpp:8077 13 XUL PresShell::HandleEvent(nsIFrame*, mozilla::WidgetGUIEvent*, bool, nsEventStatus*, nsIContent**) layout/base/nsPresShell.cpp:7864 14 XUL nsViewManager::DispatchEvent(mozilla::WidgetGUIEvent*, nsView*, nsEventStatus*) view/nsViewManager.cpp:816 15 XUL nsView::HandleEvent(mozilla::WidgetGUIEvent*, bool) view/nsView.cpp:1121 16 XUL mozilla::widget::PuppetWidget::DispatchEvent(mozilla::WidgetGUIEvent*, nsEventStatus&) widget/PuppetWidget.cpp:350 17 XUL <name omitted> gfx/layers/apz/util/APZCCallbackHelper.cpp:470 18 XUL mozilla::dom::TabChild::RecvRealMouseButtonEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long const&) dom/ipc/TabChild.cpp:1948 19 XUL non-virtual thunk to mozilla::dom::TabChild::RecvRealMouseMoveEvent(mozilla::WidgetMouseEvent const&, mozilla::layers::ScrollableLayerGuid const&, unsigned long long const&) dom/ipc/TabChild.cpp:1913 20 XUL mozilla::dom::PBrowserChild::OnMessageReceived(IPC::Message const&) obj-firefox/x86_64/ipc/ipdl/PBrowserChild.cpp:3754 21 XUL mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&) ipc/glue/MessageChannel.cpp:1661 22 XUL mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) ipc/glue/MessageChannel.cpp:1599 23 XUL mozilla::ipc::MessageChannel::OnMaybeDequeueOne() ipc/glue/MessageChannel.cpp:1566 24 XUL mozilla::detail::RunnableMethodImpl<bool (mozilla::ipc::MessageChannel::*)(), false, true>::Run xpcom/glue/nsThreadUtils.h:729 25 XUL mozilla::ipc::MessageChannel::DequeueTask::Run() ipc/glue/MessageChannel.h:550 26 XUL nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1076 27 XUL NS_ProcessPendingEvents(nsIThread*, unsigned int) xpcom/glue/nsThreadUtils.cpp:232 28 XUL nsBaseAppShell::NativeEventCallback() widget/nsBaseAppShell.cpp:97 29 XUL nsAppShell::ProcessGeckoEvents(void*) widget/cocoa/nsAppShell.mm:386 30 CoreFoundation __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 31 CoreFoundation __CFRunLoopDoSources0 32 CoreFoundation __CFRunLoopRun 33 CoreFoundation CFRunLoopRunSpecific Ø 34 HIToolbox HIToolbox@0x3256e Ø 35 HIToolbox HIToolbox@0x322e9 Ø 36 HIToolbox HIToolbox@0x3212a 37 AppKit _DPSNextEvent 38 AppKit -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 39 AppKit -[NSEvent window] 40 AppKit -[NSApplication sendEvent:] Ø 41 MediaToolbox MediaToolbox@0x4e9fdc 42 libsystem_pthread.dylib pthread_rwlock_unlock 43 Foundation +[NSThread isMainThread] 44 Foundation +[NSUndoManager(NSPrivate) _endTopLevelGroupings] 45 XUL -[GeckoNSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] widget/cocoa/nsAppShell.mm:121 46 AppKit -[NSApplication run] 47 AppKit -[NSTitlebarContainerView transparent] 48 AppKit -[NSTitlebarContainerView transparent] Ø 49 MediaToolbox MediaToolbox@0x4ea2ad 50 XUL nsAppShell::Run() widget/cocoa/nsAppShell.mm:660 51 XUL XRE_RunAppShell toolkit/xre/nsEmbedFunctions.cpp:851 52 XUL MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:232 53 XUL XRE_InitChildProcess toolkit/xre/nsEmbedFunctions.cpp:681 54 plugin-container content_process_main(int, char**) ipc/contentproc/plugin-container.cpp:224 55 plugin-container start crashes in the content process with this signature are regressing since firefox 49 - they happen cross-platform but primarily on mac os x. the crash is occurring in a codepath that was added in 1272018. the comment attached to this particular report apparently describes a reproducible pattern to trigger the crash: "Tried to drag a jpg from Wikipedia to Mac desktop. Crashes consistently. https://upload.wikimedia.org/wikipedia/commons/8/83/A-20_Havoc.jpg" many of the other user comments also talk about handling (dragging/dropping, zooming, scrolling) large image files at the time of the crash: https://crash-stats.mozilla.com/signature/?signature=IPCError-browser%20|%20%28msgtype%3D0xFFFB%2Cname%3D%3F%3F%3F%29%20Payload%20error%3A%20message%20could%20not%20be%20deserialized&date=%3E%3D2016-08-03T13%3A36%3A57.000Z#comments
See Also: → 1272018
Stephen, any insight here?
Flags: needinfo?(spohl.mozilla.bugs)
Reading through bug 1272018 (which introduced this code path) and the blocking bug 1171307 and bug 1295272, I get the impression that this got fixed in 52. If I'm reading crash stats[1] correctly, we don't have any reports for versions after 52.0a1. :philipp, can you confirm? If so, we can dupe this bug to bug 1295272. [1] https://crash-stats.mozilla.com/signature/?signature=IPCError-browser%20|%20%28msgtype%3D0xFFFB%2Cname%3D%3F%3F%3F%29%20Payload%20error%3A%20message%20could%20not%20be%20deserialized&date=%3E%3D2016-08-03T13%3A36%3A57.000Z#comments
Flags: needinfo?(spohl.mozilla.bugs) → needinfo?(madperson)
yes, you are correct - the last version where this signature is showing up was 52.0a2 build 20161023030206 and 52.0b is no longer affected at all. sorry for not noticing this earlier...
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox52: affectedfixed
status-firefox53: ?fixed
status-firefox54: ?fixed
Flags: needinfo?(madperson)
Resolution: --- → DUPLICATE
We don't have the plan to have dot release for 51. Mark 51 won't fix.
status-firefox51: affectedwontfix
You need to log in before you can comment on or make changes to this bug.