Closed Bug 1495762 Opened 2 years ago Closed 2 years ago

Crash in mozilla::ipc::FatalError | mbrtoc32

Categories

(Core :: IPC, defect, P3)

63 Branch
Unspecified
Android
defect

Tracking

()

RESOLVED INVALID
Tracking Status
firefox62 --- unaffected
firefox63 --- wontfix
firefox64 --- unaffected

People

(Reporter: marcia, Unassigned)

References

Details

(Keywords: crash, regression)

Crash Data

This bug was filed from the Socorro interface and is
report bp-468859bd-8d77-4d92-8a7b-3f6320181002.
=============================================================

This crash was first seen in 63b5 and is slowly increasing: https://bit.ly/2y7MXUd. The Moz crash reason for all crashes is MOZ_CRASH(IPC FatalError in the parent process!) and (96.77% in signature vs 00.86% overall) ipc_fatal_error_msg = Error deserializing 'Shmem'

No useful comments are present. 

Top 10 frames of crashing thread:

0 libxul.so mozilla::ipc::FatalError ipc/glue/ProtocolUtils.cpp:296
1 libxul.so mbrtoc32 
2 boot-framework.oat boot-framework.oat@0x162151e 
3 dalvik-main space (deleted) dalvik-main space @0xd7a726d 
4 boot-framework.oat boot-framework.oat@0x161f520 
5 boot-framework.oat boot-framework.oat@0x1552363 
6 dalvik-main space 1 (deleted) dalvik-main space 1 @0x8dac9fe 
7 libxul.so mozilla::ipc::IProtocol::HandleFatalError const ipc/glue/ProtocolUtils.cpp:532
8 dalvik-main space 1 (deleted) dalvik-main space 1 @0x215b9c7 
9 libxul.so mozilla::ipc::MessageChannel::DispatchAsyncMessage ipc/glue/MessageChannel.cpp:2248

=============================================================
Also seen on 63.0b3; e.g., bp-5420a1b5-c0b2-45d8-9f1f-189e00180906

And here's a similar crash on 63.0a1, but with a less messed-up stack: bp-3a3fdadd-8fba-4dd3-8da5-b255c0180901

If this was introduced shortly before build 20180831100133, looking at what changed recently in IPC… maybe it's related to bug 1485762?
See Also: → 1485762
Note: the mbrtoc32 stack frame appears to be a red herring - the frames above are all ipc, and the bottom frame is ipc.

Nullptr crash
(In reply to Randell Jesup [:jesup] from comment #2)
> Nullptr crash

To clarify, it's a MOZ_CRASH, not an accidental nullptr.

This also looks similar to bug 1491340, but the error message is slightly different.


(As for bug 1485762, I remember going through the code and convincing myself it wouldn't break things in the error cases, but I didn't actually write down my rationale in the review — and judging by these crashes it does seem that I missed something, possibly to do with OOM cases.)
See Also: → 1491340
Unfortunately although this crash happened, I cannot find any crashes with that signature even searching Socorro 8 days back. I am not sure what happened to the reports :(.
(In reply to Marcia Knous [:marcia - needinfo? me] from comment #4)
> Unfortunately although this crash happened, I cannot find any crashes with
> that signature even searching Socorro 8 days back. I am not sure what
> happened to the reports :(.

It turns out mbrtoc32 was added to the skip list, and the all the crashes were reprocessed - see Bug 1497899#c1.
not actionable
Status: NEW → RESOLVED
Closed: 2 years ago
Priority: -- → P3
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.