Closed Bug 1674038 Opened 5 years ago Closed 5 years ago

Crash in [@ mozilla::ipc::FatalError | mozilla::ipc::IProtocol::HandleFatalError | mozilla::dom::PContentChild::OnMessageReceived] from sending sharedFontListBlocks

Categories

(Core :: IPC, defect, P1)

Product:
Core
Component:
IPC
Version:
Firefox 83
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1664151
Tracking Flags:
Tracking Status
firefox83 --- wontfix
firefox84 --- affected

People

(Reporter: u673061, Unassigned)

Details

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/ec50aa8b-32b1-4c41-83be-0addd0201029

MOZ_CRASH Reason: IPDL error: "Error deserializing 'SharedMemoryHandle[]'". abort()ing as a result.

Top 10 frames of crashing thread:

0 libxul.so mozilla::ipc::FatalError ipc/glue/ProtocolUtils.cpp:193
1 libxul.so mozilla::ipc::IProtocol::HandleFatalError const ipc/glue/ProtocolUtils.cpp:422
2 libxul.so mozilla::dom::PContentChild::OnMessageReceived ipc/ipdl/PContentChild.cpp:11279
3 libxul.so mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2074
4 libxul.so mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1953
5 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:515
6 libxul.so mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal xpcom/threads/nsThreadUtils.h:577
7 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1197
8 libxul.so mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:87
9 libxul.so MessageLoop::Run ipc/chromium/src/base/message_loop.cc:309

I downloaded the developer release on my Arch Linux from Mozilla website and unzipped it, but when I launched the Firefox executable all tabs (including new ones) immediately crash. However, there's no problem in Safe Mode

It happens on EVERY website on normal mode. EVERY tab crashes. Please fix, thank you very much.

OS: Linux → Unspecified
Hardware: x86_64 → Unspecified
Component: General → DOM: Content Processes
Product: Firefox → Core

The severity field is not set for this bug.
:neha, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(nkochar)
Severity: -- → S1
Flags: needinfo?(nkochar) → needinfo?(nika)
Priority: -- → P1

The comment on the crash says "Browsing Works in safe mode but doesnt work with normal mode. The most likely cause of something only working with safe mode would be an extension. What extensions do you have installed?

Flags: needinfo?(d4v1d_4n0)

From the crash report, it looks like this is crashing while deserializing the sharedUASheetHandle field of the PContent::SetXPCOMProcessAttributes message, so the issue is probably with something about handling the shared UA sheet, not an addon. But maybe this is just an issue with shared memory in general and this happens to be the first thing we send?

Flags: needinfo?(d4v1d_4n0)
Component: DOM: Content Processes → IPC

Jed, does this sound familiar?

Flags: needinfo?(jld)
Summary: Crash in [@ mozilla::ipc::FatalError | mozilla::ipc::IProtocol::HandleFatalError | mozilla::dom::PContentChild::OnMessageReceived] → Crash in [@ mozilla::ipc::FatalError | mozilla::ipc::IProtocol::HandleFatalError | mozilla::dom::PContentChild::OnMessageReceived] from sending sharedUASheetHandle

In Element, Nika said: "it looks like the warning is an error deserializing SharedMemoryHandle[], not SharedMemoryHandle?, so I think the stack frame is wrong, and the crash is actually here: https://crash-stats.mozilla.org/sources/highlight/?url=https://gecko-generated-sources.s3.amazonaws.com/86ddd9b448a97d9f3b45b1c57908f30f76f97c4d0c107782a9d6bd7e98c98017b944e205e2cf715f5aa7fdf0f19ce5e79ec8f311d182f5413f9441c759082bd0/ipc/ipdl/PContentChild.cpp&line=11297#L-11297 "

That link is for the sharedFontListBlocks field.

The message which is failing to deserialize is being sent here: https://searchfox.org/mozilla-central/rev/ff82c973f8ccb0475ec32439e9ec07014b3a681f/dom/ipc/ContentParent.cpp#2790-2792. The objects which are failing to deserialize are created and "shared" to the other process here (https://searchfox.org/mozilla-central/rev/ff82c973f8ccb0475ec32439e9ec07014b3a681f/dom/ipc/ContentParent.cpp#2732-2736), though the "sharing" action on linux is just a dup call (https://searchfox.org/mozilla-central/rev/ff82c973f8ccb0475ec32439e9ec07014b3a681f/ipc/chromium/src/base/shared_memory_posix.cc#525).

I'm guessing that the receiving side of the IPC channel is not receiving some of the FDs expected by the message. I don't know off the top of my head how something like this could happen though. Perhaps more diagnostics in this code could help?

Flags: needinfo?(nika)

(In reply to Andrew McCreight [:mccr8] from comment #6)

Jed, does this sound familiar?

It sounds very much like bug 1664151, complete with the crash stack suggesting sharedUASheetHandle but other info from the report saying otherwise.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(jld)
Resolution: --- → DUPLICATE
Summary: Crash in [@ mozilla::ipc::FatalError | mozilla::ipc::IProtocol::HandleFatalError | mozilla::dom::PContentChild::OnMessageReceived] from sending sharedUASheetHandle → Crash in [@ mozilla::ipc::FatalError | mozilla::ipc::IProtocol::HandleFatalError | mozilla::dom::PContentChild::OnMessageReceived] from sending sharedFontListBlocks
You need to log in before you can comment on or make changes to this bug.