Closed Bug 1543015 Opened 5 years ago Closed 5 years ago

Crash in [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext]


(Core :: DOM: Core & HTML, defect)

Windows 10
Not set



Root Cause Coding: Other
Fission Milestone M4
Tracking Status
firefox-esr60 --- unaffected
firefox66 --- unaffected
firefox67 --- unaffected
firefox68 blocking fixed


(Reporter: calixte, Assigned: farre)


(Blocks 1 open bug, Regression)


(Keywords: crash, regression, topcrash)

Crash Data

This bug is for crash report bp-851564fc-e643-4c6d-acab-a97a60190408.

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::ContentParent::RecvAttachBrowsingContext dom/ipc/ContentParent.cpp:5705
1 xul.dll mozilla::dom::PContentParent::OnMessageReceived ipc/ipdl/PContentParent.cpp:9561
2 xul.dll void mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2078
3 xul.dll nsresult mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1968
4 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1180
5 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:486
6 xul.dll void mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110
7 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/
8 xul.dll MessageLoop::Run ipc/chromium/src/base/
9 xul.dll nsBaseAppShell::Run widget/nsBaseAppShell.cpp:137

There are 44 crashes (from 29 installations) in nightly 68 with buildid 20190408193006. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1523636.


Flags: needinfo?(afarre)

I've hit a crash with this signature twice while loading (although I also loaded it once without crashing).

This is by far the worst crash in nightly at the moment.

crash reason is "MOZ_RELEASE_ASSERT(parent) (Parent doesn't exist in parent process)"

Keywords: topcrash
Assignee: nobody → afarre
Flags: needinfo?(afarre)

With the url given by dbaron which also crashes rather reliably for me I came to this regression range that I think is the best I can get:

I contains bug 1537910, bug 1541810 and bug 1523636 so the theory in comment #0 that bug 1523636 is the regressor sounds plausible.

This crash didn't show up after the backout, so I'll call this fixed.

Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
Crash Signature: [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext] → [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext] [@ mozilla::dom::BrowsingContextGroup::Select]
Crash Signature: [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext] [@ mozilla::dom::BrowsingContextGroup::Select] → [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext] [@ mozilla::dom::BrowsingContextGroup::Select] [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext(mozilla::dom::BrowsingContext::IPCInitializer&&)]
See Also: → 1563542
See Also: → 1577552

Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.

This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:


Fission Milestone: --- → M4

Please specify a root cause for this bug. See :tmaity for more information.

Root Cause: --- → ?

Description of root cause:

Race between parent having closed a browsing context that a child wanted to attach to a tree. Possible sub-category for Coding could be Parallelism issue (similar to concurrency, but not the same?)

Crash Signature: [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext] [@ mozilla::dom::BrowsingContextGroup::Select] [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext(mozilla::dom::BrowsingContext::IPCInitializer&&)] → [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext] [@ mozilla::dom::BrowsingContextGroup::Select] [@ mozilla::dom::ContentParent::RecvAttachBrowsingContext(mozilla::dom::BrowsingContext::IPCInitializer&&)]
Root Cause: ? → Coding: Other
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.