Open Bug 1549998 Opened 5 years ago Updated 7 months ago

Crash in [@ mozilla::dom::ContentChild::ProvideWindowCommon]

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox68 --- fix-optional

People

(Reporter: marcia, Unassigned)

References

(Depends on 1 open bug)

Details

(Keywords: crash, regression)

Crash Data

This bug is for crash report bp-5ff6bc97-b547-41a4-9a76-ee5e40190421.

Small volume crash which appears to have started in 20190419094745: https://bit.ly/2Vlb3t8. 5 crashes/6 installs all on Windows 10.

Code was touched in Bug 1542204. ni on :farre

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::ContentChild::ProvideWindowCommon dom/ipc/ContentChild.cpp:905
1 xul.dll nsresult mozilla::dom::TabChild::ProvideWindow dom/ipc/TabChild.cpp:936
2 xul.dll nsresult nsWindowWatcher::OpenWindowInternal toolkit/components/windowwatcher/nsWindowWatcher.cpp:761
3 xul.dll nsresult nsWindowWatcher::OpenWindow2 toolkit/components/windowwatcher/nsWindowWatcher.cpp:367
4 xul.dll nsGlobalWindowOuter::OpenInternal dom/base/nsGlobalWindowOuter.cpp:7202
5 xul.dll nsresult nsGlobalWindowOuter::Open dom/base/nsGlobalWindowOuter.cpp:5691
6 xul.dll nsresult nsDocShell::PerformRetargeting docshell/base/nsDocShell.cpp:8777
7 xul.dll nsresult nsDocShell::InternalLoad docshell/base/nsDocShell.cpp:9181
8 xul.dll nsresult nsDocShell::OnLinkClickSync docshell/base/nsDocShell.cpp:12728
9 xul.dll nsresult OnLinkClickEvent::Run docshell/base/nsDocShell.cpp:12438
Flags: needinfo?(afarre)
Assignee: nobody → afarre
Status: NEW → ASSIGNED
Fission Milestone: --- → ?
Flags: needinfo?(afarre)

This is rather harmless MOZ_DIAGNOSTIC_ASSERT. I'll look into it.

Priority: -- → P2
Priority: P2 → P3
Fission Milestone: ? → M4
Fission Milestone: M4 → M5
Flags: needinfo?(kmaglione+bmo)

We should only be able to reach this assertion when Fission is disabled.

Fission Milestone: M5 → ---
Flags: needinfo?(kmaglione+bmo)

Since the crash volume is low (less than 5 per week), the severity is downgraded to S3. Feel free to change it back if you think the bug is still critical.

For more information, please visit auto_nag documentation.

Severity: critical → S3

As far as I can tell, this can only happen when a frame attempts to open a "noopener" window with "_parent" as the target, when it can't access its parent frame, and fission is disabled. That's a pretty odd circumstance, and the only negative consequence is a frame crash. And when Fission comes to Android, it won't be able to happen anywhere. So I'm not worried about it.

But we could also just bail out here rather than crashing, since after reading the code, I can see that is definitely a thing that can happen.

There's also an unrelated Windows crash with the same signature, where it looks like browsingContext is an invalid pointer.

Hsin-Yi, this is extremely rare, and Fission only. I haven't been able to work on this, so I'm unassigning. Should we re-triage this?

Status: ASSIGNED → NEW
Flags: needinfo?(htsai)

(In reply to Andreas Farre [:farre] from comment #5)

Hsin-Yi, this is extremely rare, and Fission only. I haven't been able to work on this, so I'm unassigning. Should we re-triage this?

I suppose you meant to say this is Fission-disabled only, from the contexts of previous comments.

Right, I think there's no action for now. We will monitor after Android Fission is released.

Depends on: gv-fission
Flags: needinfo?(htsai)
Assignee: afarre → nobody
You need to log in before you can comment on or make changes to this bug.