1590914 - Refreshing on tab crash page causes browser to crash in [@ mozilla::ipc::FatalError | mozilla::ipc::IProtocol::HandleFatalError | mozilla::ipc::IPDLParamTraits<T>::Write ]

Status: RESOLVED FIXED

(Core :: DOM: Navigation, defect, P3)

Description

[exprezdev]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0

Steps to reproduce:

• Tab crashes due to bug https://bugzilla.mozilla.org/show_bug.cgi?id=1590908.
• See "Gah. Your tab just crashed." page
• Press Cmd-R to refresh
• Browser crashes

Actual results:

Browser crashed.

Expected results:

Site refreshed.

Comment 1

[exprezdev]

Made for crash report 20019d93-49b5-4838-84a6-024850191023.

Comment 2

[Olli Pettay [:smaug][bugs@pettay.fi]]

reporter, are you saying this is the same as bug 1590908?
(Stack trace does seem to hint so)

Comment 3

[Chris Peterson [:cpeterson]]

Tentatively assigning to Fission M5 milestone because this is a crash reported by a dogfood tester.

Comment 4

[Matt Woodrow (:mattwoodrow)]

Linkified crash report - https://crash-stats.mozilla.org/report/index/20019d93-49b5-4838-84a6-024850191023

We're crashing here - https://hg.mozilla.org/mozilla-central/annotate/ad7a152bc66c0d411a6fb0b210d675abed9693c7/ipc/glue/IPCStreamUtils.cpp#l485

That's an assert because we tried to send nsIInputStream over a protocol that wasn't PContent or PBackground (or managed by them).

The protocol that we're sending over is PWindowGlobal, which is managed by PBrowser (and then PContent), or PInProcess. The latter would be a violation of the condition.

I think what's happening is that we're in the weird state where the BrowsingContext doesn't have a docshell, but does have a WindowGlobalParent, for a same-process window. I don't know how or why that is possible. Adding ni?kmag to see if he has thoughts on how insane that is.

Anway, bug 1589123 stopped us from sending this across PWindowGlobal (and uses PContent directly, with a null check), so this should be fixed now.