Closed Bug 1609144 Opened 3 years ago Closed 3 years ago

Crash in [@ mozilla::dom::WindowGlobalParent::NotifyContentBlockingEvent]

Categories

(Core :: Privacy: Anti-Tracking, defect, P1)

74 Branch
defect

Tracking

()

VERIFIED FIXED
mozilla74
Tracking Status
firefox-esr68 --- unaffected
firefox72 --- unaffected
firefox73 --- unaffected
firefox74 + verified

People

(Reporter: calixte, Assigned: dimi)

References

(Blocks 2 open bugs, Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

This bug is for crash report bp-6dc80888-4ec3-428a-8a74-6033e0200114.

Top 10 frames of crashing thread:

0 XUL mozilla::dom::WindowGlobalParent::NotifyContentBlockingEvent dom/ipc/WindowGlobalParent.cpp:309
1 XUL mozilla::net::UrlClassifierCommon::NotifyChannelBlocked netwerk/url-classifier/UrlClassifierCommon.cpp:106
2 XUL mozilla::net::UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled netwerk/url-classifier/UrlClassifierCommon.cpp:68
3 XUL mozilla::net::UrlClassifierCommon::AnnotateChannel netwerk/url-classifier/UrlClassifierCommon.cpp:518
4 XUL mozilla::net::UrlClassifierFeatureTrackingAnnotation::ProcessChannel netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp:155
5 XUL mozilla::detail::RunnableFunction<mozilla::net::AsyncUrlChannelClassifier::CheckChannel xpcom/threads/nsThreadUtils.h:563
6 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1220
7 XUL NS_ProcessPendingEvents xpcom/threads/nsThreadUtils.cpp:434
8 XUL nsBaseAppShell::NativeEventCallback widget/nsBaseAppShell.cpp:87
9 XUL nsAppShell::ProcessGeckoEvents widget/cocoa/nsAppShell.mm:440

There are 18 crashes (from 4 installations) in nightly 74 with buildid 20200114094410. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1599043.
The moz_crash_reason is always: MOZ_DIAGNOSTIC_ASSERT(!IsInProcess()).

[1] https://hg.mozilla.org/mozilla-central/rev?node=7316a18109f9

Flags: needinfo?(tihuang)

Tim is taking PTO, I'll check this issue

Assignee: nobody → dlee
Status: NEW → ASSIGNED
Flags: needinfo?(tihuang) → needinfo?(dlee)

The assertion is added to diagnose whether NotifyContentBlockingEvent
will be called from an in-process document. We have already seen crashes
because of the assertion, so temporarily remove this to avoid people
keep crashing due to this.

I think we have enough data to investigate this issue, submit a patch to temporarily remove the assertion so people won't keep crashing because of this.

Flags: needinfo?(dlee)
Keywords: leave-open
Priority: -- → P1

Steps to reproduce (for QE testers):

  1. Go to google.com
  2. Click on the padlock in the address bar, then on the arrow (>) and then on "More Information"
    -> Crash

I'm hitting this almost every time I open the hamburger menu.

I've hit this when opening the hamburger menu (because there was an update notification and I wanted to restart).

Pushed by dlee@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/259b0925375e
Remove IsInProcess assertion in NotifyContentBlockingEvent r=timhuang

Is there a bug open to find the root cause of this?

Flags: needinfo?(dlee)

(In reply to :ehsan akhgari from comment #9)

Is there a bug open to find the root cause of this?

Yes, I set leave-open flag while pushing the hotfix so I can keep tracking this issue in this bug.
Actually, I found this bug happened because there are cases that we create an in-process window(devtools, 'view page info'), and the window may load trackers in a site to show its content(for example, devtool->network->select a page with trackers->response tab). This triggers the assertion added in Bug 1599043
One thing I haven't figured out is that why some crashes happened while opening the hamburger menu.

Flags: needinfo?(dlee)
Blocks: 1610455

After investigating, I think removing the assertion would be enough for fixing this bug.
I filed Bug 1610455 as a follow-up to discuss what to do next.

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla74
Flags: qe-verify+

Reproduced the issue using Firefox 74.0a1 (20200114214307) on Windows 10x64.
The issue is verified fixed with Firefox 74.0b5 (20200218224219) on Windows 10x64, macOS 10.15 and Ubuntu 16.04. No crash ecountered after following STR from comment 4.

Status: RESOLVED → VERIFIED
Flags: qe-verify+
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.