1609144 - Crash in [@ mozilla::dom::WindowGlobalParent::NotifyContentBlockingEvent]

Status: VERIFIED FIXED

(Core :: Privacy: Anti-Tracking, defect, P1)

Description

[Calixte Denizet (:calixte)]

This bug is for crash report bp-6dc80888-4ec3-428a-8a74-6033e0200114.

Top 10 frames of crashing thread:

0 XUL mozilla::dom::WindowGlobalParent::NotifyContentBlockingEvent dom/ipc/WindowGlobalParent.cpp:309
1 XUL mozilla::net::UrlClassifierCommon::NotifyChannelBlocked netwerk/url-classifier/UrlClassifierCommon.cpp:106
2 XUL mozilla::net::UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled netwerk/url-classifier/UrlClassifierCommon.cpp:68
3 XUL mozilla::net::UrlClassifierCommon::AnnotateChannel netwerk/url-classifier/UrlClassifierCommon.cpp:518
4 XUL mozilla::net::UrlClassifierFeatureTrackingAnnotation::ProcessChannel netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp:155
5 XUL mozilla::detail::RunnableFunction<mozilla::net::AsyncUrlChannelClassifier::CheckChannel xpcom/threads/nsThreadUtils.h:563
6 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1220
7 XUL NS_ProcessPendingEvents xpcom/threads/nsThreadUtils.cpp:434
8 XUL nsBaseAppShell::NativeEventCallback widget/nsBaseAppShell.cpp:87
9 XUL nsAppShell::ProcessGeckoEvents widget/cocoa/nsAppShell.mm:440

There are 18 crashes (from 4 installations) in nightly 74 with buildid 20200114094410. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1599043.
The moz_crash_reason is always: MOZ_DIAGNOSTIC_ASSERT(!IsInProcess()).

[1] https://hg.mozilla.org/mozilla-central/rev?node=7316a18109f9

Comment 1

[Dimi Lee [:dimi]]

Tim is taking PTO, I'll check this issue

Comment 2

[Dimi Lee [:dimi]]

Attachment: Bug 1609144 - Remove IsInProcess assertion in NotifyContentBlockingEvent r=timhuang

The assertion is added to diagnose whether NotifyContentBlockingEvent
will be called from an in-process document. We have already seen crashes
because of the assertion, so temporarily remove this to avoid people
keep crashing due to this.

Comment 3

[Dimi Lee [:dimi]]

I think we have enough data to investigate this issue, submit a patch to temporarily remove the assertion so people won't keep crashing because of this.

Comment 4

[Viktor Jägersküpper]

Steps to reproduce (for QE testers):

1. Go to google.com
2. Click on the padlock in the address bar, then on the arrow (>) and then on "More Information"
   -> Crash

Comment 5

[Dave Townsend [:mossop]]

I'm hitting this almost every time I open the hamburger menu.

Comment 6

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

I've hit this when opening the hamburger menu (because there was an update notification and I wanted to restart).

Comment 7

[Pulsebot]

Pushed by dlee@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/259b0925375e
Remove IsInProcess assertion in NotifyContentBlockingEvent r=timhuang

Comment 8

[Razvan Maries]

https://hg.mozilla.org/mozilla-central/rev/259b0925375e

Comment 9

[(no longer active)]

Is there a bug open to find the root cause of this?

Comment 10

[Dimi Lee [:dimi]]

(In reply to :ehsan akhgari from comment #9)

Is there a bug open to find the root cause of this?

Yes, I set leave-open flag while pushing the hotfix so I can keep tracking this issue in this bug.
Actually, I found this bug happened because there are cases that we create an in-process window(devtools, 'view page info'), and the window may load trackers in a site to show its content(for example, devtool->network->select a page with trackers->response tab). This triggers the assertion added in Bug 1599043
One thing I haven't figured out is that why some crashes happened while opening the hamburger menu.

Comment 11

[Dimi Lee [:dimi]]

After investigating, I think removing the assertion would be enough for fixing this bug.
I filed Bug 1610455 as a follow-up to discuss what to do next.

Comment 12

[Alexandru Trif, Desktop Test Engineering [:atrif]]

Reproduced the issue using Firefox 74.0a1 (20200114214307) on Windows 10x64.
The issue is verified fixed with Firefox 74.0b5 (20200218224219) on Windows 10x64, macOS 10.15 and Ubuntu 16.04. No crash ecountered after following STR from comment 4.