Closed Bug 1609144 Opened 1 month ago Closed 1 month ago

Crash in [@ mozilla::dom::WindowGlobalParent::NotifyContentBlockingEvent]

Categories

(Core :: Privacy: Anti-Tracking, defect, P1)

74 Branch
defect

Tracking

()

RESOLVED FIXED
mozilla74
Tracking Status
firefox-esr68 --- unaffected
firefox72 --- unaffected
firefox73 --- unaffected
firefox74 + fixed

People

(Reporter: calixte, Assigned: dimi)

References

(Blocks 2 open bugs, Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

This bug is for crash report bp-6dc80888-4ec3-428a-8a74-6033e0200114.

Top 10 frames of crashing thread:

0 XUL mozilla::dom::WindowGlobalParent::NotifyContentBlockingEvent dom/ipc/WindowGlobalParent.cpp:309
1 XUL mozilla::net::UrlClassifierCommon::NotifyChannelBlocked netwerk/url-classifier/UrlClassifierCommon.cpp:106
2 XUL mozilla::net::UrlClassifierCommon::NotifyChannelClassifierProtectionDisabled netwerk/url-classifier/UrlClassifierCommon.cpp:68
3 XUL mozilla::net::UrlClassifierCommon::AnnotateChannel netwerk/url-classifier/UrlClassifierCommon.cpp:518
4 XUL mozilla::net::UrlClassifierFeatureTrackingAnnotation::ProcessChannel netwerk/url-classifier/UrlClassifierFeatureTrackingAnnotation.cpp:155
5 XUL mozilla::detail::RunnableFunction<mozilla::net::AsyncUrlChannelClassifier::CheckChannel xpcom/threads/nsThreadUtils.h:563
6 XUL nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1220
7 XUL NS_ProcessPendingEvents xpcom/threads/nsThreadUtils.cpp:434
8 XUL nsBaseAppShell::NativeEventCallback widget/nsBaseAppShell.cpp:87
9 XUL nsAppShell::ProcessGeckoEvents widget/cocoa/nsAppShell.mm:440

There are 18 crashes (from 4 installations) in nightly 74 with buildid 20200114094410. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1599043.
The moz_crash_reason is always: MOZ_DIAGNOSTIC_ASSERT(!IsInProcess()).

[1] https://hg.mozilla.org/mozilla-central/rev?node=7316a18109f9

Flags: needinfo?(tihuang)

Tim is taking PTO, I'll check this issue

Assignee: nobody → dlee
Status: NEW → ASSIGNED
Flags: needinfo?(tihuang) → needinfo?(dlee)

The assertion is added to diagnose whether NotifyContentBlockingEvent
will be called from an in-process document. We have already seen crashes
because of the assertion, so temporarily remove this to avoid people
keep crashing due to this.

I think we have enough data to investigate this issue, submit a patch to temporarily remove the assertion so people won't keep crashing because of this.

Flags: needinfo?(dlee)
Keywords: leave-open
Priority: -- → P1

Steps to reproduce (for QE testers):

  1. Go to google.com
  2. Click on the padlock in the address bar, then on the arrow (>) and then on "More Information"
    -> Crash

I'm hitting this almost every time I open the hamburger menu.

I've hit this when opening the hamburger menu (because there was an update notification and I wanted to restart).

Pushed by dlee@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/259b0925375e
Remove IsInProcess assertion in NotifyContentBlockingEvent r=timhuang

Is there a bug open to find the root cause of this?

Flags: needinfo?(dlee)

(In reply to :ehsan akhgari from comment #9)

Is there a bug open to find the root cause of this?

Yes, I set leave-open flag while pushing the hotfix so I can keep tracking this issue in this bug.
Actually, I found this bug happened because there are cases that we create an in-process window(devtools, 'view page info'), and the window may load trackers in a site to show its content(for example, devtool->network->select a page with trackers->response tab). This triggers the assertion added in Bug 1599043
One thing I haven't figured out is that why some crashes happened while opening the hamburger menu.

Flags: needinfo?(dlee)
Blocks: 1610455

After investigating, I think removing the assertion would be enough for fixing this bug.
I filed Bug 1610455 as a follow-up to discuss what to do next.

Status: ASSIGNED → RESOLVED
Closed: 1 month ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla74
You need to log in before you can comment on or make changes to this bug.