Closed Bug 1664542 Opened 4 years ago Closed 4 years ago

Crash in [@ mozilla::dom::`anonymous namespace'::WebProgressListener::OnStateChange]

Categories

(Core :: DOM: Navigation, defect, P1)

79 Branch
defect

Tracking

()

VERIFIED FIXED
83 Branch
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox80 --- wontfix
firefox81 --- verified
firefox82 --- verified
firefox83 --- verified

People

(Reporter: philipp, Assigned: nika)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

Crash report: https://crash-stats.mozilla.org/report/index/95076142-2ffd-4b49-bac7-9e99b0200911

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::`anonymous namespace'::WebProgressListener::OnStateChange dom/clients/manager/ClientOpenWindowUtils.cpp:77
1 xul.dll std::_Func_impl_no_alloc<`lambda at /builds/worker/checkouts/gecko/docshell/base/BrowsingContextWebProgress.cpp:109:7', void, nsIWebProgressListener*>::_Do_call 
2 xul.dll mozilla::dom::BrowsingContextWebProgress::UpdateAndNotifyListeners docshell/base/BrowsingContextWebProgress.cpp:93
3 xul.dll mozilla::dom::BrowsingContextWebProgress::OnStateChange docshell/base/BrowsingContextWebProgress.cpp:107
4 xul.dll mozilla::dom::BrowserParent::RecvOnStateChange dom/ipc/BrowserParent.cpp:2609
5 xul.dll mozilla::dom::PBrowserParent::OnMessageReceived ipc/ipdl/PBrowserParent.cpp:4914
6 xul.dll mozilla::dom::PContentParent::OnMessageReceived ipc/ipdl/PContentParent.cpp:6456
7 xul.dll mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2074
8 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1953
9 xul.dll mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:512

crash reports with this signature seem to have started in firefox 79 (most of the top frames of the stack got touched by bug 1644943).

the volume of this crash is starting to spike up today though, many comments involve push notifications from twitter, so perhaps a change by them is triggering it more frequently now.

Flags: needinfo?(matt.woodrow)
Crash Signature: [@ mozilla::dom::`anonymous namespace'::WebProgressListener::OnStateChange] → [@ mozilla::dom::`anonymous namespace'::WebProgressListener::OnStateChange] [@ mozilla::dom::(anonymous namespace)::WebProgressListener::OnStateChange]
OS: Windows → All

This is spiking up on all channels in the last couple of days, can someone take a look please?

Flags: needinfo?(nkochar)
Flags: needinfo?(cpeterson)

Asked Nika to take a look.

Severity: -- → S1
Flags: needinfo?(nkochar)
Flags: needinfo?(cpeterson)
Priority: -- → P1
Assignee: nobody → nika
Flags: needinfo?(matt.woodrow)

This crash is caused by the mWebProgress field of BrowsingContext being cleared
due to Cross-Origin-Opener-Policy replacing the context on navigation. By
tracking the BrowserId of the opening tab rather than the specific
BrowsingContext, this issue can be avoided.

Status: NEW → ASSIGNED

Hi Nika, is this ready to land? It's showing up in the Fx81 topcrash list.

Flags: needinfo?(nika)

Just queued into lando, sorry about the delay.

Flags: needinfo?(nika)
Pushed by nlayzell@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/13ff387b07fa
Part 1: Fix client.openWindow/COOP+COEP crash, r=asuth
https://hg.mozilla.org/integration/autoland/rev/b3754ac7b886
Part 2: Test client.openWindow/COOP+COEP, r=asuth
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → 83 Branch

The patch landed in nightly and beta is affected.
:nika, is this bug important enough to require an uplift?
If not please set status_beta to wontfix.

For more information, please visit auto_nag documentation.

Flags: needinfo?(nika)

Comment on attachment 9176395 [details]
Bug 1664542 - Part 1: Fix client.openWindow/COOP+COEP crash,

Beta/Release Uplift Approval Request

  • User impact if declined: Crash when clicking on a notification which opens a tab with Cross-Origin-Opener-Policy (such as twitter.com)
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: Yes
  • If yes, steps to reproduce: Sign into twitter, and set up push notifications. Receive a notification with your twitter tabs closed, and click on the twitter notification to open the tweet in question.

There are automated tests written for this scenario, but it may be worthwhile to verify the fix on beta after the uplift.

  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): The change has been given automated tests, and fixes a fairly well understood issue. The fix should be unlikely to lead to additional crashes.
  • String changes made/needed: None
Flags: needinfo?(nika)
Attachment #9176395 - Flags: approval-mozilla-beta?
Attachment #9176396 - Flags: approval-mozilla-beta?
Flags: qe-verify+

Comment on attachment 9176395 [details]
Bug 1664542 - Part 1: Fix client.openWindow/COOP+COEP crash,

See comment 10

Attachment #9176395 - Flags: approval-mozilla-release?
Attachment #9176396 - Flags: approval-mozilla-release?
QA Whiteboard: [qa-triaged]

Comment on attachment 9176395 [details]
Bug 1664542 - Part 1: Fix client.openWindow/COOP+COEP crash,

approved for 82.0b5

Attachment #9176395 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #9176396 - Flags: approval-mozilla-beta? → approval-mozilla-beta+

Reproduced the issue on Win 7/10 and Ubuntu 16.04 on affected Beta 82.0b4.
Verified-fixed on latest Nightly 83.0a1 (2020-09-29) (64-bit) on Windows 7/10, MacOS 10.15 and Ubuntu 16.04.
Waiting for the fix to be landed on Beta.

Verified-fixed on the latest Beta 82.0b5 on Windows 10, MacOS 10.15 and Ubuntu 16.04.

Status: RESOLVED → VERIFIED
QA Whiteboard: [qa-triaged]
Flags: qe-verify+

Comment on attachment 9176395 [details]
Bug 1664542 - Part 1: Fix client.openWindow/COOP+COEP crash,

Topcrash fix, approved for 81.0.1.

Attachment #9176395 - Flags: approval-mozilla-release? → approval-mozilla-release+
Attachment #9176396 - Flags: approval-mozilla-release? → approval-mozilla-release+

Verified-fixed on latest Firefox Release 81.0.1 (buildID: 20200930150533) on Windows 10 x64, MacOS 10.15 and Ubuntu 16.04.

Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: