This bug is for crash report bp-851564fc-e643-4c6d-acab-a97a60190408.

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::ContentParent::RecvAttachBrowsingContext dom/ipc/ContentParent.cpp:5705
1 xul.dll mozilla::dom::PContentParent::OnMessageReceived ipc/ipdl/PContentParent.cpp:9561
2 xul.dll void mozilla::ipc::MessageChannel::DispatchMessage ipc/glue/MessageChannel.cpp:2078
3 xul.dll nsresult mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1968
4 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1180
5 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:486
6 xul.dll void mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110
7 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:308
8 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:290
9 xul.dll nsBaseAppShell::Run widget/nsBaseAppShell.cpp:137

There are 44 crashes (from 29 installations) in nightly 68 with buildid 20190408193006. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1523636.

[1] https://hg.mozilla.org/mozilla-central/rev?node=d76b42f0d6ca

I've hit a crash with this signature twice while loading https://www.haaretz.com/ (although I also loaded it once without crashing).

This is by far the worst crash in nightly at the moment.

crash reason is "MOZ_RELEASE_ASSERT(parent) (Parent doesn't exist in parent process)"

With the url given by dbaron which also crashes rather reliably for me I came to this regression range that I think is the best I can get:

https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=09e7dea38c39127b6d4af2d5d63ea59d3f10eb6d&tochange=e15b044fefe0dd90e6172913bcdd172627b06835

I contains bug 1537910, bug 1541810 and bug 1523636 so the theory in comment #0 that bug 1523636 is the regressor sounds plausible.

This crash didn't show up after the backout, so I'll call this fixed.

https://hg.mozilla.org/mozilla-central/rev/c67c3014b6c891959a12834a471b8e7f7e5db882

Retroactively moving fixed bugs whose summaries mention "Fission" (or other Fission-related keywords) but are not assigned to a Fission Milestone to an appropriate Fission Milestone.

This will generate a lot of bugmail, so you can filter your bugmail for the following UUID and delete them en masse:

0ee3c76a-bc79-4eb2-8d12-05dc0b68e732

Please specify a root cause for this bug. See :tmaity for more information.

Description of root cause:

Race between parent having closed a browsing context that a child wanted to attach to a tree. Possible sub-category for Coding could be Parallelism issue (similar to concurrency, but not the same?)