Closed Bug 1662821 Opened 3 years ago Closed 2 years ago

Assertion failure: group.GetKey()->GetHostProcess(mRemoteType) != this (still a host process for one of our groups?), at /builds/worker/checkouts/gecko/dom/ipc/ContentParent.cpp:1677

Categories

(Core :: DOM: Content Processes, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1661364
Tracking Status
firefox82 --- affected

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, testcase, Whiteboard: [bugmon:confirmed])

Attachments

(1 file)

Attached file testcase.html

Testcase found while fuzzing mozilla-central rev b74ab1682dea (built with --enable-debug).

Steps to reproduce (via grizzly.replay):

  1. pip install grizzly-framework
  2. python3 -m grizzly.replay --xvfb ~/builds/mc-debug/firefox testcase.html --repeat 10

Assertion failure: group.GetKey()->GetHostProcess(mRemoteType) != this (still a host process for one of our groups?), at /builds/worker/checkouts/gecko/dom/ipc/ContentParent.cpp:1677

    #0 0x7f9a1643e8d3 in mozilla::dom::ContentParent::AssertNotInPool() /builds/worker/checkouts/gecko/dom/ipc/ContentParent.cpp:1676:7
    #1 0x7f9a1643dc8d in mozilla::dom::ContentParent::RemoveFromList() /builds/worker/checkouts/gecko/dom/ipc/ContentParent.cpp:1707:5
    #2 0x7f9a1643d55b in mozilla::dom::ContentParent::TryToRecycle() /builds/worker/checkouts/gecko/dom/ipc/ContentParent.cpp:1995:5
    #3 0x7f9a16415aff in mozilla::dom::ContentParent::NotifyTabDestroyed(mozilla::dom::IdType<mozilla::dom::BrowserParent> const&, bool) /builds/worker/checkouts/gecko/dom/ipc/ContentParent.cpp:2146:8
    #4 0x7f9a16415929 in mozilla::dom::BrowserParent::Recv__delete__() /builds/worker/checkouts/gecko/dom/ipc/BrowserParent.cpp:658:14
    #5 0x7f9a134009d0 in mozilla::dom::PBrowserParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBrowserParent.cpp:4245:57
    #6 0x7f9a12eae35d in mozilla::dom::PContentParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PContentParent.cpp:6730:32
    #7 0x7f9a12cfd77e in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2150:25
    #8 0x7f9a12cf9f3f in mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:2074:9
    #9 0x7f9a12cfb346 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1922:3
    #10 0x7f9a12cfbf6b in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1953:13
    #11 0x7f9a123efb5f in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:242:16
    #12 0x7f9a123edbda in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:512:26
    #13 0x7f9a123ecd34 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:371:15
    #14 0x7f9a123ecee7 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:168:36
    #15 0x7f9a123f4896 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:83:37
    #16 0x7f9a123f4896 in mozilla::detail::RunnableFunction<mozilla::TaskController::InitializeInternal()::$_4>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:577:5
    #17 0x7f9a12407c7f in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1234:14
    #18 0x7f9a1240d62a in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:513:10
    #19 0x7f9a12d03076 in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:87:21
    #20 0x7f9a12c76433 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:334:10
    #21 0x7f9a12c7634d in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:327:3
    #22 0x7f9a12c7634d in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:309:3
    #23 0x7f9a168eb668 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:137:27
    #24 0x7f9a17fb056e in nsAppStartup::Run() /builds/worker/checkouts/gecko/toolkit/components/startup/nsAppStartup.cpp:270:30
    #25 0x7f9a180b638a in XREMain::XRE_mainRun() /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:4751:22
    #26 0x7f9a180b759e in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:4941:8
    #27 0x7f9a180b7ed0 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /builds/worker/checkouts/gecko/toolkit/xre/nsAppRunner.cpp:4995:21
    #28 0x55e6e93ad6c5 in do_main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:217:22
    #29 0x55e6e93ad6c5 in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:331:16
    #30 0x7f9a27c290b2 in __libc_start_main /build/glibc-YYA7BZ/glibc-2.31/csu/../csu/libc-start.c:308:16
    #31 0x55e6e938b549 in _start (/home/worker/builds/m-c-20200828153126-fuzzing-debug/firefox-bin+0x17549)
Flags: in-testsuite?
Keywords: bugmon
Whiteboard: [bugmon:confirm] → [bugmon:confirmed]
Bugmon Analysis:
Unable to reproduce bug using the following builds:
> mozilla-central 20200902215721-85e7a3055098
> mozilla-central 20200902033114-00a15ff99b87
Removing bugmon keyword as no further action possible.
Please review the bug and re-add the keyword for further analysis.

Closing as dupe of bug 1661364

ContentParent::TryToRecycle() no longer calls ContentParent::RemoveFromList().

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.