Closed
Bug 1790927
Opened 2 years ago
Closed 2 years ago
Assertion failure: !aHandle.parentId().IsEmpty(), at /builds/worker/checkouts/gecko/dom/fs/parent/datamodel/FileSystemDatabaseManagerVersion001.cpp:670
Categories
(Core :: DOM: File, defect)
Core
DOM: File
Tracking
()
RESOLVED
FIXED
106 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr102 | --- | unaffected |
| firefox105 | --- | unaffected |
| firefox106 | --- | fixed |
People
(Reporter: tsmith, Assigned: jesup)
References
(Blocks 2 open bugs, Regression)
Details
(Keywords: assertion, testcase, Whiteboard: [fuzzblocker])
Attachments
(2 files)
Found while fuzzing m-c 20220914-e2ce8d3d4a4b (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.html
Assertion failure: !aHandle.parentId().IsEmpty(), at /builds/worker/checkouts/gecko/dom/fs/parent/datamodel/FileSystemDatabaseManagerVersion001.cpp:670
#0 0x7fe2e75ffbb9 in mozilla::dom::fs::data::FileSystemDatabaseManagerVersion001::MoveEntry(mozilla::dom::fs::FileSystemChildMetadata const&, mozilla::dom::fs::FileSystemChildMetadata const&) /builds/worker/checkouts/gecko/dom/fs/parent/datamodel/FileSystemDatabaseManagerVersion001.cpp:670:3
#1 0x7fe2e75ea1ff in mozilla::dom::FileSystemManagerParent::RecvMoveEntry(mozilla::dom::fs::FileSystemMoveEntryRequest&&, std::function<void (mozilla::dom::fs::FileSystemMoveEntryResponse const&)>&&) /builds/worker/checkouts/gecko/dom/fs/parent/FileSystemManagerParent.cpp:340:3
#2 0x7fe2e7619468 in mozilla::dom::PFileSystemManagerParent::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PFileSystemManagerParent.cpp:840:91
#3 0x7fe2e4990701 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1756:25
#4 0x7fe2e498d255 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1681:9
#5 0x7fe2e498ddf6 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1481:3
#6 0x7fe2e498f181 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1579:14
#7 0x7fe2e3d9d355 in mozilla::TaskQueue::Runner::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskQueue.cpp:259:20
#8 0x7fe2e3db864f in nsThreadPool::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadPool.cpp:310:14
#9 0x7fe2e3daf7a7 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1199:16
#10 0x7fe2e3db5ced in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10
#11 0x7fe2e499734b in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:300:20
#12 0x7fe2e48bb7e7 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#13 0x7fe2e48bb6f2 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#14 0x7fe2e48bb6f2 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#15 0x7fe2e3daaad6 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:384:10
#16 0x7fe2fb64a557 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#17 0x7fe2fc3c4608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477:8
#18 0x7fe2fbf8b132 in __clone /build/glibc-SzIz7B/glibc-2.31/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Flags: in-testsuite?
|
Reporter | |
Updated•2 years ago
|
Whiteboard: [fuzzblocker]
|
|
Reporter | |
Comment 1•2 years ago
|
||
A Pernosco session is available here: https://pernos.co/debug/yHNFKuCeEFkZvUwBKKSwEA/index.html
|
||
Updated•2 years ago
|
Blocks: fuzzing-opfs
|
Assignee | |
Comment 2•2 years ago
|
||
Can I see the source that triggered this?
Flags: needinfo?(twsmith)
|
|
Assignee | |
Comment 3•2 years ago
|
||
Looks like it was something like root.move(root)?
Flags: needinfo?(jkratzer)
|
|
Assignee | |
Comment 4•2 years ago
|
||
It is root.move(root)
Flags: needinfo?(twsmith)
Flags: needinfo?(jkratzer)
|
|
Reporter | |
Comment 5•2 years ago
|
||
|
|
Assignee | |
Comment 6•2 years ago
|
||
|
||
Updated•2 years ago
|
Assignee: nobody → rjesup
Status: NEW → ASSIGNED
Pushed by rjesup@wgate.com: https://hg.mozilla.org/integration/autoland/rev/bf748426c304 Disallow attempts to move the OPFS root directory r=dom-storage-reviewers,jari
|
||
Comment 8•2 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → 106 Branch
|
||
Updated•2 years ago
|
status-firefox105:
--- → unaffected
status-firefox-esr102:
--- → unaffected
Flags: in-testsuite? → in-testsuite+
Regressed by: 1789116
You need to log in
before you can comment on or make changes to this bug.
Description
•