Assertion failure: aActor, at /builds/worker/checkouts/gecko/dom/file/ipc/RemoteLazyInputStream.cpp:139
Categories
(Core :: DOM: File, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox-esr102 | --- | unaffected |
firefox106 | --- | wontfix |
firefox107 | --- | wontfix |
firefox108 | --- | verified |
firefox109 | --- | verified |
People
(Reporter: tsmith, Assigned: jstutte)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: assertion, regression, testcase)
Attachments
(2 files)
Found while fuzzing m-c 20221018-826073b561e0 (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay ./firefox/firefox testcase.zip
Assertion failure: aActor, at /builds/worker/checkouts/gecko/dom/file/ipc/RemoteLazyInputStream.cpp:139
#0 0x7f541313c90b in mozilla::RemoteLazyInputStream::RemoteLazyInputStream(mozilla::RemoteLazyInputStreamChild*, unsigned long, unsigned long) /builds/worker/checkouts/gecko/dom/file/ipc/RemoteLazyInputStream.cpp:139:3
#1 0x7f541314728b in mozilla::RemoteLazyInputStream::IPCRead(IPC::MessageReader*) /builds/worker/checkouts/gecko/dom/file/ipc/RemoteLazyInputStream.cpp:1392:24
#2 0x7f5413147773 in IPC::ParamTraits<mozilla::RemoteLazyInputStream*>::Read(IPC::MessageReader*, RefPtr<mozilla::RemoteLazyInputStream>*) /builds/worker/checkouts/gecko/dom/file/ipc/RemoteLazyInputStream.cpp:1417:14
#3 0x7f541314dd45 in Read /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:820:12
#4 0x7f541314dd45 in ReadParam<RefPtr<mozilla::RemoteLazyInputStream> > /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:296:10
#5 0x7f541314dd45 in IPC::ParamTraits<mozilla::RemoteLazyStream>::Read(IPC::MessageReader*, mozilla::RemoteLazyStream*) /builds/worker/workspace/obj-build/ipc/ipdl/IPCBlob.cpp:290:20
#6 0x7f541314e4e4 in ReadParam<mozilla::RemoteLazyStream> /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:296:10
#7 0x7f541314e4e4 in IPC::ParamTraits<mozilla::dom::IPCBlob>::Read(IPC::MessageReader*, mozilla::dom::IPCBlob*) /builds/worker/workspace/obj-build/ipc/ipdl/IPCBlob.cpp:469:12
#8 0x7f5414256371 in ReadParam<mozilla::dom::IPCBlob> /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:296:10
#9 0x7f5414256371 in ReadSequenceParam<(lambda at /builds/worker/workspace/obj-build/dist/include/ipc/IPCMessageUtilsSpecializations.h:171:39), mozilla::dom::IPCBlob> /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:454:12
#10 0x7f5414256371 in Read /builds/worker/workspace/obj-build/dist/include/ipc/IPCMessageUtilsSpecializations.h:171:12
#11 0x7f5414256371 in ReadParam<nsTArray<mozilla::dom::IPCBlob> > /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:296:10
#12 0x7f5414256371 in IPC::ParamTraits<mozilla::dom::ClonedMessageData>::Read(IPC::MessageReader*, mozilla::dom::ClonedMessageData*) /builds/worker/workspace/obj-build/ipc/ipdl/DOMTypes.cpp:141:12
#13 0x7f5414257d5a in ReadParam<mozilla::dom::ClonedMessageData> /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:296:10
#14 0x7f5414257d5a in IPC::ParamTraits<mozilla::dom::MessageDataType>::Read(IPC::MessageReader*, mozilla::dom::MessageDataType*) /builds/worker/workspace/obj-build/ipc/ipdl/DOMTypes.cpp:669:20
#15 0x7f5414258024 in ReadParam<mozilla::dom::MessageDataType> /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:296:10
#16 0x7f5414258024 in IPC::ParamTraits<mozilla::dom::MessageData>::Read(IPC::MessageReader*, mozilla::dom::MessageData*) /builds/worker/workspace/obj-build/ipc/ipdl/DOMTypes.cpp:739:12
#17 0x7f54144e6eb4 in ReadParam<mozilla::dom::MessageData> /builds/worker/checkouts/gecko/ipc/chromium/src/chrome/common/ipc_message_utils.h:296:10
#18 0x7f54144e6eb4 in mozilla::dom::PBroadcastChannelChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBroadcastChannelChild.cpp:195:20
#19 0x7f541056dcc4 in mozilla::ipc::PBackgroundChild::OnMessageReceived(IPC::Message const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:6267:32
#20 0x7f54104fee71 in mozilla::ipc::MessageChannel::DispatchAsyncMessage(mozilla::ipc::ActorLifecycleProxy*, IPC::Message const&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1756:25
#21 0x7f54104fb9c5 in mozilla::ipc::MessageChannel::DispatchMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::UniquePtr<IPC::Message, mozilla::DefaultDelete<IPC::Message> >) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1681:9
#22 0x7f54104fc566 in mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::ActorLifecycleProxy*, mozilla::ipc::MessageChannel::MessageTask&) /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1481:3
#23 0x7f54104fd8f1 in mozilla::ipc::MessageChannel::MessageTask::Run() /builds/worker/checkouts/gecko/ipc/glue/MessageChannel.cpp:1579:14
#24 0x7f540f916a54 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1198:16
#25 0x7f540f912ce9 in NS_ProcessPendingEvents(nsIThread*, unsigned int) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:430:19
#26 0x7f54144757a3 in mozilla::dom::WorkerPrivate::ClearMainEventQueue(mozilla::dom::WorkerPrivate::WorkerRanOrNot) /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.cpp:3831:5
#27 0x7f5414472f50 in mozilla::dom::WorkerPrivate::NotifyInternal(mozilla::dom::WorkerStatus) /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.cpp:4659:7
#28 0x7f54144830ae in mozilla::dom::WorkerRunnable::Run() /builds/worker/checkouts/gecko/dom/workers/WorkerRunnable.cpp:377:12
#29 0x7f5414472b41 in mozilla::dom::WorkerPrivate::ProcessAllControlRunnablesLocked() /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.cpp:3783:9
#30 0x7f541447521f in ProcessAllControlRunnables /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.h:1104:12
#31 0x7f541447521f in mozilla::dom::WorkerPrivate::InterruptCallback(JSContext*) /builds/worker/checkouts/gecko/dom/workers/WorkerPrivate.cpp:3571:19
#32 0x7f541703ce96 in HandleInterrupt /builds/worker/checkouts/gecko/js/src/vm/Runtime.cpp:398:10
#33 0x7f541703ce96 in JSContext::handleInterrupt() /builds/worker/checkouts/gecko/js/src/vm/Runtime.cpp:466:12
#34 0x25e89eb124ed (<unknown module>)
Comment 1•2 years ago
|
||
This might be a regression from bug 1776209.
Because of that actor can be more likely null here
https://searchfox.org/mozilla-central/rev/88f285c5163f73abd209d4f73cfa476660351982/dom/file/ipc/RemoteLazyInputStream.cpp#1389
That is because of
https://searchfox.org/mozilla-central/rev/88f285c5163f73abd209d4f73cfa476660351982/dom/file/ipc/RemoteLazyInputStream.cpp#161 and that
changed here https://searchfox.org/mozilla-central/rev/88f285c5163f73abd209d4f73cfa476660351982/dom/file/ipc/RemoteLazyInputStreamThread.cpp#71-72
Assignee | ||
Comment 2•2 years ago
•
|
||
(In reply to Olli Pettay [:smaug][bugs@pettay.fi] from comment #1)
This might be a regression from bug 1776209.
Because of that actor can be more likely null here
https://searchfox.org/mozilla-central/rev/88f285c5163f73abd209d4f73cfa476660351982/dom/file/ipc/RemoteLazyInputStream.cpp#1389
That is because of
https://searchfox.org/mozilla-central/rev/88f285c5163f73abd209d4f73cfa476660351982/dom/file/ipc/RemoteLazyInputStream.cpp#161 and that
changed here https://searchfox.org/mozilla-central/rev/88f285c5163f73abd209d4f73cfa476660351982/dom/file/ipc/RemoteLazyInputStreamThread.cpp#71-72
Thanks, yeah, that sounds very likely (it might as well prevent us from worse consequences, though). I am just wondering if the right reaction in RemoteLazyInputStream::IPCRead
would be then to return nullptr
or to do_AddRef(new RemoteLazyInputStream());
- I see both as possible failure handling.
IIUC returning nullptr
would result in aReader->FatalError("Error deserializing 'inputStream' (RemoteLazyStream) member of 'IPCBlob'");
inside ParamTraits<mozilla::dom::IPCBlob>::Read
which translates potentially to a crash. So I am inclined to just return a new, empty RemoteLazyInputStream
here.
Assignee | ||
Updated•2 years ago
|
Comment 3•2 years ago
|
||
Set release status flags based on info from the regressing bug 1776209
Assignee | ||
Comment 4•2 years ago
|
||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Updated•2 years ago
|
Comment 6•2 years ago
|
||
bugherder |
Comment 7•2 years ago
|
||
Bugmon Analysis
Unable to reproduce bug 1796687 using build mozilla-central 20221018094831-826073b561e0. Without a baseline, bugmon is unable to analyze this bug.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Updated•2 years ago
|
Updated•2 years ago
|
Comment 8•2 years ago
|
||
I was able to reproduce the issue with Firefox build 2022-10-18 on Ubuntu 22.04 by following the infos provided in Comment 0.
The issue is fixed on Firefox 108.0a1 (2022-10-26) and 109.0a1 (2022-11-20) on the same system.
By trying with newer builds (2022-11-21 and up) the "Failure during launch (retries 2)" will appear twice and then "Launch failed, please verify browser build works as expected".
Description
•