Assertion failure: mActor, at /builds/worker/checkouts/gecko/dom/cache/CacheStorage.cpp:505
Categories
(Core :: Storage: Cache API, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox121 | --- | wontfix |
| firefox122 | --- | wontfix |
| firefox123 | --- | wontfix |
| firefox124 | --- | verified |
People
(Reporter: tsmith, Assigned: hsingh)
References
(Blocks 1 open bug, Regression)
Details
(5 keywords, Whiteboard: [bugmon:bisected,confirmed])
Crash Data
Attachments
(2 files)
Found while fuzzing m-c 20231231-30b0d1ecdc26 (--enable-debug --enable-fuzzing)
To reproduce via Grizzly Replay:
$ pip install fuzzfetch grizzly-framework
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay.bugzilla ./firefox/firefox <bugid>
Assertion failure: mActor, at /builds/worker/checkouts/gecko/dom/cache/CacheStorage.cpp:505
#0 0x7f801a95b2d5 in mozilla::dom::cache::CacheStorage::DestroyInternal(mozilla::dom::cache::CacheStorageChild*) /builds/worker/checkouts/gecko/dom/cache/CacheStorage.cpp:505:3
#1 0x7f801a95c48e in mozilla::dom::cache::CacheStorageChild::ActorDestroy(mozilla::ipc::IProtocol::ActorDestroyReason) /builds/worker/checkouts/gecko/dom/cache/CacheStorageChild.cpp:98:15
#2 0x7f8015f82d0e in mozilla::ipc::IProtocol::DestroySubtree(mozilla::ipc::IProtocol::ActorDestroyReason) /builds/worker/checkouts/gecko/ipc/glue/ProtocolUtils.cpp:626:3
#3 0x7f8016001333 in mozilla::ipc::PBackgroundChild::SendPCacheStorageConstructor(mozilla::dom::cache::PCacheStorageChild*, mozilla::dom::cache::Namespace const&, mozilla::ipc::PrincipalInfo const&) /builds/worker/workspace/obj-build/ipc/ipdl/PBackgroundChild.cpp:3212:16
#4 0x7f801a9573ab in mozilla::dom::cache::CacheStorage::CacheStorage(mozilla::dom::cache::Namespace, nsIGlobalObject*, mozilla::ipc::PrincipalInfo const&, mozilla::SafeRefPtr<mozilla::dom::cache::CacheWorkerRef>) /builds/worker/checkouts/gecko/dom/cache/CacheStorage.cpp:283:49
#5 0x7f801a954703 in mozilla::dom::cache::CacheStorage::CreateOnMainThread(mozilla::dom::cache::Namespace, nsIGlobalObject*, nsIPrincipal*, bool, mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/cache/CacheStorage.cpp:166:11
#6 0x7f8017e5ecc8 in nsGlobalWindowInner::GetCaches(mozilla::ErrorResult&) /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowInner.cpp:4997:21
#7 0x7f8019eb75a6 in mozilla::dom::Window_Binding::get_caches(JSContext*, JS::Handle<JSObject*>, void*, JSJitGetterCallArgs) /builds/worker/workspace/obj-build/dom/bindings/./WindowBinding.cpp:19336:86
#8 0x7f801a8da779 in bool mozilla::dom::binding_detail::GenericGetter<mozilla::dom::binding_detail::MaybeCrossOriginObjectThisPolicy, mozilla::dom::binding_detail::ThrowExceptions>(JSContext*, unsigned int, JS::Value*) /builds/worker/checkouts/gecko/dom/bindings/BindingUtils.cpp:3140:13
#9 0x7f8024bb7b15 in CallJSNative /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:479:13
#10 0x7f8024bb7b15 in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:573:12
#11 0x7f8024bb9c06 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:640:10
#12 0x7f8024bb9c06 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:672:8
#13 0x7f8024bbb996 in js::CallGetter(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:794:10
#14 0x7f8024f765d2 in CallGetter /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2069:12
#15 0x7f8024f765d2 in GetExistingProperty<(js::AllowGC)1> /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2097:12
#16 0x7f8024f765d2 in NativeGetPropertyInline<(js::AllowGC)1> /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2245:14
#17 0x7f8024f765d2 in js::NativeGetProperty(JSContext*, JS::Handle<js::NativeObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/NativeObject.cpp:2276:10
#18 0x7f80254a8c08 in GetProperty /builds/worker/checkouts/gecko/js/src/vm/ObjectOperations-inl.h:117:10
#19 0x7f80254a8c08 in js::ForwardingProxyHandler::get(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) const /builds/worker/checkouts/gecko/js/src/proxy/Wrapper.cpp:147:10
#20 0x7f8017e92e21 in nsOuterWindowProxy::get(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) const /builds/worker/checkouts/gecko/dom/base/nsGlobalWindowOuter.cpp:955:23
#21 0x7f8025485574 in getInternal /builds/worker/checkouts/gecko/js/src/proxy/Proxy.cpp:526:19
#22 0x7f8025485574 in js::Proxy::get(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::Handle<JS::PropertyKey>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/proxy/Proxy.cpp:534:10
#23 0x7f8024bff1d2 in GetProperty /builds/worker/checkouts/gecko/js/src/vm/ObjectOperations-inl.h:114:12
#24 0x7f8024bff1d2 in GetProperty /builds/worker/checkouts/gecko/js/src/vm/ObjectOperations-inl.h:124:10
#25 0x7f8024bff1d2 in js::GetProperty(JSContext*, JS::Handle<JS::Value>, JS::Handle<js::PropertyName*>, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:4452:10
#26 0x7f8024bd0a13 in GetPropertyOperation /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:245:10
#27 0x7f8024bd0a13 in js::Interpret(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:2715:12
#28 0x7f8024bb6897 in MaybeEnterInterpreterTrampoline /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:393:10
#29 0x7f8024bb6897 in js::RunScript(JSContext*, js::RunState&) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:451:13
#30 0x7f8024bb7c7e in js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:605:13
#31 0x7f8024bb9c06 in InternalCall /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:640:10
#32 0x7f8024bb9c06 in js::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, js::AnyInvokeArgs const&, JS::MutableHandle<JS::Value>, js::CallReason) /builds/worker/checkouts/gecko/js/src/vm/Interpreter.cpp:672:8
#33 0x7f8024d30e8b in JS::Call(JSContext*, JS::Handle<JS::Value>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) /builds/worker/checkouts/gecko/js/src/vm/CallAndConstruct.cpp:119:10
#34 0x7f801a32f51f in mozilla::dom::EventListener::HandleEvent(mozilla::dom::BindingCallContext&, JS::Handle<JS::Value>, mozilla::dom::Event&, mozilla::ErrorResult&) /builds/worker/workspace/obj-build/dom/bindings/./EventListenerBinding.cpp:62:8
#35 0x7f801b737e47 in void mozilla::dom::EventListener::HandleEvent<mozilla::dom::EventTarget*>(mozilla::dom::EventTarget* const&, mozilla::dom::Event&, mozilla::ErrorResult&, char const*, mozilla::dom::CallbackObject::ExceptionHandling, JS::Realm*) /builds/worker/workspace/obj-build/dist/include/mozilla/dom/EventListenerBinding.h:65:12
#36 0x7f801b7370ef in mozilla::EventListenerManager::HandleEventSingleListener(mozilla::EventListenerManager::Listener*, nsAtom*, mozilla::WidgetEvent*, mozilla::dom::Event*, mozilla::dom::EventTarget*, bool) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1342:43
#37 0x7f801b739d9a in mozilla::EventListenerManager::HandleEventWithListenerArray(mozilla::EventListenerManager::ListenerArray*, nsAtom*, mozilla::EventMessage, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, bool) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1663:12
#38 0x7f801b7387d6 in mozilla::EventListenerManager::HandleEventInternal(nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event**, mozilla::dom::EventTarget*, nsEventStatus*, bool) /builds/worker/checkouts/gecko/dom/events/EventListenerManager.cpp:1560:35
#39 0x7f801b71bb92 in mozilla::EventTargetChainItem::HandleEvent(mozilla::EventChainPostVisitor&, mozilla::ELMCreationDetector&) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:364:17
#40 0x7f801b719098 in mozilla::EventTargetChainItem::HandleEventTargetChain(nsTArray<mozilla::EventTargetChainItem>&, mozilla::EventChainPostVisitor&, mozilla::EventDispatchingCallback*, mozilla::ELMCreationDetector&) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:611:18
#41 0x7f801b720b5a in mozilla::EventDispatcher::Dispatch(mozilla::dom::EventTarget*, nsPresContext*, mozilla::WidgetEvent*, mozilla::dom::Event*, nsEventStatus*, mozilla::EventDispatchingCallback*, nsTArray<mozilla::dom::EventTarget*>*) /builds/worker/checkouts/gecko/dom/events/EventDispatcher.cpp:1232:11
#42 0x7f80201503f6 in nsDocumentViewer::LoadComplete(nsresult) /builds/worker/checkouts/gecko/layout/base/nsDocumentViewer.cpp:1077:7
#43 0x7f802355a8ae in nsDocShell::EndPageLoad(nsIWebProgress*, nsIChannel*, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:6329:13
#44 0x7f8023559647 in nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:5721:7
#45 0x7f802355c106 in non-virtual thunk to nsDocShell::OnStateChange(nsIWebProgress*, nsIRequest*, unsigned int, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp
#46 0x7f80165c9487 in nsDocLoader::DoFireOnStateChange(nsIWebProgress*, nsIRequest*, int&, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:1372:3
#47 0x7f80165c7d56 in nsDocLoader::doStopDocumentLoad(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:978:14
#48 0x7f80165c32aa in nsDocLoader::DocLoaderIsEmpty(bool, mozilla::Maybe<nsresult> const&) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:795:9
#49 0x7f80165c64e5 in nsDocLoader::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/uriloader/base/nsDocLoader.cpp:678:5
#50 0x7f80235afeda in nsDocShell::OnStopRequest(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/docshell/base/nsDocShell.cpp:13839:23
#51 0x7f80146f105b in mozilla::net::nsLoadGroup::NotifyRemovalObservers(nsIRequest*, nsresult) /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp:631:22
#52 0x7f80146f45c4 in mozilla::net::nsLoadGroup::RemoveRequest(nsIRequest*, nsISupports*, nsresult) /builds/worker/checkouts/gecko/netwerk/base/nsLoadGroup.cpp:535:10
#53 0x7f80181743fe in DoUnblockOnload /builds/worker/checkouts/gecko/dom/base/Document.cpp:11688:18
#54 0x7f80181743fe in mozilla::dom::Document::UnblockOnload(bool) /builds/worker/checkouts/gecko/dom/base/Document.cpp:11626:9
#55 0x7f80181a9338 in mozilla::dom::Document::DispatchContentLoadedEvents() /builds/worker/checkouts/gecko/dom/base/Document.cpp:8157:3
#56 0x7f80182dcb9b in operator()<> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1164:18
#57 0x7f80182dcb9b in __invoke_impl<void, (lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9)> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:60:14
#58 0x7f80182dcb9b in __invoke<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9)> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/bits/invoke.h:95:14
#59 0x7f80182dcb9b in __apply_impl<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1678:14
#60 0x7f80182dcb9b in apply<(lambda at /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1163:9), std::tuple<> &> /builds/worker/fetches/sysroot-x86_64-linux-gnu/usr/lib/gcc/x86_64-linux-gnu/8/../../../../include/c++/8/tuple:1687:14
#61 0x7f80182dcb9b in apply<mozilla::dom::Document, void (mozilla::dom::Document::*)()> /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1162:12
#62 0x7f80182dcb9b in mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void (mozilla::dom::Document::*)(), true, (mozilla::RunnableKind)0>::Run() /builds/worker/workspace/obj-build/dist/include/nsThreadUtils.h:1213:13
#63 0x7f801429833a in mozilla::RunnableTask::Run() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:568:16
#64 0x7f801427e1bb in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:895:26
#65 0x7f801427ad98 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal(mozilla::detail::BaseAutoLock<mozilla::Mutex&> const&) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:718:15
#66 0x7f801427b499 in mozilla::TaskController::ProcessPendingMTTask(bool) /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:504:36
#67 0x7f80142a0431 in operator() /builds/worker/checkouts/gecko/xpcom/threads/TaskController.cpp:222:37
#68 0x7f80142a0431 in mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.h:548:5
#69 0x7f80142c83af in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1199:16
#70 0x7f80142d60ea in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10
#71 0x7f8015f5ee3e in mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:85:21
#72 0x7f8015d8713a in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:370:10
#73 0x7f8015d8713a in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#74 0x7f8015d8713a in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#75 0x7f801f6cfb39 in nsBaseAppShell::Run() /builds/worker/checkouts/gecko/widget/nsBaseAppShell.cpp:148:27
#76 0x7f801f8d4532 in nsAppShell::Run() /builds/worker/checkouts/gecko/widget/gtk/nsAppShell.cpp:470:33
#77 0x7f8024764a3e in XRE_RunAppShell() /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:721:20
#78 0x7f8015d8713a in RunInternal /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:370:10
#79 0x7f8015d8713a in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#80 0x7f8015d8713a in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#81 0x7f8024763fe3 in XRE_InitChildProcess(int, char**, XREChildData const*) /builds/worker/checkouts/gecko/toolkit/xre/nsEmbedFunctions.cpp:656:34
#82 0x563a27f75d9c in content_process_main /builds/worker/checkouts/gecko/browser/app/../../ipc/contentproc/plugin-container.cpp:57:28
#83 0x563a27f75d9c in main /builds/worker/checkouts/gecko/browser/app/nsBrowserApp.cpp:375:18
#84 0x7f803be29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#85 0x7f803be29e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#86 0x563a27e9a0a8 in _start (/home/user/workspace/browsers/m-c-20240102161658-fuzzing-asan-opt/firefox+0xdc0a8) (BuildId: 00a0c56459cde2251a929fb88f509b3ef678bc17)
|
||
Comment 1•4 months ago
|
||
Got a crash from the testcase: https://crash-stats.mozilla.org/report/index/1a4ee8ae-a52a-43c1-9d5e-416020240103#tab-bugzilla
|
||
Comment 2•4 months ago
|
||
Verified bug as reproducible on mozilla-central 20240103050624-cc67c788cded.
The bug appears to have been introduced in the following build range:
Start: 774b174e3a752c8d13765c40a98f891d6c2d1107 (20231012152815)
End: c09a0d19d99b488a292e3583cd0bb488afc74173 (20231012170135)
Pushlog: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=774b174e3a752c8d13765c40a98f891d6c2d1107&tochange=c09a0d19d99b488a292e3583cd0bb488afc74173
|
||
Comment 3•4 months ago
|
||
:janv could this introduced by the changes being done in bug 1808294?
|
||
Comment 4•4 months ago
|
||
(In reply to Dianna Smith [:diannaS] from comment #3)
:janv could this introduced by the changes being done in bug 1808294?
I don't think so.
The content process is killed by the parent because of the IPC_FAIL at https://searchfox.org/mozilla-central/rev/24ea2579c4a94d5da8db4bb529cbefe5e5e3c2d3/ipc/glue/BackgroundParentImpl.cpp#953
IPC_FAIL called in the main process and on the PBackground thread started killing content processes after bug 1855908.
|
|
||
Updated•4 months ago
|
|
Assignee | |
Comment 5•4 months ago
|
||
I see few other bugs having the same pattern. In this particular case, I think the sharedworker was terminated early and as a result, content process sent a message to parent to force close it https://searchfox.org/mozilla-central/source/dom/messagechannel/MessagePort.cpp#801.
What do you do with these types of bugs ? they don't seem to be real bugs ? And what was the behavior prior to new one in IPC_FAIL ?
|
||
Updated•4 months ago
|
|
|
||
Comment 6•4 months ago
|
||
:asuth or :edenchuang have more expertise in this area.
In general, either the IPC_FAIL shouldn't be used or it should be investigated why ForceClose failed and eventually be fixed to not fail.
|
||
Updated•4 months ago
|
|
|
||
Comment 7•4 months ago
|
||
https://searchfox.org/mozilla-central/rev/7fc94186f1a759790c56e41a90ab350d78dbda30/dom/messagechannel/MessagePortService.cpp#394-398 causes MessagePortService::ForceClose() returns false.
I will investigate why the DestinationID or SequenceID mismatched.
|
||
Updated•4 months ago
|
|
|
||
Updated•4 months ago
|
|
|
||
Comment 8•4 months ago
|
||
Successfully recorded a pernosco session. A link to the pernosco session will be added here shortly.
|
|
Assignee | |
Comment 10•3 months ago
|
||
I investigated this further and seems that the assertion is raised because of the mismatch in sequence ID (1 in data->mSequenceId vs 2 in aSequenceID, at https://searchfox.org/mozilla-central/rev/7fc94186f1a759790c56e41a90ab350d78dbda30/dom/messagechannel/MessagePortService.cpp#394-398).
Content process side calls into https://searchfox.org/mozilla-central/rev/c130c69b7b863d5e28ab9524b65c27c7a9507c48/dom/messagechannel/MessagePort.cpp#645 twice, first call led to initialize and entangle the sides and second one wanted to Disentangle the sides. Disentangle wasn't invoked because the child side hasn't received the ACK back for it's entangle request yet so it was delayed until the entangle ACK was received (https://searchfox.org/mozilla-central/rev/c130c69b7b863d5e28ab9524b65c27c7a9507c48/dom/messagechannel/MessagePort.cpp#567) but in this process the sequence ID has been increased twice starting from it's initial value of 0 to 2 from here: https://searchfox.org/mozilla-central/rev/c130c69b7b863d5e28ab9524b65c27c7a9507c48/dom/messagechannel/MessagePort.cpp#669.
Prior to receiving entangled ACK message, content process side wanted to MessagePort::ForceClose with it's sequence ID set to 2 while the sequence ID of the parent side still haven't had a chance to increase in https://searchfox.org/mozilla-central/rev/c130c69b7b863d5e28ab9524b65c27c7a9507c48/dom/messagechannel/MessagePortService.cpp#188 yet from it's initial value of 1 because content process has delayed sending the disentangle request because it hasn't received the entangle ACK back yet.
|
|
||
Comment 11•3 months ago
|
||
Prior to receiving entangled ACK message, content process side wanted to MessagePort::ForceClose with it's sequence ID set to 2 while the sequence ID of the parent side still haven't had a chance to increase in https://searchfox.org/mozilla-central/rev/c130c69b7b863d5e28ab9524b65c27c7a9507c48/dom/messagechannel/MessagePortService.cpp#188 yet from it's initial value of 1 because content process has delayed sending the disentangle request because it hasn't received the entangle ACK back yet.
MessagePort state machine is maintained on child sides and sequenceID update starts from child side. Therefore, it seems that the child side knows the correct sequenceID. I sugguest to check the MessagePort::mState to determine the correct sequenceID in MessagePort::ForceClose()
In this case, the state should be eStateEntanglingForDisentangle or eStateEntanglingForClose, and we probably should pass sequenceID-1 to the parent side.
|
|
||
Updated•3 months ago
|
|
|
Assignee | |
Updated•3 months ago
|
|
||
Comment 12•3 months ago
|
||
Set release status flags based on info from the regressing bug 1855908
|
|
Assignee | |
Comment 13•3 months ago
|
||
As described here, https://bugzilla.mozilla.org/show_bug.cgi?id=1872770#c10 the MessagePort ForceClose message can be out of sync
in certain situations and hence, the sequenceIDs could be different. This is fine as we don't expect to receive more messages after
the ForceClose.
|
||
Comment 14•3 months ago
|
||
Pushed by hsingh@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/29637c100bb4 Allowing the MessagePort ForceClose message to be not in sync with the previous messages sent on the port.r=edenchuang
|
||
Comment 15•3 months ago
|
||
| bugherder | ||
|
|
||
Comment 16•3 months ago
|
||
The patch landed in nightly and beta is affected.
:hsingh, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox123towontfix.
For more information, please visit BugBot documentation.
|
|
Assignee | |
Updated•3 months ago
|
|
|
||
Comment 17•3 months ago
|
||
Verified bug as fixed on rev mozilla-central 20240206095115-1995789cfffa.
Removing bugmon keyword as no further action possible. Please review the bug and re-add the keyword for further analysis.
Description
•