Closed Bug 1883786 Opened 1 year ago Closed 1 year ago

Assertion failure: BrowserHost::GetFrom(newRemoteTab.get()) == newTab->GetBrowserHost(), at /home/twsmith/code/mozilla-central/dom/ipc/ContentParent.cpp:5826

Categories

(Core :: DOM: Content Processes, defect)

Product:
Core
Component:
DOM: Content Processes
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1731597
Tracking Flags:
Tracking Status
firefox125 --- affected

People

(Reporter: tsmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: assertion, pernosco)

Found while fuzzing m-c 20240304-7d0df3f2acae (--enable-debug --enable-fuzzing)

This was triggered while trying to reproduce another issue.

Assertion failure: BrowserHost::GetFrom(newRemoteTab.get()) == newTab->GetBrowserHost(), at /home/twsmith/code/mozilla-central/dom/ipc/ContentParent.cpp:5826

#0  MOZ_ReportAssertionFailure (aStr=0x7f2b728191d7 "BrowserHost::GetFrom(newRemoteTab.get()) == newTab->GetBrowserHost()", aFilename=0x7f2b72815445 "/home/twsmith/code/mozilla-central/dom/ipc/ContentParent.cpp", aLine=5826) at /home/twsmith/code/mozilla-central/objdir-ff-debug/dist/include/mozilla/Assertions.h:117
#1  0x00007f2b79bb6239 in mozilla::dom::ContentParent::RecvCreateWindow(mozilla::dom::PBrowserParent*, mozilla::dom::MaybeDiscarded<mozilla::dom::BrowsingContext> const&, mozilla::dom::PBrowserParent*, unsigned int const&, bool const&, bool const&, bool const&, nsIURI*, nsTSubstring<char> const&, mozilla::dom::UserActivation::Modifiers const&, nsIPrincipal*, nsIContentSecurityPolicy*, nsIReferrerInfo*, mozilla::OriginAttributes const&, std::function<void (mozilla::dom::CreatedWindowInfo const&)>&&) (this=0x5611a4818a90, aThisTab=0x56119f4ef1b0, aParent=..., aNewTab=<optimized out>, aChromeFlags=@0x7ffd491a5944: 3149822, aCalledFromJS=@0x7ffd491a596f: false, aForPrinting=@0x7ffd491a594f: false, aForPrintPreview=@0x7ffd491a5917: false, aURIToLoad=0x5611a5b91950, aFeatures=..., aModifiers=..., aTriggeringPrincipal=0x5611a0277d40, aCsp=0x5611a482ac70, aReferrerInfo=0x5611a2a0a940, aOriginAttributes=..., aResolve=...) at /home/twsmith/code/mozilla-central/dom/ipc/ContentParent.cpp:5825
#2  0x00007f2b79cfd723 in mozilla::dom::PContentParent::OnMessageReceived (this=0x5611a4818a90, msg__=...) at /home/twsmith/code/mozilla-central/objdir-ff-debug/ipc/ipdl/PContentParent.cpp:11293
#3  0x00007f2b761ac1df in mozilla::ipc::MessageChannel::DispatchAsyncMessage (this=this@entry=0x5611a4818b18, aProxy=aProxy@entry=0x5611a4915e60, aMsg=...) at /home/twsmith/code/mozilla-central/ipc/glue/MessageChannel.cpp:1812
#4  0x00007f2b761a9ffc in mozilla::ipc::MessageChannel::DispatchMessage (this=this@entry=0x5611a4818b18, aProxy=aProxy@entry=0x5611a4915e60, aMsg=...) at /home/twsmith/code/mozilla-central/ipc/glue/MessageChannel.cpp:1731
#5  0x00007f2b761aa8cd in mozilla::ipc::MessageChannel::RunMessage (this=0x5611a4818b18, aProxy=0x5611a4915e60, aTask=...) at /home/twsmith/code/mozilla-central/ipc/glue/MessageChannel.cpp:1524
#6  0x00007f2b761ab520 in mozilla::ipc::MessageChannel::MessageTask::Run (this=0x7f2b640bd5e0) at /home/twsmith/code/mozilla-central/ipc/glue/MessageChannel.cpp:1622
#7  0x00007f2b756474b8 in mozilla::RunnableTask::Run (this=0x7f2b640cade0) at /home/twsmith/code/mozilla-central/xpcom/threads/TaskController.cpp:578
#8  0x00007f2b7563995f in mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal (this=this@entry=0x56119f383320, aProofOfLock=...) at /home/twsmith/code/mozilla-central/xpcom/threads/TaskController.cpp:905
#9  0x00007f2b75638078 in mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal (this=this@entry=0x56119f383320, aProofOfLock=...) at /home/twsmith/code/mozilla-central/xpcom/threads/TaskController.cpp:728
#10 0x00007f2b756384f6 in mozilla::TaskController::ProcessPendingMTTask (this=0x56119f383320, aMayWait=false) at /home/twsmith/code/mozilla-central/xpcom/threads/TaskController.cpp:514
#11 0x00007f2b7563e297 in mozilla::TaskController::TaskController()::$_0::operator()() const (this=<optimized out>) at /home/twsmith/code/mozilla-central/xpcom/threads/TaskController.cpp:232
#12 mozilla::detail::RunnableFunction<mozilla::TaskController::TaskController()::$_0>::Run() (this=<optimized out>) at /home/twsmith/code/mozilla-central/xpcom/threads/nsThreadUtils.h:548
#13 0x00007f2b7565efa7 in nsThread::ProcessNextEvent (this=0x56119f380160, aMayWait=<optimized out>, aResult=0x7ffd491a749f) at /home/twsmith/code/mozilla-central/xpcom/threads/nsThread.cpp:1199
#14 0x00007f2b75665a3e in NS_ProcessNextEvent (aThread=0x7f2b728191d7, aThread@entry=0x56119f380160, aMayWait=false) at /home/twsmith/code/mozilla-central/xpcom/threads/nsThreadUtils.cpp:480
#15 0x00007f2b761b017f in mozilla::ipc::MessagePump::Run (this=0x56119f4918c0, aDelegate=0x56119f380a40) at /home/twsmith/code/mozilla-central/ipc/glue/MessagePump.cpp:85
#16 0x00007f2b760ea43d in MessageLoop::RunHandler (this=0x7f2b728191d7) at /home/twsmith/code/mozilla-central/ipc/chromium/src/base/message_loop.cc:363
#17 MessageLoop::Run (this=0x7f2b728191d7) at /home/twsmith/code/mozilla-central/ipc/chromium/src/base/message_loop.cc:345
#18 0x00007f2b7a3c2009 in nsBaseAppShell::Run (this=0x56119f61b660) at /home/twsmith/code/mozilla-central/widget/nsBaseAppShell.cpp:148
#19 0x00007f2b7a486053 in nsAppShell::Run (this=0x56119f61b660) at /home/twsmith/code/mozilla-central/widget/gtk/nsAppShell.cpp:470
#20 0x00007f2b7bfdf585 in nsAppStartup::Run (this=0x56119f5c26b0) at /home/twsmith/code/mozilla-central/toolkit/components/startup/nsAppStartup.cpp:296
#21 0x00007f2b7c1554e5 in XREMain::XRE_mainRun (this=this@entry=0x7ffd491a77c0) at /home/twsmith/code/mozilla-central/toolkit/xre/nsAppRunner.cpp:5738
#22 0x00007f2b7c156857 in XREMain::XRE_main (this=this@entry=0x7ffd491a77c0, argc=argc@entry=5, argv=argv@entry=0x7ffd491a8a98, aConfig=...) at /home/twsmith/code/mozilla-central/toolkit/xre/nsAppRunner.cpp:5950
#23 0x00007f2b7c1574d0 in XRE_main (argc=5, argv=0x7ffd491a8a98, aConfig=...) at /home/twsmith/code/mozilla-central/toolkit/xre/nsAppRunner.cpp:6007
#24 0x000056119e88c99e in do_main (argc=5, argv=0x7ffd491a8a98, envp=<optimized out>) at /home/twsmith/code/mozilla-central/browser/app/nsBrowserApp.cpp:227
#25 main (argc=5, argv=0x7ffd491a8a98, envp=<optimized out>) at /home/twsmith/code/mozilla-central/browser/app/nsBrowserApp.cpp:445

A Pernosco session is available here: https://pernos.co/debug/Wvb5GQRxXrdqTlnZEDRgNw/index.html

This was created with a -O1 build. Please let me know if there are any anomalies.

Keywords: pernosco

It seems like bug 1731597 was filed on the same assertion and looking at the assertion in RecvCreateWindow the blame shows that the assertion was removed in accepted but backed out patches on bug 1731597.

Status: NEW → RESOLVED
Closed: 1 year ago
Duplicate of bug: 1731597
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.