1922422 - Assertion failure: IsOnBackgroundThread(), at /builds/worker/checkouts/gecko/ipc/glue/BackgroundImpl.cpp:171

Status: RESOLVED FIXED

(Core :: Networking: Cookies, defect, P2)

Description

[Tyson Smith [:tsmith]]

Found while fuzzing m-c 20240927-a44bb440300f (--enable-debug --enable-fuzzing)

To reproduce via Grizzly Replay:

$ pip install fuzzfetch grizzly-framework --upgrade
$ python -m fuzzfetch -d --fuzzing -n firefox
$ python -m grizzly.replay.bugzilla ./firefox/firefox <bugid>

A reduced test case is not available yet.
A Pernosco session is available here: https://pernos.co/debug/U0QM_0wOZGvPB2WhEg64yQ/index.html

Assertion failure: IsOnBackgroundThread(), at /builds/worker/checkouts/gecko/ipc/glue/BackgroundImpl.cpp:171

#0 0x72b0150ae669 in operator() /builds/worker/checkouts/gecko/dom/cookiestore/CookieStore.cpp:745:15
#1 0x72b0150ae669 in InvokeMethod<(lambda at /builds/worker/checkouts/gecko/dom/cookiestore/CookieStore.cpp:741:13), void ((lambda at /builds/worker/checkouts/gecko/dom/cookiestore/CookieStore.cpp:741:13)::*)(const mozilla::MozPromise<nsTArray<mozilla::dom::CookieData>, mozilla::ipc::ResponseRejectReason, true>::ResolveOrRejectValue &) const, mozilla::MozPromise<nsTArray<mozilla::dom::CookieData>, mozilla::ipc::ResponseRejectReason, true>::ResolveOrRejectValue> /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:652:14
#2 0x72b0150ae669 in InvokeCallbackMethod<false, mozilla::MozPromise<nsTArray<mozilla::dom::CookieData>, mozilla::ipc::ResponseRejectReason, true>, (lambda at /builds/worker/checkouts/gecko/dom/cookiestore/CookieStore.cpp:741:13), void ((lambda at /builds/worker/checkouts/gecko/dom/cookiestore/CookieStore.cpp:741:13)::*)(const mozilla::MozPromise<nsTArray<mozilla::dom::CookieData>, mozilla::ipc::ResponseRejectReason, true>::ResolveOrRejectValue &) const, mozilla::MozPromise<nsTArray<mozilla::dom::CookieData>, mozilla::ipc::ResponseRejectReason, true>::ResolveOrRejectValue> /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:666:7
#3 0x72b0150ae669 in mozilla::MozPromise<nsTArray<mozilla::dom::CookieData>, mozilla::ipc::ResponseRejectReason, true>::ThenValue<mozilla::dom::CookieStore::GetInternal(mozilla::dom::CookieStoreGetOptions const&, bool, mozilla::ErrorResult&)::$_0::operator()() const::'lambda'(mozilla::MozPromise<nsTArray<mozilla::dom::CookieData>, mozilla::ipc::ResponseRejectReason, true>::ResolveOrRejectValue const&)>::DoResolveOrRejectInternal(mozilla::MozPromise<nsTArray<mozilla::dom::CookieData>, mozilla::ipc::ResponseRejectReason, true>::ResolveOrRejectValue&) /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:923:11
#4 0x72b01154d133 in mozilla::MozPromise<mozilla::UniquePtr<mozilla::uniffi::UniffiHandlerBase, mozilla::DefaultDelete<mozilla::uniffi::UniffiHandlerBase>>, nsresult, true>::ThenValueBase::ResolveOrRejectRunnable::Run() /builds/worker/workspace/obj-build/dist/include/mozilla/MozPromise.h:488:21
#5 0x72b01181629e in mozilla::SimpleTaskQueue::DrainTasks() /builds/worker/workspace/obj-build/dist/include/mozilla/TaskDispatcher.h:44:10
#6 0x72b011835867 in nsThread::DrainDirectTasks() /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1353:16
#7 0x72b0118340ed in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1090:3
#8 0x72b011830f0c in NS_ProcessPendingEvents(nsIThread*, unsigned int) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:445:19
#9 0x72b016990b99 in mozilla::dom::workerinternals::(anonymous namespace)::WorkerThreadPrimaryRunnable::Run() /builds/worker/checkouts/gecko/dom/workers/RuntimeService.cpp:2178:7
#10 0x72b0118346d6 in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1149:16
#11 0x72b01183b1bf in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:480:10
#12 0x72b0123aacfc in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:299:20
#13 0x72b0122fcf91 in RunHandler /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:363:3
#14 0x72b0122fcf91 in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:345:3
#15 0x72b01182fc03 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:366:10
#16 0x72b0255136ef in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#17 0x72b0255cdac2 in start_thread nptl/pthread_create.c:442:8

Comment 1

[Randell Jesup [:jesup] (needinfo me)]

Baku, can you take a look? Comes from dom/cookiestore/CookieStore.cpp

Comment 2

[Jens Stutte [:jstutte]]

Not sure if this case is caused by bug 1911703, but we should probably just do what :nika suggests in 1911703 comment 5 to be sure.

Comment 3

[Andrea Marchesini [:baku]]

Attachment: Bug 1922422 - Fix a CookieStore fuzzy issue, r?edgul

Comment 4

[Andrea Marchesini [:baku]]

This is actually about a too optimistic MOZ_ASSERT(foo.IsResolve()): https://searchfox.org/mozilla-central/source/dom/cookiestore/CookieStore.cpp#745

Comment 5

[Pulsebot]

Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e433ca4215ba
Fix a CookieStore fuzzy issue, r=edgul

Comment 6

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/e433ca4215ba

Comment 7

[BugBot [:suhaib / :marco/ :calixte]]

The patch landed in nightly and beta is affected.
:baku, is this bug important enough to require an uplift?

• If yes, please nominate the patch for beta approval.
• If no, please set status-firefox132 to wontfix.

For more information, please visit BugBot documentation.

Comment 8

[Andrea Marchesini [:baku]]

This fix is about CookieStore API which is enabled just in nightly. No uplift needed.