Add

This comment says ReportBadMessage is only ok to call when in the message handler:
https://cs.chromium.org/chromium/src/mojo/public/cpp/bindings/message.h?rcl=3327cfed3f0a3d7dca70057cafa0d271e20daeff&l=355

Was that the case when you called it?

Looks like it is indeed called from within a message dispatch, so this is somewhat surprising.

Note that hitting the InvalidNodeName path *very strongly* implies that the message did not come from out-of-process.

All messages from out-of-process are processed by this code[1] which explicitly attaches a node name (i.e., effectively a process identifier) [2]

I was initially concerned that it could be bug in how messages with handles are brokered in that they may lose source node information, but we don't broker messages on Android.

[1] https://cs.chromium.org/chromium/src/mojo/edk/system/node_controller.cc?rcl=ea1cbe27ced63d2d6aa72cc95db460fb06a9f554&l=970
[2] https://cs.chromium.org/chromium/src/mojo/edk/system/node_controller.cc?rcl=ea1cbe27ced63d2d6aa72cc95db460fb06a9f554&l=98

> Note that hitting the InvalidNodeName path *very strongly* implies that the message did not come from out-of-process.

Single process android webview is very much a thing...

I made the IPC bad message thing just crash if it's in process:
https://codereview.chromium.org/2640083002

maybe we can do the same thing here

Makes sense to mirror that logic. I'll send out a CL.