Open Bug 1547047 Opened 5 years ago Updated 13 days ago

Assertion failure: thisIndex->mCommonMetadata.name() == otherIndex->mCommonMetadata.name(), at /builds/worker/workspace/build/src/dom/indexedDB/ActorsParent.cpp:20988

Categories

(Core :: Storage: IndexedDB, defect, P2)

defect

Tracking

()

Tracking Status
firefox68 --- wontfix
firefox122 --- affected

People

(Reporter: jkratzer, Assigned: jjalkanen)

References

(Depends on 1 open bug, Blocks 2 open bugs)

Details

(5 keywords, Whiteboard: [bugmon:confirm])

Attachments

(9 files)

Attached file testcase.html

Testcase found while fuzzing mozilla-central rev 0ec836eceb96.

Assertion failure: thisIndex->mCommonMetadata.name() == otherIndex->mCommonMetadata.name(), at /builds/worker/workspace/build/src/dom/indexedDB/ActorsParent.cpp:20988

rax = 0x000055e65c7cbe40 rdx = 0x00007f3295fc63c4
rcx = 0x0000000000000b40 rbx = 0x00007f327a98b550
rsi = 0x00007f32a0f938b0 rdi = 0x00007f32a0f92680
rbp = 0x00007f327a98b5b0 rsp = 0x00007f327a98b4b0
r8 = 0x00007f32a0f938b0 r9 = 0x00007f327a98c700
r10 = 0x0000000000000002 r11 = 0x0000000000000000
r12 = 0x00007f326cbd59c0 r13 = 0x00007f327a98b528
r14 = 0x00007f326c987000 r15 = 0x00007f326ca05ce0
rip = 0x00007f32923318b5
OS|Linux|0.0.0 Linux 4.18.0-17-generic #18~18.04.1-Ubuntu SMP Fri Mar 15 15:27:12 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV /SEGV_MAPERR|0x0|32
32|0|libxul.so|OpenDatabaseOp::EnsureDatabaseActor|hg:hg.mozilla.org/mozilla-central:dom/indexedDB/ActorsParent.cpp:0ec836eceb969c548067cee6de2ea213513a43d5|20812|0x3
32|1|libxul.so|OpenDatabaseOp::EnsureDatabaseActorIsAlive|hg:hg.mozilla.org/mozilla-central:dom/indexedDB/ActorsParent.cpp:0ec836eceb969c548067cee6de2ea213513a43d5|20856|0x8
32|2|libxul.so|OpenDatabaseOp::SendResults|hg:hg.mozilla.org/mozilla-central:dom/indexedDB/ActorsParent.cpp:0ec836eceb969c548067cee6de2ea213513a43d5|20742|0x5
32|3|libxul.so|FactoryOp::Run|hg:hg.mozilla.org/mozilla-central:dom/indexedDB/ActorsParent.cpp:0ec836eceb969c548067cee6de2ea213513a43d5|19731|0x9
32|4|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:0ec836eceb969c548067cee6de2ea213513a43d5|1180|0x15
32|5|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:0ec836eceb969c548067cee6de2ea213513a43d5|486|0x11
32|6|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:0ec836eceb969c548067cee6de2ea213513a43d5|333|0xd
32|7|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:0ec836eceb969c548067cee6de2ea213513a43d5|315|0x17
32|8|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:0ec836eceb969c548067cee6de2ea213513a43d5|290|0x8
32|9|libxul.so|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:0ec836eceb969c548067cee6de2ea213513a43d5|454|0x38
32|10|libnspr4.so|_pt_root|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/pthreads/ptthread.c:0ec836eceb969c548067cee6de2ea213513a43d5|201|0x7
32|11|libpthread-2.27.so||||0x76db
32|12|libc-2.27.so|clone|||0x3f

Flags: in-testsuite?
Blocks: 1541370
Priority: -- → P2

Bugmon Analysis:
Verified bug as reproducible on mozilla-central 20210224215151-69be3221f49a.

Whiteboard: [bugmon:confirmed]

I suspect this is the same issue as Bug 1300205.

See Also: → 1300205

Bug 1450355 seems to talk about a previous variant of that assertion?

See Also: → 1450355
Keywords: bugmon
Whiteboard: [bugmon:confirmed] → [bugmon:confirm]
Severity: normal → S3

This issue has been sitting for a while and is still reported frequently by fuzzers. Would a pernosco session help be helpful here?

Flags: needinfo?(jjalkanen)
Flags: needinfo?(jjalkanen)
Flags: needinfo?(jjalkanen)
Flags: needinfo?(jjalkanen)
Whiteboard: [bugmon:confirm]
Whiteboard: [bugmon:confirm]

Thanks for the reminder! Seems to be connected to https://bugzilla.mozilla.org/show_bug.cgi?id=1300205 , no pernosco session necessary.

Assignee: nobody → jjalkanen

I submitted the rr trace before comment 5 so I might as well add the link :)

https://pernos.co/debug/58MpYNIfaAMM2WIV6tfgLA/index.html

Keywords: pernosco

Very kind and helpful, thank you!

Depends on D196014

Users can enter any byte combination as a database name but not all
combinations are valid unicode text. The database names are only stored
in the database itself and there is no master record which could be used
to map a non-textual name to a file. Therefore, we use an encoding of a
non-unicode name as the file name. In this patch, we introduce the
DatabaseFileName type to prevent mixing up the two names.

Depends on D197428

Depends on D197430

Depends on D197428

Keywords: leave-open
Pushed by jjalkanen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9f62179225e5
Annotate argument names for clarity. r=dom-storage-reviewers,janv
Depends on: 1890727
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: