1786664 - Result: Assertion failure: ((bool)(__builtin_expect(!!(!NS_FAILED_impl(rv)), 1))), at /builds/worker/checkouts/gecko/storage/mozStorageConnection.cpp:1596

Status: NEW

(Toolkit :: Places, defect, P5)

Description

[Tyson Smith [:tsmith]]

Found intermittently when running fuzzed test cases. I was using m-c 20220822-637da318b3ad (--enable-debug --enable-fuzzing)

A Pernosco session is available here: https://pernos.co/debug/RgbPTnzBpMQcLATnG_Iy0g/index.html

Result: Assertion failure: ((bool)(__builtin_expect(!!(!NS_FAILED_impl(rv)), 1))), at /builds/worker/checkouts/gecko/storage/mozStorageConnection.cpp:1596

#0 0x7fe7e77d16a4 in mozilla::storage::Connection::initializeClone(mozilla::storage::Connection*, bool) /builds/worker/checkouts/gecko/storage/mozStorageConnection.cpp:1596:5
#1 0x7fe7e77d8cc9 in mozilla::storage::(anonymous namespace)::AsyncInitializeClone::Run() /builds/worker/checkouts/gecko/storage/mozStorageConnection.cpp:363:32
#2 0x7fe7e5e211cc in nsThread::ProcessNextEvent(bool, bool*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:1199:16
#3 0x7fe7e5e29575 in NS_ProcessNextEvent(nsIThread*, bool) /builds/worker/checkouts/gecko/xpcom/threads/nsThreadUtils.cpp:465:10
#4 0x7fe7e7379a36 in mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) /builds/worker/checkouts/gecko/ipc/glue/MessagePump.cpp:330:5
#5 0x7fe7e71db897 in MessageLoop::RunInternal() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:381:10
#6 0x7fe7e71db814 in MessageLoop::RunHandler() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:374:3
#7 0x7fe7e71db7cc in MessageLoop::Run() /builds/worker/checkouts/gecko/ipc/chromium/src/base/message_loop.cc:356:3
#8 0x7fe7e5e1b140 in nsThread::ThreadFunc(void*) /builds/worker/checkouts/gecko/xpcom/threads/nsThread.cpp:384:10
#9 0x2444251cd4b5 in _pt_root /builds/worker/checkouts/gecko/nsprpub/pr/src/pthreads/ptthread.c:201:5
#10 0x643c13d226da in start_thread /build/glibc-CVJwZb/glibc-2.27/nptl/pthread_create.c:463
#11 0x41b2754e261e in __clone /build/glibc-CVJwZb/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Comment 1

[BugBot [:suhaib / :marco/ :calixte]]

The severity field is not set for this bug.
:mak, could you have a look please?

For more information, please visit auto_nag documentation.

Comment 2

[Marco Bonardo [:mak]]

That points to https://searchfox.org/mozilla-central/rev/3aaca0a12a2d1463da54933bdbdae2f06fead06f/storage/mozStorageConnection.cpp#1596, that means creating PRAGMA database_list statement failed. The code has decent protection around the failure, the assertion exists as an heads up. If it fails, it means cloning the connection fails.
I'm not sure which point of CreateStatement failed, the pernosco session expired and it's currently rebuilding it.

Comment 3

[Marco Bonardo [:mak]]

Ok so CreateStatement is failing because the connection has already been closed, connectionReady() returns false (mDBConn is null).
DumpJSStack() says there's no js context.
The database is Places, I verified through mTelemetryFilename.
I also verified this is on shutdown.

Thus, in practice something is trying to clone the places connection after shutdown.

The stack is
BaseHistory::ScheduleVisitedQuery(nsIURI*, ::dom::ContentParent*)::$_1::operator() const () at BaseHistory.cpp:63::History::StartPendingVisitedQueries () at History.cpp:2306::VisitedQuery::Start () at History.cpp:410::History::QueueVisitedStatement () at History.cpp:1557::ConcurrentStatementsHolder::ConcurrentStatementsHolder () at History.cpp:1478::Connection::AsyncClone () at mozStorageConnection.cpp:1537

So apparently History.cpp shutdown needs some additional checks.
Apart from that, this should be pretty harmless.