Closed Bug 1943951 Opened 5 months ago Closed 5 months ago

Crash in [@ mozilla::ipc::PortLink::SendMessage | IPC_Message_Name=PBackgroundIDBRequest::Msg___delete__]

Categories

(Core :: Storage: IndexedDB, defect, P2)

Product:
Core
Component:
Storage: IndexedDB
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
137 Branch
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox-esr128 --- unaffected
firefox134 --- unaffected
firefox135 --- unaffected
firefox136 + fixed
firefox137 --- fixed

People

(Reporter: gsvelto, Assigned: janv)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

Bug 1943951 - Restore previous IPC message size limit and introduce a new explicit structured clone size limit to fix a crash; r=#dom-storage
48 bytes, text/x-phabricator-request
dmeehan
: approval-mozilla-beta+
Details | Review
Bug 1943951 - Rename kShmemThreshold to kMessageBufferShmemThreshold and move it to header with documentation; r=nika
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/628dc64c-dde3-4382-b7ed-e1b6a0250127

MOZ_CRASH Reason:

MOZ_CRASH(IPC message size is too large)

Top 10 frames:

0  xul.dll  mozilla::ipc::PortLink::SendMessage(mozilla::UniquePtr<IPC::Message, mozilla:...  ipc/glue/MessageLink.cpp:107
0  xul.dll  mozilla::ipc::MessageChannel::SendMessageToLink(mozilla::UniquePtr<IPC::Messa...  ipc/glue/MessageChannel.cpp:767
0  xul.dll  mozilla::ipc::MessageChannel::Send(mozilla::UniquePtr<IPC::Message, mozilla::...  ipc/glue/MessageChannel.cpp:736
1  xul.dll  mozilla::ipc::IProtocol::ChannelSend(mozilla::UniquePtr<IPC::Message, mozilla...  ipc/glue/ProtocolUtils.cpp:536
1  xul.dll  mozilla::dom::indexedDB::PBackgroundIDBRequestParent::Send__delete__(mozilla:...  ipc/ipdl/PBackgroundIDBRequestParent.cpp:118
2  xul.dll  mozilla::dom::indexedDB::(anonymous namespace)::NormalTransactionOp::SendSucc...  dom/indexedDB/ActorsParent.cpp:18618
3  xul.dll  mozilla::dom::indexedDB::(anonymous namespace)::TransactionDatabaseOperationB...  dom/indexedDB/ActorsParent.cpp:17218
4  xul.dll  mozilla::dom::indexedDB::(anonymous namespace)::TransactionDatabaseOperationB...  dom/indexedDB/ActorsParent.cpp:17172
4  xul.dll  mozilla::dom::indexedDB::(anonymous namespace)::TransactionDatabaseOperationB...  dom/indexedDB/ActorsParent.cpp:17273
5  xul.dll  nsThread::ProcessNextEvent(bool, bool*)  xpcom/threads/nsThread.cpp:1153

This seems to be happening mostly on nightly, starting with buildid 20250114212341. A few different users are being affected.

This is probably a regression caused by bug 1940765

Assignee: nobody → jan.varga
Keywords: regression
Regressed by: 1940765

https://searchfox.org/mozilla-central/rev/a965e3c683ecc035dee1de72bd33a8d91b1203ed/dom/indexedDB/IDBObjectStore.cpp#917-918

The check needs to be adjusted because indexUpdateInfo won't automatically use shared memory during serialization (only serialization for JSAutoStructuredCloneBuffer does).

Severity: -- → S3
Priority: -- → P2

Set release status flags based on info from the regressing bug 1940765

status-firefox134: --- → unaffected
status-firefox135: --- → unaffected
status-firefox136: --- → affected
status-firefox-esr128: --- → unaffected
Status: NEW → ASSIGNED
See Also: → 1944041
Keywords: leave-open
Pushed by jvarga@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/786095312e02 Rename kShmemThreshold to kMessageBufferShmemThreshold and move it to header with documentation; r=nika

The bug is marked as tracked for firefox136 (nightly). However, the bug still has low severity.

:jstutte, could you please increase the severity for this tracked bug? If you disagree with the tracking decision, please talk with the release managers.

For more information, please visit BugBot documentation.

Flags: needinfo?(jstutte)
Keywords: leave-open
Pushed by jvarga@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/64361ca94917 Restore previous IPC message size limit and introduce a new explicit structured clone size limit to fix a crash; r=nika,smaug

https://hg.mozilla.org/mozilla-central/rev/64361ca94917

Status: ASSIGNED → RESOLVED
Closed: 5 months ago
status-firefox137: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 137 Branch

:janv could you add a beta uplift request on this when ready?

Flags: needinfo?(jstutte) → needinfo?(jan.varga)

yes, will do

Flags: needinfo?(jan.varga)

Comment on attachment 9461976 [details]
Bug 1943951 - Restore previous IPC message size limit and introduce a new explicit structured clone size limit to fix a crash; r=#dom-storage

Beta/Release Uplift Approval Request

  • User impact if declined/Reason for urgency: Users would face more frequent crashes when using IndexedDB, leading to reduced browser stability and a worse experience when interacting with web applications that depend on IndexedDB for data storage.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Well tested and relatively simple patch.
  • String changes made/needed: None
  • Is Android affected?: Yes
Attachment #9461976 - Flags: approval-mozilla-beta?

Note that D235816 landed during previous cycle, so it doesn't have to be uplifted.

Comment on attachment 9461976 [details]
Bug 1943951 - Restore previous IPC message size limit and introduce a new explicit structured clone size limit to fix a crash; r=#dom-storage

Approved for 136.0b3

Attachment #9461976 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Blocks: 1914562
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: