UMA stats show a number of renderer kills with reason bad_message::SWDH_POST_MESSAGE |
|||||||||||
Issue descriptionStarting sometime around April or March 2016, we are seeing UMA report that renderers are being killed with the reason bad_message::SWDH_POST_MESSAGE. The rate of this kill seems to be relatively low, but it is happening on all channels currently. The trend can be seen by looking at the following timeline (Googlers only) for the UMA histogram Stability.BadMessageTerminated.Content: Stable channel history: https://goto.google.com/njtdp Canary channel history: https://goto.google.com/oemar https://chromium.googlesource.com/chromium/src/+/0412b9e628ac0d7d5853b8b8dc41adfe6aae68f5, which added a new instance of bad_message::SWDH_POST_MESSAGE, is a possible culprit.
,
May 4 2016
,
May 5 2016
+Stability-Sheriff-Desktop This BadMessage kill accounts for 11K renderer terminations per day across all channels (such kills don't appear on crash/ but they do show up in the overall stability numbers). It looks like nhiroki and the patch reviewers might currently be out of the office. Can we find an owner to make progress on this?
,
May 6 2016
mkwst: Can you take a look?
,
May 9 2016
Thank you for reporting this! I'll take a look.
,
May 9 2016
WebServiceWorkerImpl::postMessage() post a task to the main thread from a worker thread before sending an IPC message. I suspect that another IPC message to destroy ServiceWorkerHandle of the target worker or ServiceWorkerProviderHost of the sender can be sent during the thread hop.
,
May 11 2016
Just to verify - nhiroki@ - you are still looking at this, correct?
,
May 12 2016
Yes, I'm still looking at this.
,
May 12 2016
Now that bad_message always triggers a DumpWithoutCrashing, there are crash reports that might be helpful in understanding or reproing. Here's a Mac instance of this: go/crash/7796340a00000000
,
May 13 2016
Issue 611561 has been merged into this issue.
,
May 13 2016
Users experienced this crash on the following builds: Win Canary 52.0.2734.0 - 0.92 CPM, 18 reports, 16 clients (signature [Dump without crash] content::ServiceWorkerDispatcherHost::OnPostMessageToWorker) Mac Canary 52.0.2734.0 - 1.69 CPM, 5 reports, 5 clients (signature [Dump without crash] content::ServiceWorkerDispatcherHost::OnPostMessageToWorker) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
May 13 2016
CL is in review: https://codereview.chromium.org/1977473003/
,
May 13 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/66525f41fc6509604c61a8c0304141662cbdbe97 commit 66525f41fc6509604c61a8c0304141662cbdbe97 Author: nhiroki <nhiroki@chromium.org> Date: Fri May 13 10:28:16 2016 ServiceWorker: Remove a bad IPC message check on postMessage() This CL removes a bad IPC message check to confirm existence of the sender provder host on postMessage() because the provider host may be destroyed before this point when destruction of the provider overtakes postMessage() during thread hopping on WebServiceWorkerImpl::postMessage(). BUG= 608464 Review-Url: https://codereview.chromium.org/1977473003 Cr-Commit-Position: refs/heads/master@{#393495} [modify] https://crrev.com/66525f41fc6509604c61a8c0304141662cbdbe97/content/browser/service_worker/service_worker_dispatcher_host.cc
,
May 16 2016
I don't see any crashes after 52.0.2735.1, so I believe that this specific crash is fixed by the patch in c#13. The UMA stats in c#1 are trending downwards but it looks like we won't have firm numbers for a few more days. Tentatively marking fixed.
,
May 16 2016
,
May 16 2016
Thank you for confirming the latest crash numbers. Could I have a chance to merge the patch on c#13 into M51?
,
May 16 2016
(Fixed the label, sorry!)
,
May 16 2016
Your change meets the bar and is auto-approved for M51 (branch: 2704)
,
May 17 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/78c0da6b53aaf59d968f8eea8df5fdbff1cd0645 commit 78c0da6b53aaf59d968f8eea8df5fdbff1cd0645 Author: Hiroki Nakagawa <nhiroki@chromium.org> Date: Tue May 17 01:32:09 2016 [Merge to M51] ServiceWorker: Remove a bad IPC message check on postMessage() This CL removes a bad IPC message check to confirm existence of the sender provder host on postMessage() because the provider host may be destroyed before this point when destruction of the provider overtakes postMessage() during thread hopping on WebServiceWorkerImpl::postMessage(). BUG= 608464 Review-Url: https://codereview.chromium.org/1977473003 Cr-Commit-Position: refs/heads/master@{#393495} (cherry picked from commit 66525f41fc6509604c61a8c0304141662cbdbe97) Review URL: https://codereview.chromium.org/1980273002 . Cr-Commit-Position: refs/branch-heads/2704@{#573} Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251} [modify] https://crrev.com/78c0da6b53aaf59d968f8eea8df5fdbff1cd0645/content/browser/service_worker/service_worker_dispatcher_host.cc |
|||||||||||
►
Sign in to add a comment |
|||||||||||
Comment 1 by nick@chromium.org
, May 4 2016Status: Assigned (was: Available)