New issue
Advanced search Search tips

Issue 621762 link

Starred by 2 users
Status: Fixed
Owner:
falken@chromium.org
Closed: Jun 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 607543



Sign in to add a comment

FATAL:service_worker_provider_host.cc(122)] Check failed: document_url_.is_valid().

Project Member Reported by ukai@chromium.org, Jun 21 2016 
Version: 53.0.2773.0 (Developer Build) (64-bit) with dcheck_always_on=1
OS: Linux

What steps will reproduce the problem?
(1) keep chromium open over night
(2)
(3)

What is the expected output?

What do you see instead?
chromium browser crashed
8396:8431:0621/051129:FATAL:service_worker_provider_host.cc(122)] Check failed: document_url_.is_valid().
(gdb) bt
#0  0x00007fffee957c37 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fffee95b028 in __GI_abort () at abort.c:89
#2  0x00007ffff7c96232 in base::debug::BreakDebugger() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#3  0x00007ffff7cb89ba in logging::LogMessage::~LogMessage() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#4  0x00007ffff59239f5 in content::ServiceWorkerProviderHost::IsContextSecureForServiceWorker() const ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#5  0x00007ffff592f0d4 in content::ServiceWorkerRegistration::ClaimClients() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#6  0x00007ffff5950630 in content::ServiceWorkerVersion::OnClaimClients(int) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#7  0x00007ffff59504d4 in bool IPC::MessageT<ServiceWorkerHostMsg_ClaimClients_Meta, std::tuple<int>, void>::Dispatch<content::ServiceWorkerVersion, content::ServiceWorkerVersion, void, void (content::ServiceWorkerVersion::*)(int)>(IPC::Mes
sage const*, content::ServiceWorkerVersion*, content::ServiceWorkerVersion*, void*, void (content::ServiceWorkerVersion::*)(int)) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#8  0x00007ffff594ded5 in content::ServiceWorkerVersion::OnMessageReceived(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#9  0x00007ffff58d6334 in content::EmbeddedWorkerInstance::OnMessageReceived(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#10 0x00007ffff58d9441 in content::EmbeddedWorkerRegistry::OnMessageReceived(IPC::Message const&, int) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#11 0x00007ffff590698f in content::ServiceWorkerDispatcherHost::OnMessageReceived(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#12 0x00007ffff52fc967 in content::BrowserMessageFilter::Internal::DispatchMessage(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#13 0x00007ffff52fc84e in content::BrowserMessageFilter::Internal::OnMessageReceived(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#14 0x00007ffff4a5193d in IPC::MessageFilterRouter::TryFilters(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libipc.so
#15 0x00007ffff4a4298f in IPC::ChannelProxy::Context::TryFilters(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libipc.so
#16 0x00007ffff4a42aaf in IPC::ChannelProxy::Context::OnMessageReceived(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libipc.so
#17 0x00007fffedbd5fe5 in IPC::ChannelMojo::OnMessageReceived(IPC::Message const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#18 0x00007fffedbd8a9b in IPC::internal::MessagePipeReader::Receive(mojo::Array<unsigned char>, mojo::Array<mojo::StructPtr<IPC::mojom::SerializedHandle> >) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#19 0x00007fffedbea1ea in IPC::mojom::ChannelStub::Accept(mojo::Message*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#20 0x00007fffedbdd520 in mojo::internal::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#21 0x00007fffedbea651 in IPC::mojom::ChannelRequestValidator::Accept(mojo::Message*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#22 0x00007fffedbde44c in mojo::internal::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#23 0x00007fffedbe34d8 in mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::Message*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SingleThreadTaskRunner*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#24 0x00007fffedbe2f86 in mojo::internal::MultiplexRouter::Accept(mojo::Message*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#25 0x00007fffedbe06c1 in mojo::internal::MessageHeaderValidator::Accept(mojo::Message*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#26 0x00007fffedbdc5b5 in mojo::internal::Connector::ReadSingleMessage(unsigned int*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#27 0x00007fffedbdca54 in mojo::internal::Connector::OnHandleReadyInternal(unsigned int) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#28 0x00007fffedbeceec in mojo::Watcher::OnHandleReady(unsigned int) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo.so
#29 0x00007ffff30a3aef in mojo::edk::Watcher::MaybeInvokeCallback(unsigned int, mojo::edk::HandleSignalsState const&, unsigned int) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo_system_impl.so
#30 0x00007ffff309de53 in mojo::edk::RequestContext::~RequestContext() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo_system_impl.so
#31 0x00007ffff3091fe4 in mojo::edk::NodeChannel::OnChannelMessage(void const*, unsigned long, std::unique_ptr<std::vector<mojo::edk::PlatformHandle, std::allocator<mojo::edk::PlatformHandle> >, mojo::edk::PlatformHandleVectorDeleter>) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo_system_impl.so
#32 0x00007ffff307e875 in mojo::edk::Channel::OnReadComplete(unsigned long, unsigned long*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo_system_impl.so
#33 0x00007ffff307fb98 in mojo::edk::(anonymous namespace)::ChannelPosix::OnFileCanReadWithoutBlocking(int) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libmojo_system_impl.so
#34 0x00007ffff7cc643b in base::MessagePumpLibevent::OnLibeventNotification(int, short, void*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#35 0x00007ffff7d5e907 in event_base_loop ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#36 0x00007ffff7cc6726 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#37 0x00007ffff7cc2ae1 in base::MessageLoop::RunHandler() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#38 0x00007ffff7cf1c00 in base::RunLoop::Run() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#39 0x00007ffff7cc1b10 in base::MessageLoop::Run() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#40 0x00007ffff560a4d6 in content::BrowserThreadImpl::IOThreadRun(base::MessageLoop*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#41 0x00007ffff560a6e1 in content::BrowserThreadImpl::Run(base::MessageLoop*)    ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#42 0x00007ffff7d26b2b in base::Thread::ThreadMain() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#43 0x00007ffff7d20475 in base::(anonymous namespace)::ThreadFunc(void*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#44 0x00007fffeff8d184 in start_thread (arg=0x7fffd5853700)
    at pthread_create.c:312
#45 0x00007fffeea1b37d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111


Please use labels and text to provide additional information.

Comment 1 by ukai@chromium.org, Jun 21 2016 

hmm, accessing inbox.google.com reproduce this issue.

Comment 2 by falken@chromium.org, Jun 21 2016

Cc: -falken@chromium.org
Labels: -Pri-3 Pri-1
Owner: falken@chromium.org
Status: Started (was: Untriaged)
Noooo

Comment 3 by falken@chromium.org, Jun 21 2016

Components: -Platform>Apps>ServiceWorker Blink>ServiceWorker

Comment 4 by falken@chromium.org, Jun 21 2016

Blocking: 607543

Comment 5 by falken@chromium.org, Jun 21 2016 

We're creating provider hosts for things like chrome-search:// that never gets populated with a document URL.
Project Member

Comment 6 by bugdroid1@chromium.org, Jun 22 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/dd5dd98f5f59f4f53274308ec0a7dca74aba6525

commit dd5dd98f5f59f4f53274308ec0a7dca74aba6525
Author: falken <falken@chromium.org>
Date: Wed Jun 22 06:32:52 2016

service worker: When claiming, don't assume document_url is valid

Many provider hosts have an empty document_url, for example those
that haven't yet been loaded or those created for special URLs like
chrome-search://. So that claim can use IsContextSecureForServiceWorker,
return false when the URL is invalid instead of doing a
DCHECK that it's valid.

BUG= 621762 , 607543 

Review-Url: https://codereview.chromium.org/2085923002
Cr-Commit-Position: refs/heads/master@{#401216}

[modify] https://crrev.com/dd5dd98f5f59f4f53274308ec0a7dca74aba6525/content/browser/service_worker/service_worker_provider_host.cc

Comment 7 by falken@chromium.org, Jun 22 2016

Labels: M-53
Status: Fixed (was: Started)
Project Member

Comment 8 by bugdroid1@chromium.org, Jul 12 2016

Labels: merge-merged-2743
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/894ba96d4f84f8cdbd13168bf14cb866ce8caecd

commit 894ba96d4f84f8cdbd13168bf14cb866ce8caecd
Author: Matt Falkenhagen <falken@chromium.org>
Date: Tue Jul 12 02:20:46 2016

M52: Merge  "Reland: service worker: Don't control a subframe of an insecure context"

This merge includes:

[1]
service worker: When claiming, don't assume document_url is valid

Many provider hosts have an empty document_url, for example those
that haven't yet been loaded or those created for special URLs like
chrome-search://. So that claim can use IsContextSecureForServiceWorker,
return false when the URL is invalid instead of doing a
DCHECK that it's valid.

BUG= 621762 , 607543 

Review-Url: https://codereview.chromium.org/2085923002
Cr-Commit-Position: refs/heads/master@{#401216}
(cherry picked from commit dd5dd98f5f59f4f53274308ec0a7dca74aba6525)

[2]
Remove WebFrame::canHaveSecureChild

To simplify the public API, ServiceWorkerNetworkProvider can do the
parent walk itself.

Follow-up to https://crrev.com/ad1850962644e19.

BUG= 607543 

Review-Url: https://codereview.chromium.org/2082493002
Cr-Commit-Position: refs/heads/master@{#400896}
(cherry picked from commit 8353baf8d1504dbdd4ad7584ff2466de657521cd)

[3]
Reland: service worker: Don't control a subframe of an insecure context

We must check isSecureContext when creating the network provider to
adhere to https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged.

We already did this for getRegistration(), register(), unregister() but must
also do this when deciding whether to control an in-scope document.

BUG= 607543 
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Original review: https://codereview.chromium.org/2009453002

Review-Url: https://codereview.chromium.org/2071433003
Cr-Commit-Position: refs/heads/master@{#400093}
(cherry picked from commit ad1850962644e19cdb040d60eb236e0ebc23c243)

[4]
service worker: Remove unused PROVIDER_FOR_SANDBOXED_IFRAME

Clean-up only. This was added in https://codereview.chromium.org/1191293002/
then became unused in https://codereview.chromium.org/1399363004. Originally it
signaled to the ServiceWorkerNetworkProvider ctor that the provider id should
be set to invalid; now the default ctor is used accomplish that.

BUG=

Review-Url: https://codereview.chromium.org/2023733002
Cr-Commit-Position: refs/heads/master@{#396685}
(cherry picked from commit ae9107fb035320cc53558a0bb1ff5c9bf99cfffe)

TBR=horo

Review URL: https://codereview.chromium.org/2142523004 .

Cr-Commit-Position: refs/branch-heads/2743@{#614}
Cr-Branched-From: 2b3ae3b8090361f8af5a611712fc1a5ab2de53cb-refs/heads/master@{#394939}

[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/chrome/browser/extensions/service_worker_apitest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_browsertest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_context_core.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_context_request_handler_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_context_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_controllee_request_handler.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_controllee_request_handler_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_dispatcher_host.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_dispatcher_host.h
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_dispatcher_host_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_handle_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_job_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_provider_host.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_provider_host.h
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_provider_host_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_registration.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_request_handler_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_storage_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_url_request_job_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_version_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/browser/service_worker/service_worker_write_to_cache_job_unittest.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/child/service_worker/service_worker_network_provider.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/child/service_worker/service_worker_network_provider.h
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/common/service_worker/service_worker_messages.h
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/common/service_worker/service_worker_types.h
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/public/browser/content_browser_client.h
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/renderer/service_worker/service_worker_context_client.cc
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/content/renderer/shared_worker/embedded_shared_worker_stub.cc
[add] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/third_party/WebKit/LayoutTests/http/tests/serviceworker/insecure-parent-frame.html
[add] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-inscope.html
[add] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/insecure-parent.html
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/894ba96d4f84f8cdbd13168bf14cb866ce8caecd/third_party/WebKit/Source/core/dom/Document.h

Sign in to add a comment