New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 622409 link

Starred by 2 users
Status: Fixed
Owner:
mlamouri@chromium.org
Closed: Aug 2016
Cc:
petrcermak@chromium.org
mfo...@chromium.org
btolsch@chromium.org
powerb@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 2
Type: Bug

Blocked on:
issue 630622
Blocking:
issue 589726



Sign in to add a comment

Assertion on ~ScriptPromiseResolver

Project Member Reported by imch...@chromium.org, Jun 22 2016 
Steps to repro with debug build:

1) Go to a YT page
2) Open the MR UI with cast button on the YT player and create a route.
3) Reopen the MR UI with the cast button on YT player - it should be displaying the custom controller with the route details.
4) Click "Close" to close the route and let the dialog autoclose.
5) Renderer will crash a few seconds later with the following stack trace:

ASSERTION FAILED: m_state == Detached || !m_isPromiseCalled || !getScriptState()->contextIsValid() || !getExecutionContext() || getExecutionContext()->activeDOMObjectsAreStopped()
../../third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h(53) : virtual blink::ScriptPromiseResolver::~ScriptPromiseResolver()
1   0x7f902928f6ac
2   0x7f902928c621
3   0x7f902928c878
4   0x7f9029299bbb
5   0x7f9029299713
6   0x7f902928862e
7   0x7f9029299c91
8   0x7f902c003074
9   0x7f902c001c95
10  0x7f902a7a8aa9
11  0x7f902a739ce5
12  0x7f902a739ff8
13  0x7f902a73a52c
14  0x7f902a73babd
15  0x7f902a7397d1
16  0x7f902a75c810
17  0x7f902a738950
18  0x7f902a109f5c
19  0x7f902a2f2c3e
20  0x7f902a2f34e2
21  0x7f902a2f3f33
22  0x7f902a2f2800
23  0x7f90272c54db ChromeMain
24  0x7f9020202f45 __libc_start_main
25  0x7f90272c53b1
Received signal 11 SEGV_MAPERR 0000fbadbeef
#0 0x7f902a71ab07 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#1 0x7f90230f7330 <unknown>
#2 0x7f90292d135d blink::ScriptPromiseResolver::~ScriptPromiseResolver()
#3 0x7f902928f6ac blink::NormalPage::sweep()
#4 0x7f902928c621 blink::BaseArena::sweepUnsweptPage()
#5 0x7f902928c878 blink::BaseArena::completeSweep()
#6 0x7f9029299bbb blink::ThreadState::eagerSweep()
#7 0x7f9029299713 blink::ThreadState::preSweep()
#8 0x7f902928862e blink::ThreadHeap::collectGarbage()
#9 0x7f9029299c91 blink::ThreadState::safePoint()
#10 0x7f902c003074 scheduler::TaskQueueManager::ProcessTaskFromWorkQueue()
#11 0x7f902c001c95 scheduler::TaskQueueManager::DoWork()
#12 0x7f902a7a8aa9 base::debug::TaskAnnotator::RunTask()
#13 0x7f902a739ce5 base::MessageLoop::RunTask()
#14 0x7f902a739ff8 base::MessageLoop::DeferOrRunPendingTask()
#15 0x7f902a73a52c base::MessageLoop::DoDelayedWork()
#16 0x7f902a73babd base::MessagePumpDefault::Run()
#17 0x7f902a7397d1 base::MessageLoop::RunHandler()
#18 0x7f902a75c810 base::RunLoop::Run()
#19 0x7f902a738950 base::MessageLoop::Run()
#20 0x7f902a109f5c content::RendererMain()
#21 0x7f902a2f2c3e content::RunZygote()
#22 0x7f902a2f34e2 content::RunNamedProcessTypeMain()
#23 0x7f902a2f3f33 content::ContentMainRunnerImpl::Run()
#24 0x7f902a2f2800 content::ContentMain()
#25 0x7f90272c54db ChromeMain
#26 0x7f9020202f45 __libc_start_main
#27 0x7f90272c53b1 <unknown>
  r8: 00007f9026766a00  r9: 00007f90272e52e0 r10: 00007f902059dbe0 r11: 0000000000000000
 r12: 00002a0a000df000 r13: 00002a0a000d7010 r14: 00002a0a000d7018 r15: 000014784b8a4010
  di: 0000000000000000  si: 0000000000000000  bp: 00000000000000c0  bx: 00002a0a000c0000
  dx: 0000000000000000  ax: 00000000fbadbeef  cx: 00007f902734aa40  sp: 00007ffdf9527bf0
  ip: 00007f90292d135d efl: 0000000000010246 cgf: 0000000000000033 erf: 0000000000000006
 trp: 000000000000000e msk: 0000000000000000 cr2: 00000000fbadbeef
[end of stack trace]


Observations:
- In step 3, if the UI is opened via browser menu or even in another tab, it still repros.
- Repros 100%.

Comment 1 by imch...@chromium.org, Jun 22 2016

Components: Blink>PresentationAPI

Comment 2 by sko...@chromium.org, Jun 22 2016

Labels: Hotlist-Fixit OS-Chrome OS-Linux OS-Mac OS-Windows
Status: Available (was: Untriaged)

Comment 3 by sko...@chromium.org, Jun 22 2016

Labels: Hotlist-Fixit-PE2016

Comment 4 by btolsch@chromium.org, Jun 28 2016 

This may be a bug on YT's end:

 - It doesn't repro on Play Movies or CastHelloVideo.
 - The ScriptPromiseResolver that is never resolved or rejected is actually from HTMLMediaElement::play(), which is called when YT tries to revert back to playing the video locally.

Comment 5 by avayvod@chromium.org, Jun 28 2016

Cc: mlamouri@chromium.org
I guess https://codereview.chromium.org/2047313004 didn't fix everything?

Comment 6 by petrcermak@chromium.org, Jul 18 2016

Blocking: 589726
Cc: petrcermak@chromium.org
Labels: -Pri-3 Pri-2
This is causing issues in the CNN story in System Health benchmark smoke tests https://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/264178/steps/telemetry_perf_unittests%20%28with%20patch%29%20on%20Ubuntu-12.04/logs/stdio:

  ASSERTION FAILED: m_state == Detached || !m_isPromiseCalled || !getScriptState()->contextIsValid() || !getExecutionContext() || getExecutionContext()->activeDOMObjectsAreStopped()
  ../../third_party/WebKit/Source/bindings/core/v8/ScriptPromiseResolver.h(53) : virtual blink::ScriptPromiseResolver::~ScriptPromiseResolver()
  1   0x7f8ed832135c
  2   0x7f8ed831e2f1
  3   0x7f8ed831e548
  4   0x7f8ed832b95b
  5   0x7f8ed832b4c3
  6   0x7f8ed831a2fd
  7   0x7f8ed832ba31
  8   0x7f8edb6f4104
  9   0x7f8edb6f2c59
  10  0x7f8ed97c3609
  11  0x7f8ed9753425
  12  0x7f8ed9753738
  13  0x7f8ed9753a7b
  14  0x7f8ed975512e
  15  0x7f8ed9752f21
  16  0x7f8ed9776050
  17  0x7f8ed91804ea
  18  0x7f8ed937214b
  19  0x7f8ed93729f2
  20  0x7f8ed9373443
  21  0x7f8ed9371d10
  22  0x7f8ed699847b ChromeMain
  23  0x7f8ecf9e67ed __libc_start_main
  24  0x7f8ed699834d

Comment 7 by mlamouri@chromium.org, Jul 20 2016

Cc: -mlamouri@chromium.org
Owner: mlamouri@chromium.org
Status: Started (was: Available)
I have a CL that at least makes the crash way less common*. I will take a bit more time to dig more and if I can't find anything, will upload.

*It's hard to know the exact origin of the crash because the ScriptPromiseResolver doesn't have an owner and the stack shows nothing.

Comment 8 by mlamouri@chromium.org, Jul 22 2016

Blockedon: 630622

Comment 9 by mlamouri@chromium.org, Jul 22 2016 

I found the real cause. It's not actually related to Presentation API. The promise that never gets resolved is from video.play().

Comment 10 by petrcermak@chromium.org, Jul 22 2016 

This is great \o/ \o/ \o/ Thanks a lot for looking into it!

Comment 11 by petrcermak@chromium.org, Aug 3 2016 

mlamouri: Have you made any progress with this?

Comment 12 by mlamouri@chromium.org, Aug 3 2016 

Yes, there is a CL waiting for review. Unfortunately, the issue requires HTML spec changes so foolip@ and I have been looking into this the past few days. I believe we reached a solution we are happy with.

Comment 13 by mlamouri@chromium.org, Aug 4 2016

Labels: M-54
Status: Fixed (was: Started)
Project Member

Comment 14 by bugdroid1@chromium.org, Aug 4 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a44d109020cd88b093298afdbceacfe2a5f52502

commit a44d109020cd88b093298afdbceacfe2a5f52502
Author: petrcermak <petrcermak@chromium.org>
Date: Thu Aug 04 19:21:28 2016

[system-health] Update ID of bug blocking browse:news:cnn in desktop smoke tests

The original bug that caused the story to fail is now fixed, but another
one is still causing failures.

BUG= 622409 , 634389 

Review-Url: https://codereview.chromium.org/2210083003
Cr-Commit-Position: refs/heads/master@{#409862}

[modify] https://crrev.com/a44d109020cd88b093298afdbceacfe2a5f52502/tools/perf/benchmarks/system_health_smoke_test.py

Sign in to add a comment