Issue metadata
Sign in to add a comment
|
Crash: content::EmbeddedWorkerDispatcher::OnStopWorker |
||||||||||||||||||||||
Issue descriptionCrash Signature: content::EmbeddedWorkerDispatcher::OnStopWorker Process Type: Renderer Platform: Win Channel: Canary Version: 56.0.2891.0 Distinct Clients: 26 CPM: 0.37 Crash Reports: 30 Median Uptime: 09h:04m Infected Clients: 13.33% Sample Reports: https://crash.corp.google.com/browse?q=reportid=%27d074c63b00000000%27 https://crash.corp.google.com/browse?q=reportid=%27daab803b00000000%27 https://crash.corp.google.com/browse?q=reportid=%27f17a623b00000000%27 https://crash.corp.google.com/browse?q=reportid=%27f542a9d900000000%27 https://crash.corp.google.com/browse?q=reportid=%27f82131d900000000%27 Crash Link: https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20AND%20product.version%3D%2756.0.2891.0%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27content%3A%3AEmbeddedWorkerDispatcher%3A%3AOnStopWorker%27 Crash Link (with version impact distribution): https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27content%3A%3AEmbeddedWorkerDispatcher%3A%3AOnStopWorker%27 Crash Stacktrace: ACCESS_VIOLATION_READ (0x8) #0 0x7ffbfdd495f4 in content::EmbeddedWorkerDispatcher::OnStopWorker content/renderer/service_worker/embedded_worker_dispatcher.cc:85 #1 0x7ffbfdd48d0d in IPC::MessageT<EmbeddedWorkerMsg_StopWorker_Meta,std::tuple<int>,void>::Dispatch<content::EmbeddedWorkerDispatcher,content::EmbeddedWorkerDispatcher,void,void ipc/ipc_message_templates.h:121 #2 0x7ffbfcc2314a in content::EmbeddedWorkerDispatcher::OnMessageReceived content/renderer/service_worker/embedded_worker_dispatcher.cc:48 #3 0x7ffbfc31aa7b in content::RenderThreadImpl::OnControlMessageReceived content/renderer/render_thread_impl.cc:1729 #4 0x7ffbfc31af42 in content::ChildThreadImpl::OnMessageReceived content/child/child_thread_impl.cc:758 #5 0x7ffbfc31ae07 in IPC::ChannelProxy::Context::OnDispatchMessage ipc/ipc_channel_proxy.cc:339 #6 0x7ffbfbe47407 in base::debug::TaskAnnotator::RunTask base/debug/task_annotator.cc:52 #7 0x7ffbfbe4663c in blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue third_party/webkit/source/platform/scheduler/base/task_queue_manager.cc:357 #8 0x7ffbfbe45354 in blink::scheduler::TaskQueueManager::DoWork third_party/webkit/source/platform/scheduler/base/task_queue_manager.cc:250 #9 0x7ffbfc519cd2 in base::internal::Invoker<base::internal::BindState<void base/bind_internal.h:339 #10 0x7ffbfbe47407 in base::debug::TaskAnnotator::RunTask base/debug/task_annotator.cc:52 #11 0x7ffbfbe46307 in base::MessageLoop::RunTask base/message_loop/message_loop.cc:413 #12 0x7ffbfbe47f40 in base::MessageLoop::DoWork base/message_loop/message_loop.cc:515 #13 0x7ffbfbe47bfc in base::MessagePumpDefault::Run base/message_loop/message_pump_default.cc:35 #14 0x7ffbfc354b2a in base::RunLoop::Run base/run_loop.cc:35 #15 0x7ffbfc5ae090 in content::RendererMain content/renderer/renderer_main.cc:198 #16 0x7ffbfbeaff77 in content::RunNamedProcessTypeMain content/app/content_main_runner.cc:408 #17 0x7ffbfbeb0189 in content::ContentMainRunnerImpl::Run content/app/content_main_runner.cc:776 #18 0x7ffbfbeb1364 in content::ContentMain content/app/content_main.cc:20 #19 0x7ffbfbeb11ca in ChromeMain chrome/app/chrome_main.cc:97 #20 0x7ff78fbf7618 in MainDllLoader::Launch chrome/app/main_dll_loader_win.cc:174 #21 0x7ff78fbf20aa in wWinMain chrome/app/chrome_exe_main_win.cc:245 #22 0x7ff78fc81362 in __scrt_common_main_seh startup/exe_common.inl:253 #23 0x7ffc4af78363 in BaseThreadInitThunk #24 0x7ffc4d0c5e90 in RtlUserThreadStart Reporter: ajha
,
Oct 19 2016
Crashes first appeared in M-56 from chrome version: 56.0.2889.0 and seen both on Windows and Mac. Considering below as the changelog: =================================== https://chromium.googlesource.com/chromium/src/+log/56.0.2888.0..56.0.2889.0?pretty=fuller&n=10000 Suspected change: https://codereview.chromium.org/2307543002 from the above regression range. shimazu@: Please take a look at these crashes. Thanks in advance!
,
Oct 20 2016
OnStopWorker is called only from the legacy IPC, so I guess mojofication itself wasn't the main reason. I'll dig deeper into this issue.
,
Oct 20 2016
This should be caused by the CL ( https://crrev.com/2307543002 ): https://codereview.chromium.org/2307543002/diff/140001/content/renderer/service_worker/embedded_worker_dispatcher.cc#pair-87 OnStopWorker will be called twice if: - Sending a StartWorker message (with setting 30s timer) - Triggering the timeout while executing a task which posts base::Bind(&SWVersion::StopWorker) - SWVersion::OnTimeoutTimer sends the StopWorker IPC (due to status() == STARTING) - SWVersion::StopWorker sends the StopWorker IPC (due to empty |stop_callbacks_|)
,
Oct 21 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/68901f8eedbd1b57de647f713198e9518d962ec0 commit 68901f8eedbd1b57de647f713198e9518d962ec0 Author: shimazu <shimazu@chromium.org> Date: Fri Oct 21 02:51:23 2016 ServiceWorker: check if StopWorker is called twice StopWorker might be called twice when a long running StartWorker triggers a timeout handler on the browser process while SWVersion::StopWorker is already enqueued. BUG= 657232 Review-Url: https://chromiumcodereview.appspot.com/2430403005 Cr-Commit-Position: refs/heads/master@{#426707} [modify] https://crrev.com/68901f8eedbd1b57de647f713198e9518d962ec0/content/renderer/service_worker/embedded_worker_dispatcher.cc [modify] https://crrev.com/68901f8eedbd1b57de647f713198e9518d962ec0/content/renderer/service_worker/embedded_worker_instance_client_impl.cc
,
Oct 21 2016
This path will land on 56.0.2897.0. Let's keep track the crash dashboard for a few days.
,
Oct 26 2016
The patch #5 is in 56.0.2898.0. $ git find-releases 68901f8eedbd1b57de647f713198e9518d962ec0 commit 68901f8eedbd1b57de647f713198e9518d962ec0 was: initially in 56.0.2898.0 There is no crash after 56.0.2898.0. https://crash.corp.google.com/dremel_query_ui?q=select%20product.Version%20as%20v%2C%20count(product.Version)%20as%20c%20from%20crash.prod.latest%20where%20product.name%20CONTAINS%20%27Chrome%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27content%3A%3AEmbeddedWorkerDispatcher%3A%3AOnStopWorker%27%20group%20by%20%20v%20order%20by%20%20v%20desc
,
Mar 3 2017
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Oct 19 2016