New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 660973 link

Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Nov 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Crash in blink::scheduler::TaskQueueManager::UpdateWorkQueues (Mac)

Project Member Reported by shrike@chromium.org, Oct 31 2016

Issue description

Zero crashes in M53 stable, but now we're getting them in M54 stable (54.0.2840.71).

alexclarke@ - it looks like you touched this code recently. Would you please take a look?


0x000000010a5c5d63	(Google Chrome Framework -__tree:142 )	blink::scheduler::TaskQueueManager::UpdateWorkQueues(bool, blink::scheduler::internal::TaskQueueImpl::Task const*, blink::scheduler::LazyNow)
0x000000010a5c52bf	(Google Chrome Framework -task_queue_manager.cc:205 )	blink::scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool)
0x000000010810125a	(Google Chrome Framework -callback.h:388 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
0x000000010812306b	(Google Chrome Framework -message_loop.cc:488 )	base::MessageLoop::RunTask(base::PendingTask const&)
0x00000001081233ab	(Google Chrome Framework -message_loop.cc:497 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
0x0000000108123752	(Google Chrome Framework -message_loop.cc:621 )	base::MessageLoop::DoWork()
0x00000001081258dc	(Google Chrome Framework -message_pump_mac.mm:330 )	base::MessagePumpCFRunLoopBase::RunWork()
0x0000000108119489	(Google Chrome Framework + 0x018b8489 )	base::mac::CallWithEHFrame(void () block_pointer)
0x00000001081252e3	(Google Chrome Framework -message_pump_mac.mm:306 )	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fff8664da00	(CoreFoundation + 0x00080a00 )	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00007fff8663fb8c	(CoreFoundation + 0x00072b8c )	__CFRunLoopDoSources0
0x00007fff8663f1be	(CoreFoundation + 0x000721be )	__CFRunLoopRun
0x00007fff8663ebd7	(CoreFoundation + 0x00071bd7 )	CFRunLoopRunSpecific
0x00007fff91c33a58	(Foundation + 0x00090a58 )	-[NSRunLoop(NSRunLoop) runMode:beforeDate:]
0x0000000108125f5d	(Google Chrome Framework -message_pump_mac.mm:608 )	base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*)
0x0000000108125733	(Google Chrome Framework -message_pump_mac.mm:238 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000108140050	(Google Chrome Framework -run_loop.cc:35 )	base::RunLoop::Run()
0x000000010b883b79	(Google Chrome Framework -renderer_main.cc:198 )	content::RendererMain(content::MainFunctionParams const&)
0x0000000107ca3b89	(Google Chrome Framework -content_main_runner.cc:786 )	content::ContentMainRunnerImpl::Run()
0x0000000107ca2db5	(Google Chrome Framework -content_main.cc:20 )	content::ContentMain(content::ContentMainParams const&)
0x0000000106864449	(Google Chrome Framework -chrome_main.cc:85 )	ChromeMain
0x000000010682ad59	(Google Chrome Helper -chrome_exe_main_mac.c:85 )	main
0x000000010682ab43	(Google Chrome Helper + 0x00000b43 )	start
 

Comment 1 by shrike@chromium.org, Oct 31 2016

Owner: tdres...@chromium.org
Looks like tdresser@ is a better choice. Flagged by the crash system:

https://chromium.googlesource.com/chromium/src.git/+/06f261ea4b8db484ffd50d96676dd34e203fa626


Cc: ligim...@chromium.org
Components: Blink>Scheduling
Labels: Stability-Crash M-54 OS-Windows
This is a regression in M54. Crashes are reported in Win & Mac. The reports in mac are specific to 10.10 (Yosemite).

In latest M54- 54.0.2840.71, crash rate is 2.19% with 3917 reports only from 3 unique clients.

Link to the builds which introduced the crash:

https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3Ascheduler%3A%3ATaskQueueManager%3A%3AUpdateWorkQueues%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:5,productversion:1000,osversion

The Client IDs are suspicious with one of them having 94.77% and the next nearest with 0.12%.

I honestly have no idea why it should be crashing inside TaskQueueManager::UpdateWorkQueues the TimeDomains have roughly the same lifetime as the renderer and there's nothing I can see to suggest shutdown.
Cc: tdres...@chromium.org
Owner: alexclarke@chromium.org
Alex, can you take a look at this? I suspect you've got more context here than I have.
Cc: skyos...@chromium.org
Not sure what to do with this one.  There's no obvious root cause and the impact seems limited primarily to a single user.
I should mention as well that I don't have a way to reproduce this.
Just to update:

This crash is seen on win in latest stable version 54.0.2840.87 with 4 instaces from 4 different client ids

56.0.2906.0	0.02%	1	Dev
56.0.2902.0	0.05%	2	
55.0.2883.28	0.05%	2	Prev beta
55.0.2883.21	0.05%	2	
55.0.2883.11	0.05%	2	
55.0.2882.4	0.02%	1	
55.0.2873.0	0.02%	1	
55.0.2864.0	0.02%	1	
55.0.2859.0	0.10%	4	
55.0.2858.0	0.02%	1	
55.0.2853.0	0.14%	6	
55.0.2847.0	0.02%	1	
54.0.2840.87	0.10%	4	from 4 unique client Ids
54.0.2840.71	97.59%	4087	
54.0.2840.68	0.33%	14	
54.0.2840.59	0.62%	26	
54.0.2840.50	0.10%	4	
54.0.2840.42	0.02%	1

Link to the builds:
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3Ascheduler%3A%3ATaskQueueManager%3A%3AUpdateWorkQueues%27%20AND%20product.name%3D%27Chrome%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:5,productversion:1000

No instances on latest stable version 54.0.2840.87 on mac

Link to the builds:
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3Ascheduler%3A%3ATaskQueueManager%3A%3AUpdateWorkQueues%27%20AND%20product.name%3D%27Chrome_Mac%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D
Status: Fixed (was: Assigned)
Tentatively marking as fixed, there have been no reports since 56.0.2906.0 and we're on 56.0.2915.0 now.  It's probable one of these patches helped:

https://codereview.chromium.org/2478113002/
https://codereview.chromium.org/2487343004/
https://codereview.chromium.org/2494493003/

Sign in to add a comment