Issue metadata
Sign in to add a comment
|
Chrome: Crash Report - content::UtilityProcessMojoClient<chrome::mojom::FilePatcher>::Start |
||||||||||||||||||||||
Issue descriptionProduct name: Chrome_Mac Magic Signature: base::ThreadTaskRunnerHandle::Get Current link: https://crash.corp.google.com/browse?q=reportid%3D'9ddc992080000000'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'base%3A%3AThreadTaskRunnerHandle%3A%3AGet'&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#3 Search properties: reportid: 9ddc992080000000 Metadata : Product Name: Chrome_Mac Product Version: 57.0.2962.0 Report ID: 9ddc992080000000 Report Time: Sun, 25 Dec 2016 17:10:06 GMT Uptime: 363000 ms Cumulative Uptime: 0 ms User Email: OS Name: Mac OS X OS Version: 10.12.2 16C67 CPU Architecture: amd64 CPU Info: family 6 model 42 stepping 7 Stack trace: ============ Thread 41 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000000 ] MAGIC SIGNATURE THREAD Stack Quality76%Show frame trust levels 0x00000001069afd93 (Google Chrome Framework -ref_counted.h:283 ) base::ThreadTaskRunnerHandle::Get() 0x0000000106524366 (Google Chrome Framework -utility_process_mojo_client.h:59 ) content::UtilityProcessMojoClient<chrome::mojom::FilePatcher>::Start() 0x0000000106523fd8 (Google Chrome Framework -component_patcher_operation_out_of_process.cc:55 ) component_updater::ChromeOutOfProcessPatcher::Patch(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, scoped_refptr<base::SequencedTaskRunner>, base::FilePath const&, base::FilePath const&, base::FilePath const&, base::Callback<void (int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>) 0x0000000107de7062 (Google Chrome Framework -component_patcher_operation.cc:201 ) update_client::DeltaUpdateOpPatch::DoRun(base::Callback<void (update_client::UnpackerError, int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) 0x0000000107de68c7 (Google Chrome Framework -component_patcher_operation.cc:92 ) update_client::DeltaUpdateOp::Run(base::DictionaryValue const*, base::FilePath const&, base::FilePath const&, scoped_refptr<update_client::CrxInstaller> const&, base::Callback<void (update_client::UnpackerError, int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, scoped_refptr<base::SequencedTaskRunner> const&) 0x0000000107de61e9 (Google Chrome Framework -component_patcher.cc:98 ) update_client::ComponentPatcher::PatchNextFile() 0x0000000107de5f2b (Google Chrome Framework -component_patcher.cc:73 ) update_client::ComponentPatcher::StartPatching() 0x000000010693b810 (Google Chrome Framework -callback.h:68 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010699f40b (Google Chrome Framework -task_tracker.cc:303 ) base::internal::TaskTracker::PerformRunTask(std::__1::unique_ptr<base::internal::Task, std::__1::default_delete<base::internal::Task> >) 0x000000010699f5fa (Google Chrome Framework -task_tracker_posix.cc:26 ) base::internal::TaskTrackerPosix::PerformRunTask(std::__1::unique_ptr<base::internal::Task, std::__1::default_delete<base::internal::Task> >) 0x000000010699efe8 (Google Chrome Framework -task_tracker.cc:265 ) base::internal::TaskTracker::RunTask(std::__1::unique_ptr<base::internal::Task, std::__1::default_delete<base::internal::Task> >, base::SequenceToken const&) 0x000000010699a09c (Google Chrome Framework -scheduler_worker.cc:84 ) base::internal::SchedulerWorker::Thread::ThreadMain() 0x00000001069a9af6 (Google Chrome Framework -platform_thread_posix.cc:71 ) base::(anonymous namespace)::ThreadFunc(void*) 0x00007fffc1351aaa (libsystem_pthread.dylib + 0x00003aaa ) _pthread_body 0x00007fffc13519f6 (libsystem_pthread.dylib + 0x000039f6 ) _pthread_start 0x00007fffc13511fc (libsystem_pthread.dylib + 0x000031fc ) thread_start 0x00000001069a9a9f (Google Chrome Framework + 0x019eaa9f ) Link to the list of the builds: ================================ https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27browser%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27base%3A%3AThreadTaskRunnerHandle%3A%3AGet%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D Note: ===== 1. Canary is supercrashy and 4/3 digits of crashes are seen on recent canary of Windows and Mac. This is #1 browser crash on the latest canary since this spiked in #57.0.2961.0. Considering below as the changelog: ==================================== https://chromium.googlesource.com/chromium/src/+log/57.0.2960.0..57.0.2961.0?pretty=fuller&n=10000 Based on the code search on 'component_patcher_operation_out_of_process.cc' suspecting: https://codereview.chromium.org/2566053002. Looks like Noel and other Devs(reviewers) are out until January. Looping Stability sheriff and Devs from reviewers list for help in reverting the CL until the Fix is landed.
,
Dec 25 2016
users are talking about this on reddit too - https://pay.reddit.com/r/chrome/comments/5k7zpq/help_0xc0000005_error_every_5_minutes/ please revert CL as soon as possible, I'll probably go ahead and start reverting ThreadTaskRunner CLs soon. Merry Christmas.
,
Dec 25 2016
Issue 676898 has been merged into this issue.
,
Dec 25 2016
the initial triage was correct - I am going ahead and reverting https://codereview.chromium.org/2566053002 to fix Canary for a happy noel.
,
Dec 25 2016
,
Dec 25 2016
Issue 676962 has been merged into this issue.
,
Dec 25 2016
Issue 676961 has been merged into this issue.
,
Dec 25 2016
The crashing is actually a christmass easter egg ???
,
Dec 25 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/53919401199f8cc8c0e5042dd9c0fc9716825a1c commit 53919401199f8cc8c0e5042dd9c0fc9716825a1c Author: wfh <wfh@chromium.org> Date: Sun Dec 25 21:30:26 2016 Revert of Convert utility process out-of-process file patching to mojo (patchset #15 id:420001 of https://codereview.chromium.org/2566053002/ ) Reason for revert: broke component updater - see crbug.com/676960 Original issue's description: > Convert utility process out-of-process file patching to mojo > > Define interface chrome::mojom::FilePatcher for out-of-process file > patching. Add that interface to the utility process, and expose the > interface to the browser process by mojo policy [1]. > > ChromeOutOfProcessPatcher: remove PatchHost() helper class, replace > it with a content::UtilityProcessMojoClient() and use that to start > and stop the utility process needed for out-of-process file patches > and to perform out-of-process file patches using mojo calls, rather > than IPC::Send(). > > Add a in-process browser test for the ChromeOutOfProcessPatcher (it > had no tests http://bit.ly/2h8mafX it seems). Copy the golden files > to random locations (input_file, patch_file) and patch them: checks > the patched output_file matches the golden output file. > > Delete all the IPC related to out-of-process file patching since we > no longer use them, we use chrome::mojom::FilePatcher instead. > > [1] chrome_content_utility_manifest_overlay.json > > TBR=waffles@chromium.org > BUG= 597124 , 660325 > > Committed: https://crrev.com/32afc44b332255130c247e3bfc4a27261d11ddfb > Cr-Commit-Position: refs/heads/master@{#440601} TBR=jochen@chromium.org,dcheng@chromium.org,sammc@chromium.org,tibell@chromium.org,waffles@chromium.org,sorin@chromium.org,noel@chromium.org # Not skipping CQ checks because original CL landed more than 1 days ago. BUG= 597124 , 660325 , 676960 Review-Url: https://codereview.chromium.org/2599393002 Cr-Commit-Position: refs/heads/master@{#440686} [modify] https://crrev.com/53919401199f8cc8c0e5042dd9c0fc9716825a1c/chrome/browser/chrome_content_utility_manifest_overlay.json [modify] https://crrev.com/53919401199f8cc8c0e5042dd9c0fc9716825a1c/chrome/browser/component_updater/component_patcher_operation_out_of_process.cc [modify] https://crrev.com/53919401199f8cc8c0e5042dd9c0fc9716825a1c/chrome/browser/component_updater/component_patcher_operation_out_of_process.h [delete] https://crrev.com/79c889974fa1506fa36408f2bf4538f4a7ca70cf/chrome/browser/component_updater/component_patcher_operation_out_of_process_browsertest.cc [modify] https://crrev.com/53919401199f8cc8c0e5042dd9c0fc9716825a1c/chrome/common/BUILD.gn [modify] https://crrev.com/53919401199f8cc8c0e5042dd9c0fc9716825a1c/chrome/common/chrome_utility_messages.h [delete] https://crrev.com/79c889974fa1506fa36408f2bf4538f4a7ca70cf/chrome/common/file_patcher.mojom [modify] https://crrev.com/53919401199f8cc8c0e5042dd9c0fc9716825a1c/chrome/test/BUILD.gn [modify] https://crrev.com/53919401199f8cc8c0e5042dd9c0fc9716825a1c/chrome/utility/chrome_content_utility_client.cc
,
Dec 25 2016
Is update 57.0.2962.0 the update that fixes the bug?
,
Dec 25 2016
Here's new "Signed Tree Heads" to bypass the crashing.
,
Dec 26 2016
Thanks again rra already reinstalled normal chrome to get my own source. but nice of you to share yours :D
,
Dec 26 2016
Experiencing the similar crashes after updating to Canary 57.0.2962.0, on Windows 10, 64-bit.
,
Dec 26 2016
Experiencing the similar crashes after updating to Canary 57.0.2962.0 on Windows 10, 64-bit.
,
Dec 26 2016
Issue 676991 has been merged into this issue.
,
Dec 26 2016
Issue 676986 has been merged into this issue.
,
Dec 26 2016
Issue 676973 has been merged into this issue.
,
Dec 26 2016
Issue 676971 has been merged into this issue.
,
Dec 26 2016
Issue 676959 has been merged into this issue.
,
Dec 26 2016
Issue 676947 has been merged into this issue.
,
Dec 26 2016
Issue 676946 has been merged into this issue.
,
Dec 26 2016
Issue 676945 has been merged into this issue.
,
Dec 26 2016
Issue 676938 has been merged into this issue.
,
Dec 26 2016
Issue 676932 has been merged into this issue.
,
Dec 26 2016
Issue 676929 has been merged into this issue.
,
Dec 26 2016
Issue 676928 has been merged into this issue.
,
Dec 26 2016
Issue 676927 has been merged into this issue.
,
Dec 26 2016
Issue 676922 has been merged into this issue.
,
Dec 26 2016
Issue 676899 has been merged into this issue.
,
Dec 26 2016
Issue 676833 has been merged into this issue.
,
Dec 26 2016
Revert is successful and no crashes on the latest canary(57.0.2963.0) of Windows and Mac observed so far.
,
Dec 26 2016
I removed the Head Tree folder to allow for a component update of it and it didn't crash when I checked update on Windows, thanks for the quick fix.
,
Dec 26 2016
,
Dec 26 2016
+task scheduler owners Is there high level documentation of how the base/task_scheduler interfaces work/example usage? I guess this is crashing because we never set the TTTH, but naively, I would have expected this to work.
,
Dec 27 2016
IIUC the core issue here is that it's not possible to use ThreadTaskRunnerHandle::Get from the blocking pool, because there is no SingleThreadTaskRunner associated with an individual blocking pool thread. So sounds like we cannot start mojo services from the blocking pool? In the component updater we run almost everything on either the UI thread (via a SingleThreadTaskRunner fetched from ThreadTaskRunnerHandle::Get) or via a SequencedTaskRunner which in practice represents tasks in the blocking pool.
,
Dec 28 2016
I see, so this code should be using SequencedTaskRunnerHandle instead of ThreadTaskRunnerHandle. (This doesn't change my request for more documentation though =)
,
Jan 3 2017
#35 "So sounds like we cannot start mojo services from the blocking pool?" Yes, it seems we cannot. sammc@ looked at the current issue over the holiday break and had the same conclusion: that mojo bindings do not work on the blocking pool currently. "or via a SequencedTaskRunner which in practice represents tasks in the blocking pool" Yeap + thanks for these details: Block'n pool and mojo don't play well at this time, so we'll need to fix that first, before we try to mojo the file patcher IPC again ...
,
Jan 3 2017
,
Jan 5 2017
Right, we're looking to "sequencify" core APIs (base, a few components, pieces of net/, and mojo). By this we mean, make them usable from a sequence. Most impls aren't truly thread-affine, they're merely thread-unsafe (but a sequence provides thread-safety so that's okay). Pretty much any impl that doesn't use TLS should use SequenceChecker instead of ThreadChecker/manual PlatformThreadId checking (and SequencedTaskRunnerHandle instead of ThreadTaskRunnerHandle, etc.). In order for this to work, it needs to be the case all the way down the stack, hence we're taking the task on ourselves to update the leaf/core APIs. @dcheng: happy to document this, what is unclear in the current API you think and where would you expect to find such documentation?
,
Jan 5 2017
@gab: our documentation is pretty scattered, but one place might be https://www.chromium.org/developers/coding-style/important-abstractions-and-data-structures#TOC-TaskRunner-SequencedTaskRunner-SingleThreadTaskRunner? All the info in there is still largely thread-oriented rather than sequence-oriented. There's also https://www.chromium.org/developers/design-documents/threading, etc. (For me, I learned that that we have a new thing called SequencedTaskRunnerHandle, since the prevailing idiom is ThreadTaskRunnerHandle. It makes sense... but it's also relatively unknown, I feel.)
,
Jan 5 2017
Right, we plan to update all the ThreadChecker/ThreadTaskRunnerHandle/etc headers with a comment stating that this is "probably not what you want". But we thought we should finish sequencification of the core APIs first ( issue 675631 -- otherwise anyone using those has to play by the old rules anyways).
,
Jan 5 2017
I'll look into updating the docs on chromium.org. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by sheriffbot@chromium.org
, Dec 25 2016