Issue 681767 link

Starred by 1 user

Issue metadata

Status:	WontFix
Owner:	shimazu@chromium.org
Closed:	Aug 2017
Cc:	yangguo@chromium.org shimazu@chromium.org
Components:	Blink>JavaScript Blink>ServiceWorker
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	2
Type:	Bug

Fatal error in ../../v8/src/snapshot/deserializer.cc, line 172 -> embedded_worker_registry.cc(277)] Check failed: base::ContainsKey(process_sender_map_, process_id)

Project Member Reported by ukai@chromium.org, Jan 17 2017

Issue description

Chrome Version: 57.0.2984.0 (Developer Build) (64-bit) with dcheck_always_on=1
OS: Linux

What steps will reproduce the problem?
(1) not sure..
(2)
(3)

What is the expected result?
What happens instead?

browser crashed
#
# Fatal error in ../../v8/src/snapshot/deserializer.cc, line 172
# Check failed: reservations_[space].length() == chunk_index + 1 (2 vs. 1).
#

==== C stack trace ===============================

    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libv8_libbase.so(+0x112ee) [0x7fffeb7862ee]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libv8_libbase.so(V8_Fatal+0xdf) [0x7fffeb782bef]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libv8.so(+0x96359b) [0x7ffff334159b]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libv8.so(+0x96072c) [0x7ffff333e72c]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libv8.so(+0x31e590) [0x7ffff2cfc590]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libv8.so(v8::ScriptCompiler::CompileUnboundInternal(v8::Isolate*, v8::ScriptCompiler::Sourc
e*, v8::ScriptCompiler::CompileOptions, bool)+0x426) [0x7ffff2b6e336]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libv8.so(v8::ScriptCompiler::Compile(v8::Local<v8::Context>, v8::ScriptCompiler::Source*, v8::ScriptCompiler::CompileOptions)+0x20) [0x7ffff2b6e8f0]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(+0x68b1af) [0x7fffe94321af]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(+0x68b7d3) [0x7fffe94327d3]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(+0x68b763) [0x7fffe9432763]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(blink::V8ScriptRunner::compileScript(v8::Local<v8::String>, WTF::String co
nst&, WTF::String const&, WTF::TextPosition const&, v8::Isolate*, blink::ScriptResource*, blink::ScriptStreamer*, blink::CachedMetadataHandler*, blink::AccessControlStatus, blink::V8CacheOptions)+0x6a5) [0x7fffe942eac5]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(blink::V8ScriptRunner::compileScript(blink::ScriptSourceCode const&, v8::I
solate*, blink::AccessControlStatus, blink::V8CacheOptions)+0xe7) [0x7fffe942e3d7]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(blink::ScriptController::executeScriptAndReturnValue(v8::Local<v8::Context
>, blink::ScriptSourceCode const&, blink::AccessControlStatus)+0xfb) [0x7fffe93dc8bb]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(blink::ScriptController::evaluateScriptInMainWorld(blink::ScriptSourceCode
 const&, blink::AccessControlStatus, blink::ScriptController::ExecuteScriptPolicy)+0xae) [0x7fffe93de10e]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(blink::ScriptController::executeScriptInMainWorld(blink::ScriptSourceCode 
const&, blink::AccessControlStatus)+0x38) [0x7fffe93de238]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(blink::ScriptLoader::doExecuteScript(blink::ScriptSourceCode const&)+0x604
) [0x7fffe97ef3b4]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(blink::ScriptLoader::execute()+0x187) [0x7fffe97efcf7]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_core.so(blink::ScriptRunner::executeTask()+0x3a) [0x7fffe97f16ca]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so(base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+0xde) [0x7ffff7a4e52e]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_platform.so(blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, blink::scheduler::LazyNow*)+0x4e0) [0x7ffff1a8ba00]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_platform.so(blink::scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool)+0x28
4) [0x7ffff1a8a2f4]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libblink_platform.so(+0x2ee1ab) [0x7ffff1a8d1ab]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so(base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+0xde) [0x7ffff7a4e52e]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so(base::MessageLoop::RunTask(base::PendingTask*)+0x1bd) [0x7ffff7a7f5ad]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so(base::MessageLoop::DoWork()+0x216) [0x7ffff7a7ff46]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so(base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+0x109) [0x7ffff7a819
a9]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so(base::MessageLoop::RunHandler()+0x175) [0x7ffff7a7f305]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so(base::RunLoop::Run()+0x8c) [0x7ffff7ab365c]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so(+0x102e528) [0x7ffff58ba528]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so(+0x1183bb7) [0x7ffff5a0fbb7]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so(+0x11842e8) [0x7ffff5a102e8]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so(+0x1184d06) [0x7ffff5a10d06]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so(content::ContentMain(content::ContentMainParams const&)+0x30) [0x7ffff5a0f750
]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/chrome --type=renderer --field-trial-handle=1 --primordial-pipe-token=3A2E87FE0BF27DB8493A554F81620871 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,di(ChromeMain+0x81) [0x555555ac2381]
    /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5) [0x7fffee0a4f45]
    /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/chrome --type=renderer --field-trial-handle=1 --primordial-pipe-token=3A2E87FE0BF27DB8493A554F81620871 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,di(+0x56e219) [0x555555ac2219]
Received signal 4 ILL_ILLOPN 7fffeb78504f
Received signal 11 SEGV_MAPERR 003000000020

[14320:14371:0117/170330.915916:FATAL:embedded_worker_registry.cc(277)] Check failed: base::ContainsKey(process_sender_map_, process_id).
Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffd2b2b700 (LWP 14371)]
0x00007fffee0b9c37 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  0x00007fffee0b9c37 in __GI_raise (sig=sig@entry=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007fffee0bd028 in __GI_abort () at abort.c:89
#2  0x00007ffff7a4b782 in base::debug::BreakDebugger() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#3  0x00007ffff7a72152 in logging::LogMessage::~LogMessage() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#4  0x00007ffff556c5f8 in content::EmbeddedWorkerRegistry::BindWorkerToProcess(int, int) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#5  0x00007ffff55657f6 in content::EmbeddedWorkerInstance::SendMojoStartWorker(std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#6  0x00007ffff55694b9 in content::EmbeddedWorkerInstance::StartTask::SendMojoStartWorker(std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#7  0x00007ffff5568bca in content::EmbeddedWorkerInstance::StartTask::OnSetupOnUICompleted(std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >, bool, int, bool) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#8  0x00007ffff55693ce in void base::internal::FunctorTraits<void (content::EmbeddedWorkerInstance::StartTask::*)(std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >, bool, int, bool
), void>::Invoke<base::WeakPtr<content::EmbeddedWorkerInstance::StartTask> const&, std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >, bool const&, int, bool>(void (content::EmbeddedWorkerInstance::StartTask::*)(std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >, bool, int, bool), 
base::WeakPtr<content::EmbeddedWorkerInstance::StartTask> const&, std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >&&, bool const&, int&&, bool&&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#9  0x00007ffff55692a7 in void base::internal::Invoker<base::internal::BindState<void (content::EmbeddedWorkerInstance::StartTask::*)(std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >, bool, int, bool), base::WeakPtr<content::EmbeddedWorkerInstance::StartTask>, base::internal::PassedWrapper<std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> > >, bool>, void (int, bool)>::RunImpl<void (content::EmbeddedWorkerInstance::StartTask::* const&)(std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >, bool, int, bool), std::tuple<base::WeakPtr<content::EmbeddedWorkerInstance::StartTask>, base::internal::PassedWrapper<std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> > >, bool> const&, 0ul, 1ul, 2ul>(void (content::EmbeddedWorkerInstance::StartTask::* const&)(std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> >, bool, int, bool), std::tuple<base::WeakPtr<content::EmbeddedWorkerInstance::StartTask>, base::internal::PassedWrapper<std::unique_ptr<content::EmbeddedWorkerStartParams, std::default_delete<content::EmbeddedWorkerStartParams> > >, bool> const&, base::IndexSequence<0ul, 1ul, 2ul>, int&&, bool&&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#10 0x00007ffff55691b9 in void base::internal::FunctorTraits<base::Callback<void (int, bool), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, void>::Invoke<base::Callback<void (int, bool), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int const&, bool const&>(base::Callback<void (int, bool), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, int const&, bool const&) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#11 0x00007ffff7a4e52e in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#12 0x00007ffff7a7f5ad in base::MessageLoop::RunTask(base::PendingTask*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#13 0x00007ffff7a7ff46 in base::MessageLoop::DoWork() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#14 0x00007ffff7a83059 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#15 0x00007ffff7a7f305 in base::MessageLoop::RunHandler() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#16 0x00007ffff7ab365c in base::RunLoop::Run() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#17 0x00007ffff7aef8ec in base::Thread::Run(base::RunLoop*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#18 0x00007ffff522c965 in content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#19 0x00007ffff522cb13 in content::BrowserThreadImpl::Run(base::RunLoop*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libcontent.so
#20 0x00007ffff7aefde8 in base::Thread::ThreadMain() ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#21 0x00007ffff7ae778c in base::(anonymous namespace)::ThreadFunc(void*) ()
   from /usr/local/google/home/ukai/src/chromium-git/src/out.0/Release/./libbase.so
#22 0x00007ffff7bc4184 in start_thread (arg=0x7fffd2b2b700)
    at pthread_create.c:312
#23 0x00007fffee17d37d in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111


Please use labels and text to provide additional information.


For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.

Comment 1 by falken@chromium.org, Jan 17 2017

Components: -Blink>Workers Blink>ServiceWorker

The second check is a service worker bug, not sure why the first one also is happening.

Comment 2 by nhiroki@chromium.org, Jan 20 2017

Labels: -Pri-3 Pri-2
Owner: shimazu@chromium.org
Status: Assigned (was: Untriaged)

shimazu@, can you take a look at this?

Comment 3 by yangguo@chromium.org, Jan 20 2017

The assertion failure suggests that the code cache is corrupted. What failed is a sanity check that the full cache data has been read.

Comment 4 by falken@chromium.org, Jan 20 2017

Ah interesting. The code cache sanity check must have killed the process, and then the embedded worker registry check failed because the process id must have been removed from the registry. So it sounds like SendMojoStartWorker must be resilient to if the process crashed when starting up the worker (maybe another worker in the same process crashed it?).

Comment 5 by falken@chromium.org, Aug 3 2017

Status: WontFix (was: Assigned)

A lot has changed here. Notably https://codereview.chromium.org/2637743002 removed the failing DCHECK.

►

Issue 681767 link

Issue metadata

Fatal error in ../../v8/src/snapshot/deserializer.cc, line 172 -> embedded_worker_registry.cc(277)] Check failed: base::ContainsKey(process_sender_map_, process_id)

Issue description

Comment 1 by falken@chromium.org, Jan 17 2017

Comment 1 Deleted

Comment 2 by nhiroki@chromium.org, Jan 20 2017

Comment 2 Deleted

Comment 3 by yangguo@chromium.org, Jan 20 2017

Comment 3 Deleted

Comment 4 by falken@chromium.org, Jan 20 2017

Comment 4 Deleted

Comment 5 by falken@chromium.org, Aug 3 2017

Comment 5 Deleted

Sign in to add a comment