New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 711009 link

Starred by 1 user
Status: Fixed
Owner:
reillyg@chromium.org
Closed: Jun 2017
Cc:
roc...@chromium.org
yzshen@chromium.org
reillyg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug

Blocked on:
issue 699569


Sign in to add a comment

usbDevice-iframe.html causes flaky renderer crash

Project Member Reported by reillyg@chromium.org, Apr 12 2017 
When run locally I have noticed that usbDevice-iframe.html occasionally triggers the following renderer crash:

(gdb) bt
#0  v8::base::OS::Abort () at ../../v8/src/base/platform/platform-posix.cc:255
#1  0x00007fcd308efead in OpenHandle (that=0x7fcd31322c1a, 
    allow_empty_handle=<error reading variable: access outside bounds of object referenced via synthetic pointer>) at ../../v8/src/api.h:345
#2  v8::Object::CreationContext (this=0x7fcd31322c1a) at ../../v8/src/api.cc:4987
#3  0x00007fcd2c3adf96 in blink::V8ScriptRunner::CallFunction (function=..., 
    context=0x8ecbdf9b300, receiver=..., argc=0, args=0x0, isolate=0x32b930485020)
    at ../../third_party/WebKit/Source/bindings/core/v8/V8ScriptRunner.cpp:648
#4  0x00007fcd2f2fced0 in blink::WebLocalFrameImpl::CallFunctionEvenIfScriptDisabled (
    this=0x91aa5ba1e28, function=..., receiver=..., argc=0, argv=0x0)
    at ../../third_party/WebKit/Source/web/WebLocalFrameImpl.cpp:852
#5  0x00007fcd2f2fd032 in non-virtual thunk to blink::WebLocalFrameImpl::CallFunctionEvenIfScriptDisabled(v8::Local<v8::Function>, v8::Local<v8::Value>, int, v8::Local<v8::Value>*) () at ../../third_party/WebKit/Source/platform/heap/Persistent.h:737
#6  0x00007fcd39d37e37 in content::MojoMainRunner::Call (this=0x32b930a73680, 
    function=..., receiver=..., argc=0, argv=0x0)
    at ../../content/renderer/mojo_main_runner.cc:48
#7  0x00007fcd315ca642 in gin::Timer::OnTimerFired (this=0x32b930967d40)
    at ../../gin/modules/timer.cc:74
#8  0x00007fcd315cbde7 in base::internal::FunctorTraits<void (gin::Timer::*)(), void>::Invoke<base::WeakPtr<gin::Timer> const&> (
    method=(void (gin::Timer::*)(gin::Timer * const)) 0x7fcd315ca370 <gin::Timer::OnTimerFired()>, receiver_ptr=...) at ../../base/bind_internal.h:214
#9  0x00007fcd315cbd3a in base::internal::InvokeHelper<true, void>::MakeItSo<void (gin::Timer::* const&)(), base::WeakPtr<gin::Timer> const&> (
    functor=@0x32b9308dbbc8: <error reading variable>, weak_ptr=...)
    at ../../base/bind_internal.h:305
#10 0x00007fcd315cbcc2 in base::internal::Invoker<base::internal::BindState<void (gin::Timer::*)(), base::WeakPtr<gin::Timer> >, void ()>::RunImpl<void (gin::Timer::* const&)(), std::tuple<base::WeakPtr<gin::Timer> > const&, 0ul>(void (gin::Timer::* const&)(), std::tuple<base::WeakPtr<gin::Timer> > const&, base::IndexSequence<0ul>) (
    functor=@0x32b9308dbbc8: <error reading variable>, bound=empty std::tuple)
    at ../../base/bind_internal.h:361
#11 0x00007fcd315cbc0c in base::internal::Invoker<base::internal::BindState<void (gin::Timer::*)(), base::WeakPtr<gin::Timer> >, void ()>::Run(base::internal::BindStateBase*) (
    base=0x32b9308dbba0) at ../../base/bind_internal.h:339
#12 0x00007fcd36cf701d in base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>::Run() const & (this=0x7ffc9af14ed8) at ../../base/callback.h:80
#13 0x00007fcd36f32ce2 in base::Timer::RunScheduledTask (this=0x32b930967d50)
    at ../../base/timer/timer.cc:229
#14 0x00007fcd36f32dc9 in base::BaseTimerTaskInternal::Run (this=0x32b9307b2ca0)
    at ../../base/timer/timer.cc:53
#15 0x00007fcd36d59f45 in base::internal::FunctorTraits<void (base::FileDescriptorWatcher::Controller::Watcher::*)(), void>::Invoke<base::FileDescriptorWatcher::Controller::Watcher*>(void (base::FileDescriptorWatcher::Controller::Watcher::*)(), base::FileDescriptorWatcher::Controller::Watcher*&&) (
    method=(void (base::FileDescriptorWatcher::Controller::Watcher::*)(base::FileDescriptorWatcher::Controller::Watcher * const)) 0x7fcd36f32d80 <base::BaseTimerTaskInternal::Run()>, 
    receiver_ptr=<unknown type in /src/chromium/src/out/Debug/./libbase.so, CU 0x0, DIE 0xac57>) at ../../base/bind_internal.h:214
#16 0x00007fcd36f33011 in base::internal::InvokeHelper<false, void>::MakeItSo<void (base::BaseTimerTaskInternal::* const&)(), base::BaseTimerTaskInternal*>(void (base::BaseTimerTaskInternal::* const&)(), base::BaseTimerTaskInternal*&&) (
    functor=@0x32b9307fa148: <error reading variable>, 
    args=<unknown type in /src/chromium/src/out/Debug/./libbase.so, CU 0x0, DIE 0x6995>)
    at ../../base/bind_internal.h:285
#17 0x00007fcd36f32fb7 in base::internal::Invoker<base::internal::BindState<void (base::BaseTimerTaskInternal::*)(), base::internal::OwnedWrapper<base::BaseTimerTaskInternal> >, void ()>::RunImpl<void (base::BaseTimerTaskInternal::* const&)(), std::tuple<base::internal::OwnedWrapper<base::BaseTimerTaskInternal> > const&, 0ul>(void (base::BaseTimerTaskInternal::* const&)(), std::tuple<base::internal::OwnedWrapper<base::BaseTimerTaskInternal> > const&, base::IndexSequence<0ul>) (functor=@0x32b9307fa148: <error reading variable>, 
    bound=empty std::tuple) at ../../base/bind_internal.h:361
#18 0x00007fcd36f32efc in base::internal::Invoker<base::internal::BindState<void (base::BaseTimerTaskInternal::*)(), base::internal::OwnedWrapper<base::BaseTimerTaskInternal> >, void ()>::Run(base::internal::BindStateBase*) (base=0x32b9307fa120)
    at ../../base/bind_internal.h:339
#19 0x00007fcd36d4557e in base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::Run() && (this=0x7ffc9af155f8) at ../../base/callback.h:91
#20 0x00007fcd36d44cbe in base::debug::TaskAnnotator::RunTask (this=0x32b93006da48, 
    queue_function=0x7fcd30377082 "TaskQueueManager::PostTask", 
    pending_task=0x7ffc9af155e0) at ../../base/debug/task_annotator.cc:59
#21 0x00007fcd2fccd395 in blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue (
    this=0x32b93006d920, work_queue=0x32b930536f50, is_nested=false, 
    time_before_task=..., time_after_task=0x7ffc9af15990)
    at ../../third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:539
#22 0x00007fcd2fcca2dd in blink::scheduler::TaskQueueManager::DoWork (
    this=0x32b93006d920, delayed=false)
    at ../../third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:337
#23 0x00007fcd2fcd5684 in base::internal::FunctorTraits<void (blink::scheduler::TaskQueueManager::*)(bool), void>::Invoke<base::WeakPtr<blink::scheduler::TaskQueueManager> const&, bool const&> (method=
    (void (blink::scheduler::TaskQueueManager::*)(blink::scheduler::TaskQueueManager * const, bool)) 0x7fcd2fcc9cf0 <blink::scheduler::TaskQueueManager::DoWork(bool)>, 
    receiver_ptr=..., args=@0x32b93056d208: <error reading variable>)
    at ../../base/bind_internal.h:214
#24 0x00007fcd2fcd558f in base::internal::InvokeHelper<true, void>::MakeItSo<void (blink::scheduler::TaskQueueManager::* const&)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&, bool const&> (functor=@0x32b93056d1f8: <error reading variable>, 
    weak_ptr=..., args=@0x32b93056d208: <error reading variable>)
    at ../../base/bind_internal.h:305
#25 0x00007fcd2fcd5503 in base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, bool>, void ()>::RunImpl<void (blink::scheduler::TaskQueueManager::* const&)(bool), std::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, bool> const&, 0ul, 1ul>(void (blink::scheduler::TaskQueueManager::* const&)(bool), std::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, bool> const&, base::IndexSequence<0ul, 1ul>) (
    functor=@0x32b93056d1f8: <error reading variable>, bound=empty std::tuple)
    at ../../base/bind_internal.h:361
#26 0x00007fcd2fcd541c in base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, bool>, void ()>::Run(base::internal::BindStateBase*) (base=0x32b93056d1d0)
    at ../../base/bind_internal.h:339
#27 0x00007fcd36d4557e in base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::Run() && (this=0x7ffc9af169b0) at ../../base/callback.h:91
#28 0x00007fcd36d44cbe in base::debug::TaskAnnotator::RunTask (this=0x32b9301ee000, 
    queue_function=0x7fcd3706452c "MessageLoop::PostTask", pending_task=0x7ffc9af16998)
    at ../../base/debug/task_annotator.cc:59
#29 0x00007fcd36dd4ebd in base::MessageLoop::RunTask (this=0x32b9301edde0, 
    pending_task=0x7ffc9af16998) at ../../base/message_loop/message_loop.cc:423
#30 0x00007fcd36dd5144 in base::MessageLoop::DeferOrRunPendingTask (
    this=0x32b9301edde0, pending_task=...)
    at ../../base/message_loop/message_loop.cc:434
#31 0x00007fcd36dd5434 in base::MessageLoop::DoWork (this=0x32b9301edde0)
    at ../../base/message_loop/message_loop.cc:527
#32 0x00007fcd36dec568 in base::MessagePumpDefault::Run (this=0x32b930414ca0, 
    delegate=0x32b9301edde0) at ../../base/message_loop/message_pump_default.cc:33
#33 0x00007fcd36dd4a57 in base::MessageLoop::RunHandler (this=0x32b9301edde0)
    at ../../base/message_loop/message_loop.cc:387
#34 0x00007fcd36e7732a in base::RunLoop::Run (this=0x7ffc9af174f0)
    at ../../base/run_loop.cc:37
#35 0x00007fcd39e59f7d in content::RendererMain (parameters=...)
    at ../../content/renderer/renderer_main.cc:200
#36 0x00007fcd3a28dc2d in content::RunZygote (main_function_params=..., 
    delegate=0x7ffc9af181b8) at ../../content/app/content_main_runner.cc:366
#37 0x00007fcd3a28dfe0 in content::RunNamedProcessTypeMain (
    process_type=<error reading variable: Cannot access memory at address 0x32b92fff67a0>, main_function_params=..., delegate=0x7ffc9af181b8)
    at ../../content/app/content_main_runner.cc:445
#38 0x00007fcd3a29018c in content::ContentMainRunnerImpl::Run (this=0x32b92ffde890)
    at ../../content/app/content_main_runner.cc:729
#39 0x00007fcd3a28d34a in content::ContentServiceManagerMainDelegate::Run (
    this=0x7ffc9af18150)
    at ../../content/app/content_service_manager_main_delegate.cc:36
#40 0x00007fcd27ce0be8 in service_manager::Main (params=...)
    at ../../services/service_manager/embedder/main.cc:179
#41 0x00007fcd3a28d9af in content::ContentMain (params=...)
    at ../../content/app/content_main.cc:19
#42 0x00000000004a8ab1 in main (argc=8, argv=0x7ffc9af18308)
    at ../../content/shell/app/shell_main.cc:48

Comment 1 by reillyg@chromium.org, Apr 12 2017

Labels: Stability-Crash

Comment 2 by reillyg@chromium.org, Apr 12 2017

Cc: roc...@chromium.org yzshen@chromium.org

Comment 3 by reillyg@chromium.org, Apr 12 2017

Owner: reillyg@chromium.org
Status: Assigned (was: Untriaged)

Comment 4 by reillyg@chromium.org, Apr 17 2017 

This seems similar to  issue 707689  but was not fixed by r464134.

Comment 5 by yzshen@chromium.org, May 2 2017 

Sorry for late reply!

This seems to be caused by the gin timer. We are moving away from using gin in mojo JS bindings (in this quarter). So it may not worth the effort trying to fix this. WDYT?

Comment 6 by reillyg@chromium.org, May 2 2017 

Can you mark this as blocked on the bug to replace gin for mojo JS bindings so I can verify that it is resolved when that switch happens?

Comment 7 by yzshen@chromium.org, May 2 2017

Blockedon: 699569

Comment 8 by reillyg@chromium.org, Jun 26 2017

Status: Fixed (was: Assigned)
As of r477903 WebUSB has been moved to the new Mojo JS bindings and so this issue should be resolved.

Sign in to add a comment