New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 716705 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Aug 2017
Cc:
kulshin@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

Renderers fail to start after running Chrome for a while

Project Member Reported by kulshin@chromium.org, Apr 29 2017 
Chrome Version: 57.0.2987.133 (Official Build) (32-bit)
OS: Win10

What steps will reproduce the problem?
After running Chrome for some time (varies, sometimes days, sometimes a few minutes), new renderer processes fail to start, resulting in a gray sadface tab (not even the new tab page). Existing renderers continue to work. Restarting Chrome fixes the problem, at least for a while. Repros on multiple machines, but could be something environment specific.


Procmon trace indicates that the browser does not even attempt to create a new process.

By comparing procmon traces of failure vs known-good, the divergence point appears to be in
CreateProcessAsUserW + 0x2d
sandbox::TargetProcess::Create + 0x98, c:\b\build\slave\win-pgo\build\src\sandbox\win\src\target_process.cc(112)
sandbox::BrokerServicesBase::SpawnTarget + 0x3db, c:\b\build\slave\win-pgo\build\src\sandbox\win\src\broker_services.cc(411)
content::StartSandboxedProcess + 0x45c, c:\b\build\slave\win-pgo\build\src\content\common\sandbox_win.cc(811)
content::internal::ChildProcessLauncherHelper::LaunchProcessOnLauncherThread + 0x15b, c:\b\build\slave\win-pgo\build\src\content\browser\child_process_launcher_helper_win.cc(74)
content::internal::ChildProcessLauncherHelper::LaunchOnLauncherThread + 0x65, c:\b\build\slave\win-pgo\build\src\content\browser\child_process_launcher_helper.cc(106)
base::debug::TaskAnnotator::RunTask + 0x262, c:\b\build\slave\win-pgo\build\src\base\debug\task_annotator.cc(50)
base::MessageLoop::RunTask + 0x2bb, c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc(422)
base::MessageLoop::DoWork + 0x335, c:\b\build\slave\win-pgo\build\src\base\message_loop\message_loop.cc(523)
base::MessagePumpDefault::Run + 0x98, c:\b\build\slave\win-pgo\build\src\base\message_loop\message_pump_default.cc(34)
base::RunLoop::Run + 0x9f, c:\b\build\slave\win-pgo\build\src\base\run_loop.cc(38)
base::Thread::Run + 0xb, c:\b\build\slave\win-pgo\build\src\base\threading\thread.cc(246)
content::BrowserThreadImpl::ProcessLauncherThreadRun + 0x1b, c:\b\build\slave\win-pgo\build\src\content\browser\browser_thread_impl.cc(265)
content::BrowserThreadImpl::Run + 0x6a, c:\b\build\slave\win-pgo\build\src\content\browser\browser_thread_impl.cc(307)
base::Thread::ThreadMain + 0x173, c:\b\build\slave\win-pgo\build\src\base\threading\thread.cc(331)
base::`anonymous namespace'::ThreadFunc + 0x10d, c:\b\build\slave\win-pgo\build\src\base\threading\platform_thread_win.cc(86)
BaseThreadInitThunk + 0x24
RtlSubscribeWnfStateChangeNotification + 0x439
RtlSubscribeWnfStateChangeNotification + 0x404

In the failure case, procmon logs the following events:
45:32.8	chrome.exe	19444	QuerySecurityFile	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	SUCCESS	Information: Label
45:32.8	chrome.exe	19444	CloseFile	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	SUCCESS	
After those two, there is no evidence of the browser attempting to make any further effort to start the renderer.

In contrast, in the known-good case procmon logs the following events:
48:12.0	chrome.exe	19444	QuerySecurityFile	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	SUCCESS	Information: Label
48:12.0	chrome.exe	19444	QuerySecurityFile	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	SUCCESS	Information: Owner, Group, DACL, SACL, Label, 0x80
48:12.0	chrome.exe	19444	QueryNameInformationFile	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	SUCCESS	Name: \Program Files (x86)\Google\Chrome\Application\chrome.exe
48:12.0	chrome.exe	19444	QuerySecurityFile	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	SUCCESS	Information: Owner, Group, DACL, SACL, Label, 0x80
48:12.0	chrome.exe	19444	QuerySecurityFile	C:\Windows\System32\ntdll.dll	SUCCESS	Information: Owner, Group, DACL, SACL, Label, 0x80
48:12.0	chrome.exe	19444	QuerySecurityFile	C:\Windows\SysWOW64\ntdll.dll	SUCCESS	Information: Owner, Group, DACL, SACL, Label, 0x80
48:12.0	chrome.exe	19444	Process Create	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	SUCCESS	PID: 26060, Command line: ...


Unfortunately I lost the repro before I could make any more progress. If anyone has any suggestions for anything specific to look at next time this repros, that would be appreciated.

Comment 1 by kulshin@chromium.org, May 2 2017

Cc: kulshin@chromium.org
Owner: ----
Status: Untriaged (was: Available)
In sandbox::TargetProcess::Create, CreateProcessAsUser() returns 0. GetLastError() returns 0x57 (ERROR_INVALID_PARAMETER).

Also noticed that restarting the browser process is not necessary to recover - closing all top level windows is sufficient, even if it ends up reusing the same browser process when reopening Chrome.

Comment 2 by kulshin@chromium.org, May 2 2017 

Re #1: also weird that closing all browser windows does not terminate all Chrome processes. Need to investigate why they are sticking around, although not sure yet if that's related.

Comment 3 by kulshin@chromium.org, May 4 2017 

Re #2: repro'd again, and this time all processes shut down promptly and cleanly, so that is probably not related.

Comment 4 by kulshin@chromium.org, Aug 15 2017

Status: WontFix (was: Untriaged)
Crash has not been observed for several months. Still not sure about the cause or what "fixed" it.

Sign in to add a comment