Issue 739515 link

Starred by 4 users

Issue metadata

Status:	WontFix
Owner:	rdevlin....@chromium.org
Closed:	Jun 2018
Components:	Platform>Extensions
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

The extension sandbox unpacker triggers threading assert when the utility process crashes.

Project Member Reported by sorin@chromium.org, Jul 5 2017

Issue description

Sometimes, the utility process crashes for whatever reason when unpacking an extension. For example, when unpacking: 
L"C:\\Users\\sorin\\AppData\\Local\\Temp\\scoped_dir27420_13110\\CRX_INSTALL"

void SandboxedUnpacker::Cleanup() {
  DCHECK(unpacker_io_task_runner_->RunsTasksInCurrentSequence());   <== this line asserts.
  if (!temp_dir_.Delete()) {
    LOG(WARNING) << "Can not delete temp directory at "
                 << temp_dir_.GetPath().value();
  }
}

The code was running on Chrome_IOThread at the time of the crash.

The call stack:

 	base.dll!base::debug::BreakDebugger() Line 21	C++
 	base.dll!logging::LogMessage::~LogMessage() Line 787	C++
>	chrome.dll!extensions::SandboxedUnpacker::Cleanup() Line 912	C++
 	chrome.dll!extensions::SandboxedUnpacker::ReportFailure(reason, error) Line 673	C++
 	chrome.dll!extensions::SandboxedUnpacker::UtilityProcessCrashed() Line 380	C++
 	chrome.dll!base::internal::FunctorTraits<void (__cdecl extensions::SandboxedUnpacker::*)(void) __ptr64,void>::Invoke<scoped_refptr<extensions::SandboxedUnpacker> const & __ptr64>(method, receiver_ptr) Line 210	C++
 	chrome.dll!base::internal::InvokeHelper<0,void>::MakeItSo<void (__cdecl extensions::SandboxedUnpacker::*const & __ptr64)(void) __ptr64,scoped_refptr<extensions::SandboxedUnpacker> const & __ptr64>(functor, <args_0>) Line 277	C++
 	chrome.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl extensions::SandboxedUnpacker::*)(void) __ptr64,scoped_refptr<extensions::SandboxedUnpacker> >,void __cdecl(void)>::RunImpl<void (__cdecl extensions::SandboxedUnpacker::*const & __ptr64)(void) __ptr64,std::tuple<scoped_refptr<extensions::SandboxedUnpacker> > const & __ptr64,0>(functor, bound, __formal) Line 355	C++
 	chrome.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl extensions::SandboxedUnpacker::*)(void) __ptr64,scoped_refptr<extensions::SandboxedUnpacker> >,void __cdecl(void)>::Run(base) Line 333	C++
 	bindings.dll!base::Callback<void __cdecl(void),0,0>::Run() Line 91	C++
 	bindings.dll!mojo::InterfaceEndpointClient::NotifyError(reason) Line 311	C++
 	bindings.dll!mojo::internal::MultiplexRouter::ProcessNotifyErrorTask(task, client_call_behavior, current_task_runner) Line 803	C++
 	bindings.dll!mojo::internal::MultiplexRouter::ProcessTasks(client_call_behavior, current_task_runner) Line 713	C++
 	bindings.dll!mojo::internal::MultiplexRouter::OnPipeConnectionError() Line 687	C++
 	bindings.dll!base::internal::FunctorTraits<void (__cdecl mojo::internal::MultiplexRouter::*)(void) __ptr64,void>::Invoke<mojo::internal::MultiplexRouter * __ptr64>(method, receiver_ptr) Line 210	C++
 	bindings.dll!base::internal::InvokeHelper<0,void>::MakeItSo<void (__cdecl mojo::internal::MultiplexRouter::*const & __ptr64)(void) __ptr64,mojo::internal::MultiplexRouter * __ptr64>(functor, <args_0>) Line 277	C++
 	bindings.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl mojo::internal::MultiplexRouter::*)(void) __ptr64,base::internal::UnretainedWrapper<mojo::internal::MultiplexRouter> >,void __cdecl(void)>::RunImpl<void (__cdecl mojo::internal::MultiplexRouter::*const & __ptr64)(void) __ptr64,std::tuple<base::internal::UnretainedWrapper<mojo::internal::MultiplexRouter> > const & __ptr64,0>(functor, bound, __formal) Line 355	C++
 	bindings.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl mojo::internal::MultiplexRouter::*)(void) __ptr64,base::internal::UnretainedWrapper<mojo::internal::MultiplexRouter> >,void __cdecl(void)>::Run(base) Line 333	C++
 	bindings.dll!base::Callback<void __cdecl(void),0,0>::Run() Line 91	C++
 	bindings.dll!mojo::Connector::HandleError(force_pipe_reset, force_async_handler) Line 485	C++
 	bindings.dll!mojo::Connector::OnHandleReadyInternal(result) Line 334	C++
 	bindings.dll!mojo::Connector::OnWatcherHandleReady(result) Line 315	C++
 	bindings.dll!base::internal::FunctorTraits<void (__cdecl mojo::Connector::*)(unsigned int) __ptr64,void>::Invoke<mojo::Connector * __ptr64,unsigned int>(method, receiver_ptr, <args_0>) Line 210	C++
 	bindings.dll!base::internal::InvokeHelper<0,void>::MakeItSo<void (__cdecl mojo::Connector::*const & __ptr64)(unsigned int) __ptr64,mojo::Connector * __ptr64,unsigned int>(functor, <args_0>, <args_1>) Line 277	C++
 	bindings.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl mojo::Connector::*)(unsigned int) __ptr64,base::internal::UnretainedWrapper<mojo::Connector> >,void __cdecl(unsigned int)>::RunImpl<void (__cdecl mojo::Connector::*const & __ptr64)(unsigned int) __ptr64,std::tuple<base::internal::UnretainedWrapper<mojo::Connector> > const & __ptr64,0>(functor, bound, __formal, <unbound_args_0>) Line 355	C++
 	bindings.dll!base::internal::Invoker<base::internal::BindState<void (__cdecl mojo::Connector::*)(unsigned int) __ptr64,base::internal::UnretainedWrapper<mojo::Connector> >,void __cdecl(unsigned int)>::Run(base, <unbound_args_0>) Line 333	C++
 	mojo_public_system_cpp.dll!base::Callback<void __cdecl(unsigned int),1,1>::Run(<args_0>) Line 81	C++
 	mojo_public_system_cpp.dll!mojo::SimpleWatcher::OnHandleReady(watch_id, result) Line 267	C++
 	mojo_public_system_cpp.dll!mojo::SimpleWatcher::Context::Notify(result, signals_state, flags) Line 106	C++
 	mojo_public_system_cpp.dll!mojo::SimpleWatcher::Context::CallNotify(context_value, result, signals_state, flags) Line 61	C++
 	mojo_system_impl.dll!mojo::edk::WatcherDispatcher::InvokeWatchCallback(context, result, state, flags) Line 85	C++
 	mojo_system_impl.dll!mojo::edk::Watch::InvokeCallback(result, state, flags) Line 80	C++
 	mojo_system_impl.dll!mojo::edk::RequestContext::~RequestContext() Line 67	C++
 	mojo_system_impl.dll!mojo::edk::NodeChannel::OnChannelError() Line 776	C++
 	mojo_system_impl.dll!mojo::edk::Channel::OnError() Line 676	C++
 	mojo_system_impl.dll!mojo::edk::`anonymous namespace'::ChannelWin::OnIOCompleted(context, bytes_transfered, error) Line 220	C++
 	base.dll!base::MessagePumpForIO::WaitForIOCompletion(timeout, filter) Line 534	C++
 	base.dll!base::MessagePumpForIO::WaitForWork() Line 514	C++
 	base.dll!base::MessagePumpForIO::DoRunLoop() Line 499	C++
 	base.dll!base::MessagePumpWin::Run(delegate) Line 58	C++
 	base.dll!base::MessageLoop::Run() Line 370	C++
 	base.dll!base::RunLoop::Run() Line 112	C++
 	base.dll!base::Thread::Run(run_loop) Line 256	C++
 	content.dll!content::BrowserThreadImpl::IOThreadRun(run_loop) Line 279	C++
 	content.dll!content::BrowserThreadImpl::Run(run_loop) Line 313	C++
 	base.dll!base::Thread::ThreadMain() Line 341	C++
 	base.dll!base::`anonymous namespace'::ThreadFunc(params) Line 91	C++
 	kernel32.dll!00007ffcf14d8102()	Unknown
 	ntdll.dll!00007ffcf1bec5b4()	Unknown

Comment 1 by karandeepb@chromium.org, Jun 15 2018

Status: WontFix (was: Untriaged)

The code has changed since then and SandboxedUnpacker::UtilityProcessCrashed() no longer exists. Marking as a WontFix.

►

Issue 739515 link

Issue metadata

The extension sandbox unpacker triggers threading assert when the utility process crashes.

Issue description

Comment 1 by karandeepb@chromium.org, Jun 15 2018

Comment 1 Deleted

Sign in to add a comment