New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 756531 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Last visit > 30 days ago
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome
Pri: 1
Type: Bug-Regression

Blocking:
issue 907972



Sign in to add a comment

DCHECK hit in NaCl process: CalledOnValidSequence()

Project Member Reported by emaxx@chromium.org, Aug 17 2017

Issue description

Chrome Version: ToT

What steps will reproduce the problem?
(1) Build Chrome with DCHECK's enabled.
(2) Install the TestNav app: https://chrome.google.com/webstore/detail/testnav/mdmkkicfmmkgmpkmkdikhlbggogpicma
(3) Launch the app.

What is the expected result?
The app launches and starts working.

What happens instead?
While launching the app, its NaCl module crashes with the following message:

[FATAL:ref_counted.h(95)] Check failed: CalledOnValidSequence(). 
[ERROR:debugger_posix.cc(174)] Not implemented reached in bool base::debug::BeingDebugged()
** abort() called
** Signal 4 from untrusted code: pc=17390ffba1e0
[ERROR:nacl_process_host.cc(256)] NaCl process exited with status 64512 (0xfc00)
[INFO:CONSOLE(0)] "NativeClient: NaCl module crashed", source: chrome-extension://mdmkkicfmmkgmpkmkdikhlbggogpicma/window.html (0)

As there is no stack trace, it's hard to get any idea of the possible culprit, besides that this results in the NaCl module's process being terminated.

I believe I observed the similar, crashes with other NaCl modules, but with this extension it's 100% reproducible for me. Tested in builds of Chrome for Linux and for Chrome OS.

bradnelson@: Assigned to you based on the OWNERS file. Could you please triage this bug?
 
Blocking: 907972
Project Member

Comment 2 by bugdroid1@chromium.org, Dec 17

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c78b3e69be46642bab7f56dd845ee996408f7703

commit c78b3e69be46642bab7f56dd845ee996408f7703
Author: Anand K. Mistry <amistry@chromium.org>
Date: Mon Dec 17 05:50:07 2018

Make ppapi Resource objects RefCountedThreadSafe

In DCHECK_IS_ON mode, base::RefCounted's sequence checker will trigger
because ppapi's Resources will be ref-counted across threads.

One specific case is the interaction between MessageLoopResource and
pp::SimpleThread. Constructing a SimpleThread will create and ref a
MessageLoopResource on the creation thread, but when the thread is
started, the thread calls AttachToCurrentThread() where
MessageLoopResource will ref itself.

BUG=756531, 907972 

Change-Id: I00454970a293db5f1298d5152c44bf08ec704122
Reviewed-on: https://chromium-review.googlesource.com/c/1350439
Reviewed-by: Raymes Khoury <raymes@chromium.org>
Commit-Queue: Anand Mistry <amistry@chromium.org>
Cr-Commit-Position: refs/heads/master@{#617051}
[modify] https://crrev.com/c78b3e69be46642bab7f56dd845ee996408f7703/ppapi/shared_impl/resource.h

Sign in to add a comment