New issue
Advanced search Search tips

Issue 771071 link

Starred by 1 user
Status: Fixed
Owner:
falken@chromium.org
Closed: Oct 2017
Cc:
shimazu@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

FATAL:service_worker_version.cc(748)] Check failed: !HasControllee().

Project Member Reported by falken@chromium.org, Oct 3 2017 
Somehow when testing NetworkService I got in a state where opening a new tab creates this DCHECK failure:

23297:23342:1003/150051.636569:FATAL:service_worker_version.cc(748)] Check failed: !HasControllee().
#0 0x7f847c71ca07 base::debug::StackTrace::StackTrace()
#1 0x7f847c744011 logging::LogMessage::~LogMessage()
#2 0x7f8479ea6ad6 content::ServiceWorkerVersion::Doom()
#3 0x7f8479e7e24e content::ServiceWorkerRegistration::DeleteVersion()
#4 0x7f8479e55c31 content::ServiceWorkerInstalledScriptsSender::OnAbortSendingScript()
#5 0x7f8479e55fe0 content::ServiceWorkerInstalledScriptsSender::Sender::OnReadInfoComplete()

I guess my NewTabPage service worker disk entry is corrupted.

However we shouldn't be crashing.

I think what's happening is when opening a new tab, the provider host for the navigation (to the NTP) is created, and the SW is set as the controller at:

#1 0x7f8479ea600f content::ServiceWorkerVersion::AddControllee()
#2 0x7f8479e68b9c content::ServiceWorkerProviderHost::SetControllerVersionAttribute()
#3 0x7f8479e6952e content::ServiceWorkerProviderHost::AssociateRegistration()
#4 0x7f8479e340b2 content::ServiceWorkerControlleeRequestHandler::DidLookupRegistrationForMainResource()

DeleteVersion() tries to remove all the provider hosts before calling Doom(). However the provider host isn't added to the ServiceWorkerContextCore's list of hosts until SWDispatcherHost gets the OnProviderCreated message, which will never happen. Therefore the ServiceWorkerVersion keeps the controllee and DCHECKs in Doom().

Seems like the solution is for SWVersion to remove all its providers directly instead of having SWRegistration rely on SWSContextCore's list.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 3 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f56e6282c041e932b9e4bc931d73849e472784ae

commit f56e6282c041e932b9e4bc931d73849e472784ae
Author: Matt Falkenhagen <falken@chromium.org>
Date: Tue Oct 03 11:34:33 2017

service worker: ServiceWorkerVersion::Doom() removes controllees directly

Before this patch, SWRegistration::DeleteVersion() tried to remove all
controllees of the version being doomed. However, it used the iterator from
ServiceWorkerContextCore to do this, and some controllees can exist that
ContextCore does not yet know about, since ServiceWorkerProviderHost is created
before the renderer is created, and is added to ContextCore only after the
renderer sends a OnProviderCreated IPC.

The fix is to have SWVersion remove its controllees directly.

Bug:  771071 
Change-Id: I54f3cfdb8f2dbdfc715daa2a5ae251030b30d5e5
Reviewed-on: https://chromium-review.googlesource.com/697184
Reviewed-by: Makoto Shimazu <shimazu@chromium.org>
Commit-Queue: Matt Falkenhagen <falken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506007}
[modify] https://crrev.com/f56e6282c041e932b9e4bc931d73849e472784ae/content/browser/service_worker/service_worker_registration.cc
[modify] https://crrev.com/f56e6282c041e932b9e4bc931d73849e472784ae/content/browser/service_worker/service_worker_version.cc
[modify] https://crrev.com/f56e6282c041e932b9e4bc931d73849e472784ae/content/browser/service_worker/service_worker_version.h
[modify] https://crrev.com/f56e6282c041e932b9e4bc931d73849e472784ae/content/browser/service_worker/service_worker_version_unittest.cc

Comment 2 by falken@chromium.org, Oct 5 2017

Status: Fixed (was: Started)

Sign in to add a comment