New issue
Advanced search Search tips

Issue 782349 link

Starred by 2 users
Status: Fixed
Owner:
alex...@chromium.org
Closed: Nov 2017
Cc:
creis@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

ServiceWorkerTestWithNativeBindings/ServiceWorkerTest.ServiceWorkerSuspensionOnExtensionUnload/0 failing on chromium.win/Win7 Tests (dbg)(1)

Project Member Reported by sky@chromium.org, Nov 7 2017 
browser_tests failing on chromium.win/Win7 Tests (dbg)(1)

Builders failed on: 
- Win7 Tests (dbg)(1): 
  https://build.chromium.org/p/chromium.win/builders/Win7%20Tests%20%28dbg%29%281%29

And specifically https://uberchromegw.corp.google.com/i/chromium.win/builders/Win7%20Tests%20%28dbg%29%281%29/builds/64508 .

These are hitting the CHECK added here: https://chromium-review.googlesource.com/c/chromium/src/+/752757 . Sample output:

[ RUN      ] ServiceWorkerTestWithNativeBindings/ServiceWorkerTest.ServiceWorkerSuspensionOnExtensionUnload/0

[3076:6072:1107/081043.214:WARNING:chrome_browser_main_win.cc(613)] Command line too long for RegisterApplicationRestart:  --brave-new-test-launcher --cfi-diag=0 --gtest_also_run_disabled_tests --gtest_filter=ServiceWorkerTestWithNativeBindings/ServiceWorkerTest.ServiceWorkerSuspensionOnExtensionUnload/0 --single_process --test-launcher-bot-mode --test-launcher-output="C:\Users\CHROME~2\AppData\Local\Temp\scoped_dir3824_14282\results3824_25723\test_results.xml" --test-launcher-summary-output="e:\b\swarm_slave\w\iorfjbtg\output.json" --user-data-dir="C:\Users\CHROME~2\AppData\Local\Temp\scoped_dir3824_14282\d3824_20270" --disable-offline-auto-reload --disable-renderer-backgrounding --native-crx-bindings=1 --no-first-run --no-default-browser-check --enable-logging=stderr --safebrowsing-disable-auto-update --disable-default-apps --wm-window-animations-disabled --disable-component-update --test-type=browser --force-color-profile=srgb --disable-zero-browsers-open-for-tests --ipc-connection-timeout=45 --allow-file-access-from-files --dom-automation --log-gpu-control-list-decisions --disable-backgrounding-occluded-windows --disable-gl-drawing-for-tests --override-use-software-gl-for-tests --force-color-profile=srgb --disable-features=NetworkPrediction --flag-switches-begin --flag-switches-end --restore-last-session about:blank

[3076:4060:1107/081043.315:ERROR:service_manager.cc(158)] Connection InterfaceProviderSpec prevented service: content_browser from binding interface: resource_coordinator::mojom::PageSignalGenerator exposed by: resource_coordinator

[4928:700:1107/081044.457:INFO:media_foundation_video_encode_accelerator_win.cc(370)] Windows versions earlier than 8 are not supported.

[2432:4172:1107/081048.566:ERROR:render_process_impl.cc(194)] WebFrame LEAKED 3 TIMES

[3076:3580:1107/081048.571:ERROR:process_win.cc(141)] Unable to terminate process: Access is denied. (0x5)

[4928:700:1107/081048.589:ERROR:gles2_cmd_decoder.cc(18150)] [.DisplayCompositor-2FF24FA8]GL ERROR :GL_INVALID_OPERATION : glCreateAndConsumeTextureCHROMIUM: invalid mailbox name

[4928:700:1107/081048.595:ERROR:gles2_cmd_decoder.cc(9984)] [.DisplayCompositor-2FF24FA8]RENDER WARNING: texture bound to texture unit 0 is not renderable. It maybe non-power-of-2 and have incompatible texture filtering.

[4948:5568:1107/081059.522:ERROR:render_process_impl.cc(194)] WebFrame LEAKED 4 TIMES

[3076:3580:1107/081059.611:ERROR:process_win.cc(141)] Unable to terminate process: Access is denied. (0x5)

[3076:6072:1107/081059.677:FATAL:render_process_host_impl.cc(3572)] Check failed: false. Unsuitable process reused for site chrome-extension://leimedlabnakkofcgmainiojjeagjgnl/

Backtrace:
	base::debug::StackTrace::StackTrace [0x100BCE66+102]
	base::debug::StackTrace::StackTrace [0x100BBA03+35]
	logging::LogMessage::~LogMessage [0x10131D25+149]
	content::RenderProcessHostImpl::GetProcessHostForSiteInstance [0x1D084BCB+1707]
	content::SiteInstanceImpl::GetProcess [0x1D5474AD+237]
	content::RenderFrameHostManager::CreateSpeculativeRenderFrameHost [0x1C79A77A+378]
	content::RenderFrameHostManager::GetFrameHostForNavigation [0x1C79951F+943]
	content::RenderFrameHostManager::DidCreateNavigationRequest [0x1C798FDC+220]
	content::FrameTreeNode::CreatedNavigationRequest [0x1C6453D5+709]
	content::NavigatorImpl::RequestNavigation [0x1C6D5E25+1349]
	content::NavigatorImpl::NavigateToEntry [0x1C6D4385+2677]
	content::NavigatorImpl::NavigateToPendingEntry [0x1C6D674D+205]
	content::NavigationControllerImpl::NavigateToPendingEntryInternal [0x1C68D930+944]
	content::NavigationControllerImpl::NavigateToPendingEntry [0x1C67F18B+1707]
	content::NavigationControllerImpl::LoadEntry [0x1C67FAC4+516]
	content::NavigationControllerImpl::LoadURLWithParams [0x1C682A29+3561]
	chrome::Navigate [0x08FFA410+8704]
	chrome::Navigate [0x08FF8ABD+2221]
	Browser::OpenURLFromTab [0x09015CF0+752]
	Browser::OpenURL [0x090118B4+52]
	ui_test_utils::NavigateToURLWithDispositionBlockUntilNavigationsComplete [0x055EB995+741]
	ui_test_utils::NavigateToURLWithDisposition [0x055EB68D+93]
	extensions::ServiceWorkerTest::Navigate [0x02413A80+96]
	extensions::ServiceWorkerTest::NavigateAndGetPageType [0x023FF4DD+29]
	extensions::ServiceWorkerTest_ServiceWorkerSuspensionOnExtensionUnload_Test::RunTestOnMainThread [0x023FEA5A+3066]
	content::BrowserTestBase::ProxyRunTestOnMainThreadLoop [0x05A53A0B+539]
	??$Invoke@PAVBrowserTestBase@content@@$$V@?$FunctorTraits@P8BrowserTestBase@content@@AEXXZX@internal@base@@SAXP8BrowserTestBase@content@@AEXXZ$$QAPAV34@@Z [0x05A56B4C+28]
	base::internal::InvokeHelper<0,void>::MakeItSo<void (__thiscall content::BrowserTestBase::*const &)(void),content::BrowserTestBase *> [0x05A56A7D+77]
	base::internal::Invoker<base::internal::BindState<void (__thiscall content::BrowserTestBase::*)(void),base::internal::UnretainedWrapper<content::BrowserTestBase> >,void __cdecl(void)>::RunImpl<void (__thiscall content::BrowserTestBase::*const &)(void),std [0x05A56A03+83]
	base::internal::Invoker<base::internal::BindState<void (__thiscall content::BrowserTestBase::*)(void),base::internal::UnretainedWrapper<content::BrowserTestBase> >,void __cdecl(void)>::Run [0x05A568DE+62]
	base::RepeatingCallback<void __cdecl(void)>::Run [0x00A1AB62+50]
	ChromeBrowserMainParts::PreMainMessageLoopRunImpl [0x061CE220+7488]
	ChromeBrowserMainParts::PreMainMessageLoopRun [0x061CC3D3+419]
	content::BrowserMainLoop::PreMainMessageLoopRun [0x1C02F908+360]
	??$Invoke@PAVBrowserMainLoop@content@@$$V@?$FunctorTraits@P8BrowserMainLoop@content@@AEHXZX@internal@base@@SAHP8BrowserMainLoop@content@@AEHXZ$$QAPAV34@@Z [0x1C040AEC+28]
	base::internal::InvokeHelper<0,int>::MakeItSo<int (__thiscall content::BrowserMainLoop::*const &)(void),content::BrowserMainLoop *> [0x1C040A0D+77]
	base::internal::Invoker<base::internal::BindState<int (__thiscall content::BrowserMainLoop::*)(void),base::internal::UnretainedWrapper<content::BrowserMainLoop> >,int __cdecl(void)>::RunImpl<int (__thiscall content::BrowserMainLoop::*const &)(void),std::t [0x1C040993+83]
	base::internal::Invoker<base::internal::BindState<int (__thiscall content::BrowserMainLoop::*)(void),base::internal::UnretainedWrapper<content::BrowserMainLoop> >,int __cdecl(void)>::Run [0x1C04080E+62]
	base::RepeatingCallback<int __cdecl(void)>::Run [0x1D57B2B2+50]
	content::StartupTaskRunner::RunAllTasksNow [0x1D57AFF8+136]
	content::BrowserMainLoop::CreateStartupTasks [0x1C02BC4D+1165]
	content::BrowserMainRunnerImpl::Initialize [0x1C04BD08+1560]
	content::BrowserMain [0x1C024756+182]
	content::RunNamedProcessTypeMain [0x1F36A271+209]
	content::ContentMainRunnerImpl::Run [0x1F36B2B2+658]
	content::ContentServiceManagerMainDelegate::RunEmbedderProcess [0x1F366B01+33]
	service_manager::Main [0x22B373DE+1534]
	content::ContentMain [0x1F36A0EA+74]
	content::BrowserTestBase::SetUp [0x05A53188+2520]
	InProcessBrowserTest::SetUp [0x055E3A75+1557]
	ExtensionBrowserTest::SetUp [0x022BA1F7+103]
	testing::internal::HandleExceptionsInMethodIfSupported<testing::Test,void> [0x02B86AF9+105]
	testing::Test::Run [0x02B869BD+109]
	testing::TestInfo::Run [0x02B8766A+250]
	testing::TestCase::Run [0x02B8837B+267]
	testing::internal::UnitTestImpl::RunAllTests [0x02B904A2+786]
	testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl,bool> [0x02B9013E+110]
	testing::UnitTest::Run [0x02B8FF34+324]
	RUN_ALL_TESTS [0x0566C22F+15]
	base::TestSuite::Run [0x0566B546+150]
	ChromeTestSuiteRunner::RunTestSuite [0x0B818B34+132]
	ChromeTestLauncherDelegate::RunTestSuite [0x0B818C32+50]



I'm going to revert https://chromium-review.googlesource.com/c/chromium/src/+/752757 .

Comment 1 by sky@chromium.org, Nov 7 2017 

ServiceWorkerTestWithJSBindings/ServiceWorkerTest.ServiceWorkerSuspensionOnExtensionUnload/0 is also failing with the same error.

Comment 2 by yzshen@chromium.org, Nov 8 2017

Labels: -Sheriff-Chromium
Removing Sheriff-Chromium now that the bug is assigned and being investigated.

Comment 3 by alex...@chromium.org, Nov 8 2017

Cc: creis@chromium.org
Thanks, I'll take a look.  This is a flaky failure, since these tests passed in https://uberchromegw.corp.google.com/i/chromium.win/builders/Win7%20Tests%20%28dbg%29%281%29/builds/64503, where my CL landed, and in a few more builds thereafter.

Comment 4 by alex...@chromium.org, Nov 9 2017 

I managed to get a flaky repro on a Win32 dbg build with --enable-pixel-output-in-tests, and think I have an explanation for this failure.  This test checks how extension ServiceWorkers work when the extension gets disabled/enabled/uninstalled.  Problematic sequence of events:

1. An extension gets uninstalled.
2. A ServiceWorker for a script URL belonging to that extension goes into ServiceWorkerProcessManager::AllocateWorkerProcess().  (This is the racy part in the test -- this typically happens before step 1.)
3. That allocates a new process for the extension URL and puts it into the UnmatchedServiceWorkerProcessTracker.
4. However, because the extension is uninstalled, ChromeContentBrowserClientExtensionsPart::SiteInstanceGotProcess doesn't associate that process with the extension ID in the ProcessMap.
5. We navigate to that extension's URL (expecting to get an error page).  When picking a process for for SiteInstance for this navigation, we reuse the process from the UnmatchedServiceWorkerProcessTracker, based on the site URL match.
6. This process doesn't have PRIV_EXTENSION because of step 4, and yet that's the privilege level we think is required by the destination URL.  That causes ChromeContentBrowserClientExtensionsPart::IsSuitableHost to fail, and that breaks my sanity check.

I think this might be a good reason to introduce IsSuitableHost check into the UnmatchedServiceWorkerProcessTracker.  It's already used in pending/committed site-process trackers due to issue 780661, and in r513607 we weren't sure if there's a case where this would matter for the unmatched SW tracker -- this might be an example of such a case.  

Having the check there would prevent process reuse in this case between the navigation and the SW though, even though both could technically use the same process without PRIV_EXTENSION (both will lead to an error anyway).  I don't think this is a big deal though.  We could also consider fixing the fact that GetPrivilegeRequiredByUrl() returns PRIV_EXTENSION for an extension URL even if the extension doesn't exist, which seems inconsistent with ChromeContentBrowserClientExtensionsPart::SiteInstanceGotProcess later ignoring nonexistent extensions, leaving the process at PRIV_NORMAL.  We could have GetPrivilegeRequiredByUrl return PRIV_NORMAL for nonexistent extensions, or CCBCEP::SiteInstanceGotProcess assigning PRIV_EXTENSION for nonexistent extensions too, though maybe that's not safe to do?
Project Member

Comment 5 by bugdroid1@chromium.org, Nov 15 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/51dc7188698f16c966ac5fdab61fbedcd944f50c

commit 51dc7188698f16c966ac5fdab61fbedcd944f50c
Author: Alex Moshchuk <alexmos@chromium.org>
Date: Wed Nov 15 03:45:07 2017

Reland: Add a sanity check that process picked for a SiteInstance is a suitable host.

This would've caught incorrect process reuse in issue 780661 earlier,
as the isolated origin subframe wouldn't have been allowed to committed
into a process already marked as used by another site.

This is a reland of https://chromium-review.googlesource.com/752757.
The original CL was reverted because this CHECK was failing in a
test where unmatched ServiceWorker process reuse allowed reusing an
unsuitable process.  This CL now fixes this case in
UnmatchedServiceWorkerProcessTracker::TakeFreshestProcessForSite().

Bug: 780661, 780089,  782349 
Change-Id: I5bded5918adda85ff256d3d66d2a641095fd6c9a
Reviewed-on: https://chromium-review.googlesource.com/762387
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#516585}
[modify] https://crrev.com/51dc7188698f16c966ac5fdab61fbedcd944f50c/content/browser/renderer_host/render_process_host_impl.cc
[modify] https://crrev.com/51dc7188698f16c966ac5fdab61fbedcd944f50c/content/browser/renderer_host/render_process_host_unittest.cc

Comment 6 by alex...@chromium.org, Nov 17 2017

Status: Fixed (was: Assigned)
#5 seems to be sticking, so this should be fixed.

Comment 7 by pkasting@chromium.org, Dec 8 2017 

This test just failed again, but with a timeout instead of a checkfailure, so presumably something different?

Sign in to add a comment