New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 789830 link

Starred by 2 users
Status: Duplicate
Merged: issue 789338
Owner:
jochen@chromium.org
Closed: Nov 2017
Cc:
falken@chromium.org
raymes@chromium.org
dullweber@chromium.org
mek@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Chrome: Crash Report - content::SharedWorkerServiceImpl::ConnectToWorker

Project Member Reported by cr...@system.gserviceaccount.com, Nov 30 2017 
reporter:wfh@google.com

Magic Signature: content::SharedWorkerServiceImpl::ConnectToWorker

Crash link: https://crash.corp.google.com//browse?q=reportid%3D'7ee6d7daabc2c405'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'content%3A%3ASharedWorkerServiceImpl%3A%3AConnectToWorker'&sql_dialect=googlesql&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#3

-------------------------------------------------------------------------------
Sample Report
-------------------------------------------------------------------------------
Product name: Chrome
Magic Signature : content::SharedWorkerServiceImpl::ConnectToWorker
Product Version: 64.0.3280.0
Process type: browser
Report ID: 7ee6d7daabc2c405
Report Url: https://crash.corp.google.com/7ee6d7daabc2c405
Report Time: 2017-11-29T21:22:37.996-08:00
Upload Time: 2017-11-29T21:22:37.996-08:00
Uptime: 404000 ms
CumulativeProductUptime: 0 ms
OS Name: Windows NT
OS Version: 10.0.16299 15
CPU Architecture: amd64
CPU Info: family 6 model 63 stepping 2

-------------------------------------------------------------------------------
Crashing thread: Thread index: 0. Stack Quality: 100%. Thread id: 4136.
-------------------------------------------------------------------------------
0x00007ffa8db153ab (chrome.dll - shared_worker_service_impl.cc: 128)	content::SharedWorkerServiceImpl::ConnectToWorker(int,int,mojo::StructPtr<content::mojom::SharedWorkerInfo>,mojo::InterfacePtr<content::mojom::SharedWorkerClient>,blink::mojom::SharedWorkerCreationContextType,blink::MessagePortChannel const &,content::ResourceContext *,content::WorkerStoragePartitionId const &)
0x00007ffa8db12cc0 (chrome.dll - shared_worker_connector_impl.cc: 73)	content::SharedWorkerConnectorImpl::Connect(mojo::StructPtr<content::mojom::SharedWorkerInfo>,mojo::InterfacePtr<content::mojom::SharedWorkerClient>,blink::mojom::SharedWorkerCreationContextType,mojo::ScopedHandleBase<mojo::MessagePipeHandle>)
0x00007ffa8d6ff1ad (chrome.dll - shared_worker_connector.mojom.cc: 129)	content::mojom::SharedWorkerConnectorStubDispatch::Accept(content::mojom::SharedWorkerConnector *,mojo::Message *)
0x00007ffa8dee3c88 (chrome.dll - multiplex_router.cc: 879)	mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper *,mojo::internal::MultiplexRouter::ClientCallBehavior,base::SequencedTaskRunner *)
0x00007ffa8d16220d (chrome.dll - multiplex_router.cc: 604)	mojo::internal::MultiplexRouter::Accept(mojo::Message *)
0x00007ffa8d16143b (chrome.dll - connector.cc: 439)	mojo::Connector::ReadSingleMessage(unsigned int *)
0x00007ffa8d1612bc (chrome.dll - connector.cc: 469)	mojo::Connector::ReadAllAvailableMessages()
0x00007ffa8deead29 (chrome.dll - simple_watcher.cc: 275)	mojo::SimpleWatcher::OnHandleReady(int,unsigned int,mojo::HandleSignalsState const &)
0x00007ffa8d0bc456 (chrome.dll - task_annotator.cc: 55)	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x00007ffa8d0bbf7b (chrome.dll - message_loop.cc: 394)	base::MessageLoop::RunTask(base::PendingTask *)
0x00007ffa8d0bbd26 (chrome.dll - message_loop.cc: 457)	base::MessageLoop::DoWork()
0x00007ffa8d172bdc (chrome.dll - message_pump_win.cc: 173)	base::MessagePumpForUI::DoRunLoop()
0x00007ffa8d0c8934 (chrome.dll - message_pump_win.cc: 56)	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x00007ffa8d0bb8a3 (chrome.dll - run_loop.cc: 114)	base::RunLoop::Run()
0x00007ffa8d3882a1 (chrome.dll - chrome_browser_main.cc: 1940)	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x00007ffa8d388098 (chrome.dll - browser_main_loop.cc: 1202)	content::BrowserMainLoop::RunMainMessageLoopParts()
0x00007ffa8d388046 (chrome.dll - browser_main_runner.cc: 140)	content::BrowserMainRunnerImpl::Run()
0x00007ffa8d0b5a0a (chrome.dll - browser_main.cc: 46)	content::BrowserMain(content::MainFunctionParams const &)
0x00007ffa8d0b5852 (chrome.dll - content_main_runner.cc: 427)	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x00007ffa8d0b35d9 (chrome.dll - content_main_runner.cc: 705)	content::ContentMainRunnerImpl::Run()
0x00007ffa8d0a4e8f (chrome.dll - main.cc: 456)	service_manager::Main(service_manager::MainParams const &)
0x00007ffa8d0a4a25 (chrome.dll - content_main.cc: 19)	content::ContentMain(content::ContentMainParams const &)
0x00007ffa8d0a2320 (chrome.dll - chrome_main.cc: 130)	ChromeMain
0x00007ff6a39f34c9 (chrome.exe - main_dll_loader_win.cc: 199)	MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks)
0x00007ff6a39f169c (chrome.exe - chrome_exe_main_win.cc: 230)	wWinMain
0x00007ff6a3acbc72 (chrome.exe - exe_common.inl: 283)	__scrt_common_main_seh
0x00007ffabb061fe3 (KERNEL32.DLL + 0x00011fe3)	BaseThreadInitThunk
0x00007ffabd9cef90 (ntdll.dll + 0x0006ef90)	RtlUserThreadStart

Comment 1 by wfh@chromium.org, Nov 30 2017

Cc: falken@chromium.org dullweber@chromium.org mek@chromium.org raymes@chromium.org
Labels: -Type-Bug -Pri-2 Pri-1 Type-Bug-Regression
Owner: jochen@chromium.org
Status: Assigned (was: Untriaged)
getting this all the time on my home machine, 5-6 crashes so far.

the CL seems to be:

https://chromium-review.googlesource.com/c/chromium/src/+/786018

crashing with a nullptr deref here:

if (!GetContentClient()->browser()->AllowSharedWorker(

https://chromium.googlesource.com/chromium/src.git/+/93fe7631bf38ccbab2ab44499ca9d5c1636b25de/content/browser/shared_worker/shared_worker_service_impl.cc#128

Comment 2 by nhiroki@chromium.org, Nov 30 2017 

FYI: I landed a patch on top of jochen@'s CL:
https://chromium-review.googlesource.com/c/chromium/src/+/781539

Feel free to revert my CL if it's necessary.

Comment 3 by falken@chromium.org, Nov 30 2017 

Anyone know why GetContentClient() or browser() would be null there?

Comment 4 by wfh@chromium.org, Nov 30 2017 

I can reliably repro this by navigating to drive.google.com on my personal account, and then waiting around 3-4 secs. This is on a non-corp connected machine.

Comment 5 by wfh@chromium.org, Nov 30 2017

Labels: -Restrict-View-EditIssue

Comment 6 by jochen@chromium.org, Nov 30 2017 

I guess you run with site isolation?

Should be fixed on trunk...

Comment 7 by wfh@chromium.org, Nov 30 2017 

in fact my initial eyeballing analysis was wrong - it's main_frame that's nullptr:

0:000> dv /v
0000009f`fd9fe090                  this = 0x000001a0`0a25a870
<unavailable>                process_id = <value unavailable>
@ebp                           frame_id = 0n14
<unavailable>                      info = <value unavailable>
<unavailable>                    client = <value unavailable>
@r15d             creation_context_type = 0n52 (No matching enumerant)
<unavailable>              message_port = <value unavailable>
<unavailable>          resource_context = <value unavailable>
@r14                       partition_id = 0x000001a0`042bbd10
@rsi                         main_frame = 0x00000000`00000000
<unavailable>                      host = <value unavailable>
<unavailable>                  instance = <value unavailable>

so it's crashing on

main_frame->GetLastCommittedURL()

Glad it's fixed on trunk, the repro is easy, so I can check again tomorrow.

Comment 8 by jochen@chromium.org, Nov 30 2017

Mergedinto: 789338
Status: Duplicate (was: Assigned)

Sign in to add a comment