New issue
Advanced search Search tips

Issue 809944 link

Starred by 2 users
Status: Fixed
Owner:
yhirano@chromium.org
Closed: Feb 2018
Cc:
yhirano@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

Fetch with keepalive prevents RenderProcessHostImpl from being destroyed during shutdown

Project Member Reported by rog...@vewd.com, Feb 7 2018 
Chrome Version: 66.0.3343.0
OS: Linux

What steps will reproduce the problem?
(1) Create a content_shell build with dchecks enabled
(2) Load attached tc like this: ./content_shell --no-sandbox --disable-gpu http://<some_server>/keepalive.html
(3) Close the window using the 'X' button
(4) Goto 2 until you run into a dcheck.

What is the expected result?
No dcheck and RenderProcessHostImpl::Cleanup() is successfully completed at shutdown.

What happens instead?
RenderProcessHostImpl::Cleanup() never gets to finish before the browser process is shut down due to that keep_alive_ref_count_ never reaches zero. This prevents RenderProcessHostImpl from being destroyed.
This is the real bug I think but it is made apparent by the following dcheck:
FATAL:server_shared_bitmap_manager.cc(71)] Check failed: handle_map_.empty(). 
#0 0x0000024fbbd3 base::debug::StackTrace::StackTrace()
#1 0x000002523333 logging::LogMessage::~LogMessage()
#2 0x000003c2c228 viz::ServerSharedBitmapManager::~ServerSharedBitmapManager()
#3 0x000003c2d321 base::LazyInstance<>::OnExit()
#4 0x0000024f5998 base::AtExitManager::ProcessCallbacksNow()
#5 0x0000024f57bf base::AtExitManager::~AtExitManager()
#6 0x000001ac52f2 content::ContentMainRunnerImpl::Shutdown()
#7 0x000003d8af8f service_manager::Main()
#8 0x000000ceb5c1 content::ContentMain()
#9 0x000000418251 main
#10 0x7ff439b15830 __libc_start_main
#11 0x00000041812a _start

(The shared bitmaps are cleared when RenderProcessHostImpl is destroyed, I don't have the precise callstack for that available right now though.)

Additional information:
I think the issue is that KeepAliveHandleWithChildProcessReference is sometimes not destroyed during shutdown so the ref count in the RenderProcessHostImpl is not decremented.
keepalive.html
722 bytes View Download

Comment 1 by yhirano@chromium.org, Feb 7 2018

Owner: yhirano@chromium.org
Status: Assigned (was: Untriaged)
Project Member

Comment 2 by bugdroid1@chromium.org, Feb 14 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/2109e583e286728573d48e54fe206f6c8863455a

commit 2109e583e286728573d48e54fe206f6c8863455a
Author: Yutaka Hirano <yhirano@chromium.org>
Date: Wed Feb 14 07:24:46 2018

Disable render process protection on content shell shutdown

content_shell expects all the renderer process to be killed on when
it's shutting down. This CL calls
RenderProcessHost::DisableKeepaliveRefCount to meet the expectation.

This Cl also contains some bug fixes.

 - Remove a DCHECK in DisableKeepAliveRefCount() as it is not specified
   in the header comment.
 - The possibility where RPH::DisableKeepAliveRefCount is already
   called should be taken into account by ServiceWorkerProcessManager.

Bug:  809944 
Change-Id: Ic75e949c29a25e91fc3a386b313931a587e56fc2
Reviewed-on: https://chromium-review.googlesource.com/908149
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#536667}
[modify] https://crrev.com/2109e583e286728573d48e54fe206f6c8863455a/content/browser/renderer_host/render_process_host_impl.cc
[modify] https://crrev.com/2109e583e286728573d48e54fe206f6c8863455a/content/browser/service_worker/service_worker_process_manager.cc
[modify] https://crrev.com/2109e583e286728573d48e54fe206f6c8863455a/content/shell/browser/shell.cc

Comment 3 by yhirano@chromium.org, Feb 14 2018

Status: Fixed (was: Assigned)

Sign in to add a comment