DownloadWorker::SendRequest crash due to call outside lifetime of DownloadManager |
|||||||
Issue descriptionWe have crash reports for PostTask under a DownloadWorker::SendRequest stack (e.g. 7302c283e6792af4 or e93ba76b31991715): CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 ] MAGIC SIGNATURE THREAD 0x00007ffd883c08ca (chrome.dll -task_runner.cc:44 ) base::TaskRunner::PostTask(base::Location const &,base::OnceCallback<void >) 0x00007ffd88dbbc94 (chrome.dll -download_worker.cc:78 ) download::DownloadWorker::SendRequest(std::unique_ptr<download::DownloadUrlParameters,std::default_delete<download::DownloadUrlParameters> >,scoped_refptr<network::SharedURLLoaderFactory>) 0x00007ffd88dbcef5 (chrome.dll -parallel_download_job.cc:290 ) download::ParallelDownloadJob::CreateRequest(__int64,__int64) 0x00007ffd88dbcd54 (chrome.dll -parallel_download_job.cc:235 ) download::ParallelDownloadJob::ForkSubRequests(std::vector<download::DownloadItem::ReceivedSlice,std::allocator<download::DownloadItem::ReceivedSlice> > const &) 0x00007ffd88dbcba2 (chrome.dll -parallel_download_job.cc:204 ) download::ParallelDownloadJob::BuildParallelRequests() 0x00007ffd887f5036 (chrome.dll -timer.cc:261 ) base::Timer::RunScheduledTask() 0x00007ffd883c573e (chrome.dll -task_annotator.cc:61 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x00007ffd883c523b (chrome.dll -message_loop.cc:391 ) base::MessageLoop::RunTask(base::PendingTask *) 0x00007ffd883c4c97 (chrome.dll -message_loop.cc:447 ) base::MessageLoop::DoWork() 0x00007ffd884c9238 (chrome.dll -message_pump_win.cc:174 ) base::MessagePumpForUI::DoRunLoop() 0x00007ffd88410057 (chrome.dll -message_pump_win.cc:57 ) base::MessagePumpWin::Run(base::MessagePump::Delegate *) 0x00007ffd883c4250 (chrome.dll -run_loop.cc:130 ) base::RunLoop::Run() 0x00007ffd88791632 (chrome.dll -chrome_browser_main.cc:2110 ) ChromeBrowserMainParts::MainMessageLoopRun(int *) 0x00007ffd88791429 (chrome.dll -browser_main_loop.cc:1059 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x00007ffd887913d4 (chrome.dll -browser_main_runner.cc:161 ) content::BrowserMainRunnerImpl::Run() 0x00007ffd883ba539 (chrome.dll -browser_main.cc:46 ) content::BrowserMain(content::MainFunctionParams const &) 0x00007ffd883ba3d6 (chrome.dll -content_main_runner.cc:427 ) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x00007ffd883ba280 (chrome.dll -content_main_runner.cc:706 ) content::ContentMainRunnerImpl::Run() 0x00007ffd883a78aa (chrome.dll -main.cc:453 ) service_manager::Main(service_manager::MainParams const &) 0x00007ffd883a7377 (chrome.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x00007ffd883a38a1 (chrome.dll -chrome_main.cc:101 ) ChromeMain 0x00007ff7ba5f354b (chrome.exe -main_dll_loader_win.cc:198 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x00007ff7ba5f1698 (chrome.exe -chrome_exe_main_win.cc:230 ) wWinMain
,
Apr 5 2018
,
Apr 5 2018
,
Apr 5 2018
,
Apr 6 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/89f67b0a5b9145b5a75ddc827d04f665361234a8 commit 89f67b0a5b9145b5a75ddc827d04f665361234a8 Author: Min Qin <qinmin@chromium.org> Date: Fri Apr 06 22:51:45 2018 Fix an issue that download IO task runner can get cleared When multiple profiles are around, there are multiple DownloadManagerImpls. Killing each DownloadManagerImpl could clear the IO task runner. This CL fixes the problem by doing ref countings. BUG= 829176 Change-Id: I2c5a586e663c5fb16265bfa0ffa67188eb454ddd Reviewed-on: https://chromium-review.googlesource.com/998823 Reviewed-by: Xing Liu <xingliu@chromium.org> Commit-Queue: Min Qin <qinmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#548953} [modify] https://crrev.com/89f67b0a5b9145b5a75ddc827d04f665361234a8/components/download/internal/common/download_task_runner.cc
,
Apr 9 2018
Crashes with magic signature 'download::DownloadWorker::SendRequest' is seen in M-67 across all OS. Link to the list of the builds: =============================== https://crash.corp.google.com/browse?q=expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27download%3A%3ADownloadWorker%3A%3ASendRequest%27#-property-selector,productversion:1000,-magicsignature:50,+author,-magicsignature2:50,-stablesignature:50,-magicsignaturesorted:50 There is no new canary post the fix from C#5 to verify this as of now.
,
Apr 9 2018
Users experienced this crash on the following builds: Win Canary 67.0.3390.0 - 0.07 CPM, 6 reports, 6 clients (signature download::DownloadWorker::SendRequest) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Apr 9 2018
My fix was submitted after 67.0.3390.1 release, so we need to check whether we saw more crashes after that
,
Apr 10 2018
Just to update, Windows and Mac canary version: 67.0.3393.0 has been live for 7 hrs so far and has not reported any crashes for 'download::DownloadWorker::SendRequest'
,
Apr 10 2018
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by w...@chromium.org
, Apr 5 2018