New issue
Advanced search Search tips

Issue 884217 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Closed: Sep 21
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Crash in content::GeneratedCodeCache::ReadDataComplete on browser start

Project Member Reported by kbr@chromium.org, Sep 14

Issue description

Chrome Version: 71.0.3552.2 (Official Build) canary (64-bit)
OS: macOS 10.13.6

What steps will reproduce the problem?
(1) Restart the browser after taking the 71.0.3552.2 upgrade
(2) Have it restore state

What is the expected result?

Expect browser to start.

What happens instead?

Entire browser process crashes.

Crash ID:
da20dcd88b430953

Thread 4 (id: 0x2cc3a) CRASHED [0x00000000 / 0x00000000 @ 0x00007fff7d3ddb66 ] MAGIC SIGNATURE THREAD
Stack Quality84%Show frame trust levels
0x00007fff7d3ddb66	(libsystem_kernel.dylib + 0x0001cb66 )	__pthread_kill
0x00007fff7d3391ad	(libsystem_c.dylib + 0x0005d1ad )	abort
0x00007fff7b233f8e	(libc++abi.dylib + 0x00001f8e )	abort_message
0x00007fff7b234112	(libc++abi.dylib + 0x00002112 )	default_terminate_handler()
0x00007fff7c675eaa	(libobjc.A.dylib + 0x00016eaa )	_objc_terminate()
0x00007fff7b24f7c8	(libc++abi.dylib + 0x0001d7c8 )	std::__terminate(void (*)())
0x00007fff7b24f26e	(libc++abi.dylib + 0x0001d26e )	__cxa_throw
0x00007fff7b207796	(libc++.1.dylib + 0x0002c796 )	std::__1::__vector_base_common<true>::__throw_length_error() const
0x00000001072ef9df	(Google Chrome Framework -vector:969 )	content::GeneratedCodeCache::ReadDataComplete(base::RepeatingCallback<void (base::Time const&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&)>, scoped_refptr<net::IOBufferWithSize>, int)
0x00000001072f03a0	(Google Chrome Framework -bind_internal.h:516 )	base::internal::Invoker<base::internal::BindState<void (content::GeneratedCodeCache::*)(base::RepeatingCallback<void (base::Time const&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&)>, scoped_refptr<net::IOBufferWithSize>, int), base::WeakPtr<content::GeneratedCodeCache>, base::RepeatingCallback<void (base::Time const&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&)>, scoped_refptr<net::IOBufferWithSize> >, void (int)>::RunOnce(base::internal::BindStateBase*, int)
0x000000010708eb10	(Google Chrome Framework -callback.h:99 )	base::internal::Invoker<base::internal::BindState<base::OnceCallback<void (int)>, int>, void ()>::RunOnce(base::internal::BindStateBase*)
0x0000000108aaa9c1	(Google Chrome Framework -callback.h:99 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x0000000108ac61bd	(Google Chrome Framework -message_loop.cc:434 )	base::MessageLoop::RunTask(base::PendingTask*)
0x0000000108ac6522	(Google Chrome Framework -message_loop.cc:445 )	base::MessageLoop::DoWork()
0x0000000108b69b53	(Google Chrome Framework -message_pump_libevent.cc:210 )	base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)
0x0000000108aeac24	(Google Chrome Framework -run_loop.cc:102 )	<name omitted>
0x00000001072af5d3	(Google Chrome Framework -browser_process_sub_thread.cc:175 )	content::BrowserProcessSubThread::IOThreadRun(base::RunLoop*)
0x0000000108b2e060	(Google Chrome Framework -thread.cc:357 )	base::Thread::ThreadMain()
0x0000000108b60906	(Google Chrome Framework -platform_thread_posix.cc:80 )	base::(anonymous namespace)::ThreadFunc(void*)
0x00007fff7d5a5660	(libsystem_pthread.dylib + 0x00003660 )	_pthread_body
0x00007fff7d5a550c	(libsystem_pthread.dylib + 0x0000350c )	_pthread_start
0x00007fff7d5a4bf8	(libsystem_pthread.dylib + 0x00002bf8 )	thread_start
0x0000000108b608af	(Google Chrome Framework + 0x025518af )


Canary was crashy upon restart yesterday too:
7c7222098d993d5c

The crash ID which provoked yesterday's restart was 60b4a6a707bcd197 .

 
Labels: ReleaseBlock-Stable M-71
Another crash ID:
f1890dbf175128f9

Cc: mythria@chromium.org
Owner: mythria@chromium.org
Status: Assigned (was: Untriaged)
Thanks for the report, I will have a look into this. 
I am still not sure what is the exact problem, but there are a couple of cases we haven't handled when fetching data from the cache earlier. I have uploaded a cl to fix it: https://chromium-review.googlesource.com/c/chromium/src/+/1228123. 

I will try to test if the cl fixes the crash locally. I can't reproduce this on Linux and I am trying to get a windows / mac to reproduce this.
Project Member

Comment 5 by bugdroid1@chromium.org, Sep 19

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a4c2245a2453e29859b39f00a998c1e444833627

commit a4c2245a2453e29859b39f00a998c1e444833627
Author: Mythri Alle <mythria@chromium.org>
Date: Wed Sep 19 15:42:23 2018

Fix GeneratedCodeCache::ReadData to handle incomplete entries

In GeneratedCodeCache::ReadDataComplete also handle cases when
the entry was just created but no data is written into. We
always expect response_time as the header in the cache entry. If
the number of bytes read is smaller than the response_header then
it should be treated as a Error. Also, we can have entries with
only response time and no data associated with it.

Bug:  chromium:884217 
Change-Id: I5cc3f0923aa87ce208fe766ab6e9fb2633c24159
Reviewed-on: https://chromium-review.googlesource.com/1228123
Commit-Queue: Mythri Alle <mythria@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Maks Orlovich <morlovich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#592414}
[modify] https://crrev.com/a4c2245a2453e29859b39f00a998c1e444833627/content/browser/code_cache/generated_code_cache.cc
[modify] https://crrev.com/a4c2245a2453e29859b39f00a998c1e444833627/content/browser/code_cache/generated_code_cache.h
[modify] https://crrev.com/a4c2245a2453e29859b39f00a998c1e444833627/content/browser/code_cache/generated_code_cache_unittest.cc
[modify] https://crrev.com/a4c2245a2453e29859b39f00a998c1e444833627/tools/metrics/histograms/enums.xml

Status: Started (was: Assigned)
The fix landed in 71.0.3557.0. There are no crashes in 3557 so far. Given the low rate of errors (~10 per canary), I think I need to wait longer to make sure this actually fixed the issue.
Status: Fixed (was: Started)
No crashes in 71.0.3557.0, 71.0.3558.0. Marking it as fixed. 

Sign in to add a comment