Issue metadata
Sign in to add a comment
|
Crash in content::GeneratedCodeCache::ReadDataComplete on browser start |
||||||||||||||||||||||
Issue descriptionChrome Version: 71.0.3552.2 (Official Build) canary (64-bit) OS: macOS 10.13.6 What steps will reproduce the problem? (1) Restart the browser after taking the 71.0.3552.2 upgrade (2) Have it restore state What is the expected result? Expect browser to start. What happens instead? Entire browser process crashes. Crash ID: da20dcd88b430953 Thread 4 (id: 0x2cc3a) CRASHED [0x00000000 / 0x00000000 @ 0x00007fff7d3ddb66 ] MAGIC SIGNATURE THREAD Stack Quality84%Show frame trust levels 0x00007fff7d3ddb66 (libsystem_kernel.dylib + 0x0001cb66 ) __pthread_kill 0x00007fff7d3391ad (libsystem_c.dylib + 0x0005d1ad ) abort 0x00007fff7b233f8e (libc++abi.dylib + 0x00001f8e ) abort_message 0x00007fff7b234112 (libc++abi.dylib + 0x00002112 ) default_terminate_handler() 0x00007fff7c675eaa (libobjc.A.dylib + 0x00016eaa ) _objc_terminate() 0x00007fff7b24f7c8 (libc++abi.dylib + 0x0001d7c8 ) std::__terminate(void (*)()) 0x00007fff7b24f26e (libc++abi.dylib + 0x0001d26e ) __cxa_throw 0x00007fff7b207796 (libc++.1.dylib + 0x0002c796 ) std::__1::__vector_base_common<true>::__throw_length_error() const 0x00000001072ef9df (Google Chrome Framework -vector:969 ) content::GeneratedCodeCache::ReadDataComplete(base::RepeatingCallback<void (base::Time const&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&)>, scoped_refptr<net::IOBufferWithSize>, int) 0x00000001072f03a0 (Google Chrome Framework -bind_internal.h:516 ) base::internal::Invoker<base::internal::BindState<void (content::GeneratedCodeCache::*)(base::RepeatingCallback<void (base::Time const&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&)>, scoped_refptr<net::IOBufferWithSize>, int), base::WeakPtr<content::GeneratedCodeCache>, base::RepeatingCallback<void (base::Time const&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&)>, scoped_refptr<net::IOBufferWithSize> >, void (int)>::RunOnce(base::internal::BindStateBase*, int) 0x000000010708eb10 (Google Chrome Framework -callback.h:99 ) base::internal::Invoker<base::internal::BindState<base::OnceCallback<void (int)>, int>, void ()>::RunOnce(base::internal::BindStateBase*) 0x0000000108aaa9c1 (Google Chrome Framework -callback.h:99 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x0000000108ac61bd (Google Chrome Framework -message_loop.cc:434 ) base::MessageLoop::RunTask(base::PendingTask*) 0x0000000108ac6522 (Google Chrome Framework -message_loop.cc:445 ) base::MessageLoop::DoWork() 0x0000000108b69b53 (Google Chrome Framework -message_pump_libevent.cc:210 ) base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) 0x0000000108aeac24 (Google Chrome Framework -run_loop.cc:102 ) <name omitted> 0x00000001072af5d3 (Google Chrome Framework -browser_process_sub_thread.cc:175 ) content::BrowserProcessSubThread::IOThreadRun(base::RunLoop*) 0x0000000108b2e060 (Google Chrome Framework -thread.cc:357 ) base::Thread::ThreadMain() 0x0000000108b60906 (Google Chrome Framework -platform_thread_posix.cc:80 ) base::(anonymous namespace)::ThreadFunc(void*) 0x00007fff7d5a5660 (libsystem_pthread.dylib + 0x00003660 ) _pthread_body 0x00007fff7d5a550c (libsystem_pthread.dylib + 0x0000350c ) _pthread_start 0x00007fff7d5a4bf8 (libsystem_pthread.dylib + 0x00002bf8 ) thread_start 0x0000000108b608af (Google Chrome Framework + 0x025518af ) Canary was crashy upon restart yesterday too: 7c7222098d993d5c The crash ID which provoked yesterday's restart was 60b4a6a707bcd197 .
,
Sep 14
,
Sep 17
Thanks for the report, I will have a look into this.
,
Sep 17
I am still not sure what is the exact problem, but there are a couple of cases we haven't handled when fetching data from the cache earlier. I have uploaded a cl to fix it: https://chromium-review.googlesource.com/c/chromium/src/+/1228123. I will try to test if the cl fixes the crash locally. I can't reproduce this on Linux and I am trying to get a windows / mac to reproduce this.
,
Sep 19
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a4c2245a2453e29859b39f00a998c1e444833627 commit a4c2245a2453e29859b39f00a998c1e444833627 Author: Mythri Alle <mythria@chromium.org> Date: Wed Sep 19 15:42:23 2018 Fix GeneratedCodeCache::ReadData to handle incomplete entries In GeneratedCodeCache::ReadDataComplete also handle cases when the entry was just created but no data is written into. We always expect response_time as the header in the cache entry. If the number of bytes read is smaller than the response_header then it should be treated as a Error. Also, we can have entries with only response time and no data associated with it. Bug: chromium:884217 Change-Id: I5cc3f0923aa87ce208fe766ab6e9fb2633c24159 Reviewed-on: https://chromium-review.googlesource.com/1228123 Commit-Queue: Mythri Alle <mythria@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Maks Orlovich <morlovich@chromium.org> Cr-Commit-Position: refs/heads/master@{#592414} [modify] https://crrev.com/a4c2245a2453e29859b39f00a998c1e444833627/content/browser/code_cache/generated_code_cache.cc [modify] https://crrev.com/a4c2245a2453e29859b39f00a998c1e444833627/content/browser/code_cache/generated_code_cache.h [modify] https://crrev.com/a4c2245a2453e29859b39f00a998c1e444833627/content/browser/code_cache/generated_code_cache_unittest.cc [modify] https://crrev.com/a4c2245a2453e29859b39f00a998c1e444833627/tools/metrics/histograms/enums.xml
,
Sep 20
The fix landed in 71.0.3557.0. There are no crashes in 3557 so far. Given the low rate of errors (~10 per canary), I think I need to wait longer to make sure this actually fixed the issue.
,
Sep 21
No crashes in 71.0.3557.0, 71.0.3558.0. Marking it as fixed. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by kbr@chromium.org
, Sep 14