New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 892815 link

Starred by 1 user
Status: Duplicate
Owner:
mlippautz@chromium.org
Closed: Oct 8
Cc:
kainino@chromium.org
hpayer@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug



Sign in to add a comment

Crash in v8::GlobalValueMap<blink::ScriptWrappable*, v8::Object, blink::DOMWrapperMap<blink::ScriptWrappable>::PersistentValueMapTraits>::SecondWeakCallback

Project Member Reported by kbr@chromium.org, Oct 5 
http://crash/27c8c777f31b62a2

Chrome Version: 71.0.3567.0 (Official Build) dev (64-bit)
Revision	7c7bc73fc5f252e28f2308c81de4760e49990542-refs/branch-heads/3567@{#1}
Platform	11125.0.0 (Official Build) dev-channel eve

What steps will reproduce the problem?
(1) Use Gmail on Pixelbook (eve) including Hangouts chat

What is the expected result?

Expect to run reliably.

What happens instead?

Crash in hangouts.google.com sub-frame (?) which caused the entire Gmail tab to sad-tab.

Have only seen this once to far. Unknown whether it's reproducible.

CC'ing kainino@ as this is in thread shutdown code which may be being touched by Issue 869569; I'm not sure whether some recent work has already modified this, or whether a CL is forthcoming which might.

Comment 1 by kbr@chromium.org, Oct 5 

Stack trace from crash report:

Thread 15 (id: 0x5a6) CRASHED [SIGSEGV /SEGV_MAPERR @ 0x00000008 ] MAGIC SIGNATURE THREAD
Stack Quality100%Show frame trust levels
0x0000596a470bbc0c	(chrome -memory:2599 )	v8::GlobalValueMap<blink::ScriptWrappable*, v8::Object, blink::DOMWrapperMap<blink::ScriptWrappable>::PersistentValueMapTraits>::SecondWeakCallback(v8::WeakCallbackInfo<v8::GlobalValueMap<blink::ScriptWrappable*, v8::Object, blink::DOMWrapperMap<blink::ScriptWrappable>::PersistentValueMapTraits> > const&)
0x0000596a433e5049	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/v8/src/global-handles.cc:894 )	<name omitted>
0x0000596a434c77b2	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/v8/src/global-handles.cc:1091 )	v8::internal::Isolate::TearDown()
0x0000596a471b1024	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/v8/src/api.cc:8241 )	gin::IsolateHolder::~IsolateHolder()
0x0000596a470c24af	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/third_party/blink/renderer/platform/bindings/v8_per_isolate_data.cc:123 )	blink::V8PerIsolateData::Destroy(v8::Isolate*)
0x0000596a479ac4c4	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/third_party/blink/renderer/core/workers/worker_backing_thread.cc:122 )	blink::WorkerBackingThread::ShutdownOnBackingThread()
0x0000596a4799ff40	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/third_party/blink/renderer/core/workers/worker_thread.cc:584 )	blink::WorkerThread::PerformShutdownOnWorkerThread()
0x0000596a42130675	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 )	(anonymous namespace)::DiscardDeviceInfosAndCallContinuation(base::OnceCallback<void ()>, std::__1::vector<media::VideoCaptureDeviceInfo, std::__1::allocator<media::VideoCaptureDeviceInfo> > const&)
0x0000596a418a48ee	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:416 )	<name omitted>
0x0000596a41147c8e	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x0000596a41140ba7	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/task/sequence_manager/thread_controller_impl.cc:196 )	base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType)
0x0000596a41137451	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 )	base::MessageLoop::DoWork()
0x0000596a41138c09	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_pump_default.cc:37 )	base::MessagePumpDefault::Run(base::MessagePump::Delegate*)
0x0000596a43ec6753	(chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/run_loop.cc:102 )	<name omitted>

Comment 2 by kainino@chromium.org, Oct 5 

I haven't yet, but might modify PerformShutdownOnWorkerThread to automatically repost itself it it's running inside beginExecutingTasks. But I don't think it would affect this issue.

Comment 3 by mlippautz@chromium.org, Oct 8

Cc: -mlippautz@chromium.org
Labels: -Pri-3 Pri-2
Mergedinto: 890631
Owner: mlippautz@chromium.org
Status: Duplicate (was: Untriaged)
This is likely a dupe from issue 890631. I will land a fix today.

Sign in to add a comment