search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.9k stars 2.34k forks source link

crash when worker gc #40154

Open ohroy opened 3 months ago

ohroy commented 3 months ago

Description

[68713:50691:0731/180145.644176:FATAL:worker_or_worklet_global_scope.cc(259)] WorkerOrWorkletGlobalScope must never be wrapped with wrap method. The global object of ECMAScript environment is used as the wrapper.
0   libbase.dylib                       0x00000001016420b4 base::debug::CollectStackTrace(void const**, unsigned long) + 28
1   libbase.dylib                       0x0000000101629950 base::debug::StackTrace::StackTrace() + 80
2   libbase.dylib                       0x00000001015396c0 logging::LogMessage::Flush() + 152
3   libbase.dylib                       0x000000010153a390 logging::LogMessageFatal::~LogMessageFatal() + 12
4   libbase.dylib                       0x000000010153a3a8 logging::LogMessageFatal::~LogMessageFatal() + 0
5   libblink_core.dylib                 0x000000012896ed44 blink::WorkerOrWorkletGlobalScope::AssociateWithWrapper(v8::Isolate*, blink::WrapperTypeInfo const*, v8::Local<v8::Object>) + 0
6   libblink_core.dylib                 0x000000012896eb2c blink::WorkerOrWorkletGlobalScope::~WorkerOrWorkletGlobalScope() + 180
7   libblink_core.dylib                 0x0000000128968f14 blink::WorkerGlobalScope::~WorkerGlobalScope() + 448
8   libv8.dylib                         0x000000012073d56c cppgc::internal::HeapVisitor<cppgc::internal::(anonymous namespace)::MutatorThreadSweeper>::Traverse(cppgc::internal::BasePage&) + 740
9   libv8.dylib                         0x000000012073c818 cppgc::internal::Sweeper::SweeperImpl::Finish() + 300
10  libv8.dylib                         0x0000000120738930 cppgc::internal::Sweeper::SweeperImpl::FinishIfRunning() + 244
11  libv8.dylib                         0x000000012072323c cppgc::internal::HeapBase::Terminate() + 336
12  libblink_platform.dylib             0x00000001236f2b60 blink::ThreadState::~ThreadState() + 44
13  libblink_platform.dylib             0x00000001236f277c blink::ThreadState::DetachCurrentThread() + 28
14  libblink_platform.dylib             0x00000001237ecfb4 std::__Cr::unique_ptr<blink::scheduler::NonMainThreadImpl::GCSupport, std::__Cr::default_delete<blink::scheduler::NonMainThreadImpl::GCSupport>>::reset(blink::scheduler::NonMainThreadImpl::GCSupport*) + 48
15  libblink_platform.dylib             0x00000001237ecca8 blink::scheduler::NonMainThreadImpl::ShutdownOnThread() + 32
16  libblink_core.dylib                 0x00000001289668ec blink::WorkerBackingThread::ShutdownOnBackingThread() + 116
17  libblink_core.dylib                 0x000000012897605c blink::WorkerThread::PerformShutdownOnWorkerThread() + 668
18  libbase.dylib                       0x00000001015161f8 base::OnceCallback<void ()>::Run() && + 68
19  libbase.dylib                       0x00000001015a9138 base::TaskAnnotator::RunTaskImpl(base::PendingTask&) + 272
20  libbase.dylib                       0x00000001015d57c4 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) + 984
21  libbase.dylib                       0x00000001015d5088 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() + 100
22  libbase.dylib                       0x00000001015459a4 base::MessagePumpDefault::Run(base::MessagePump::Delegate*) + 184
23  libbase.dylib                       0x00000001015d63ec base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) + 528
24  libbase.dylib                       0x000000010157f5e0 base::RunLoop::Run(base::Location const&) + 364
25  libblink_platform.dylib             0x00000001237ed0e8 blink::scheduler::NonMainThreadImpl::SimpleThreadImpl::Run() + 260
26  libbase.dylib                       0x0000000101628c08 base::(anonymous namespace)::ThreadFunc(void*) + 132
27  libsystem_pthread.dylib             0x00000001898052e4 _pthread_start + 136
28  libsystem_pthread.dylib             0x00000001898000fc thread_start + 8
Task trace:
0   libblink_core.dylib                 0x0000000128975868 blink::WorkerThread::Terminate() + 368
1   libmojo_public_system_cpp.dylib     0x0000000100d20f94 mojo::SimpleWatcher::Context::Notify(unsigned int, MojoHandleSignalsState, unsigned int) + 224

Steps to reproduce

  1. npm run build
  2. visit https://abrahamjuliot.github.io/creepjs/
  3. crash

Actual result

crash

Expected result

can works

Reproduces how often

Easily reproduced

Brave version (brave://version info)

DEBUG VERSION https://github.com/brave/brave-browser/releases/tag/v1.68.131

Channel information

Reproducibility

Miscellaneous information

it works on RELEASE version

related code

v8::Local<v8::Value> WorkerOrWorkletGlobalScope::Wrap(ScriptState*) {
  LOG(FATAL) << "WorkerOrWorkletGlobalScope must never be wrapped with wrap "
                "method. The global object of ECMAScript environment is used "
                "as the wrapper.";
}
iefremov commented 1 month ago

decreasing priority as this is not very frequent