New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user
Status: Duplicate
Merged: issue 112983
Owner: ----
Closed: Feb 2012
Cc:
acolwell@chromium.org
anan...@chromium.org
scherkus@chromium.org
vivianz@chromium.org
enal@chromium.org
crogers@google.com
vrk@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug

Restricted
  • Only users with Commit permission may comment.



Sign in to add a comment
link

Issue 114662: Chrome crashes when accessing link to MP3

Reported by daniel.c...@gmail.com, Feb 16 2012 
Chrome Version       : 17.0.963.56
OS Version: OS X 10.7.3
URLs (if applicable) :
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari 5: OK
  Firefox 4.x:
     IE 7/8/9:

What steps will reproduce the problem?
1. Goto link http://files.exotica.org.uk/?file=/bitfellas/podcast/bitjam_144.mp3
2.
3.

What is the expected result?

That the mp3 should start playing

What happens instead?

The whole Chrome app crashes (not just the current browser window/tab)

Please provide any additional information below. Attach a screenshot if
possible.

UserAgentString: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11

Comment 1 by groby@chromium.org, Feb 16 2012

Cc: crogers@google.com
Labels: Feature-Media
Status: Untriaged
Confirmed on 17.0.963.56, OSX 10.6.8

Can't repro on Canary (19.0.1044.0)

chrome://crashes doesn't list a crash report

Comment 2 by vivianz@chromium.org, Feb 16 2012

Cc: vivianz@chromium.org anan...@chromium.org
Labels: -Area-Undefined -Pri-2 Area-UI Pri-1 Feature-Views
crash on both Mac and Windows with M17 and M18 chrome builds:
crash report: http://crash/reportdetail?reportid=a0dd9ab048166ded

0x768f9f43	 [user32.dll	 + 0x00019f43]	NtUserMessageCall
0x768f9f74	 [user32.dll	 + 0x00019f74]	NtUserMessageCall
0x768f9dcb	 [user32.dll	 + 0x00019dcb]	RealDefWindowProcW
0x72000c13	 [uxtheme.dll	 + 0x00010c13]	_ThemeDefWindowProc(HWND__ *,unsigned int,unsigned int,long,int)
0x72000c5d	 [uxtheme.dll	 + 0x00010c5d]	ThemeDefWindowProcW
0x768f9ed1	 [user32.dll	 + 0x00019ed1]	GetPropW
0x6341e0c1	 [chrome.dll	 - native_widget_win.cc:1878]	views::NativeWidgetWin::OnSysCommand(unsigned int,WTL::CPoint)
0x62bad351	 [chrome.dll	 - native_widget_win.h:357]	views::NativeWidgetWin::_ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x62bacd43	 [chrome.dll	 - native_widget_win.h:281]	views::NativeWidgetWin::ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x6341cd48	 [chrome.dll	 - native_widget_win.cc:1034]	views::NativeWidgetWin::OnWndProc(unsigned int,unsigned int,long)
0x632ca6e0	 [chrome.dll	 - window_impl.cc:191]	ui::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)
0x632ca9d7	 [chrome.dll	 - wrapped_window_proc.h:60]	base::win::WrappedWindowProc<&ui::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)>(HWND__ *,unsigned int,unsigned int,long)
0x768f8816	 [user32.dll	 + 0x00018816]	InternalCallWinProc
0x768f9ee8	 [user32.dll	 + 0x00019ee8]	GetPropW
0x768f9d13	 [user32.dll	 + 0x00019d13]	DispatchClientMessage
0x768f9d84	 [user32.dll	 + 0x00019d84]	__fnDWORD
0x76efe495	 [ntdll.dll	 + 0x0001e495]	KiUserCallbackDispatcher
0x76efe41f	 [ntdll.dll	 + 0x0001e41f]	KiUserApcDispatcher
0x768f9dcb	 [user32.dll	 + 0x00019dcb]	RealDefWindowProcW
0x72000c13	 [uxtheme.dll	 + 0x00010c13]	_ThemeDefWindowProc(HWND__ *,unsigned int,unsigned int,long,int)
0x72000c5d	 [uxtheme.dll	 + 0x00010c5d]	ThemeDefWindowProcW
0x768f9ed1	 [user32.dll	 + 0x00019ed1]	GetPropW
0x6341ed4c	 [chrome.dll	 - native_widget_win.cc:2319]	views::NativeWidgetWin::DefWindowProcWithRedrawLock(unsigned int,unsigned int,long)
0x6341d71f	 [chrome.dll	 - native_widget_win.cc:1460]	views::NativeWidgetWin::OnMouseRange(unsigned int,unsigned int,long)
0x62bacda8	 [chrome.dll	 - native_widget_win.h:284]	views::NativeWidgetWin::_ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x62bacd43	 [chrome.dll	 - native_widget_win.h:281]	views::NativeWidgetWin::ProcessWindowMessage(HWND__ *,unsigned int,unsigned int,long,long &,unsigned long)
0x6341cd48	 [chrome.dll	 - native_widget_win.cc:1034]	views::NativeWidgetWin::OnWndProc(unsigned int,unsigned int,long)
0x632ca6e0	 [chrome.dll	 - window_impl.cc:191]	ui::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)
0x632ca9d7	 [chrome.dll	 - wrapped_window_proc.h:60]	base::win::WrappedWindowProc<&ui::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned int,long)>(HWND__ *,unsigned int,unsigned int,long)
0x768f8816	 [user32.dll	 + 0x00018816]	InternalCallWinProc
0x768f898d	 [user32.dll	 + 0x0001898d]	UserCallWinProcCheckWow
0x768f8ab8	 [user32.dll	 + 0x00018ab8]	DispatchMessageWorker
0x768f8b0f	 [user32.dll	 + 0x00018b0f]	DispatchMessageW
0x6341b600	 [chrome.dll	 - accelerator_handler_win.cc:54]	views::AcceleratorHandler::Dispatch(tagMSG const &)
0x62aa0955	 [chrome.dll	 - message_pump_win.cc:354]	base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &)
0x62aa07ae	 [chrome.dll	 - message_pump_win.cc:199]	base::MessagePumpForUI::DoRunLoop()
0x62aa05cd	 [chrome.dll	 - message_pump_win.cc:51]	base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate *,base::MessagePumpWin::Dispatcher *)
0x62a87217	 [chrome.dll	 - message_loop.cc:454]	MessageLoop::RunInternal()
0x62a871a7	 [chrome.dll	 - message_loop.cc:432]	MessageLoop::RunHandler()
0x62a8793b	 [chrome.dll	 - message_loop.cc:805]	MessageLoopForUI::RunWithDispatcher(base::MessagePumpWin::Dispatcher *)
0x62bb919a	 [chrome.dll	 - chrome_browser_main.cc:2009]	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x63027309	 [chrome.dll	 - browser_main_loop.cc:395]	content::BrowserMainLoop::RunMainMessageLoopParts(bool *)
0x62ff601d	 [chrome.dll	 - browser_main.cc:100]	BrowserMain(content::MainFunctionParams const &)
0x62aadb75	 [chrome.dll	 - content_main.cc:263]	`anonymous namespace'::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x62aade10	 [chrome.dll	 - content_main.cc:454]	content::ContentMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,content::ContentMainDelegate *)
0x629e49a0	 [chrome.dll	 - chrome_main.cc:28]	ChromeMain

Comment 3 by crogers@google.com, Feb 16 2012

Cc: scherkus@chromium.org acolwell@chromium.org enal@chromium.org vrk@chromium.org

Comment 4 by vivianz@chromium.org, Feb 16 2012

Labels: -OS-Mac OS-All

Comment 5 by imasaki@chromium.org, Feb 18 2012

Owner: alek...@chromium.org
Alek, can you try to repro?

Comment 6 by alek...@chromium.org, Feb 21 2012 

I'm able to reproduce the crash on ubuntu 10.04, gc: 17.0.963.56

Comment 7 by alek...@chromium.org, Feb 21 2012

Labels: Stability-Crash

Comment 8 by scherkus@chromium.org, Feb 21 2012 

alekyoo: how consistent does it crash? do the stack traces match what was posted in #2 or are they different?

Comment 9 by groby@chromium.org, Feb 22 2012 

#2 actually has the wrong stack trace (it's the main thread, not the crashing thread)

Here's the crashing thread from the same report ID

0x632a1b12	 [chrome.dll	 - url_request_ftp_job.cc:73]	net::URLRequestFtpJob::StartTransaction()
0x6321ea43	 [chrome.dll	 - url_request.cc:490]	net::URLRequest::StartJob(net::URLRequestJob *)
0x6321e7eb	 [chrome.dll	 - url_request.cc:435]	net::URLRequest::Start()
0x6304ad46	 [chrome.dll	 - resource_queue.cc:67]	ResourceQueue::AddRequest(net::URLRequest *,ResourceDispatcherHostRequestInfo const &)
0x6300cf53	 [chrome.dll	 - resource_dispatcher_host.cc:1661]	ResourceDispatcherHost::InsertIntoResourceQueue(net::URLRequest *,ResourceDispatcherHostRequestInfo const &)
0x6300cf32	 [chrome.dll	 - resource_dispatcher_host.cc:1655]	ResourceDispatcherHost::BeginRequestInternal(net::URLRequest *)
0x6300ae51	 [chrome.dll	 - resource_dispatcher_host.cc:670]	ResourceDispatcherHost::BeginRequest(int,ResourceHostMsg_Request const &,IPC::Message *,int)
0x6300a6e7	 [chrome.dll	 - resource_dispatcher_host.cc:437]	ResourceDispatcherHost::OnRequestResource(IPC::Message const &,int,ResourceHostMsg_Request const &)
0x63011171	 [chrome.dll	 - resource_messages.h:180]	ResourceHostMsg_RequestResource::Dispatch<ResourceDispatcherHost,ResourceDispatcherHost,int,ResourceHostMsg_Request const &>(IPC::Message const *,ResourceDispatcherHost *,ResourceDispatcherHost *,void ( ResourceDispatcherHost::*)(IPC::Message const &,int,ResourceHostMsg_Request const &))
0x6300a404	 [chrome.dll	 - resource_dispatcher_host.cc:406]	ResourceDispatcherHost::OnMessageReceived(IPC::Message const &,ResourceMessageFilter *,bool *)
0x63058acd	 [chrome.dll	 - resource_message_filter.cc:40]	ResourceMessageFilter::OnMessageReceived(IPC::Message const &,bool *)
0x630095e4	 [chrome.dll	 - browser_message_filter.cc:88]	BrowserMessageFilter::DispatchMessageW(IPC::Message const &)
0x63009510	 [chrome.dll	 - browser_message_filter.cc:74]	BrowserMessageFilter::OnMessageReceived(IPC::Message const &)
0x631c7e2b	 [chrome.dll	 - ipc_channel_proxy.cc:90]	IPC::ChannelProxy::Context::TryFilters(IPC::Message const &)
0x631c7e56	 [chrome.dll	 - ipc_channel_proxy.cc:104]	IPC::ChannelProxy::Context::OnMessageReceived(IPC::Message const &)
0x629eef92	 [chrome.dll	 - ipc_channel_win.cc:298]	IPC::Channel::ChannelImpl::ProcessIncomingMessages(base::MessagePumpForIO::IOContext *,unsigned long)
0x629ef24c	 [chrome.dll	 - ipc_channel_win.cc:389]	IPC::Channel::ChannelImpl::OnIOCompleted(base::MessagePumpForIO::IOContext *,unsigned long,unsigned long)
0x62aa0c08	 [chrome.dll	 - message_pump_win.cc:514]	base::MessagePumpForIO::WaitForIOCompletion(unsigned long,base::MessagePumpForIO::IOHandler *)
0x62aa0b4e	 [chrome.dll	 - message_pump_win.cc:477]	base::MessagePumpForIO::DoRunLoop()
0x62aa05cd	 [chrome.dll	 - message_pump_win.cc:51]	base::MessagePumpWin::RunWithDispatcher(base::MessagePump::Delegate *,base::MessagePumpWin::Dispatcher *)
0x62aa048e	 [chrome.dll	 - message_pump_win.h:64]	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x62a87222	 [chrome.dll	 - message_loop.cc:459]	MessageLoop::RunInternal()
0x62a871a7	 [chrome.dll	 - message_loop.cc:432]	MessageLoop::RunHandler()
0x62a8712a	 [chrome.dll	 - message_loop.cc:342]	MessageLoop::Run()
0x6340eeca	 [chrome.dll	 - thread.cc:126]	base::Thread::Run(MessageLoop *)
0x6340efb8	 [chrome.dll	 - thread.cc:161]	base::Thread::ThreadMain()
0x62a8e81b	 [chrome.dll	 - platform_thread_win.cc:58]	base::`anonymous namespace'::ThreadFunc(void *)
0x750ef13b	 [kernel32.dll	 + 0x0008f13b]	BaseThreadInitThunk
0x76f5d818	 [ntdll.dll	 + 0x0007d818]	__RtlUserThreadStart
0x76f5da2a	 [ntdll.dll	 + 0x0007da2a]	_RtlUserThreadStart


We're seeing quite a bit of crashes in StartTransaction in 17.x. Looking at 18.x, we still can find the same crash. See e.g. http://crash/reportdetail?reportid=303f018be3d29263

19.x still has crashes in net::URLRequestFtpJob::StartTransaction(), but via a different callchain. Currently only triggered by prerender. See http://crash/reportdetail?reportid=03a6acaab0b7c272#crashing_thread for a v19 crash.

Comment 10 by alek...@chromium.org, Feb 22 2012 

That's my crash log: 0eefaf78f2e2f275 
Happens everytime 100% repro. rate 



Thread 10 *CRASHED* ( SIGSEGV @ 0x00000000 )

0x7ff1e39f1bb2	 [chrome	 - net/url_request/url_request_ftp_job.cc:69]	net::URLRequestFtpJob::StartTransaction
0x7ff1e3971814	 [chrome	 - net/url_request/url_request.cc:478]	net::URLRequest::StartJob
0x7ff1e4c5855a	 [chrome	 - content/browser/renderer_host/resource_queue.cc:68]	ResourceQueue::AddRequest
0x7ff1e4c4cde0	 [chrome	 - content/browser/renderer_host/resource_dispatcher_host.cc:1667]	ResourceDispatcherHost::InsertIntoResourceQueue
0x7ff1e4c539fd	 [chrome	 - content/browser/renderer_host/resource_dispatcher_host.cc:1661]	ResourceDispatcherHost::BeginRequestInternal
0x7ff1e4c56af9	 [chrome	 - content/browser/renderer_host/resource_dispatcher_host.cc:696]	ResourceDispatcherHost::BeginRequest
0x7ff1e4c4f519	 [chrome	 - ./content/common/resource_messages.h:179]	ResourceDispatcherHost::OnMessageReceived
0x7ff1e4ba7b17	 [chrome	 - content/public/browser/browser_message_filter.cc:90]	content::BrowserMessageFilter::DispatchMessage
0x7ff1e4ba7caa	 [chrome	 - content/public/browser/browser_message_filter.cc:76]	content::BrowserMessageFilter::OnMessageReceived
0x7ff1e3d91a4c	 [chrome	 - ipc/ipc_channel_proxy.cc:90]	IPC::ChannelProxy::Context::TryFilters
0x7ff1e3d92258	 [chrome	 - ipc/ipc_channel_proxy.cc:104]	IPC::ChannelProxy::Context::OnMessageReceived
0x7ff1e3d8f42e	 [chrome	 - ipc/ipc_channel_posix.cc:732]	IPC::Channel::ChannelImpl::ProcessIncomingMessages
0x7ff1e3d900ba	 [chrome	 - ipc/ipc_channel_posix.cc:1077]	IPC::Channel::ChannelImpl::OnFileCanReadWithoutBlocking
0x7ff1e3607207	 [chrome	 - base/message_pump_libevent.cc:108]	base::MessagePumpLibevent::FileDescriptorWatcher::OnFileCanReadWithoutBlocking
0x7ff1e36072e9	 [chrome	 - base/message_pump_libevent.cc:365]	base::MessagePumpLibevent::OnLibeventNotification
0x7ff1e3664ec7	 [chrome	 - third_party/libevent/event.c:385]	event_base_loop
0x7ff1e360642a	 [chrome	 - base/message_pump_libevent.cc:278]	base::MessagePumpLibevent::Run
0x7ff1e3625aab	 [chrome	 - base/message_loop.cc:390]	MessageLoop::Run
0x7ff1e3648ab8	 [chrome	 - base/threading/thread.cc:161]	base::Thread::ThreadMain
0x7ff1e3646111	 [chrome	 - base/threading/platform_thread_posix.cc:58]	base::::ThreadFunc
0x7ff1ded1f9c9	 [libpthread-2.11.1.so	 + 0x000069c9]

Comment 11 by fischman@chromium.org, Feb 22 2012

Mergedinto: 112983
Status: Duplicate

Comment 12 by laforge@google.com, Feb 29 2012

Labels: -Feature-Views Internals-Views

Comment 13 by alek...@chromium.org, Jun 20 2012

Owner: ----

Comment 14 by bugdroid1@chromium.org, Oct 13 2012

Project Member
Labels: Restrict-AddIssueComment-Commit
Mergedinto: chromium:112983
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.

Comment 15 by bugdroid1@chromium.org, Mar 10 2013

Project Member
Labels: -Area-UI -Feature-Media -Internals-Views Cr-Internals-Media Cr-UI Cr-Internals-Views

Sign in to add a comment