New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 56 users

Issue metadata

Status: Fixed
Owner:
User never visited
Closed: Aug 2015
Cc:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 0
Type: Bug

Blocking:
issue 455496



Sign in to add a comment

New tabs open with "He's Dead Jim"

Reported by doganh...@gmail.com, Mar 17 2015 Back to list

Issue description

UserAgent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2335.0 Safari/537.36

Steps to reproduce the problem:
1. Canary keeps crashing when opening new tab page 
2. Error message is: "Chrome ran out of memory."
3. Some extensions keep crashing too.

What is the expected behavior?

What went wrong?
Chrome Canary crashes constantly. (32 bit and 64 bit)

Crashed report ID: 

How much crashed? Whole browser

Is it a problem with a plugin? N/A 

Did this work before? N/A 

Chrome version: 43.0.2335.0  Channel: canary
OS Version: 6.2 (Windows 8)
Flash Version: Shockwave Flash 17.0 r0

 
Labels: Needs-Feedback
doganhisa@ Unable to reproduce the issue on Windows and Chrome: 43.0.2335.0.

Inorder to further investigate the issue, kindly provide below information:

1. Is this a continuous crash ? If so, provide detailed steps to reproduce the issue.
2. Do you have any apps / extensions installed ? If so, disable and then see if this issue is still reproducible.
3. Create a new profile from chrome://settings, do not login to browser or add any apps / extensions and see if this issue is still reproducible.
4. Navigate to chrome://crashes and provide the crash id generated when this issue happens.

Comment 2 by doganh...@gmail.com, Mar 18 2015

1. Yes
2. Yes ihave apps/extensions. But issue occurs with fresh profile with no apps extensions installed.
3. Created new fresh profile and issue occurs again.
4. Here is the crash id: 3d647f4c3b1b68f2 (crash with fresh profile with no apps or extensions installed.)
Mergedinto: 464633
Status: Duplicate
Stack Traces:
==============

Thread 0 CRASHED [EXCEPTION_BREAKPOINT @ 0x000007fdc7eb7d0d] MAGIC SIGNATURE THREAD
0x000007fdc7eb7d0d	[chrome_child.dll -debugger_win.cc:21 ]	base::debug::BreakDebugger()
0x000007fdc94ded6a	[chrome_child.dll -render_frame_impl.cc:696 ]	content::RenderFrameImpl::RenderFrameImpl(content::RenderViewImpl *,int)
0x000007fdc94df632	[chrome_child.dll -render_frame_impl.cc:537 ]	content::RenderFrameImpl::Create(content::RenderViewImpl *,int)
0x000007fdc94d3560	[chrome_child.dll -render_view_impl.cc:680 ]	content::RenderViewImpl::Initialize(ViewMsg_New_Params const &,content::CompositorDependencies *,bool)
0x000007fdc94d1b5a	[chrome_child.dll -render_view_impl.cc:1147 ]	content::RenderViewImpl::Create(ViewMsg_New_Params const &,content::CompositorDependencies *,bool)
0x000007fdc950fa42	[chrome_child.dll -view_messages.h:613 ]	ViewMsg_New::Dispatch<content::RenderThreadImpl,content::RenderThreadImpl,void,void ( content::RenderThreadImpl::*)(ViewMsg_New_Params const &)>(IPC::Message const *,content::RenderThreadImpl *,content::RenderThreadImpl *,void *,void ( content::RenderThreadImpl::*)(ViewMsg_New_Params const &))
0x000007fdc9514fe2	[chrome_child.dll -render_thread_impl.cc:1489 ]	content::RenderThreadImpl::OnControlMessageReceived(IPC::Message const &)
0x000007fdc94841ba	[chrome_child.dll -child_thread_impl.cc:615 ]	content::ChildThreadImpl::OnMessageReceived(IPC::Message const &)
0x000007fdc9bed32b	[chrome_child.dll -ipc_channel_proxy.cc:282 ]	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &)
0x000007fdc7ef95e5	[chrome_child.dll -task_annotator.cc:63 ]	base::debug::TaskAnnotator::RunTask(char const *,char const *,base::PendingTask const &)
0x000007fdc95de66a	[chrome_child.dll -task_queue_manager.cc:552 ]	content::TaskQueueManager::ProcessTaskFromWorkQueue(unsigned __int64,bool,base::PendingTask *)
0x000007fdc95ddfa4	[chrome_child.dll -task_queue_manager.cc:509 ]	content::TaskQueueManager::DoWork(bool)
0x000007fdc989a814	[chrome_child.dll -bind_internal.h:346 ]	base::internal::Invoker<IndexSequence<0,1>,base::internal::BindState<base::internal::RunnableAdapter<void ( media::cast::FrameSender::*)(bool)>,void ,base::internal::TypeList<base::WeakPtr<media::cast::FrameSender>,bool> >,base::internal::TypeList<base::internal::UnwrapTraits<base::WeakPtr<media::cast::FrameSender> >,base::internal::UnwrapTraits<bool> >,base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( media::cast::FrameSender::*)(bool)>,base::internal::TypeList<base::WeakPtr<media::cast::FrameSender> const &,bool const &> >,void >::Run(base::internal::BindStateBase *)
0x000007fdc7ef95e5	[chrome_child.dll -task_annotator.cc:63 ]	base::debug::TaskAnnotator::RunTask(char const *,char const *,base::PendingTask const &)
0x000007fdc7ebd8f6	[chrome_child.dll -message_loop.cc:449 ]	base::MessageLoop::RunTask(base::PendingTask const &)
0x000007fdc7ebe48d	[chrome_child.dll -message_loop.cc:570 ]	base::MessageLoop::DoWork()
0x000007fdc7ef58fd	[chrome_child.dll -message_pump_default.cc:32 ]	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x000007fdc7ebd479	[chrome_child.dll -message_loop.cc:414 ]	base::MessageLoop::RunHandler()
0x000007fdc7ef6d63	[chrome_child.dll -run_loop.cc:55 ]	base::RunLoop::Run()
0x000007fdc7ebcf81	[chrome_child.dll -message_loop.cc:307 ]	base::MessageLoop::Run()
0x000007fdc94fbed5	[chrome_child.dll -renderer_main.cc:220 ]	content::RendererMain(content::MainFunctionParams const &)
0x000007fdc8e1f8d9	[chrome_child.dll -content_main_runner.cc:382 ]	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x000007fdc8e1f7ea	[chrome_child.dll -content_main_runner.cc:767 ]	content::ContentMainRunnerImpl::Run()
0x000007fdc8e1cb17	[chrome_child.dll -content_main.cc:19 ]	content::ContentMain(content::ContentMainParams const &)
0x000007fdc8d86d8e	[chrome_child.dll -chrome_main.cc:66 ]	ChromeMain
0x000007f61cb4ee21	[chrome.exe -client_util.cc:238 ]	MainDllLoader::Launch(HINSTANCE__ *)
0x000007f61cb4dd9d	[chrome.exe -chrome_exe_main_win.cc:157 ]	wWinMain
0x000007f61cb79c67	[chrome.exe -crt0.c:251 ]	__tmainCRTStartup
0x000007fdf3471841	[kernel32.dll + 0x00001841 ]	BaseThreadInitThunk
0x000007fdf3d3f9d0	[ntdll.dll + 0x0003f9d0 ]	LdrpAllocateTls
0x000007fdf1038dd3	[KERNELBASE.dll + 0x00068dd3 ]	


Traces looks like a dupe of Issue 464633

Comment 4 by doganh...@gmail.com, Mar 18 2015

why i am not able to browse issue 464633? 

Comment 5 by lfg@chromium.org, Mar 18 2015

Owner: lfg@chromium.org
1. Do you have anything special installed on your computer that you think it could be related to the crash?
2. Can you provide some details on the hardware you're using?

I've been trying to reproduce this bug for a week without success, so if you can think of anything that might be related to the problem, please let me know.

Comment 6 by lfg@chromium.org, Mar 18 2015

Cc: nasko@chromium.org creis@chromium.org

Comment 7 by doganh...@gmail.com, Mar 19 2015

I installed the latest canary with version  43.0.2337.2 canary (64-bit)

I didn't have any crash yet. I will update if i see any crash again.

When i look at the changelog from 43.0.2336.0 to 43.0.2337.0, i can see there is a commit about issue 464633

I think some action have been taken about issue 464633 (i dont have any information about the issue)

here is the commit: https://chromium.googlesource.com/chromium/src/+/f032c0d065a5387a2e490e45bbec046e5a1bda61

I think this fix (or temporary fix) not prevent chrome from crashing.

I will update if any crash occurs again. 



Comment 8 by doganh...@gmail.com, Mar 20 2015

Crashes occur continuously again with version 43.0.2338.2

Comment 9 by nasko@chromium.org, Mar 20 2015

Do you have any errors in the event log that indicate failure to start process? It will be useful to get some data as to why this is happening and the system log can have clues.
In windows event viewer there are errors about Chrome, here is the detail of one:

Log Name:      Application
Source:        Chrome
Date:          20.3.2015 15:55:05
Event ID:      1
Task Category: None
Level:         Error
Keywords:      Classic
User:          XXXXX-HP\XXXXX
Computer:      XXXXX-HP
Description:
The description for Event ID 1 from source Chrome XXXXXnot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You XXXXX install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

Chrome has encountered a fatal error.
ver=43.0.2338.2;lang=;guid=6710E1301DE141E5B8B69D35B61E0573;is_machine=0;oop=1;upload=1;minidump=C:\Users\XXXXX\AppData\Local\Google\CrashReports\1e5d6544-3121-4074-b1d9-6f533953b883.dmp

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Chrome" />
    <EventID Qualifiers="0">1</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-03-20T13:55:05.000000000Z" />
    <EventRecordID>109693</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXX-HP</Computer>
    <Security UserID="S-1-5-21-1574033718-1174347949-152386660-1001" />
  </System>
  <EventData>
    <Data>Chrome has encountered a fatal error.
ver=43.0.2338.2;lang=;guid=6710E1301DE141E5B8B69D35B61E0573;is_machine=0;oop=1;upload=1;minidump=C:\Users\XXXXX\AppData\Local\Google\CrashReports\1e5d6544-3121-4074-b1d9-6f533953b883.dmp</Data>
  </EventData>
</Event>
Another event log:

Log Name:      Application
Source:        Chrome
Date:          20.3.2015 15:54:48
Event ID:      2
Task Category: None
Level:         Information
Keywords:      Classic
User:          XXXXX-HP\XXXXX
Computer:      XXXXX-HP
Description:
The description for Event ID 2 from source Chrome cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

Crash uploaded. Id=6b70be6af9fc1236.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Chrome" />
    <EventID Qualifiers="0">2</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-03-20T13:54:48.000000000Z" />
    <EventRecordID>109692</EventRecordID>
    <Channel>Application</Channel>
    <Computer>XXXXX-HP</Computer>
    <Security UserID="S-1-5-21-1574033718-1174347949-152386660-1001" />
  </System>
  <EventData>
    <Data>Crash uploaded. Id=6b70be6af9fc1236.</Data>
  </EventData>
</Event>

Comment 12 by nasko@chromium.org, Mar 20 2015

Cc: lfg@chromium.org
Owner: shrikant@chromium.org
Assigning to shrikant@, since this is likely caused by AppContainer changes.
With 43.0.2338.2, there should be another reason than AppContainer. The CL was reverted starting with 43.0.2337.2. doganhisa@, any latest crash id's with version 43.0.2338.2?

Comment 14 by lfg@chromium.org, Mar 20 2015

The change wasn't reverted in the tree, just in the release branch, so 2338 have the AppContainer CL again.

Comment 15 by creis@chromium.org, Mar 20 2015

Cc: dxie@chromium.org
To clarify: I think @dxie is still expecting @shrikant to revert the CL from trunk.

Comment 16 Deleted

43.0.2341.0 version crashes continue. 
I dont know what had changed but new tabs are opened without any error but new incognito windows are opened with "He's Dead Jim".
Here is the video of "Chrome ran out of memory." issue.
Untitled Screencast.webm
5.5 MB Download
doganhisa@ if possible, can you please post latest crash id when this crash occurs through chrome://crashes/.

Comment 21 by Deleted ...@, Mar 28 2015

I'm having the same issue as doganisa, except that for me, only the tabs are crashing.  I'm on:

Version 43.0.2349.0 canary (64-bit)

I've tried uninstalling and reinstalling canary but the problem is still there.  The issue started about a week or two ago. I've submitted several feedbacks on the tab crashes.

Comment 22 by Deleted ...@, Mar 28 2015

In addition to the tabs crashing sometimes, a variety of extensions also keep crashing here and there like google dictionary and google gmail checker.  Attached a screenshot of the tab crash
In the first time when i filed this issue, new tabs and new incgnito tabs were opening with He's Dead Jim page (Chrome ran out of memory) and the whole browser was crashing too. That was causing browser to relaunch. 

But today new tabs and incognito tabs are opening with He's Dead Jim (Chrome ran out of memory) but whole browser does not crash and can continue without relaunch.

So the latest crash i came across is in 23 march and crash id is: bb85a7570f6f2519 

Comment 24 by creis@chromium.org, Mar 30 2015

Mergedinto:
Status: Assigned
I'm going to reopen this, because it's still occurring and likely to be due to the AppContainer issue and not the fix lfg@ landed for issue 464633.  @shrikant, can you help confirm?
Cc: shrikant@chromium.org
Owner: est...@chromium.org
The report ID bb85a7570f6f2519, actually refers to another Bug related to ContentAutoFillDriver, which seem to have recurred in certain versions since 41.0.2238.0. Assigning to estade@ as he might have more idea. Significant  recurrence seem to be in 43.0.2342.2 and AppContainer is enabled much earlier than that.

Having said that, latest recurrence may be related to AppContainer. AppContainer can cause various issues because of added restrictions in SandBox and we want to know them all, especially since these issues are not reproducible in our controlled environment.

Comment 26 by lfg@chromium.org, Mar 30 2015

I believe a crash during process spawn would not generate a crash id. The report ID mentioned is for a browser process crash, and the "He's dead Jim" only covers a renderer failure, so they can't be related.

Did you get any data from the UMA metric?
Yes, we have UMA.

Comment 28 by lfg@chromium.org, Mar 30 2015

I just checked it, seems that the vast majority of errors are 122 (0x7a) ERROR_INSUFFICIENT_BUFFER.
Yes, that's correct.
Owner: shrikant@chromium.org
why would I have an idea? Did you mean to cc someone else?
"He's Dead Jim" pages are stopped in canary with this change:

https://chromium.googlesource.com/chromium/src/+/fdf0832bcd0deb3a58bacc43b0db8755d84546d1

Will you plan to enable appcontainer later again? 

Did you get enough metrics to identify problem? 
Yes, next canary should have AppContainer again. We got some metrics but we want to dig in more. Would be very helpful if you could send us id's of renderer crash reports that you see.
Thnk you @shrikant, sure i can send the crash ids that i came across

here are the latest crash id's i've got. Some of the crash occured when first opening canary, some occured when opening new tab and the others occured when openeing a new incognito tab.

ef26ea9b1448ba65 
6b1003fb52df34f6 
88e258981f0e387e 
d9552b5c6628e401 
a253628ab524dce6 
5b65aaa4a68a2ae3 

im on 44.0.2363.0 canary 
OS: Win 8 64-bit

tried with signed-in profile and with fresh profile.
@doganhisa, wondering if you see crashes going away with 44.0.2367.0/44.0.2368.0.?
There have been some fixes in those releases. ty.

Comment 35 Deleted

@shrikant i'm using 44.0.2368.0 now, "He's Dead Jim" pages occur again. Tested with fresh profile. 

These render issue do not crash the browser anymore, but i have to reload the tab one or more times to open the actual page. 
Good to know browser doesn't crash anymore. Any crash id's for Renderer? Ty
In chrome://crashes/ there is not any crash id for renderer fails. I dont know if there is another place to look for renderer crash ids. 

Comment 39 by wfh@chromium.org, Apr 15 2015

Cc: cpu@chromium.org amineer@chromium.org
Crashes in #33 are all in StartSandboxedProcess which is already being diagnosed in issue 453541 and is caused by 3rd party software.

I landed a fix in r324769 to stop it crashing and instead return a new error code, so I would be interested if doganhisa could look in chrome://histograms and see if there are any entries under CrashExitCodes.Renderer with value "30" which indicates this particular 3rd party software.
here is chrome://histograms log:

http://pastebin.com/9H5psMcP

Comment 41 by wfh@chromium.org, Apr 17 2015

no evidence of CrashExitCodes.Renderer in those histograms, but lots of ERROR_INSUFFICIENT_BUFFER (122) in Process.Sandbox.Lowbox.Launch.Error which matches the issue shrikant is investigating.

the lack of CrashExitCodes.Renderer implies this is probably a different root cause from issue 453541
Project Member

Comment 42 by bugdroid1@chromium.org, Apr 17 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cb0da85dcf65824f96233ed77fd04d99b4c031cb

commit cb0da85dcf65824f96233ed77fd04d99b4c031cb
Author: shrikant <shrikant@chromium.org>
Date: Fri Apr 17 17:34:43 2015

Adding checks in sandbox code to get some data on AppContainer based CreateProcess failures.
Due to limited debugging options, given it doesn't repro locally, adding some checks in sandbox code to gather more data.

BUG= 467920 
R=jschuh@chromium.org,cpu@chromium.org

Review URL: https://codereview.chromium.org/1093443002

Cr-Commit-Position: refs/heads/master@{#325663}

[modify] http://crrev.com/cb0da85dcf65824f96233ed77fd04d99b4c031cb/sandbox/win/src/target_process.cc

Project Member

Comment 43 by bugdroid1@chromium.org, Apr 18 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/790be872f460ead8d7ca21c490077dab0a6d21ac

commit 790be872f460ead8d7ca21c490077dab0a6d21ac
Author: shrikant <shrikant@chromium.org>
Date: Sat Apr 18 23:48:15 2015

Revert of Adding checks in sandbox code to get some data on AppContainer based CreateProcess failures. (patchset #2 id:20001 of https://codereview.chromium.org/1093443002/)

Reason for revert:
Collected dumps, reverting.

Original issue's description:
> Adding checks in sandbox code to get some data on AppContainer based CreateProcess failures.
> Due to limited debugging options, given it doesn't repro locally, adding some checks in sandbox code to gather more data.
>
> BUG= 467920 
> R=jschuh@chromium.org,cpu@chromium.org
>
> Committed: https://crrev.com/cb0da85dcf65824f96233ed77fd04d99b4c031cb
> Cr-Commit-Position: refs/heads/master@{#325663}

TBR=cpu@chromium.org,jschuh@chromium.org,wfh@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= 467920 

Review URL: https://codereview.chromium.org/1057083006

Cr-Commit-Position: refs/heads/master@{#325793}

[modify] http://crrev.com/790be872f460ead8d7ca21c490077dab0a6d21ac/sandbox/win/src/target_process.cc

latest crash ids:

a048be5534b0e890
266c108b6fdedfb6 
This a top (by far) crasher on today's canary. Any updates?
Expected Dump without crash. Already reverted on tot.
Chrome Stability sheriff here with FYI: After nine hours of Win Canary 44.0.2376.0 (which contains shrikant's roll out of those debug checks-- 790be872f460ead8d7ca21c490077dab0a6d21ac) there are no TargetProcess::CreateSandbox crashes.
Project Member

Comment 48 by bugdroid1@chromium.org, Apr 21 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8d9201fbdbdced060982ec96b51c93d6347b8a5c

commit 8d9201fbdbdced060982ec96b51c93d6347b8a5c
Author: shrikant <shrikant@chromium.org>
Date: Tue Apr 21 19:39:02 2015

Disabling handle verifier till we figure out AppContainer/DuplicateHandle errors.
When we launch renderer using AppContainer sometimes DuplicateFrom (DuplicateHandle) is failing in TargetProcess::Create().
As this tracker is part of DuplicateFrom, it may be masking actual error code returned by DuplicateHandle().

BUG= 467920 ,  472362 
R=cpu@chromium.org

Review URL: https://codereview.chromium.org/1095163004

Cr-Commit-Position: refs/heads/master@{#326099}

[modify] http://crrev.com/8d9201fbdbdced060982ec96b51c93d6347b8a5c/base/win/scoped_handle.cc

issue continues with Version 44.0.2383.0 (windows 8 64bit)

can we disable AppContainer with command line flag? 
doganhisa@,
First of all, thanks for bearing with this issue so far. This issue, which is getting hit on some machines is not easily reproducible in our lab environment. This feature is important from security perspective and we want to get to the bottom of this issue. Wondering if you can help us by providing some more information to may be recreate/debug this issue like what antivirus/malware you have installed? Any other specific configuration/software changes apart from normal fresh windows 8 installation? If you ever tried running it under some VM with fresh Windows 8 installation? etc. It's okay if you are not comfortable sharing these details. We can definitely provide command line but then we may loose ability to debug this issue if people start using it with command line as we keep pushing more experiments.

Thanks,

Comment 51 Deleted

@shrikant thank you for the information, i really appreciate your efforts to make Chrome more secure browser and i can happily try to help you with solving this problem.

Here are the list of programs instaled on my windows 8 x64 PC.
http://pastebin.com/XVkwvVBk

I'm using default and built in Antivirus, which is Windows Defender and it is turned on. I already had Malwarebytes Antimalware installed but not running, anyway i uninstalled it from now on. 

If you think this can be caused by a antivirus software, i can uninstall Winfoeds Defender and try to see if this issues occurs with that. 

Just tell me what can i do, so that i can help you to solve this issue. 
Thanks for response. 
To confirm,
- Renderer continues to crash after you uninstalled Malwarebytes?
- Did you have Malwarebytes realtime protection?
- As appears from original video/screenshot you posted, only some renderer launches fail not every attempt and there is no predictability for failing?
1. Renderer continues to crash after malwarebytes uninstalled
2. No i didnt have. It was just installed and not being used.
3. It doesnt fail to render on every attempt. It appears occasionally. It appears only when openeing a new tab. I cannot predict when to happen. It can happen when opening a new tab or a new incognito tab at any time. 
4. I usually test with opening a new incognito tab to reproduce this issue and i get successful after opening new incognito tab without error 5-6 times.

Here are some screencasts, that i try to produce the issue. Some are tested with fresh profile and some are tested with a regular profile installed some extensions on it and signed in.

I couldnt upload here so  giving google drive links:

https://drive.google.com/file/d/0Bzsi_SbD22xuSnl3VjhybDBQVDg/view?usp=sharing
https://drive.google.com/file/d/0Bzsi_SbD22xuZGxLVEtMLXhXT1U/view?usp=sharing
https://drive.google.com/file/d/0Bzsi_SbD22xucmdFdkVRdzRaUGc/view?usp=sharing
Update: I tried some of the softwares #52 that looked like might cause problems, but no repro in lab still.
Project Member

Comment 56 by bugdroid1@chromium.org, May 1 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7c6835ad1df9781f7349c69f89fe9cd3124a566c

commit 7c6835ad1df9781f7349c69f89fe9cd3124a566c
Author: shrikant <shrikant@chromium.org>
Date: Fri May 01 22:52:45 2015

New command line flag to disable AppContainer restrictions for renderer.
For some users there is still mystry failure for DuplicateHandle (only seem to happen for random launches) when we use AppContainer token for renderer.
This flag will give them option to disable AppContainer while we continue to find reasons.

BUG= 467920 
R=cpu@chromium.org,nasko@chromium.org
TBR=cpu@chromium.org

Review URL: https://codereview.chromium.org/1123433003

Cr-Commit-Position: refs/heads/master@{#328002}

[modify] http://crrev.com/7c6835ad1df9781f7349c69f89fe9cd3124a566c/content/browser/renderer_host/render_process_host_impl.cc
[modify] http://crrev.com/7c6835ad1df9781f7349c69f89fe9cd3124a566c/content/public/common/content_switches.cc
[modify] http://crrev.com/7c6835ad1df9781f7349c69f89fe9cd3124a566c/content/public/common/content_switches.h

Project Member

Comment 57 by bugdroid1@chromium.org, May 5 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/260c3a8d920f56598a2a3f42a86595be92c3fc6a

commit 260c3a8d920f56598a2a3f42a86595be92c3fc6a
Author: shrikant <shrikant@chromium.org>
Date: Tue May 05 22:38:03 2015

Reverting change to disable active verifier.
This was part of other CL, separating out as per reviewer suggestion.

BUG= 467920 , 472362 
R=cpu@chromium.org,grt@chromium.org

Review URL: https://codereview.chromium.org/1127873002

Cr-Commit-Position: refs/heads/master@{#328421}

[modify] http://crrev.com/260c3a8d920f56598a2a3f42a86595be92c3fc6a/base/win/scoped_handle.cc

@shrikant , is it possible to list "-disable-appcontainer" flag on chrome://flags list? Cause whenever canary updates and relaunches command line flag is ignored.

I created a shortcut with "-disable-appcontainer" flag on windows taskbar, on relaunch after canary updates itself, flag is lost. 
since appcontainer is enabled on beta channel, do you have any feedback about having this issue like me? or i am the only one having that he's dead pages and extensions crash. 

if so, i will try to upgrade to win 8.1 or maybe install a fresh win 8. 

Comment 60 by cpu@chromium.org, Jun 5 2015

Cc: -cpu@chromium.org
i can say that, this issue occurs for me also in Opera Dev 31.0.1876.0. 
not only having page render issue, also addons are crashing at first startup. 

Comment 63 Deleted

Comment 65 by lfg@chromium.org, Jul 27 2015

Labels: -Pri-2 Pri-0 ReleaseBlock-Stable
These crashes don't get reported to the crash database, but UMA stats show that we are having > 600k crashes/day, which puts it by far as the top crasher on M44. We should look at this ASAP and revert the AppContainer changes if we can't fix in time.

Comment 66 by amin...@google.com, Jul 27 2015

Cc: penny...@chromium.org
pennymac@, this might be of interest to you today

Comment 67 by amin...@google.com, Jul 27 2015

Labels: M-44 M-45
FYI, if we apply Release Block labels, we need to make sure we have milestones listed.

Comment 68 by wfh@chromium.org, Jul 28 2015

re: #65 how are we certain that the crashes are caused by app container if we are not getting crash reports - is there a skew to win8 in the reports?

Comment 69 by wfh@chromium.org, Jul 28 2015

Cc: wfh@chromium.org

Comment 70 by lfg@chromium.org, Jul 28 2015

These are not technically crashes, the renderer process is failing to launch. To the end user, however, they are presented like any other renderer kills.

The UMA metric for this is Process.Sandbox.Lowbox.Launch.Error.

Project Member

Comment 71 by bugdroid1@chromium.org, Jul 28 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/354d94497b96ffa913a7c5d562d2d88d658b9401

commit 354d94497b96ffa913a7c5d562d2d88d658b9401
Author: shrikant <shrikant@chromium.org>
Date: Tue Jul 28 23:57:08 2015

Changing command line flag from disable appcontainer to enable appcontainer.
As there are some reports on stable channel which suggest that CreateProcess is randomly failing when used with lowbox token, changing disable appcontainer flag to enable if required.

BUG= 467920 
R=jschuh@chromium.org,wfh@chromium.org

Review URL: https://codereview.chromium.org/1258173002

Cr-Commit-Position: refs/heads/master@{#340815}

[modify] http://crrev.com/354d94497b96ffa913a7c5d562d2d88d658b9401/content/common/sandbox_win.cc
[modify] http://crrev.com/354d94497b96ffa913a7c5d562d2d88d658b9401/content/public/common/content_switches.cc
[modify] http://crrev.com/354d94497b96ffa913a7c5d562d2d88d658b9401/content/public/common/content_switches.h

it started happening last week on the 22nd it only happens really when i open new tabs click links or i uninstall a program that opens up chrome sometimes for example like links would be an email etc like if i uninstall team viewer just using that for example cause that's what happened with me before 44 it was fine i had 15 tabs open no problem i only use one extension had no crashes with that at all my system specs are an i5 4670 8 gigs of ram and an r9 270x ive done two clean reinstalls of windows 8.1 and i thought it would fix the issue it did until it updated to the 44 version and it happened again i did a memory test came back as good did a/v scan nothing came up nothing in the crash report 44.0.2403.125 m thats the version number i dont remember the other ones sorry but thats the current one i just wanna thank you guys for actually jumping on top of this i appreciate  it i called google support twice to let them know so i hope that helped u guys too ive posted plenty in the forum ive sent error reports every time it happend so ty again
also im curious to know will this be fixed in a future update for everyone i know u guys probably dont have a firm time frame but asap would be appreciated ty 
Labels: Merge-Request-44 Merge-Request-45
adding merge requests after talking to shrikant.
Labels: -Merge-Request-44 Merge-Approved-44
merge approved for m44 branch 2403.
Labels: -Merge-Request-45 Merge-Review-45 Hotlist-Merge-Review
[Automated comment] Reverts referenced in bugdroid comments, needs manual review.
Labels: -Merge-Review-45 -Hotlist-Merge-Review Merge-Approved-45
Merge approved for m45 branch 2454.
and what does all this mean if u dont mind me asking lol sorry

Comment 80 by wfh@chromium.org, Jul 30 2015

Blocking: chromium:455496
@yanks.. #79

You should be aware that every commentary you leave here is mailed to 9 Chrome developers and 21 other people that starred this issue. Same goes to all Chrome issues on this site.

Please don't write stuff that does not add information here (for instance, **don't reply to this** - that would again trigger mass mailing). If that happens often, developers get annoyed and lock down comments.

But FYI, here's a short explanation of what is going on. The labels help with this. Disclaimer: I'm not a Chrome developer, so it may be a bit inaccurate.

Pri-0: Critical (highest) priority
M-44 / M-45: Fix expected in Chrome 44 and Chrome 45 (M for "Milestone")

Normally, Chrome has 3 versions concurrently, Stable (that's what most people are using and that does not change unless there's a huge bug or security problem - hence "stable"), Beta (newer version that's still undergoing heavy testing and some modification, but where most of the work is done) and Dev/Canary (which is the version where all current changes go).

Since Stable and Beta do not normally change, special procedure is required to get changes approved. That happened here, with Merge-Request and Merge-Approved labels.

As for the fix itself, you can see in comment #71 an automatic message about changes in the code related to this bug. So basically, the fix exists already - in the Dev version - it just needs to be ported back into Stable/Beta.

TL;DR: Fix exists, needs a procedure to become an actual update for the current Chrome version, and that is underway (and should be expected soon).
Project Member

Comment 82 by bugdroid1@chromium.org, Jul 30 2015

Labels: -Merge-Approved-44 merge-merged-2403
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cbce740e72c523a585310946316803f57dca7174

commit cbce740e72c523a585310946316803f57dca7174
Author: Shrikant Kelkar <shrikant@chromium.org>
Date: Thu Jul 30 21:26:36 2015

Changing command line flag from disable appcontainer to enable appcontainer. As there are some reports on stable channel which suggest that CreateProcess is randomly failing when used with lowbox token, changing disable appcontainer flag to enable if required.

BUG= 467920 
R=wfh@chromium.org, jschuh@chromium.org

Review URL: https://codereview.chromium.org/1258173002

Cr-Commit-Position: refs/heads/master@{#340815}
(cherry picked from commit 354d94497b96ffa913a7c5d562d2d88d658b9401)

Conflicts:
	content/common/sandbox_win.cc

Review URL: https://codereview.chromium.org/1263643003.

Cr-Commit-Position: refs/branch-heads/2403@{#582}
Cr-Branched-From: f54b8097a9c45ed4ad308133d49f05325d6c5070-refs/heads/master@{#330231}

[modify] http://crrev.com/cbce740e72c523a585310946316803f57dca7174/content/browser/renderer_host/render_process_host_impl.cc
[modify] http://crrev.com/cbce740e72c523a585310946316803f57dca7174/content/public/common/content_switches.cc
[modify] http://crrev.com/cbce740e72c523a585310946316803f57dca7174/content/public/common/content_switches.h

Project Member

Comment 83 by bugdroid1@chromium.org, Jul 30 2015

Labels: -Merge-Approved-45 merge-merged-2454
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/273e61adfa24d66d256338268d5fe98c3c307ab6

commit 273e61adfa24d66d256338268d5fe98c3c307ab6
Author: Shrikant Kelkar <shrikant@chromium.org>
Date: Thu Jul 30 21:45:14 2015

Changing command line flag from disable appcontainer to enable appcontainer. As there are some reports on stable channel which suggest that CreateProcess is randomly failing when used with lowbox token, changing disable appcontainer flag to enable if required.

BUG= 467920 
R=jschuh@chromium.org,wfh@chromium.org

Review URL: https://codereview.chromium.org/1258173002

Cr-Commit-Position: refs/heads/master@{#340815}
(cherry picked from commit 354d94497b96ffa913a7c5d562d2d88d658b9401)

Review URL: https://codereview.chromium.org/1262803004.

Cr-Commit-Position: refs/branch-heads/2454@{#192}
Cr-Branched-From: 12bfc3360892ec53cd00fc239a47e5298beb063b-refs/heads/master@{#338390}

[modify] http://crrev.com/273e61adfa24d66d256338268d5fe98c3c307ab6/content/common/sandbox_win.cc
[modify] http://crrev.com/273e61adfa24d66d256338268d5fe98c3c307ab6/content/public/common/content_switches.cc
[modify] http://crrev.com/273e61adfa24d66d256338268d5fe98c3c307ab6/content/public/common/content_switches.h

Cc: ranjitkan@chromium.org
 Issue 514084  has been merged into this issue.
 Issue 502536  has been merged into this issue.
Project Member

Comment 86 by bugdroid1@chromium.org, Jul 31 2015

The following revision refers to this bug:
  https://chrome-internal.googlesource.com/bling/chromium.git/+/273e61adfa24d66d256338268d5fe98c3c307ab6

commit 273e61adfa24d66d256338268d5fe98c3c307ab6
Author: Shrikant Kelkar <shrikant@chromium.org>
Date: Thu Jul 30 21:45:14 2015

Not a tech person and don't want to aggravate the developers, but all the above leaves my head spinning. I clicked the star above. Does that mean when there is a fix they will send me a link to click that will do it? Or am I going to have to have someone translate all this to me?

Comment 88 by ad...@wescook.ca, Aug 1 2015

The star means you are having the problem too. This lets the developers know how widespread a problem is.  You will receive an update automatically when it reaches your Chrome channel.
Thank you for your response.
Labels: TE-Verified-45.0.2454.25 TE-Verified-44.0.2403.130 TE-Verified-M45 TE-Verified-M44
Retested the above issue on Windows 8 with chrome version 44.0.2404.130(330231) & 45.0.2454.25(338390) and no browser crash/ Error message observed, when new tab is opened. Hence marking the same as TE-Verified-44.0.2403.130 & TE-Verified-45.0.2454.25.

Thank you!
ashej,

In our office here, I'm a tech guy, we have roughly 200 users and most of them are having the problem.

They are all on Windows 8 with 8GB of ram and Kaspersky KES 10 for Virus Protection.

I am currently on Windows 8.1 with 16GB of ram and have not had the crash once, but also run KES 10.

Is there any word when a revert to the appcontainer module will happen for live builds?  I am getting calls daily from employees here :(

Comment 92 by ad...@wescook.ca, Aug 3 2015

Just a note for anyone looking for a quick fix: I upgraded yesterday to Windows 10 and the issue disappeared immediately for me.  It appears to be Windows 8 specific.
Also to #90, since the bug is infrequently triggered (not just any given load), what was the testing protocol?

From what I saw elsewhere too (at https://productforums.google.com/forum/#!topic/chrome/TO8-9P_AQvc ), there seems to be a very strong correlation with hardware, specifically Intel Haswell processors (i3/i5/i7-4***).

Can gluml... #91 confirm whether you observe this hardware correlation? To #90, was it tested with a similar hardware configuration?
mexmat,

I've tried to detail out hardware and software configurations for people having the problem.  My computer is listed at the top and is the only one not having the problem on the list.

My computer which hasn't had the problem is as follows:
Dell Optiplex 9010 AIO
Intel i7-3770S @ 3.10GHz
16GB Ram
Windows 8.1
Kaspersky KES 10

Normal users desktops who are having the problem here:
Dell Optiplex 9020 AIO
Intel i5-4570S @ 2.90GHz
8GB Ram
Windows 8.0
Kaspersky KES 10

I believe most if not all of our normal users desktops are having the issue.  

We had a remote sales guy call in with the issue today and he has the following specs:
Dell Latitude E5440
Intel i5-4300U @ 1.90GHz
8GB Ram
Windows 8.0
Kaspersky KES 10

Also had a local laptop user with the issue:
Dell Latitude E7450
Intel i5-5300U CPU @ 2.30GHz
8GB Ram
Windows 8.0
Kaspersky KES 10

Comment 95 by wfh@chromium.org, Aug 3 2015

Re: #94 - it seems a few people having this issue are on Windows 8.0 - can you confirm that you have all the latest updates installed on these machines (are there any updates pending when you open windows update?)
#95 While you weren't asking me, it's happening for me on i7-4790K Win 8.1 with no pending updates with current stable 44.0.2403.125 m (which is before the patch landed, so no surprise).
I can confirm this is happening to us on multiple machines here.  We are running Trend AV and are fully patched on Windows updates.  

Problem occurs on: Windows 8.1 x64 machines with Haswell (i5/i7) processors 

Problem does NOT occur on:  Windows 7 x64 machines with Haswell OR Windows 8.1 machines with Sandy/Ivy processors.
i5-4690K (Haswell, stock clock), Windows 8.1 x64, 16GB @ 1600 RAM, Avast AV, 44.0.2403.125 m. 'Dead Jim' about 10-20% of new tabs, works fine when refreshing the page.
This patch is now pushing out to stable channel in version 44.0.2403.130.
Labels: -Pri-0 Pri-2
As code is already in pushing out stage, reducing priority to 2.
Labels: -ReleaseBlock-Stable
Removing the releaseblock label as well Shrikant.
Labels: -Pri-2 Pri-0 ReleaseBlock-Stable
Status: Fixed
Sorry for the spam.  Don't think the labels should have been adjusted.  Setting this bug ticket to Fixed now.

Comment 103 Deleted

Project Member

Comment 105 by bugdroid1@chromium.org, Sep 1 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c9e354be49d6abb003817f3e5a8a9f8ed17d09fa

commit c9e354be49d6abb003817f3e5a8a9f8ed17d09fa
Author: wfh <wfh@chromium.org>
Date: Tue Sep 01 04:17:28 2015

Revert of Add tests for Chrome Stability Metrics. (patchset #2 id:20001 of https://codereview.chromium.org/1323703002/ )

Reason for revert:
can't use extensions::ExtensionTest in chrome unit_tests, only in extensions_unittests. need to rethink this test.

Original issue's description:
> Add tests for Chrome Stability Metrics.
>
> BUG=526198, 467920 
>
> Committed: https://crrev.com/32a86c2579e167dd1e181676056c202f5191852d
> Cr-Commit-Position: refs/heads/master@{#346436}

TBR=asvitkine@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=526198, 467920 ,526903

Review URL: https://codereview.chromium.org/1321313002

Cr-Commit-Position: refs/heads/master@{#346567}

[modify] http://crrev.com/c9e354be49d6abb003817f3e5a8a9f8ed17d09fa/chrome/browser/metrics/chrome_metrics_service_client.cc
[modify] http://crrev.com/c9e354be49d6abb003817f3e5a8a9f8ed17d09fa/chrome/browser/metrics/chrome_stability_metrics_provider.cc
[modify] http://crrev.com/c9e354be49d6abb003817f3e5a8a9f8ed17d09fa/chrome/browser/metrics/chrome_stability_metrics_provider.h
[delete] http://crrev.com/c20ddbb38ea0846f49063f068d6cf4043d67243e/chrome/browser/metrics/chrome_stability_metrics_provider_unittest.cc
[modify] http://crrev.com/c9e354be49d6abb003817f3e5a8a9f8ed17d09fa/chrome/chrome_tests_unit.gypi

Project Member

Comment 107 by bugdroid1@chromium.org, Sep 2 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0d9532a1e73db2bc36a865655b0727d74dcf13a6

commit 0d9532a1e73db2bc36a865655b0727d74dcf13a6
Author: wfh <wfh@chromium.org>
Date: Wed Sep 02 23:18:58 2015

Add new termination status for failed child process launch.

Treat renderer startup failure as a renderer crash for metrics.

This makes situations where sandbox failures are happening en-masse
without crash reports being produced easier to spot on the stability
dashboard.

BUG=526198, 467920 

Review URL: https://codereview.chromium.org/1320153002

Cr-Commit-Position: refs/heads/master@{#347060}

[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/base/process/kill.h
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/chrome/browser/devtools/devtools_ui_bindings.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/chrome/browser/metrics/chrome_stability_metrics_provider.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/chrome/browser/metrics/chrome_stability_metrics_provider_unittest.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/chrome/browser/ui/sad_tab_helper.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/chrome/browser/ui/views/tabs/tab_renderer_data.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/chrome/test/chromedriver/chrome_launcher.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/chromecast/browser/metrics/cast_stability_metrics_provider.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/content/browser/browser_plugin/browser_plugin_guest.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/content/browser/child_process_launcher.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/content/browser/devtools/render_frame_devtools_agent_host.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/content/browser/gpu/gpu_process_host.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/content/browser/renderer_host/render_process_host_impl.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/content/browser/web_contents/web_contents_impl.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/extensions/browser/guest_view/web_view/web_view_guest.cc
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/tools/metrics/actions/actions.xml
[modify] http://crrev.com/0d9532a1e73db2bc36a865655b0727d74dcf13a6/tools/metrics/histograms/histograms.xml

Project Member

Comment 108 by bugdroid1@chromium.org, Oct 13 2015

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b03f16d1deeb064a32044bec7333457b02aee1be

commit b03f16d1deeb064a32044bec7333457b02aee1be
Author: forshaw <forshaw@chromium.org>
Date: Tue Oct 13 15:00:40 2015

Rework target process creation to minimize creation routes
Changes the creation strategy for the target process to minimize the
differences between the "normal" process creation and the appcontainer
process creation. The hope is this minimization might remedy the failure
to initialize the process when appcontainer is being used on win8+

BUG= 467920 

Review URL: https://codereview.chromium.org/1263603002

Cr-Commit-Position: refs/heads/master@{#353752}

[modify] http://crrev.com/b03f16d1deeb064a32044bec7333457b02aee1be/sandbox/win/src/broker_services.cc
[modify] http://crrev.com/b03f16d1deeb064a32044bec7333457b02aee1be/sandbox/win/src/broker_services.h
[modify] http://crrev.com/b03f16d1deeb064a32044bec7333457b02aee1be/sandbox/win/src/sandbox_policy_base.cc
[modify] http://crrev.com/b03f16d1deeb064a32044bec7333457b02aee1be/sandbox/win/src/sandbox_policy_base.h
[modify] http://crrev.com/b03f16d1deeb064a32044bec7333457b02aee1be/sandbox/win/src/target_process.cc
[modify] http://crrev.com/b03f16d1deeb064a32044bec7333457b02aee1be/sandbox/win/src/target_process.h

Sign in to add a comment