Crash: blink::ResourceLoader::didReceiveResponse |
|||||
Issue descriptionCrash Signature: blink::ResourceLoader::didReceiveResponse Process Type: Renderer Platform: Mac Channel: Canary Version: 51.0.2673.0 Distinct Clients: 8 Crash Reports: 8 Median Uptime: 00h:23m:50s Infected Clients: 25.0% Sample Reports: https://crash.corp.google.com/browse?q=reportid=%2713cd0cb400000000%27 https://crash.corp.google.com/browse?q=reportid=%2724435cb400000000%27 https://crash.corp.google.com/browse?q=reportid=%273fe4812800000000%27 https://crash.corp.google.com/browse?q=reportid=%27dbe6c55800000000%27 https://crash.corp.google.com/browse?q=reportid=%27feb4362800000000%27 Crash Link: https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Mac%27%20AND%20product.version%3D%2751.0.2673.0%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3AResourceLoader%3A%3AdidReceiveResponse%27 Crash Stacktrace: EXC_BAD_INSTRUCTION / 0x00000001 on address 0x10be52faa #0 0x10be52faa in blink::ResourceLoader::didReceiveResponse third_party/WebKit/Source/core/fetch/ResourceLoader.cpp:280 #1 0x10d953fa8 in content::WebURLLoaderImpl::Context::OnReceivedResponse content/child/web_url_loader_impl.cc:661 #2 0x10d93a5f6 in content::ResourceDispatcher::OnReceivedResponse content/child/resource_dispatcher.cc:173 #3 0x10d93a065 in content::ResourceDispatcher::DispatchMessage base/tuple.h:166 #4 0x10d9397b1 in content::ResourceDispatcher::OnMessageReceived content/child/resource_dispatcher.cc:123 #5 0x10d96ac07 in base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<void base/bind_internal.h:159 #6 0x109967e8a in base::debug::TaskAnnotator::RunTask base/callback.h:398 #7 0x10d963052 in scheduler::TaskQueueManager::ProcessTaskFromWorkQueue components/scheduler/base/task_queue_manager.cc:288 #8 0x10d961dd8 in scheduler::TaskQueueManager::DoWork components/scheduler/base/task_queue_manager.cc:200 #9 0x10d963c62 in base::internal::Invoker<base::IndexSequence<0ul, 1ul, 2ul>, base::internal::BindState<base::internal::RunnableAdapter<void base/bind_internal.h:181 #10 0x109967e8a in base::debug::TaskAnnotator::RunTask base/callback.h:398 #11 0x10998a222 in base::MessageLoop::RunTask base/message_loop/message_loop.cc:476 #12 0x10998a4fb in base::MessageLoop::DeferOrRunPendingTask base/message_loop/message_loop.cc:485 #13 0x10998a6ea in base::MessageLoop::DoWork base/message_loop/message_loop.cc:597 #14 0x10995d360 in base::MessagePumpCFRunLoopBase::RunWork base/message_loop/message_pump_mac.mm:330 #15 0x10997fc19 in base::mac::CallWithEHFrame #16 0x10995cd63 in base::MessagePumpCFRunLoopBase::RunWorkSource base/message_loop/message_pump_mac.mm:306 #17 0x7fff8c75d5c0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ #18 0x7fff8c74f41b in __CFRunLoopDoSources0 #19 0x7fff8c74e93e in __CFRunLoopRun #20 0x7fff8c74e337 in CFRunLoopRunSpecific #21 0x7fff8bbf9e60 in -[NSRunLoop runMode:beforeDate:] #22 0x10995d9cd in base::MessagePumpNSRunLoop::DoRun base/message_loop/message_pump_mac.mm:608 #23 0x10995d1b3 in base::MessagePumpCFRunLoopBase::Run base/message_loop/message_pump_mac.mm:238 #24 0x10999f2b2 in base::RunLoop::Run base/run_loop.cc:35 #25 0x1099899fc in base::MessageLoop::Run base/message_loop/message_loop.cc:293 #26 0x10a3e6ddd in IPC::SyncChannel::WaitForReplyWithNestedMessageLoop ipc/ipc_sync_channel.cc:565 #27 0x10a3e6c59 in IPC::SyncChannel::WaitForReply ipc/ipc_sync_channel.cc:530 #28 0x10a3e69e0 in IPC::SyncChannel::Send ipc/ipc_sync_channel.cc:504 #29 0x10d8f5931 in <name omitted> content/child/child_thread_impl.cc:582 #30 0x10da36ef3 in content::RenderThreadImpl::Send content/renderer/render_thread_impl.cc:1032 #31 0x10da52bd9 in <name omitted> content/renderer/render_widget.cc:509 #32 0x10da1d2fc in content::RenderFrameImpl::RunJavaScriptMessage content/renderer/render_frame_impl.cc:2208 #33 0x10da278c3 in content::RenderFrameImpl::runModalAlertDialog content/renderer/render_frame_impl.cc:3600 #34 0x10b51f956 in blink::ChromeClientImpl::openJavaScriptAlertDelegate third_party/WebKit/Source/web/ChromeClientImpl.cpp:430 #35 0x10bf72cd5 in blink::ChromeClient::openJavaScriptAlert third_party/WebKit/Source/core/page/ChromeClient.cpp:107 #36 0x10c3985ec in blink::DOMWindowV8Internal::alertMethodCallback out/Release/gen/blink/bindings/core/v8/V8Window.cpp:4731 #37 0x10aee523c in v8::internal::FunctionCallbackArguments::Call v8/src/arguments.cc:33 #38 0x10af12505 in v8::internal::MaybeHandle<v8::internal::Object> v8::internal::{anonymous namespace}::HandleApiCallHelper<false> v8/src/builtins.cc:3973 #39 0x10af2b105 in v8::internal::Builtin_HandleApiCall v8/src/builtins.cc:3997 #47 0x10b17994f in v8::internal::{anonymous namespace}::Invoke v8/src/execution.cc:97 #48 0x10b1796da in v8::internal::Execution::Call v8/src/execution.cc:163 #49 0x10aecce6a in v8::Function::Call v8/src/api.cc:4417 #50 0x10c035700 in blink::XMLHttpRequest::dispatchReadyStateChangeEvent third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp:516 #51 0x10c038432 in blink::XMLHttpRequest::handleRequestError third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp:497 #52 0x10c0398f8 in blink::XMLHttpRequest::didFail third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp:1094 #53 0x10bf4c958 in blink::DocumentThreadableLoader::handleError third_party/WebKit/Source/core/loader/DocumentThreadableLoader.cpp:805 #54 0x10be424a5 in blink::Resource::checkNotify third_party/WebKit/Source/core/fetch/Resource.cpp:237 #55 0x10be42a79 in blink::Resource::error third_party/WebKit/Source/core/fetch/Resource.cpp:294 #56 0x10be5275e in blink::ResourceLoader::cancel third_party/WebKit/Source/core/fetch/ResourceLoader.cpp:219 #57 0x10be5254e in blink::ResourceLoader::cancel third_party/WebKit/Source/core/fetch/ResourceLoader.cpp:194 #58 0x10be53657 in blink::ResourceLoaderSet::cancelAll third_party/WebKit/Source/core/fetch/ResourceLoaderSet.cpp:52 #59 0x10be4cae9 in blink::ResourceFetcher::stopFetching third_party/WebKit/Source/core/fetch/ResourceFetcher.cpp:1040 #60 0x10bf44ab7 in blink::DocumentLoader::stopLoading third_party/WebKit/Source/core/loader/DocumentLoader.cpp:264 #61 0x10bf4654d in blink::DocumentLoader::detachFromFrame third_party/WebKit/Source/core/loader/DocumentLoader.cpp:609 #62 0x10b54f03d in blink::WebDataSourceImpl::detachFromFrame third_party/WebKit/Source/web/WebDataSourceImpl.cpp:148 #63 0x10bf5896d in blink::FrameLoader::prepareForCommit third_party/WebKit/Source/core/loader/FrameLoader.cpp:694 #64 0x10bf58b31 in blink::FrameLoader::commitProvisionalLoad third_party/WebKit/Source/core/loader/FrameLoader.cpp:1109 #65 0x10bf46441 in blink::DocumentLoader::processData third_party/WebKit/Source/core/loader/DocumentLoader.cpp:271 #66 0x10bf4633f in blink::DocumentLoader::dataReceived third_party/WebKit/Source/core/loader/DocumentLoader.cpp:553 #67 0x10be4012e in blink::RawResource::appendData third_party/WebKit/Source/core/fetch/RawResource.cpp:100 #68 0x10d95449e in content::WebURLLoaderImpl::Context::OnReceivedData content/child/web_url_loader_impl.cc:721 #69 0x10d9549f2 in content::WebURLLoaderImpl::RequestPeerImpl::OnReceivedData content/child/web_url_loader_impl.cc:897 #70 0x10d93b0fa in content::ResourceDispatcher::OnReceivedData content/child/resource_dispatcher.cc:282 #71 0x10d939ecd in content::ResourceDispatcher::DispatchMessage base/tuple.h:166 #72 0x10d9397b1 in content::ResourceDispatcher::OnMessageReceived content/child/resource_dispatcher.cc:123 #73 0x10d96ac07 in base::internal::Invoker<base::IndexSequence<0ul>, base::internal::BindState<base::internal::RunnableAdapter<void base/bind_internal.h:159 #74 0x109967e8a in base::debug::TaskAnnotator::RunTask base/callback.h:398 #75 0x10d963052 in scheduler::TaskQueueManager::ProcessTaskFromWorkQueue components/scheduler/base/task_queue_manager.cc:288 #76 0x10d961dd8 in scheduler::TaskQueueManager::DoWork components/scheduler/base/task_queue_manager.cc:200 #77 0x10d963c62 in base::internal::Invoker<base::IndexSequence<0ul, 1ul, 2ul>, base::internal::BindState<base::internal::RunnableAdapter<void base/bind_internal.h:181 #78 0x109967e8a in base::debug::TaskAnnotator::RunTask base/callback.h:398 #79 0x10998a222 in base::MessageLoop::RunTask base/message_loop/message_loop.cc:476 #80 0x10998a4fb in base::MessageLoop::DeferOrRunPendingTask base/message_loop/message_loop.cc:485 #81 0x10998a6ea in base::MessageLoop::DoWork base/message_loop/message_loop.cc:597 #82 0x10995d360 in base::MessagePumpCFRunLoopBase::RunWork base/message_loop/message_pump_mac.mm:330 #83 0x10997fc19 in base::mac::CallWithEHFrame #84 0x10995cd63 in base::MessagePumpCFRunLoopBase::RunWorkSource base/message_loop/message_pump_mac.mm:306 #85 0x7fff8c75d5c0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ #86 0x7fff8c74f41b in __CFRunLoopDoSources0 #87 0x7fff8c74e93e in __CFRunLoopRun #88 0x7fff8c74e337 in CFRunLoopRunSpecific #89 0x7fff8bbf9e60 in -[NSRunLoop runMode:beforeDate:] #90 0x10995d9cd in base::MessagePumpNSRunLoop::DoRun base/message_loop/message_pump_mac.mm:608 #91 0x10995d1b3 in base::MessagePumpCFRunLoopBase::Run base/message_loop/message_pump_mac.mm:238 #92 0x10999f2b2 in base::RunLoop::Run base/run_loop.cc:35 #93 0x1099899fc in base::MessageLoop::Run base/message_loop/message_loop.cc:293 #94 0x10da5e53f in content::RendererMain content/renderer/renderer_main.cc:225 #95 0x10991f69b in content::ContentMainRunnerImpl::Run content/app/content_main_runner.cc:766 #96 0x10991ec15 in content::ContentMain content/app/content_main.cc:19 #97 0x10941b191 in ChromeMain chrome/app/chrome_main.cc:84 #98 0x10919ad51 in main chrome/app/chrome_exe_main_mac.c:87 #99 0x10919ab33 in start
,
Mar 11 2016
Crash details below: ------------------- Win_canary - 51.0.2673.0 - 52 instances, 42 client id's. Mac_canary - 51.0.2673.0 - 8 instances, 8 client id's. This crash is got spiked in M51 51.0.2666.0 on both Win & Mac, hence considering this as Bad build, based on the same below is the changelog. Changelog: --------- https://chromium.googlesource.com/chromium/src/+log/51.0.2665.0..51.0.2666.0?pretty=fuller&n=10000 Based on code search for file: ResourceLoader.cpp, Suspecting - https://codereview.chromium.org/1751203003 ? @japhet: Hey, would you mind checking the above issue and see if it's related to your change ? Note: 1. This crash is not reproducible locally. 2. Marking as RB-Stable & as P1, feel free to change accordingly. Feel free to re-assign if required. I really appreciate your help. Thank you!
,
Mar 12 2016
,
Mar 14 2016
Nate,can we get this fixed by eod , since we are planning a dev channel release tomorrow.
,
Mar 14 2016
Issue 594549 has been merged into this issue.
,
Mar 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c9b6287c3a354def3608e67621eb609612eb7e5d commit c9b6287c3a354def3608e67621eb609612eb7e5d Author: japhet <japhet@chromium.org> Date: Mon Mar 14 22:10:53 2016 Fix triggered RELEASE_ASSERT in ResourceLoader::didReceiveResponse() This was regressed in https://codereview.chromium.org/1751203003, which removed an early-clear of ResourceLoader::m_loader in ResourceLoader::cancel(). If m_resource->error() triggers a JS event handler that contains an alert(), we will run a nested event loop. Normally, we call setDefersLoading() on all ResourceLoaders to ensure no resource loading messages are processed. However, before calling m_resource->error(), we call m_fetcher->didFailLoading(), which removes the ResourceLoader from ResourceFetcher::m_loaders, which means ResourceFetcher has no way to call setDefersLoading() on it. When we enter the nested event loop, the response IPC for the ResourceLoader that is being cancelled is processed, and we call didReceiveResponse() in an invalid state. Add back the early clear of ResourceLoader::m_loader to ensure it can't send messages while completing the cancellation, and add a comment to document why it's necessary. BUG= 594072 Review URL: https://codereview.chromium.org/1802693002 Cr-Commit-Position: refs/heads/master@{#381086} [modify] https://crrev.com/c9b6287c3a354def3608e67621eb609612eb7e5d/third_party/WebKit/Source/core/fetch/ResourceLoader.cpp
,
Mar 14 2016
Thanks Nate for the quick turn around.
,
Mar 14 2016
Dropping visibility restrictions, since this is a safe RELEASE_ASSERT. I've removed the ReleaseBlock label, but I'm leaving this bug open to track adding a regression test.
,
Mar 15 2016
There have been no crash instances on the latest canary(51.0.2679.0) on Windows and Mac. Hence adding the verified label. Link to the list of the builds: ================================ https://goto.google.com/gggtk
,
Mar 16 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d550d827c044a0d4185fafe9fe03eed4ea77c1da commit d550d827c044a0d4185fafe9fe03eed4ea77c1da Author: japhet <japhet@chromium.org> Date: Wed Mar 16 18:17:54 2016 Add regression test for crbug.com/594072 BUG= 594072 Review URL: https://codereview.chromium.org/1805653002 Cr-Commit-Position: refs/heads/master@{#381500} [modify] https://crrev.com/d550d827c044a0d4185fafe9fe03eed4ea77c1da/third_party/WebKit/Source/core/fetch/ResourceFetcherTest.cpp
,
Mar 16 2016
,
Mar 18 2016
Issue 591912 has been merged into this issue. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by sheriffbot@chromium.org
, Mar 11 2016