Issue 595232 link

Starred by 6 users

Issue metadata

Status:	Fixed
Owner:	liber...@chromium.org
Closed:	Mar 2016
Cc:	ajha@chromium.org gov...@chromium.org █ kavvaru@chromium.org nyerramilli@chromium.org ligim...@chromium.org █ ashej...@chromium.org █ durga.behera@chromium.org
Components:	Internals>Media
EstimatedDays:	----
NextAction:	----
OS:	All
Pri:	0
Type:	Bug-Regression
Stability-Sheriff-Desktop hasbisect ReleaseBlock-Dev hasTestcase Fracas M-51 TE-Verified-M51 TE-Verified-51.0.2681.0

Regression: Tab crashes on scrolling the youtube page.

Project Member Reported by radhakri...@techmahindra.com, Mar 16 2016

Issue description

Chrome Version       : 51.0.2680.0 (Official Build)
OS Version : Ubuntu 14.04

What steps will reproduce the problem?
(1)Launch chrome and open 'youtube.com' page and disable autopaly.
(2)Play any video till completion and scroll the page, wait for a minute or two and observe the page.

What is the expected result?
The page should not crash.

What happens instead?
The tab crashes.

This is a regression issue broken in M-51.

crash ids:ad61086800000000, cff48ea400000000

Comment 1 by radhakri...@techmahindra.com, Mar 16 2016

actual.mp4
4.5 MB Download

expected.mp4
4.5 MB Download

Comment 2 by ajha@chromium.org, Mar 16 2016

Cc: gov...@chromium.org nyerramilli@chromium.org ligim...@chromium.org
Components: Internals>Media
Labels: -OS-Linux -ReleaseBlock-Beta hasTestcase ReleaseBlock-Dev OS-All
Owner: dalecur...@chromium.org
Status: Assigned (was: Unconfirmed)

The latest canary(51.0.2680.0) has been up for 30 mins and have shown 1 and 4 instances of crash till now on Windows and Mac.

Stack trace:
=============
Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 ] MAGIC SIGNATURE THREAD
0x5f05e9c4	(chrome_child.dll -webmediaplayer_impl.cc:889 )	media::WebMediaPlayerImpl::OnPipelineSuspended()
0x5db0e6f5	(chrome_child.dll -bind_internal.h:314 )	base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( content::RendererAccessibility::*)(void)> >::MakeItSo<base::WeakPtr<content::RendererAccessibility> >(base::internal::RunnableAdapter<void ( content::RendererAccessibility::*)(void)>,base::WeakPtr<content::RendererAccessibility>)
0x5db0e6c0	(chrome_child.dll -bind_internal.h:352 )	base::internal::Invoker<base::IndexSequence<0>,base::internal::BindState<base::internal::RunnableAdapter<void ( content::RendererAccessibility::*)(void)>,void ,base::WeakPtr<content::RendererAccessibility> >,base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( content::RendererAccessibility::*)(void)> >,void >::Run(base::internal::BindStateBase *)
0x5f57cf27	(chrome_child.dll -pipeline_controller.cc:152 )	media::PipelineController::OnPipelineStatus(media::PipelineController::State,media::PipelineStatus)
0x5f065961	(chrome_child.dll -bind_internal.h:314 )	base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( media::BufferedDataSource::*)(media::BufferedResourceLoader::Status,int)> >::MakeItSo<base::WeakPtr<media::BufferedDataSource>,media::BufferedResourceLoader::Status const &,int const &>(base::internal::RunnableAdapter<void ( media::BufferedDataSource::*)(media::BufferedResourceLoader::Status,int)>,base::WeakPtr<media::BufferedDataSource>,media::BufferedResourceLoader::Status const &,int const &)
0x5f58a438	(chrome_child.dll -bind_internal.h:352 )	base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base::internal::RunnableAdapter<void ( media::RendererImpl::*)(media::BufferingState *,media::BufferingState)>,void ,base::WeakPtr<media::RendererImpl> &,media::BufferingState *>,base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( media::RendererImpl::*)(media::BufferingState *,media::BufferingState)> >,void >::Run(base::internal::BindStateBase *,media::BufferingState &&)
0x5f82a3e6	(chrome_child.dll -bind_internal.h:301 )	base::internal::InvokeHelper<0,void,base::Callback<void ,1> >::MakeItSo<unsigned int const &>(base::Callback<void ,1>,unsigned int const &)
0x5f577e9d	(chrome_child.dll -bind_internal.h:352 )	base::internal::Invoker<base::IndexSequence<0>,base::internal::BindState<base::Callback<void ,1>,void ,media::VideoDecoder::Status &>,base::internal::InvokeHelper<0,void,base::Callback<void ,1> >,void >::Run(base::internal::BindStateBase *)
0x5d8e7081	(chrome_child.dll -task_annotator.cc:51 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask const &)
0x5d9857e5	(chrome_child.dll -task_queue_manager.cc:288 )	scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(scheduler::internal::WorkQueue *,scheduler::internal::TaskQueueImpl::Task *)
0x5d984a30	(chrome_child.dll -task_queue_manager.cc:200 )	scheduler::TaskQueueManager::DoWork(base::TimeTicks,bool)
0x5d984901	(chrome_child.dll -bind_internal.h:314 )	base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( scheduler::TaskQueueManager::*)(base::TimeTicks,bool)> >::MakeItSo<base::WeakPtr<scheduler::TaskQueueManager>,base::TimeTicks const &,bool const &>(base::internal::RunnableAdapter<void ( scheduler::TaskQueueManager::*)(base::TimeTicks,bool)>,base::WeakPtr<scheduler::TaskQueueManager>,base::TimeTicks const &,bool const &)
0x5d9848c0	(chrome_child.dll -bind_internal.h:352 )	base::internal::Invoker<base::IndexSequence<0,1,2>,base::internal::BindState<base::internal::RunnableAdapter<void ( scheduler::TaskQueueManager::*)(base::TimeTicks,bool)>,void ,base::WeakPtr<scheduler::TaskQueueManager>,base::TimeTicks &,bool>,base::internal::InvokeHelper<1,void,base::internal::RunnableAdapter<void ( scheduler::TaskQueueManager::*)(base::TimeTicks,bool)> >,void >::Run(base::internal::BindStateBase *)
0x5d8e7081	(chrome_child.dll -task_annotator.cc:51 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask const &)
0x5d8e6cec	(chrome_child.dll -message_loop.cc:476 )	base::MessageLoop::RunTask(base::PendingTask const &)
0x5d8e69e8	(chrome_child.dll -message_loop.cc:597 )	base::MessageLoop::DoWork()
0x5d8e8d22	(chrome_child.dll -message_pump_default.cc:33 )	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x5d8e63e6	(chrome_child.dll -run_loop.cc:35 )	base::RunLoop::Run()
0x5d8e6327	(chrome_child.dll -message_loop.cc:293 )	base::MessageLoop::Run()
0x5d931f65	(chrome_child.dll -renderer_main.cc:219 )	content::RendererMain(content::MainFunctionParams const &)
0x5d8ddae8	(chrome_child.dll -content_main_runner.cc:398 )	content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x5d8dda64	(chrome_child.dll -content_main_runner.cc:769 )	content::ContentMainRunnerImpl::Run()
0x5d8c3bc9	(chrome_child.dll -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const &)
0x5d8c3918	(chrome_child.dll -chrome_main.cc:84 )	ChromeMain
0x00c39315	(chrome.exe -main_dll_loader_win.cc:183 )	MainDllLoader::Launch(HINSTANCE__ *)
0x00c389e4	(chrome.exe -chrome_exe_main_win.cc:230 )	wWinMain
0x00c67090	(chrome.exe -exe_common.inl:264 )	__scrt_common_main_seh
0x748d38f3	(KERNEL32.DLL + 0x000138f3 )	BaseThreadInitThunk
0x773a5de2	(ntdll.dll + 0x00065de2 )	__RtlUserThreadStart
0x773a5dad	(ntdll.dll + 0x00065dad )	_RtlUserThreadStart

Considering below as regression range:

https://chromium.googlesource.com/chromium/src/+log/51.0.2679.0..51.0.2680.0?pretty=fuller&n=10000

Suspecting: https://codereview.chromium.org/1798213002 for 'webmediaplayer_impl.cc' related change.

Marking this as Dev blocker based on simple repro steps.

Note: Will update the crash instance when more data comes in.

Comment 3 by ajha@chromium.org, Mar 16 2016

Labels: Stability-Sheriff-Desktop

This has spiked considerably and now has 3 digit crash instances on Windows and Mac.

Link to the list of the builds:
===============================
https://goto.google.com/oobre

Comment 4 by radhakri...@techmahindra.com, Mar 16 2016

Good Build:51.0.2679.0
Bad Build :51.0.2680.0

CHANGELOG URL:
  https://chromium.googlesource.com/chromium/src/+log/3d4739bb5b1c47ed4e9eb0ee25963093ad5fc6d5..fde6c7118d13dbe3e219de55838b514187fffea9

Comment 5 by ajha@chromium.org, Mar 16 2016

Labels: hasbisect

Comment 6 by ajha@chromium.org, Mar 16 2016

Labels: -Pri-1 Pri-0

Canary is unstable due to this crash. This constitutes the 97.66% of all renderer crashes on Windows  and 99.20% of total renderer crashes logged on latest canary(51.0.2680.0).

Comment 7 by ashej...@chromium.org, Mar 16 2016

Cc: ashej...@chromium.org

The above renderer crash is also consistently reproducible on All-OS on Facebook.com, steps below.

1. Login to Facebook.com
2. Scroll up and down few times.
3. Observe renderer crash

go/crash/7e8aec7400000000
go/crash/b99f8c7400000000

Thank you!

Comment 8 by liber...@chromium.org, Mar 16 2016

Owner: liber...@chromium.org

looks like missing null check -- i'll pick this up.

Comment 9 by liber...@chromium.org, Mar 16 2016

https://codereview.chromium.org/1803363002/ in in cq.

Project Member

Comment 10 by sheriffbot@chromium.org, Mar 16 2016

Labels: Fracas

Users experienced this crash on the following builds:

Mac Canary 51.0.2680.0 - 861 reports, 610 clients (signature media::WebMediaPlayerImpl::OnPipelineSuspended)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Comment 11 by dalecur...@chromium.org, Mar 16 2016

Whoops, sorry for the trouble.

Comment 12 by dalecur...@chromium.org, Mar 16 2016

I'll see about adding a WMPI unittest for this after the fact.

Project Member

Comment 13 by bugdroid1@chromium.org, Mar 16 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3f9f32bb241cc088ecdbc2547ce3cb4b703d1c9a

commit 3f9f32bb241cc088ecdbc2547ce3cb4b703d1c9a
Author: liberato <liberato@chromium.org>
Date: Wed Mar 16 16:54:51 2016

Add missing null check on |data_source_|

BUG= 595232 
TBR=dalecurtis@chromium.org

Review URL: https://codereview.chromium.org/1803363002

Cr-Commit-Position: refs/heads/master@{#381474}

[modify] https://crrev.com/3f9f32bb241cc088ecdbc2547ce3cb4b703d1c9a/media/blink/webmediaplayer_impl.cc

Comment 14 by liber...@chromium.org, Mar 16 2016

Status: Fixed (was: Assigned)

Comment 15 by manoranj...@chromium.org, Mar 16 2016

 Issue 595461  has been merged into this issue.

Comment 16 by radhakri...@techmahindra.com, Mar 17 2016

Labels: TE-Verified-51.0.2681.0 TE-Verified-M51

Re-tested the issue on 51.0.2681.0 (Official Build) on Ubuntu 14.04, Issue is not reproducible i.e, no crash is seen.

Comment 17 by brajkumar@chromium.org, Mar 17 2016

Issue 595572 has been merged into this issue.

►

Issue 595232 link

Issue metadata

Regression: Tab crashes on scrolling the youtube page.

Issue description

Comment 1 by radhakri...@techmahindra.com, Mar 16 2016

Comment 1 Deleted

Comment 2 by ajha@chromium.org, Mar 16 2016

Comment 2 Deleted

Comment 3 by ajha@chromium.org, Mar 16 2016

Comment 3 Deleted

Comment 4 by radhakri...@techmahindra.com, Mar 16 2016

Comment 4 Deleted

Comment 5 by ajha@chromium.org, Mar 16 2016

Comment 5 Deleted

Comment 6 by ajha@chromium.org, Mar 16 2016

Comment 6 Deleted

Comment 7 by ashej...@chromium.org, Mar 16 2016

Comment 7 Deleted

Comment 8 by liber...@chromium.org, Mar 16 2016

Comment 8 Deleted

Comment 9 by liber...@chromium.org, Mar 16 2016

Comment 9 Deleted

Comment 10 by sheriffbot@chromium.org, Mar 16 2016

Comment 10 Deleted

Comment 11 by dalecur...@chromium.org, Mar 16 2016

Comment 11 Deleted

Comment 12 by dalecur...@chromium.org, Mar 16 2016

Comment 12 Deleted

Comment 13 by bugdroid1@chromium.org, Mar 16 2016

Comment 13 Deleted

Comment 14 by liber...@chromium.org, Mar 16 2016

Comment 14 Deleted

Comment 15 by manoranj...@chromium.org, Mar 16 2016

Comment 15 Deleted

Comment 16 by radhakri...@techmahindra.com, Mar 17 2016

Comment 16 Deleted

Comment 17 by brajkumar@chromium.org, Mar 17 2016

Comment 17 Deleted

Sign in to add a comment