Browser crashed on profile double delete operation.
Reported by
pa...@yandex-team.ru,
Apr 6 2016
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 Steps to reproduce the problem: 1. Open chrome://settings/ 2. Try to delete profile. 3. At confirm dialog fast doubleclick on "Delete" button. What is the expected behavior? What went wrong? Browser crashed. Crashed report ID: b6f831e400000000 (50a4f761-8064-496c-b884-ed5a7061bd90) How much crashed? Whole browser Is it a problem with a plugin? No Did this work before? N/A Chrome version: 49.0.2623.110 Channel: n/a OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 21.0 r0 There actualy are two issues: 1. Crash on double profile deletion. 2. UI which allow such behavior.
,
Apr 14 2016
Please find the stack trace below: Thread 0 CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x200a006f ] MAGIC SIGNATURE THREAD 0x7222a916 (chrome.dll -xtree:2110 ) std::_Tree<std::_Tmap_traits<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::Value *,std::less<std::basic_string<char,std::char_traits<char>,std::allocator<char> > >,std::allocator<std::pair<std::basic_string<char,std::char_traits<char>,std::allocator<char> > const ,base::Value *> >,0> >::_Lbound(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &) 0x72338008 (chrome.dll -values.cc:645 ) base::DictionaryValue::GetWithoutPathExpansion(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::Value const * *) 0x723ae75a (chrome.dll -values.cc:712 ) base::DictionaryValue::GetDictionaryWithoutPathExpansion(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::DictionaryValue const * *) 0x723c057c (chrome.dll -profile_info_cache.cc:1078 ) ProfileInfoCache::GetInfoForProfileAtIndex(unsigned int) 0x7241bd03 (chrome.dll -profile_info_cache.cc:396 ) ProfileInfoCache::GetGAIAIdOfProfileAtIndex(unsigned int) 0x7241bc62 (chrome.dll -profile_info_cache.cc:484 ) ProfileInfoCache::ProfileIsAuthenticatedAtIndex(unsigned int) 0x72d3c1e7 (chrome.dll -profile_manager.cc:1308 ) ProfileManager::FinishDeletingProfile(base::FilePath const &,base::FilePath const &) 0x72d3cf44 (chrome.dll -profile_manager.cc:749 ) ProfileManager::ScheduleProfileForDeletion(base::FilePath const &,base::Callback<void > const &) 0x73a5eeb5 (chrome.dll -options_handlers_helper.cc:62 ) options::helper::DeleteProfileAtPath(base::FilePath,content::WebUI *) 0x73a4dabe (chrome.dll -browser_options_handler.cc:1350 ) options::BrowserOptionsHandler::DeleteProfile(base::ListValue const *) 0x7232d1d2 (chrome.dll -bind_internal.h:350 ) base::internal::Invoker<base::IndexSequence<0>,base::internal::BindState<base::internal::RunnableAdapter<void ( DownloadItemView::*)(gfx::Image *)>,void ,base::internal::UnretainedWrapper<DownloadItemView> >,base::internal::TypeList<base::internal::UnwrapTraits<base::internal::UnretainedWrapper<DownloadItemView> > >,base::internal::InvokeHelper<0,void,base::internal::RunnableAdapter<void ( DownloadItemView::*)(gfx::Image *)>,base::internal::TypeList<DownloadItemView *,gfx::Image * const &> >,void >::Run(base::internal::BindStateBase *,gfx::Image * const &) 0x731c8543 (chrome.dll -web_ui_impl.cc:219 ) content::WebUIImpl::ProcessWebUIMessage(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &) 0x7313a473 (chrome.dll -uber_ui.cc:215 ) UberUI::OverrideHandleWebUIMessage(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &) 0x731c851f (chrome.dll -web_ui_impl.cc:211 ) content::WebUIImpl::ProcessWebUIMessage(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &) 0x731c84df (chrome.dll -web_ui_impl.cc:85 ) content::WebUIImpl::OnWebUISend(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &) 0x731c7f19 (chrome.dll -tuple.h:252 ) base::DispatchToMethodImpl<content::WebUIImpl,void ( content::WebUIImpl::*)(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &),GURL,std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::ListValue,0,1,2>(content::WebUIImpl *,void ( content::WebUIImpl::*)(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &),base::Tuple<GURL,std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::ListValue> const &,base::IndexSequence<0,1,2>) 0x731a309f (chrome.dll -tuple.h:259 ) base::DispatchToMethod<content::WebContentsImpl,void ( content::WebContentsImpl::*)(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &),GURL,std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::ListValue>(content::WebContentsImpl *,void ( content::WebContentsImpl::*)(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &),base::Tuple<GURL,std::basic_string<char,std::char_traits<char>,std::allocator<char> >,base::ListValue> const &) 0x731c7ed0 (chrome.dll -view_messages.h:1200 ) ViewHostMsg_WebUISend::Dispatch<content::WebUIImpl,content::WebUIImpl,void,void ( content::WebUIImpl::*)(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &)>(IPC::Message const *,content::WebUIImpl *,content::WebUIImpl *,void *,void ( content::WebUIImpl::*)(GURL const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,base::ListValue const &)) 0x7274370a (chrome.dll -web_ui_impl.cc:68 ) content::WebUIImpl::OnMessageReceived(IPC::Message const &) 0x7256a99c (chrome.dll -web_contents_impl.cc:589 ) content::WebContentsImpl::OnMessageReceived(content::RenderViewHost *,content::RenderFrameHost *,IPC::Message const &) 0x7256a96c (chrome.dll -web_contents_impl.cc:581 ) content::WebContentsImpl::OnMessageReceived(content::RenderViewHost *,IPC::Message const &) 0x7256a363 (chrome.dll -render_view_host_impl.cc:909 ) content::RenderViewHostImpl::OnMessageReceived(IPC::Message const &) 0x72569ca8 (chrome.dll -render_widget_host_impl.cc:440 ) content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const &) 0x72569c7f (chrome.dll -render_process_host_impl.cc:1721 ) content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const &) 0x72569998 (chrome.dll -ipc_channel_proxy.cc:293 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &) 0x722a21e8 (chrome.dll -bind_internal.h:350 ) base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base::internal::RunnableAdapter<void ( extensions::ApiResourceManager<extensions::EasyUnlockPrivateConnection,extensions::NamedThreadTraits<extensions::EasyUnlockPrivateConnection> >::ApiResourceData::*)(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &)>,void ,extensions::ApiResourceManager<extensions::EasyUnlockPrivateConnection,extensions::NamedThreadTraits<extensions::EasyUnlockPrivateConnection> >::ApiResourceData *,std::basic_string<char,std::char_traits<char>,std::allocator<char> > >,base::internal::TypeList<base::internal::UnwrapTraits<extensions::ApiResourceManager<extensions::EasyUnlockPrivateConnection,extensions::NamedThreadTraits<extensions::EasyUnlockPrivateConnection> >::ApiResourceData *>,base::internal::UnwrapTraits<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > >,base::internal::InvokeHelper<0,void,base::internal::RunnableAdapter<void ( extensions::ApiResourceManager<extensions::EasyUnlockPrivateConnection,extensions::NamedThreadTraits<extensions::EasyUnlockPrivateConnection> >::ApiResourceData::*)(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &)>,base::internal::TypeList<extensions::ApiResourceManager<extensions::EasyUnlockPrivateConnection,extensions::NamedThreadTraits<extensions::EasyUnlockPrivateConnection> >::ApiResourceData * const &,std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &> >,void >::Run(base::internal::BindStateBase *) 0x72277e87 (chrome.dll -task_annotator.cc:51 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask const &) 0x72277bef (chrome.dll -message_loop.cc:486 ) base::MessageLoop::RunTask(base::PendingTask const &) 0x7227711b (chrome.dll -message_loop.cc:607 ) base::MessageLoop::DoWork() 0x722fbf59 (chrome.dll -message_pump_win.cc:174 ) base::MessagePumpForUI::DoRunLoop() 0x72276bf7 (chrome.dll -message_pump_win.cc:58 ) base::MessagePumpWin::Run(base::MessagePump::Delegate *) 0x72276b00 (chrome.dll -message_loop.cc:450 ) base::MessageLoop::RunHandler() 0x72276a08 (chrome.dll -run_loop.cc:56 ) base::RunLoop::Run() 0x7253ae67 (chrome.dll -chrome_browser_main.cc:1796 ) ChromeBrowserMainParts::MainMessageLoopRun(int *) 0x7253adc7 (chrome.dll -browser_main_loop.cc:946 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x7253ad6d (chrome.dll -browser_main_runner.cc:237 ) content::BrowserMainRunnerImpl::Run() 0x72231c33 (chrome.dll -browser_main.cc:44 ) content::BrowserMain(content::MainFunctionParams const &) 0x72231a7c (chrome.dll -content_main_runner.cc:382 ) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x722319f8 (chrome.dll -content_main_runner.cc:787 ) content::ContentMainRunnerImpl::Run() 0x72217cb9 (chrome.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x72216b37 (chrome.dll -chrome_main.cc:67 ) ChromeMain 0x00237e6a (chrome.exe -main_dll_loader_win.cc:260 ) MainDllLoader::Launch(HINSTANCE__ *) 0x00237415 (chrome.exe -chrome_exe_main_win.cc:259 ) wWinMain 0x00273e09 (chrome.exe -crt0.c:251 ) __tmainCRTStartup 0x74ba3743 (KERNEL32.DLL + 0x00013743 ) BaseThreadInitThunk 0x776b9cd3 (ntdll.dll + 0x00059cd3 ) __RtlUserThreadStart 0x776b9c9e (ntdll.dll + 0x00059c9e ) _RtlUserThreadStart
,
Apr 14 2016
Unable to reproduce the issue on Win10 - Stable Build 50.0.2661.75 Can you please upgrade to the latest stable build available and check if you still see this issue ?
,
Apr 17 2016
I couldn't repro this bug again in 52.0.2710.0. Seems like fixed.
,
Apr 20 2016
Not sure if the bug is solved elsewhere (very unlikely), but there's a CL written by the reporter in https://codereview.chromium.org/1869473002/ AFAIK, that CL is partly correct in fixing the bug. So please assign to anthonyvd@ because he is reviewing that CL.
,
Apr 21 2016
,
May 16 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6b5e981164b2e466e023d960fa1452ebfb85eaf7 commit 6b5e981164b2e466e023d960fa1452ebfb85eaf7 Author: palar <palar@yandex-team.ru> Date: Mon May 16 15:31:52 2016 Fixed crash on double profile delete operation. BUG= 601049 R=anthonyvd@chromium.org, bauerb@chromium.org, dbeam@chromium.org, stevenjb@chromium.org, achuith@chromium.org, mlerman@chromium.org Review-Url: https://codereview.chromium.org/1869473002 Cr-Commit-Position: refs/heads/master@{#393836} [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/profiles/profile_manager.cc [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/profiles/profile_manager.h [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/ui/webui/options/browser_options_handler.cc [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/ui/webui/options/create_profile_handler.cc [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/ui/webui/options/sync_setup_handler.cc [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/ui/webui/profile_helper.cc [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/ui/webui/profile_helper.h [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/ui/webui/settings/people_handler.cc [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/ui/webui/signin/signin_create_profile_handler.cc [modify] https://crrev.com/6b5e981164b2e466e023d960fa1452ebfb85eaf7/chrome/browser/ui/webui/signin/user_manager_screen_handler.cc
,
May 19 2016
,
May 19 2016
Issue 600734 has been merged into this issue.
,
Aug 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c684d2e6774693c6b975e0ee7e7f3a134d5f31ea commit c684d2e6774693c6b975e0ee7e7f3a134d5f31ea Author: palar <palar@yandex-team.ru> Date: Thu Aug 04 18:14:49 2016 Fixed sole profile double deletion. It is still possible to perform double delete operation on sole profile After sole profile scheduled for deletion a new profile will be created asynchronously on blocking pool and only then FinishDeletingProfile will be called to set ProfilesToDelete entry. BUG= 601049 R=anthonyvd@chromium.org, bauerb@chromium.org Review-Url: https://codereview.chromium.org/2201793002 Cr-Commit-Position: refs/heads/master@{#409837} [modify] https://crrev.com/c684d2e6774693c6b975e0ee7e7f3a134d5f31ea/chrome/browser/profiles/profile_manager.cc |
|||
►
Sign in to add a comment |
|||
Comment 1 by chromium...@gmail.com
, Apr 6 2016