Chromebook Recovery Utility App fails unless Windows UAC is set to off
Reported by
smithfor...@gmail.com,
Apr 28 2016
|
|||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; CrOS x86_64 47.1.88) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 Steps to reproduce the problem: 1. Launch the Chrome Recovery Utility 2. Select an arbitrary Chromebook model and insert a USB stick. 3. After the unpacking step and before the utility writes to the USB stick, Windows will generate a UAC prompt asking "Do you want to allow the following program to make changes to this computer? Program Name: Google Chrome". Click Yes. 4. Process will immediately fail and display "Unknown error. Utility process crashed. Please try again." What is the expected behavior? The app should (and used to) proceed after accepting the UAC prompt without failure and write to the chosen USB device. What went wrong? Even thought the UAC prompt privilege elevation is accepted by the user, the process fails to write to USB. WebStore page: https://chrome.google.com/webstore/detail/chromebook-recovery-utili/jndclpdbaamdhonoechobihbbiimdgai?hl=en Did this work before? Yes Chrome Browser 49-stable on the same computer with the same settings Chrome version: Chrome 50.0.2661.87 m Channel: stable OS Version: 7 Service Pack 1, 64 bit Flash Version: built in pepper Turning OFF UAC altogether avoids this issue. Mac OSX, Chrome OS, Chromium OS do not exhibit the issue.
,
May 4 2016
,
May 4 2016
An update - we are seeing that for Windows 7 the workaround of "turn off UAC" is working, but on W8/8.1/10 that workaround does not work.
,
May 4 2016
Able to reproduce this issue on windows NT: 10.0 with chrome: 50.0.2661.94 and App:3.1.6 Submitted feedback report (user:sontis.test@gmail.com).
,
May 4 2016
,
May 4 2016
This issue is specific to Windows machine and failure screenshot is present at https://pantheon.corp.google.com/m/cloudstorage/b/chromiumos-test-logs/o/bugfiles/cr/607677/IMG_2340%20.JPG Note:Not able to reproduce this issue on Mac machine.
,
May 4 2016
yes looks specific to Windows machine. Recovery script for Linux machine is working good.
,
May 5 2016
,
May 6 2016
+haven for utility process privilege elevation
,
May 6 2016
@sontis, Asanka told me "for UAC errors, there should be an event logged in the Windows event viewer that may indicate what's going wrong", could you check on your test machine?
,
May 6 2016
Raising priority. M50 on Chrome is being adopted very rapidly now and is the majority of cases for use of the Chromebook Recovery Utility. Analytics for the tool indicates that the problem is only affecting Windows users, but for users on M50 it is affecting the vast majority of them.
,
May 6 2016
Confirming that the uptick in errors on Analytics coincides with Chrome M50 release. Based on omahaproxy.appspot.com/history: win,stable,50.0.2661.75,2016-04-13 17:53:03.468760 win64,stable,50.0.2661.75,2016-04-13 17:53:02.214550 win,beta,50.0.2661.75,2016-04-13 17:25:02.952870 win64,beta,50.0.2661.75,2016-04-13 17:25:01.846060
,
May 6 2016
Crash debug information is collected and kept at https://pantheon.corp.google.com/m/cloudstorage/b/chromiumos-test-logs/o/bugfiles/cr/607677 File info: Crash dump file: chrome.exe.3024.dmp Windows Event logs: Windows_Even_Logs /Report.wer
,
May 6 2016
Correct debug info storage location - https://pantheon.corp.google.com/storage/browser/chromiumos-test-logs/bugfiles/cr/607677/
,
May 6 2016
,
May 6 2016
,
May 6 2016
,
May 7 2016
Confirm that I can repro locally. I'll try to build at 50 and see if I can narrow it down more, but it'll take a while.
,
May 7 2016
,
May 7 2016
Great! Let ntang@ know if you need any help narrowing. This is affecting a large majority of users of the tool so we need to fix it asap. I'm a little surprised the bug has only recently been filed when the bug has been out for approximately 3 weeks now.
,
May 7 2016
pbommana bisected when it got fixed in 51 to https://chromium.googlesource.com/chromium/src/+log/51.0.2704.20..51.0.2704.23?pretty=fuller&n=10000 (nice work!) and looks like it might be the same root cause as https://bugs.chromium.org/p/chromium/issues/detail?id=604106. So we might just need a merge of a fix there.
,
May 7 2016
Did two bisect's since the issue reproducible on Stable i.e., 50.0.2661.94 and when checked it is fixed on Chrome beta i.e., 51.0.2704.36 Stable Bisect : Last Good build : 49.0.2623.112 First bas build : 50.0.2624.0 https://chromium.googlesource.com/chromium/src/+log/49.0.2623.0..50.0.2624.0?pretty=fuller&n=10000 M51 bisect(reverse bisect to see until which build this is broken and later what fixed this) : Last Bad build : 51.0.2704.20 First Good Build : 51.0.2704.22 https://chromium.googlesource.com/chromium/src/+log/51.0.2704.20..51.0.2704.22?pretty=fuller&n=10000 Based on offline chat with Scottmg@ we are suspecting CL : https://codereview.chromium.org/1894933003
,
May 7 2016
,
May 7 2016
Thanks for the bisecting! That helps a lot. @amistry and @wfh, could you take a look at that CL 1894933003.
,
May 7 2016
@scottmg, let me know if you need more information from my side. Thanks for looking at this.
,
May 7 2016
It seems very likely that that CL would fix the crash. Should it be merged into 50?
,
May 7 2016
yes. Most customers are on Windows and need this fix asap.
,
May 7 2016
I took a look at the current 50 branch and the code CL 1894933003 changes doesn't even exist in that branch. It was submitted after the M50 branch point, which makes me very suspicious.
,
May 7 2016
1894933003 is the issue that fixed the problem in 51?
,
May 7 2016
#29, OK, I noticed that too; https://bugs.chromium.org/p/chromium/issues/detail?id=604106 says "Earliest crash: 2ed305a400000000 / 50.0.2638.0" and that crash does look similar. Maybe something got back merged to 50? If you don't think so, I can continue a code CL-level bisect to confirm.
,
May 7 2016
In a debug build I'm getting a dcheck in [3444:7604:0506/200443:FATAL:child_broker_host.cc(338)] Check failed: result. Backtrace: base::debug::StackTrace::StackTrace [0x100988A1+33] (d:\src\cr3\src\base\debug\stack_trace_win.cc:215) logging::LogMessage::~LogMessage [0x100F481B+75] (d:\src\cr3\src\base\logging.cc:522) mojo::edk::ChildBrokerHost::DuplicateToChild [0x1E874828+312] (d:\src\cr3\src\mojo\edk\system\child_broker_host.cc:338) mojo::edk::ChildBrokerHost::ChildBrokerHost [0x1E8735C9+537] (d:\src\cr3\src\mojo\edk\system\child_broker_host.cc:70) mojo::edk::ChildProcessLaunched [0x1E8210E3+83] (d:\src\cr3\src\mojo\edk\embedder\embedder.cc:66) mojo::embedder::ChildProcessLaunched [0x1E736E48+24] (d:\src\cr3\src\third_party\mojo\src\mojo\edk\embedder\embedder.cc:122) content::BrowserChildProcessHostImpl::OnProcessLaunched [0x123E51D5+661] (d:\src\cr3\src\content\browser\browser_child_process_host_impl.cc:425) content::ChildProcessLauncher::Notify [0x1251EC9E+350] (d:\src\cr3\src\content\browser\child_process_launcher.cc:476) content::ChildProcessLauncher::DidLaunch [0x1251DBBD+285] (d:\src\cr3\src\content\browser\child_process_launcher.cc:451) base::internal::RunnableAdapter<void (__cdecl*)(base::WeakPtr<content::ChildProcessLauncher>,bool,bool,base::Process)>::Run [0x1251F920+112] (d:\src\cr3\src\base\bind_internal.h:157) base::internal::InvokeHelper<0,void,base::internal::RunnableAdapter<void (__cdecl*)(base::WeakPtr<content::ChildProcessLauncher>,bool,bool,base::Process)>,base::internal::TypeList<base::WeakPtr<content::ChildProcessLauncher> const &,bool const &,bool cons [0x1251EA1D+77] (d:\src\cr3\src\base\bind_internal.h:298) base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl*)(base::WeakPtr<content::ChildProcessLauncher>,bool,bool,base::Process)>,void __cdecl(base::WeakPtr<content::ChildProcessLauncher>,boo [0x1251F656+150] (d:\src\cr3\src\base\bind_internal.h:347) base::Callback<void __cdecl(bool,base::Process)>::Run [0x1251F353+83] (d:\src\cr3\src\base\callback.h:394) base::internal::InvokeHelper<0,void,base::Callback<void __cdecl(bool,base::Process)>,base::internal::TypeList<bool const &,base::Process> >::MakeItSo [0x1251E913+51] (d:\src\cr3\src\base\bind_internal.h:298) base::internal::Invoker<base::IndexSequence<0,1>,base::internal::BindState<base::Callback<void __cdecl(bool,base::Process)>,void __cdecl(bool,base::Process),bool,base::internal::PassedWrapper<base::Process> >,base::internal::TypeList<base::internal::Unwra [0x1251F57E+126] (d:\src\cr3\src\base\bind_internal.h:347) base::Callback<void __cdecl(void)>::Run [0x10069EDF+47] (d:\src\cr3\src\base\callback.h:394) base::debug::TaskAnnotator::RunTask [0x1009F9AB+379] (d:\src\cr3\src\base\debug\task_annotator.cc:53) base::MessageLoop::RunTask [0x10123AA0+704] (d:\src\cr3\src\base\message_loop\message_loop.cc:487) base::MessageLoop::DeferOrRunPendingTask [0x10120EE4+52] (d:\src\cr3\src\base\message_loop\message_loop.cc:498) base::MessageLoop::DoWork [0x101216AD+221] (d:\src\cr3\src\base\message_loop\message_loop.cc:607) base::MessagePumpForIO::DoRunLoop [0x1012E062+50] (d:\src\cr3\src\base\message_loop\message_pump_win.cc:498) base::MessagePumpWin::RunWithDispatcher [0x101301F2+130] (d:\src\cr3\src\base\message_loop\message_pump_win.cc:52) base::MessagePumpWin::Run [0x1013014C+28] (d:\src\cr3\src\base\message_loop\message_pump_win.cc:59) base::MessageLoop::RunHandler [0x1012372F+303] (d:\src\cr3\src\base\message_loop\message_loop.cc:450) base::RunLoop::Run [0x101B8AC6+70] (d:\src\cr3\src\base\run_loop.cc:57) base::MessageLoop::Run [0x1012355D+237] (d:\src\cr3\src\base\message_loop\message_loop.cc:294) base::Thread::Run [0x1023F306+22] (d:\src\cr3\src\base\threading\thread.cc:201) content::BrowserThreadImpl::IOThreadRun [0x1245B2D8+56] (d:\src\cr3\src\content\browser\browser_thread_impl.cc:215) content::BrowserThreadImpl::Run [0x1245CC16+246] (d:\src\cr3\src\content\browser\browser_thread_impl.cc:250) base::Thread::ThreadMain [0x10240128+792] (d:\src\cr3\src\base\threading\thread.cc:252) base::`anonymous namespace'::ThreadFunc [0x1021B713+243] (d:\src\cr3\src\base\threading\platform_thread_win.cc:84) BaseThreadInitThunk [0x76E238F4+36] RtlUnicodeStringToInteger [0x77245DE3+595] RtlUnicodeStringToInteger [0x77245DAE+542] but I think all that tells us is that the utility process has crashed, so it's not too useful. Trying to catch it in action now.
,
May 7 2016
Just fyi: We're planning M50 Stable candidate cut @ 1:00 PM PST on Monday for M50 stable refresh release on Tuesday.
,
May 7 2016
That DCHECK is actually the problem with the Debug build. The utility process is starting just fine but the DuplicateToChild is failing as above (#32) with ERROR_ACCESS_DENIED. Maybe because it is elevated?
,
May 7 2016
Alright, I have not much idea. Maybe debug is some completely different brokenness, trying a bit with release now.
,
May 7 2016
I thought I'd try another bisect. I got a different range, but not sure if it's useful. D:\src\cr3\src>python tools\bisect-builds.py -a win -g 350000 -b 369926 --use-local-cache Downloading list of known revisions... Loaded revisions 1625-392245 from D:\src\cr3\src\tools\.bisect-builds-cache.json Downloading revision 360512... Received 98692593 of 98692593 bytes, 100.00% Bisecting range [350006 (good), 369926 (bad)]. Trying revision 360512... Revision 360512 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 366040... Bisecting range [360512 (good), 369926 (bad)]. Trying revision 366040... Revision 366040 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 367266... Bisecting range [366040 (good), 369926 (bad)]. Trying revision 367266... Revision 367266 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b Downloading revision 366844... Bisecting range [366040 (good), 367266 (bad)]. Trying revision 366844... Revision 366844 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b Downloading revision 366502... Bisecting range [366040 (good), 366844 (bad)]. Trying revision 366502... Revision 366502 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: b Downloading revision 366297... Bisecting range [366040 (good), 366502 (bad)]. Trying revision 366297... Revision 366297 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 366339... Bisecting range [366297 (good), 366502 (bad)]. Trying revision 366339... Revision 366339 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 366382... Bisecting range [366339 (good), 366502 (bad)]. Trying revision 366382... Revision 366382 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 366449... Bisecting range [366382 (good), 366502 (bad)]. Trying revision 366449... Revision 366449 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 366474... Bisecting range [366449 (good), 366502 (bad)]. Trying revision 366474... Revision 366474 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 366494... Bisecting range [366474 (good), 366502 (bad)]. Trying revision 366494... Revision 366494 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g Downloading revision 366499... Bisecting range [366494 (good), 366502 (bad)]. Trying revision 366499... Revision 366499 is [(g)ood/(b)ad/(r)etry/(u)nknown/(s)tdout/(q)uit]: g You are probably looking for a change made after 366499 (known good), but no later than 366502 (first known bad). CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/b054c7cf2a61f43437fa5965e908cf2e61109aa0..a368e377e6b806aa386c9aebd7718bee05bac497
,
May 7 2016
Prudhvi confirmed that it was fixed and then broken again during 50. The re-breaking appears to have happened in this range: https://chromium.googlesource.com/chromium/src/+log/50.0.2651.0..50.0.2652.0?pretty=full
,
May 7 2016
I have further checked the bisect and found below results : This was broken on very first M50 build which was compiled i.e., 50.0.2624.0 and continued in broken state until 50.0.2631.0. Later something has fixed it between Chrome versions 50.0.2631.0 and 50.0.2632.0 and continued to work until 50.0.2651.0. Then again started failing since 50.0.2652.0 until Chrome version 51.0.2704.20 and again some CL has fixed it on 51.0.2704.22. Now we need to identify what fixed this between 50.0.2631.0 --> 50.0.2632.0 : Change Log : https://chromium.googlesource.com/chromium/src/+log/50.0.2631.0..50.0.2632.0?pretty=fuller&n=10000 Find what has broken this again between 50.0.2651.0 --> 50.0.2652.0 : Change Log : https://chromium.googlesource.com/chromium/src/+log/50.0.2651.0..50.0.2652.0?pretty=full Find what has fixed this again between 51.0.2704.20 --> 51.0.2704.22 https://chromium.googlesource.com/chromium/src/+log/51.0.2704.20..51.0.2704.22?pretty=fuller&n=10000
,
May 7 2016
Can you please post a stack from the crash in the most recent broken revision range (2651.0 - 2652.0)?
,
May 7 2016
This was fixed by a series of changes in M51 that I think are too complex to merge, but they aren't necessary here. I have a trivial one-liner fix for M50 only. I'm testing the recovery utility with a local build of 50.0.2661.97 first (ETA 45-60min to build), but I'm fairly confident this will fix the crash with no other interesting side-effects. To be clear, this fix should not be applied to more recent branches, so I would need to land it directly on 2661. I realize this is uncommon but it seems like an exceptional scenario. Who needs to give approval for this? govind@? For some additional technical background, the crash is caused by some early initialization failing in the utility process. The feature being initialized is completely unused by elevated utility processes in M50, so my fix is to allow this initialization to fail silently instead of CHECKing. This seems reasonable to me.
,
May 7 2016
The corresponds with what I was seeing, the utility process was spawning a sub process that was crashing very early. (Early enough that the crashes were going to WerFault because the crash is before crash initialization :/)
,
May 7 2016
Confirmed that the crash in 50.0.2651.0..50.0.2652.0 starts at crrev.com/375408: 375407 is OK, 375408 crashes.
,
May 7 2016
So that's not the same crash that's present in 2661 BTW. Do we really care about fixing crashes in 2652?
,
May 7 2016
My goodness, what a mess. I have no idea.
,
May 7 2016
2661 is the release branch. IIUC, anything before that would have been dev or canary only. Crashes happen all the time in dev and canary, so I'm not sure it's too surprising to see a different crash in an older non-release branch.
,
May 8 2016
The crash doesn't exist in the release branch 2661 impacting M50 stable, right? Then fine not to fix. As mentioned in related email thread with rockot@ and govind@, given the situation, sgtm to land the change directly (pls still request merge and get merge approval), then trigger a build to verify to mitigate the risk. Thanks!
,
May 8 2016
Also if crash doesn't exist in the release branch 2661 impacting M50 stable, then this is NOT an M50 Stable blocker for next week release, correct?
,
May 8 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ec1542863ff8f48a729f50aea14894b7998fd6e1 commit ec1542863ff8f48a729f50aea14894b7998fd6e1 Author: Ken Rockot <rockot@chromium.org> Date: Sun May 08 00:33:23 2016 Avoid initializing child processes with an invalid parent pipe Elevated child processes cannot receive duplicated handles from the browser in the same way that other child processes can. If an elevated utility process attempts to initialize Mojo IPC, it will CHECK fail when trying to use an invalid handle as a result of this limitation. In M51+ we no longer attempt to initialize Mojo IPC in elevated utility processes, but this change in behavior was developed over several moderately complex patches. In order to avoid merging said patches into M50, this avoids the crash in bug 607677 by allowing initialization to fail silently instead of CHECKing. This silent failure has no interesting side effects, as Mojo IPC is not yet used in any elevated utility process. BUG= 607677 R=govind@google.com TBR=amistry@chromium.org Review URL: https://codereview.chromium.org/1957893002 . Cr-Commit-Position: refs/branch-heads/2661@{#668} Cr-Branched-From: ef6f6ae5e4c96622286b563658d5cd62a6cf1197-refs/heads/master@{#378081} [modify] https://crrev.com/ec1542863ff8f48a729f50aea14894b7998fd6e1/mojo/edk/system/core.cc
,
May 8 2016
I think there is some confusion here. There is definitely a crash affecting branch 2661, and it's fixed by the CL that just landed on that branch. There was another similar crash on an older branch, but that is no longer an issue in 2661.
,
May 8 2016
,
May 8 2016
Adding "Merge-Request-50" label per comment #46 although CL is already merged to M50 branch 2661 at comment #48.
,
May 8 2016
Approving merge to M50 branch 2661 per comment #46 although CL is already merged to M50 branch 2661 at comment #48. Reply to comment 49, thank you rockot@ for clarification. I'm triggering M50 build now.
,
May 8 2016
We definitely needs this fix into M50 branch 2661 because roughly the builds are bad between 50.0.2652.0 and 51.0.2704.20 (including 2661). Great work for fixing the issue promptly. Thanks.
,
May 8 2016
M50 build with this merge in complied successfully. Thank you everyone, special thanks to rockot@ for quick fix over the weekend.
,
May 8 2016
Removing "Merge-Approved-50" label as it is already merged.
,
May 9 2016
Thank you for getting this fixed so quickly and over the weekend! Sounds like we can start looking for changes in the Analytics for this error starting after tuesday's release.
,
May 9 2016
Verified the issue is fixed on M50(50.0.2661.99) build which was has the fix(compiled over the weekend) and there was no crash after selecting yes on the UAC elevation.
,
May 9 2016
Thanks Prudhvi! +1 on Thank you to all the folks who nailed this down over the weekend!
,
May 16 2016
Verifying that Analytics for the recovery tool indicates that the fix is working in the field. Utility process crashes on Windows have gone down 90% since the fix was released and is still decreasing as adoption of the new release increases.
,
Sep 7 2016
I'm no techie, but seems people are still having this issue. My Chromebook OS crashed, and it gets error after asking for permission to write to disk (USB).
,
Sep 7 2016
re: comment 60 - Please file a new bug at https://crbug.com/new so your problem gets its individual attention. Similar symptoms does not imply same underlying problem. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by edoan@chromium.org
, May 4 2016