New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 649644 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Dec 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Regression: Browser crashes on reloading chrome://md-settings/syncSetup page.

Project Member Reported by bj00129...@techmahindra.com, Sep 23 2016

Issue description

Version: 55.0.2868.0 Dev
OS: Ubuntu 14.04, Windows

What steps will reproduce the problem?
(1)Signin to chrome with valid credentials>>Navigate to chrome://md-settings>>Open devtools and emulate
(2)Go to advanced and click on clear browsing data button>>Reload the page and click on cancel button in Clear browsing data overlay
(3)Click on sync link in people section>> Now click on reload icon and observe browser crash.

Expected: Browser should not crash on reloading syncsetup page.
Actual: Instead browser crash is seen.

Crash id's: 2e0f6d9e00000000

Note: Once browser crashes in emulation view, issue is seen in normal window every time(Without opening devtools)

Steps:
(1)Signin to chrome with valid credentials>>Navigate to chrome://md-settings>>Go to advanced and click on clear browsing data button>>Reload the page and click on cancel button in overlay.
(2)Click on sync link in people section>> Now click on reload icon and observe browser crash

This is  Regression issue broken in M-55. Will soon update bisect info.

Manual bisect info:
Good build:55.0.2860.0 Dev
Bad build:55.0.2861.0 Dev

Attaching screen-cast for reference.

 
Actual_Syncsetup.ogv
2.4 MB View Download

Comment 1 by ajha@chromium.org, Sep 23 2016

Labels: -Needs-Bisect has-Bisect OS-Mac
Owner: ricea@chromium.org
Status: Assigned (was: Unconfirmed)
Reproducible on the latest canary(55.0.2869.0) on Mac OS 10.11.6 as well.

Changelog:
=========
https://chromium.googlesource.com/chromium/src/+log/55.0.2860.0..55.0.2861.0?pretty=fuller&n=10000

Stack trace of the crash id ac701d9e00000000:
=============================================
Thread 0 CRASHED [EXC_BAD_INSTRUCTION / EXC_I386_INVOP @ 0x0000000103e05548 ] MAGIC SIGNATURE THREAD
0x0000000103e05548	(Google Chrome Framework -web_ui_message_handler.h:105 )	settings::ClearBrowsingDataHandler::UpdateCounterText(std::__1::unique_ptr<browsing_data::BrowsingDataCounter::Result, std::__1::default_delete<browsing_data::BrowsingDataCounter::Result> >)
0x0000000103e05887	(Google Chrome Framework -bind_internal.h:214 )	base::internal::Invoker<base::internal::BindState<void (settings::ClearBrowsingDataHandler::*)(std::__1::unique_ptr<browsing_data::BrowsingDataCounter::Result, std::__1::default_delete<browsing_data::BrowsingDataCounter::Result> >), base::internal::UnretainedWrapper<settings::ClearBrowsingDataHandler> >, void (std::__1::unique_ptr<browsing_data::BrowsingDataCounter::Result, std::__1::default_delete<browsing_data::BrowsingDataCounter::Result> >)>::Run(base::internal::BindStateBase*, std::__1::unique_ptr<browsing_data::BrowsingDataCounter::Result, std::__1::default_delete<browsing_data::BrowsingDataCounter::Result> >&&)
0x0000000103bb1fef	(Google Chrome Framework -callback.h:64 )	browsing_data::BrowsingDataCounter::ReportResult(std::__1::unique_ptr<browsing_data::BrowsingDataCounter::Result, std::__1::default_delete<browsing_data::BrowsingDataCounter::Result> >)
0x0000000103bb275d	(Google Chrome Framework -history_counter.cc:150 )	browsing_data::HistoryCounter::OnGetLocalHistoryCount(history::HistoryCountResult)
0x0000000103aa802c	(Google Chrome Framework -callback.h:64 )	void base::internal::ReplyAdapter<history::HistoryCountResult, history::HistoryCountResult>(base::Callback<void (history::HistoryCountResult), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, history::HistoryCountResult*)
0x0000000101dc615a	(Google Chrome Framework -callback.h:64 )	(anonymous namespace)::RunIfNotCanceledThenUntrack(base::CancellationFlag const*, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, base::Callback<void (), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&)
0x0000000101dd65ee	(Google Chrome Framework -callback.h:64 )	base::(anonymous namespace)::PostTaskAndReplyRelay::RunReplyAndSelfDestruct()
0x0000000101d72738	(Google Chrome Framework -callback.h:64 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&)
0x0000000101d9451b	(Google Chrome Framework -message_loop.cc:469 )	base::MessageLoop::RunTask(base::PendingTask const&)
0x0000000101d9482b	(Google Chrome Framework -message_loop.cc:478 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
0x0000000101d94bd2	(Google Chrome Framework -message_loop.cc:602 )	base::MessageLoop::DoWork()
0x0000000101d96cdc	(Google Chrome Framework -message_pump_mac.mm:330 )	base::MessagePumpCFRunLoopBase::RunWork()
0x0000000101d8a3b9	(Google Chrome Framework + 0x019dc3b9 )	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000101d966f3	(Google Chrome Framework -message_pump_mac.mm:306 )	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fff8e5b9880	(CoreFoundation + 0x000aa880 )	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00007fff8e598fbb	(CoreFoundation + 0x00089fbb )	__CFRunLoopDoSources0
0x00007fff8e5984de	(CoreFoundation + 0x000894de )	__CFRunLoopRun
0x00007fff8e597ed7	(CoreFoundation + 0x00088ed7 )	CFRunLoopRunSpecific
0x00007fff98061934	(HIToolbox + 0x00030934 )	RunCurrentEventLoopInMode
0x00007fff9806176e	(HIToolbox + 0x0003076e )	ReceiveNextEventCommon
0x00007fff980615ae	(HIToolbox + 0x000305ae )	_BlockUntilNextEventMatchingListInModeWithFilter
0x00007fff8c6a2df5	(AppKit + 0x00048df5 )	_DPSNextEvent
0x00007fff8c6a2225	(AppKit + 0x00048225 )	-[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
0x00007fff8c696d7f	(AppKit + 0x0003cd7f )	-[NSApplication run]
0x0000000101d974fd	(Google Chrome Framework -message_pump_mac.mm:665 )	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x0000000101d96b3b	(Google Chrome Framework -message_pump_mac.mm:238 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000101db0ce0	(Google Chrome Framework -run_loop.cc:35 )	base::RunLoop::Run()
0x000000010198aa24	(Google Chrome Framework -chrome_browser_main.cc:2107 )	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x000000010101d523	(Google Chrome Framework -browser_main_loop.cc:957 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x000000010101fb11	(Google Chrome Framework -browser_main_runner.cc:155 )	content::BrowserMainRunnerImpl::Run()
0x000000010101994b	(Google Chrome Framework -browser_main.cc:46 )	content::BrowserMain(content::MainFunctionParams const&)
0x000000010194843d	(Google Chrome Framework -content_main_runner.cc:786 )	content::ContentMainRunnerImpl::Run()
0x0000000101947675	(Google Chrome Framework -content_main.cc:20 )	content::ContentMain(content::ContentMainParams const&)
0x00000001003b156b	(Google Chrome Framework -chrome_main.cc:97 )	ChromeMain
0x0000000100147d49	(Google Chrome Canary + 0x00000d49 )	
0x0000000100147b33	(Google Chrome Canary + 0x00000b33 )	

Based on the code search on 'history_counter.cc' suspecting: https://chromium.googlesource.com/chromium/src/+/85ec579564402fad9b6f0d593decf686846fb61f to be the related change.

ricea@: Could you please take a look at this crash and help in further investigation.

Thank you! 

Project Member

Comment 2 by sheriffbot@chromium.org, Sep 23 2016

Labels: Fracas FoundIn-M-55
Users experienced this crash on the following builds:

Mac Canary 55.0.2869.0 -  2.06 CPM, 1 reports, 1 clients (signature settings::ClearBrowsingDataHandler::UpdateCounterText)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Comment 3 by ricea@chromium.org, Sep 26 2016

Owner: ----
Status: Available (was: Assigned)
My change was part of a large-scale automated change. It is expected to make no semantic difference, and judging by the large scale without breaking tests, I have good confidence that is does indeed make no difference.

I tried to reproduce the crash with 55.0.2861.0 and 55.0.2869.0, built locally, but did not succeed. Perhaps it only crashes on Chrome-branded builds, or maybe I'm missing some crucial step. I believe I followed the instructions precisely.

Comment 4 by shrike@chromium.org, Sep 26 2016

Status: Untriaged (was: Available)
Cc: msramek@chromium.org mahmadi@chromium.org tommycli@chromium.org
Owner: dpa...@chromium.org
Status: Assigned (was: Untriaged)
@dpapad, is this already fixed?

Comment 6 by dpa...@chromium.org, Sep 26 2016

Cc: -tommycli@chromium.org
Owner: tommycli@chromium.org
I have no prior knowledge of this crash. Assigning to @tommycli.
Project Member

Comment 7 by sheriffbot@chromium.org, Oct 10 2016

Labels: FoundIn-M-56
Users experienced this crash on the following builds:

Mac Canary 56.0.2886.0 -  1.69 CPM, 1 reports, 1 clients (signature settings::ClearBrowsingDataHandler::UpdateCounterText)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Comment 8 by dbeam@chromium.org, Nov 29 2016

Status: Started (was: Assigned)
Project Member

Comment 9 by bugdroid1@chromium.org, Nov 30 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ff49185dcc63d419a850902ed5220377701d1e3c

commit ff49185dcc63d419a850902ed5220377701d1e3c
Author: tommycli <tommycli@chromium.org>
Date: Wed Nov 30 18:40:38 2016

MD Settings: Fix WebUI lifecycle issues in Clear Browsing Data handler.

BUG= 649644 

Review-Url: https://codereview.chromium.org/2536003003
Cr-Commit-Position: refs/heads/master@{#435353}

[modify] https://crrev.com/ff49185dcc63d419a850902ed5220377701d1e3c/chrome/browser/ui/webui/settings/settings_clear_browsing_data_handler.cc

Status: Fixed (was: Started)
I theorize the above patch fixes these crashes. Let's monitor.

Sign in to add a comment