New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 668522 link

Starred by 3 users
Status: Archived
Owner: ----
Closed: May 2018
Cc:
msrchandra@chromium.org
sureshkumari@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

Hitting [back] button pretty fast on extension page crashes Chromium

Reported by taras.pr...@gmail.com, Nov 24 2016 
UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/53.0.2785.143 Chrome/53.0.2785.143 Safari/537.36

Steps to reproduce the problem:
1. Install uBlock origin, or any other extension which have ui page (like chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/dashboard.html for uBlock one)
2. go to crappy web-site which activates uBlock's page, like this chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/document-blocked.html?details=....longcode...
crappy web-site must send you to blocked url again while hitting back
3. press back button pretty fast for 3-5 secs

voila - browser crashed with

Dissassembly

=> 0x7f85f360d259 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2361>:	mov    (%rax),%rdx
   0x7f85f360d25c <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2364>:	mov    %rax,%rdi
   0x7f85f360d25f <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2367>:	callq  *0x88(%rdx)
   0x7f85f360d265 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2373>:	mov    %eax,0x4e0(%rsp)
   0x7f85f360d26c <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2380>:	mov    0x28(%r14),%rdi
   0x7f85f360d270 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2384>:	mov    0x30(%r14),%rsi
   0x7f85f360d274 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2388>:	mov    (%rdi),%rax
   0x7f85f360d277 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2391>:	callq  *0xc8(%rax)
   0x7f85f360d27d <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2397>:	mov    (%rax),%rdx
   0x7f85f360d280 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2400>:	mov    %rax,%rdi
   0x7f85f360d283 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2403>:	callq  *(%rdx)
   0x7f85f360d285 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2405>:	mov    %rax,0x4e8(%rsp)
   0x7f85f360d28d <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2413>:	mov    0x10(%rsp),%eax
   0x7f85f360d291 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2417>:	lea    0x2a8(%rbx),%rdi
   0x7f85f360d298 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2424>:	mov    %r15,%rsi
   0x7f85f360d29b <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2427>:	mov    %eax,0x4f0(%rsp)

SegvAnalysis

Segfault happened at: 0x7f85f360d259 <_ZN7content18RenderViewHostImpl16CreateRenderViewEiiiRKNS_21FrameReplicationStateEb+2361>:	mov    (%rax),%rdx
PC (0x7f85f360d259) ok
source "(%rax)" (0x00000000) not located in a known VMA region (needed readable region)!
destination "%rdx" ok

SegvReason
reading NULL VMA

StackTraceTop

content::RenderViewHostImpl::CreateRenderView(int, int, int, content::FrameReplicationState const&, bool) () from /usr/lib/chromium-browser/libs/libcontent.so
content::WebContentsImpl::CreateRenderViewForRenderManager(content::RenderViewHost*, int, int, content::FrameReplicationState const&) () from /usr/lib/chromium-browser/libs/libcontent.so
content::RenderFrameHostManager::InitRenderView(content::RenderViewHostImpl*, content::RenderFrameProxyHost*) () from /usr/lib/chromium-browser/libs/libcontent.so
content::RenderFrameHostManager::CreateRenderFrame(content::SiteInstance*, bool, int*) () from /usr/lib/chromium-browser/libs/libcontent.so
content::RenderFrameHostManager::CreatePendingRenderFrameHost(content::SiteInstance*, content::SiteInstance*) () from /usr/lib/chromium-browser/libs/libcontent.so

StackTrace

#0  0x00007f85f360d259 in content::RenderViewHostImpl::CreateRenderView(int, int, int, content::FrameReplicationState const&, bool) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#1  0x00007f85f36ea06d in content::WebContentsImpl::CreateRenderViewForRenderManager(content::RenderViewHost*, int, int, content::FrameReplicationState const&) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#2  0x00007f85f34a8b4f in content::RenderFrameHostManager::InitRenderView(content::RenderViewHostImpl*, content::RenderFrameProxyHost*) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#3  0x00007f85f34abf1e in content::RenderFrameHostManager::CreateRenderFrame(content::SiteInstance*, bool, int*) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#4  0x00007f85f34ac10c in content::RenderFrameHostManager::CreatePendingRenderFrameHost(content::SiteInstance*, content::SiteInstance*) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#5  0x00007f85f34ade82 in content::RenderFrameHostManager::UpdateStateForNavigate(GURL const&, content::SiteInstance*, content::SiteInstance*, ui::PageTransition, bool, bool, content::GlobalRequestID const&, int, bool) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#6  0x00007f85f34ae064 in content::RenderFrameHostManager::Navigate(GURL const&, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, bool) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#7  0x00007f85f3494c4a in content::NavigatorImpl::NavigateToEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, content::NavigationController::ReloadType, bool, bool, scoped_refptr<content::ResourceRequestBodyImpl> const&) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#8  0x00007f85f3495407 in content::NavigatorImpl::NavigateToPendingEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::NavigationController::ReloadType, bool) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#9  0x00007f85f3487853 in content::NavigationControllerImpl::NavigateToPendingEntryInternal(content::NavigationController::ReloadType) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#10 0x00007f85f3487a4e in content::NavigationControllerImpl::NavigateToPendingEntry(content::NavigationController::ReloadType) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#11 0x00007f85f638790f in ?? ()
No symbol table info available.
#12 0x00007f85f63848a9 in ?? ()
No symbol table info available.
#13 0x00007f85f70b7bdf in ?? ()
No symbol table info available.
#14 0x00007f85ef9e1d18 in views::CustomButton::OnMouseReleased(ui::MouseEvent const&) () from /usr/lib/chromium-browser/libs/libviews.so
No symbol table info available.
#15 0x00007f85f633b2b4 in ?? ()
No symbol table info available.
#16 0x00007f85f2a6488f in ui::ScopedTargetHandler::OnEvent(ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#17 0x00007f85f2a5f0e5 in ui::EventDispatcher::DispatchEvent(ui::EventHandler*, ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#18 0x00007f85f2a5f72c in ui::EventDispatcher::ProcessEvent(ui::EventTarget*, ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#19 0x00007f85f2a5f7d9 in ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget*, ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#20 0x00007f85f2a5f8db in ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget*, ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#21 0x00007f85efa335dc in views::internal::RootView::OnMouseReleased(ui::MouseEvent const&) () from /usr/lib/chromium-browser/libs/libviews.so
No symbol table info available.
#22 0x00007f85efa3a0e8 in views::Widget::OnMouseEvent(ui::MouseEvent*) () from /usr/lib/chromium-browser/libs/libviews.so
No symbol table info available.
#23 0x00007f85f2a5f0e5 in ui::EventDispatcher::DispatchEvent(ui::EventHandler*, ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#24 0x00007f85f2a5f72c in ui::EventDispatcher::ProcessEvent(ui::EventTarget*, ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#25 0x00007f85f2a5f7d9 in ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget*, ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#26 0x00007f85f2a5f8db in ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget*, ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#27 0x00007f85f2a5ffae in ui::EventProcessor::OnEventFromSource(ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#28 0x00007f85f2a602b3 in ui::EventSource::DeliverEventToProcessor(ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#29 0x00007f85f2a60a99 in ui::EventSource::SendEventToProcessor(ui::Event*) () from /usr/lib/chromium-browser/libs/libevents.so
No symbol table info available.
#30 0x00007f85efa5a784 in views::DesktopWindowTreeHostX11::DispatchMouseEvent(ui::MouseEvent*) () from /usr/lib/chromium-browser/libs/libviews.so
No symbol table info available.
#31 0x00007f85efa5ef34 in views::DesktopWindowTreeHostX11::DispatchEvent(_XEvent* const&) () from /usr/lib/chromium-browser/libs/libviews.so
No symbol table info available.
#32 0x00007f85f2a16a1c in ui::PlatformEventSource::DispatchEvent(_XEvent*) () from /usr/lib/chromium-browser/libs/libevents_platform.so
No symbol table info available.
#33 0x00007f85ef80ef19 in ui::X11EventSource::ExtractCookieDataDispatchEvent(_XEvent*) () from /usr/lib/chromium-browser/libs/libx11_events_platform.so
No symbol table info available.
#34 0x00007f85ef80f02d in ui::X11EventSource::DispatchXEvents() () from /usr/lib/chromium-browser/libs/libx11_events_platform.so
No symbol table info available.
#35 0x00007f85ef811e9c in ?? () from /usr/lib/chromium-browser/libs/libx11_events_platform.so
No symbol table info available.
#36 0x00007f85ec5d6ce5 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#37 0x00007f85ec5d7048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#38 0x00007f85ec5d70ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
#39 0x00007f85f51f27fd in base::MessagePumpGlib::Run(base::MessagePump::Delegate*) () from /usr/lib/chromium-browser/libs/libbase.so
No symbol table info available.
#40 0x00007f85f5244268 in base::RunLoop::Run() () from /usr/lib/chromium-browser/libs/libbase.so
No symbol table info available.
#41 0x00007f85f5ea8067 in ?? ()
No symbol table info available.
#42 0x00007f85f33c6ddf in content::BrowserMainLoop::RunMainMessageLoopParts() () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#43 0x00007f85f33c8dbd in ?? () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#44 0x00007f85f33c2e59 in content::BrowserMain(content::MainFunctionParams const&) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#45 0x00007f85f33313d4 in ?? () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#46 0x00007f85f3330611 in content::ContentMain(content::ContentMainParams const&) () from /usr/lib/chromium-browser/libs/libcontent.so
No symbol table info available.
#47 0x00007f85f5c598e8 in ?? ()
No symbol table info available.
#48 0x00007f85e8d4ef45 in __libc_start_main (main=0x7f85f5c57a50, argc=5, argv=0x7fff6fe850c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff6fe850b8) at libc-start.c:287
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -5420976056356943595, 140213330745233, 140735070884032, 0, 0, 5420659597261293845, 5462588542218160405}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fff6fe850f8, 0x7f85f573b1c8}, data = {prev = 0x0, cleanup = 0x0, canceltype = 1877496056}}}
        not_first_call = <optimized out>
#49 0x00007f85f5c597ba in ?? ()
No symbol table info available.

What is the expected behavior?
No crash

What went wrong?
Browser Crashed.

Crashed report ID: no

How much crashed? Whole browser

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 53.0.2785.143  Channel: stable
OS Version: Ubuntu 14.04.5
Flash Version: Shockwave Flash 23.0 r0
Stacktrace
8.5 KB View Download
Disassembly
2.0 KB View Download
DistroRelease
12 bytes View Download
ThreadStacktrace
74.3 KB View Download

Comment 1 by ajha@chromium.org, Nov 29 2016

Components: Platform>Extensions

Comment 2 by ranjitkan@chromium.org, Dec 8 2016

Labels: M-57

Comment 3 by msrchandra@chromium.org, Dec 16 2016

Cc: msrchandra@chromium.org
Labels: Needs-Feedback
Tested the issue on Latest Stable# 55.0.2883.87 on Ubuntu 14.04 and could not reproduce the issue.
@taras.prokopenko -- Could you re-test on stable version mentioned and if reproducible just provide us the crash id which is generated under chrome://crashes.

Thanks in Advance.

Comment 4 by sureshkumari@chromium.org, Feb 1 2017

Cc: sureshkumari@chromium.org
Reporter@ could you please upgrade the chrome to latest stable version 56.0.2924.76 and please confirm if the crashes are still seen.

Thanks..

Comment 5 by woxxom@gmail.com, Feb 1 2017 

To reproduce the issue we also need the *actual* crappy website url.
Project Member

Comment 7 by sheriffbot@chromium.org, Feb 10 2017

Labels: -Needs-Feedback Needs-Review
Owner: msrchandra@chromium.org
Thank you for providing more feedback. Adding requester "msrchandra@chromium.org" for another review and adding "Needs-Review" label for tracking.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 8 by cda...@chromium.org, Mar 13 2017 

Cleaning up "Needs-Review" label as we are not using this label for triage. Ref  bug 684919

Comment 9 by cda...@chromium.org, Mar 13 2017

Labels: -Needs-Review

Comment 10 by msrchandra@chromium.org, May 12 2017

Labels: Needs-Feedback
Owner: ----
Re-tested the issue on Latest Stable# 58.0.3029.110 and could not reproduce the crash.
@taras.prokopenko -- Could you please upgrade to latest Chrome and provide us an update.
If reproducible please provide us the latest Crash Id generated.
Thanks in Advance.
Project Member

Comment 11 by sheriffbot@chromium.org, May 14 2018

Status: Archived (was: Unconfirmed)
Issue has not been modified or commented on in the last 365 days, please re-open or file a new bug if this is still an issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment