Issue metadata
Sign in to add a comment
|
chrome://inspect crashes the browser
Reported by
pdk...@gmail.com,
Dec 5 2016
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 Steps to reproduce the problem: Note: that's with version 56.0.2924.10 not the version mentioned above. 1. chrome://inspect 2. wait What is the expected behavior? What went wrong? After a few seconds, it takes down the whole browser. It doesn't matter if a device is actually connected or not, or whether the tab is focused. Did this work before? Yes Chrome version: 53.0.2785.143 Channel: n/a OS Version: 14.04 Flash Version: The console claims a segfault, and syslog prints this. traps: chrome[1805] general protection ip:7f25094297cf sp:7ffd2980a8a0 error:0 in chrome[7f2507c6a000+6155000] I can't debug this further right now, not least because the instructions for Linux debugging appear to have been taken offline for some reason.
,
Dec 5 2016
저에게 항상 밝은 미소로 하루종일 저와같은 어려운 분들에게 항상 작은 힘을 주고 있는 분들에게 저가 고마운 마음으로 올해가 끝나기전에 새해 인사를 하고자 합니다... 감사합니다. 2016. 12. 5. 오후 8:38에 "ranjit… via monorail" < monorail+v2.3493406661@chromium.org>님이 작성:
,
Dec 7 2016
Unable to reproduce the issue on Linux 14.04 chrome version 56.0.2924.18 - chrome://inspect/#devices is displayed fine. Could you please upgrade to latest dev and see if issue still exists.
,
Dec 7 2016
Yes. An addition observation. If chrome://inspect is the only tab, it works fine, until a new tab is opened, upon which it takes down the browser immediately.
,
Dec 7 2016
I was mistaken. It is less unstable when the only tab open, but eventually exhibits the same problem.
,
Dec 7 2016
If you can reproduce this on an official build can you post the crash ID from chrome://crashes here? That will let me look up the stack trace. I haven't been able to reproduce this on HEAD.
,
Dec 9 2016
It's not an official build, but now that I've found the instructions, I'll produce a stack trace.
,
Dec 9 2016
OK, in a build with debug symbols, this message is printed in console once per second. May or may not be related.
[18269:18339:1209/165346.707656:ERROR:socket_posix.cc(82)] CreatePlatformSocket() returned an error, errno=97: Address family not supported by protocol
And the stack trace from gdb.
Program received signal SIGSEGV, Segmentation fault.
0x0000555556d152fd in Invoke<base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> const&> (
method=&virtual table offset 93825019270908, receiver_ptr=...) at ../../base/bind_internal.h:214
214 ../../base/bind_internal.h: No such file or directory.
(gdb) bt
#0 0x0000555556d152fd in Invoke<base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> const&> (
method=&virtual table offset 93825019270908, receiver_ptr=...) at ../../base/bind_internal.h:214
#1 MakeItSo<void (content::(anonymous namespace)::WebContentsCaptureMachine::* const&)(), base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> const&> (functor=<optimized out>, weak_ptr=...)
at ../../base/bind_internal.h:305
#2 RunImpl<void (content::(anonymous namespace)::WebContentsCaptureMachine::* const&)(), std::tuple<base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> > const&, 0> (functor=<optimized out>, bound=...)
at ../../base/bind_internal.h:361
#3 base::internal::Invoker<base::internal::BindState<void (content::(anonymous namespace)::WebContentsCaptureMachine::*)(), base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> >, void ()>::Run(base::internal::BindStateBase*) (base=0x1d7bb330c500) at ../../base/bind_internal.h:339
#4 0x00005555573bc4ce in Run (this=<optimized out>) at ../../base/callback.h:47
#5 base::debug::TaskAnnotator::RunTask (this=<optimized out>, queue_function=0x55555a1203e3 "MessageLoop::PostTask",
pending_task=0x7fffffffd930) at ../../base/debug/task_annotator.cc:52
#6 0x000055555735a71c in base::MessageLoop::RunTask (this=0x1d7bb290f380, pending_task=0x7fffffffd930)
at ../../base/message_loop/message_loop.cc:413
#7 0x000055555735a9c8 in base::MessageLoop::DeferOrRunPendingTask (this=0x1d7bb290f380, pending_task=...)
at ../../base/message_loop/message_loop.cc:422
#8 0x000055555735ae8e in base::MessageLoop::DoDelayedWork (this=0x1d7bb290f380,
next_delayed_work_time=<optimized out>) at ../../base/message_loop/message_loop.cc:554
#9 0x000055555735c2c0 in HandleDispatch (this=<optimized out>) at ../../base/message_loop/message_pump_glib.cc:278
#10 base::(anonymous namespace)::WorkSourceDispatch (source=<optimized out>, unused_func=<optimized out>,
unused_data=<optimized out>) at ../../base/message_loop/message_pump_glib.cc:109
#11 0x00007ffff6b3ae04 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#12 0x00007ffff6b3b048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#13 0x00007ffff6b3b0ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#14 0x000055555735c186 in base::MessagePumpGlib::Run (this=0x1d7bb298e680, delegate=<optimized out>)
at ../../base/message_loop/message_pump_glib.cc:309
#15 0x0000555557375951 in base::RunLoop::Run (this=0x7fffffffdbe8) at ../../base/run_loop.cc:35
#16 0x0000555557289e81 in ChromeBrowserMainParts::MainMessageLoopRun (this=0x1d7bb2852b40, result_code=0x1d7bb284ba98)
at ../../chrome/browser/chrome_browser_main.cc:2010
#17 0x0000555556be6854 in content::BrowserMainLoop::RunMainMessageLoopParts (this=0x1d7bb284ba80)
at ../../content/browser/browser_main_loop.cc:984
#18 0x0000555556be919f in content::BrowserMainRunnerImpl::Run (this=0x1d7bb283bf80)
at ../../content/browser/browser_main_runner.cc:141
#19 0x0000555556be2f36 in content::BrowserMain (parameters=...) at ../../content/browser/browser_main.cc:46
#20 0x00005555570f3d10 in content::ContentMainRunnerImpl::Run (this=0x1d7bb28382d0)
at ../../content/app/content_main_runner.cc:774
#21 0x00005555570f2e94 in content::ContentMain (params=...) at ../../content/app/content_main.cc:20
#22 0x00005555560d1a37 in ChromeMain (argc=5, argv=0x7fffffffde88) at ../../chrome/app/chrome_main.cc:108
#23 0x00007ffff1626f45 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#24 0x00005555560d1925 in _start ()
,
Dec 9 2016
I cannot reliably reproduce this now by just waiting on chrome://inspect. The bt is from opening chrome://inspect, and then opening a new tab, which works reliably.
The same bt, but with glib debug symbols, which I don't think matter.
(gdb) bt
#0 0x0000555556d152fd in Invoke<base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> const&> (
method=&virtual table offset 93825019270908, receiver_ptr=...) at ../../base/bind_internal.h:214
#1 MakeItSo<void (content::(anonymous namespace)::WebContentsCaptureMachine::* const&)(), base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> const&> (functor=<optimized out>, weak_ptr=...)
at ../../base/bind_internal.h:305
#2 RunImpl<void (content::(anonymous namespace)::WebContentsCaptureMachine::* const&)(), std::tuple<base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> > const&, 0> (functor=<optimized out>, bound=...)
at ../../base/bind_internal.h:361
#3 base::internal::Invoker<base::internal::BindState<void (content::(anonymous namespace)::WebContentsCaptureMachine::*)(), base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> >, void ()>::Run(base::internal::BindStateBase*) (base=0xf6cdeb171c0) at ../../base/bind_internal.h:339
#4 0x00005555573bc4ce in Run (this=<optimized out>) at ../../base/callback.h:47
#5 base::debug::TaskAnnotator::RunTask (this=<optimized out>, queue_function=0x55555a1203e3 "MessageLoop::PostTask",
pending_task=0x7fffffffd930) at ../../base/debug/task_annotator.cc:52
#6 0x000055555735a71c in base::MessageLoop::RunTask (this=0xf6cdded5380, pending_task=0x7fffffffd930)
at ../../base/message_loop/message_loop.cc:413
#7 0x000055555735a9c8 in base::MessageLoop::DeferOrRunPendingTask (this=0xf6cdded5380, pending_task=...)
at ../../base/message_loop/message_loop.cc:422
#8 0x000055555735ae8e in base::MessageLoop::DoDelayedWork (this=0xf6cdded5380, next_delayed_work_time=<optimized out>)
at ../../base/message_loop/message_loop.cc:554
#9 0x000055555735c2c0 in HandleDispatch (this=<optimized out>) at ../../base/message_loop/message_pump_glib.cc:278
#10 base::(anonymous namespace)::WorkSourceDispatch (source=<optimized out>, unused_func=<optimized out>,
unused_data=<optimized out>) at ../../base/message_loop/message_pump_glib.cc:109
#11 0x00007ffff6b3ae04 in g_main_dispatch (context=0xf6cdddfacc0) at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:3064
#12 g_main_context_dispatch (context=context@entry=0xf6cdddfacc0) at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:3663
#13 0x00007ffff6b3b048 in g_main_context_iterate (context=context@entry=0xf6cdddfacc0, block=block@entry=1,
dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:3734
#14 0x00007ffff6b3b0ec in g_main_context_iteration (context=0xf6cdddfacc0, may_block=1)
at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:3795
#15 0x000055555735c186 in base::MessagePumpGlib::Run (this=0xf6cddf53600, delegate=<optimized out>)
at ../../base/message_loop/message_pump_glib.cc:309
#16 0x0000555557375951 in base::RunLoop::Run (this=0x7fffffffdbe8) at ../../base/run_loop.cc:35
#17 0x0000555557289e81 in ChromeBrowserMainParts::MainMessageLoopRun (this=0xf6cdde17b40, result_code=0xf6cdde10a98)
at ../../chrome/browser/chrome_browser_main.cc:2010
#18 0x0000555556be6854 in content::BrowserMainLoop::RunMainMessageLoopParts (this=0xf6cdde10a80)
at ../../content/browser/browser_main_loop.cc:984
#19 0x0000555556be919f in content::BrowserMainRunnerImpl::Run (this=0xf6cdde00f80)
at ../../content/browser/browser_main_runner.cc:141
#20 0x0000555556be2f36 in content::BrowserMain (parameters=...) at ../../content/browser/browser_main.cc:46
#21 0x00005555570f3d10 in content::ContentMainRunnerImpl::Run (this=0xf6cdddfd2d0)
at ../../content/app/content_main_runner.cc:774
#22 0x00005555570f2e94 in content::ContentMain (params=...) at ../../content/app/content_main.cc:20
#23 0x00005555560d1a37 in ChromeMain (argc=5, argv=0x7fffffffde88) at ../../chrome/app/chrome_main.cc:108
#24 0x00007ffff1626f45 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#25 0x00005555560d1925 in _start ()
,
Dec 9 2016
I cannot reproduce this with Debug builds, nor with Chromium snapshots from around the same revision.
,
Dec 9 2016
OK, this is more likely to be a clang bug, than a Chrome bug. I can only reproduce it with a non-default release build configuration that I've been using. optimize_for_size = true # false on Linux by default Further, compiler/BUILD.gn is patched. - "-march=x86-64", + "-march=haswell", With either missing, it doesn't reproduce. It appears this commit has caused it. https://chromium.googlesource.com/chromium/src/+/99de02ba952b0a69291f81c5b8ca14d81cc1f74f I've previously build M53 successfully with the above configuration, and the mentioned commit was introduced in 54.0.2786.0 so it adds up. I've let the author know, in case.
,
Dec 9 2016
제주특별자치도 서귀포시 남원읍 태수로 26번길14 2016. 12. 10. 오전 8:17에 "pdk… via monorail" < monorail+v2.2825603754@chromium.org>님이 작성:
,
Dec 10 2016
,
Dec 13 2016
I would try "disas" to see how the broken pointer to member function (broken vtable offset) has produced...
,
Dec 14 2016
,
Dec 14 2016
,
Dec 15 2016
56.0.2924.28
Program received signal SIGSEGV, Segmentation fault.
0x0000555556cd8bad in Invoke<base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> const&> (
method=&virtual table offset 93825019022562, receiver_ptr=...) at ../../base/bind_internal.h:214
214 return (receiver.*method)(std::forward<RunArgs>(args)...);
(gdb) disas
Dump of assembler code for function base::internal::Invoker<base::internal::BindState<void (content::(anonymous namespace)::WebContentsCaptureMachine::*)(), base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> >, void ()>::Run(base::internal::BindStateBase*):
0x0000555556cd8b64 <+0>: push %r15
0x0000555556cd8b66 <+2>: push %r14
0x0000555556cd8b68 <+4>: push %r12
0x0000555556cd8b6a <+6>: push %rbx
0x0000555556cd8b6b <+7>: push %rax
0x0000555556cd8b6c <+8>: mov %rdi,%r14
0x0000555556cd8b6f <+11>: lea 0x30(%r14),%rbx
0x0000555556cd8b73 <+15>: mov %rbx,%rdi
0x0000555556cd8b76 <+18>: callq 0x55555731bf00 <base::internal::WeakReference::is_valid() const>
0x0000555556cd8b7b <+23>: test %al,%al
0x0000555556cd8b7d <+25>: je 0x555556cd8bbf <base::internal::Invoker<base::internal::BindState<void (content::(anonymous namespace)::WebContentsCaptureMachine::*)(), base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> >, void ()>::Run(base::internal::BindStateBase*)+91>
0x0000555556cd8b7f <+27>: cmpq $0x0,0x8(%rbx)
0x0000555556cd8b84 <+32>: je 0x555556cd8bbf <base::internal::Invoker<base::internal::BindState<void (content::(anonymous namespace)::WebContentsCaptureMachine::*)(), base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> >, void ()>::Run(base::internal::BindStateBase*)+91>
0x0000555556cd8b86 <+34>: mov 0x20(%r14),%r12
0x0000555556cd8b8a <+38>: mov 0x28(%r14),%r15
0x0000555556cd8b8e <+42>: mov %rbx,%rdi
0x0000555556cd8b91 <+45>: callq 0x55555731bf00 <base::internal::WeakReference::is_valid() const>
0x0000555556cd8b96 <+50>: mov %r12,%rcx
0x0000555556cd8b99 <+53>: xor %edi,%edi
0x0000555556cd8b9b <+55>: test %al,%al
0x0000555556cd8b9d <+57>: cmovne 0x38(%r14),%rdi
0x0000555556cd8ba2 <+62>: add %r15,%rdi
0x0000555556cd8ba5 <+65>: test $0x1,%cl
0x0000555556cd8ba8 <+68>: je 0x555556cd8bb2 <base::internal::Invoker<base::internal::BindState<void (content::(anonymous namespace)::WebContentsCaptureMachine::*)(), base::WeakPtr<content::(anonymous namespace)::WebContentsCaptureMachine> >, void ()>::Run(base::internal::BindStateBase*)+78>
0x0000555556cd8baa <+70>: mov (%rdi),%rax
=> 0x0000555556cd8bad <+73>: mov -0x1(%rax,%rcx,1),%rcx
0x0000555556cd8bb2 <+78>: add $0x8,%rsp
0x0000555556cd8bb6 <+82>: pop %rbx
0x0000555556cd8bb7 <+83>: pop %r12
0x0000555556cd8bb9 <+85>: pop %r14
0x0000555556cd8bbb <+87>: pop %r15
0x0000555556cd8bbd <+89>: jmpq *%rcx
0x0000555556cd8bbf <+91>: add $0x8,%rsp
0x0000555556cd8bc3 <+95>: pop %rbx
0x0000555556cd8bc4 <+96>: pop %r12
0x0000555556cd8bc6 <+98>: pop %r14
0x0000555556cd8bc8 <+100>: pop %r15
0x0000555556cd8bca <+102>: retq
End of assembler dump.
,
Jan 4 2017
Doesn't seem to be an issue caused by DevTools
,
Jan 5 2017
,
Jan 5 2017
,
Jan 18 2017
pdknsk@gmail.com, Can you provide the crash ID? it is in chrome://crashes/
,
Jan 26 2017
Thank you for providing more feedback. Adding requester "tkonchada@chromium.org" for another review and adding "Needs-Review" label for tracking. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 30 2017
Unable to reproduce the issue on windows 7, Linux Ubuntu 14.04 using chrome version 56.0.2924.76. pdknsk@Could you please confirm are you still facing this issue on latest chrome version 56.0.2924.76.Please provide us the crash id from chrome://crashes to triage the issue further. Thanks,
,
Feb 13 2017
no response for 2 weeks. close this bug. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ranjitkan@chromium.org
, Dec 5 2016