Regression : Chrome crashes when navigating to chrome://signin-error/# in Guest mode.
Reported by
yfulgaon...@etouch.net,
Jan 9 2017
|
||||||||||||
Issue descriptionChrome Version : 57.0.2976.0 (Official Build) 062d7b445d6d0ebf509fd923ef027a0a3c6818b1-refs/heads/master@{#442165} 32/64 bit OS : Mac(10.12.1, 10.11.6, 10.12), Windows(7,8,10), Linux(14.04 LTS) What steps will reproduce the problem? 1. Launch chrome and navigate to chrome://signin-error/# in Guest mode. 2. Observe. Actual : Chrome crashes when navigating to chrome://signin-error/# in Guest mode. Expected : Chrome should not crash. Crash ID 6504daa6-5527-4760-8420-3699fe05a05a (Server ID: fbaad4d080000000) This is a regression issue broken in ‘M-55’ and will soon update other details.
,
Jan 9 2017
Using the per-revision bisect providing the bisect results, Good build: 55.0.2873.0 (Revision: 421052). Bad build: 55.0.2875.0 (Revision: 421703). You are probably looking for a change made after 421219 (known good), but no later than 421220 (first known bad). CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/1ceb0ca40370a0e0f40d8a9c379e6396672f4923..0abc347b7f09546244d619b81a5d0f3c55de3fee Assigning Stack Trace for the Crash ID -- fbaad4d080000000 Stack Trace :: =============== Thread 0 CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000050 ] MAGIC SIGNATURE THREAD Stack Quality79%Show frame trust levels 0x000000010beeea15 (Google Chrome Framework -string:1588 ) std::__1::basic_string<unsigned short, base::string16_char_traits, std::__1::allocator<unsigned short> >::basic_string(std::__1::basic_string<unsigned short, base::string16_char_traits, std::__1::allocator<unsigned short> > const&) 0x000000010e4aab9a (Google Chrome Framework -signin_error_ui.cc:63 ) SigninErrorUI::SigninErrorUI(content::WebUI*, SigninErrorHandler*) 0x000000010e34a6c1 (Google Chrome Framework -chrome_web_ui_controller_factory.cc:221 ) content::WebUIController* (anonymous namespace)::NewWebUI<SigninErrorUI>(content::WebUI*, GURL const&) 0x000000010b5b74e3 (Google Chrome Framework -web_ui_controller_factory_registry.cc:43 ) content::WebUIControllerFactoryRegistry::CreateWebUIControllerForURL(content::WebUI*, GURL const&) const 0x000000010b597758 (Google Chrome Framework -web_contents_impl.cc:5233 ) content::WebContentsImpl::CreateWebUI(GURL const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) 0x000000010b5a5537 (Google Chrome Framework -web_contents_impl.cc:4979 ) non-virtual thunk to content::WebContentsImpl::CreateWebUIForRenderFrameHost(GURL const&) 0x000000010b34e516 (Google Chrome Framework -render_frame_host_impl.cc:2767 ) content::RenderFrameHostImpl::UpdatePendingWebUI(GURL const&, int) 0x000000010b355b1a (Google Chrome Framework -render_frame_host_manager.cc:2346 ) content::RenderFrameHostManager::UpdateStateForNavigate(GURL const&, content::SiteInstance*, content::SiteInstance*, ui::PageTransition, bool, bool, content::GlobalRequestID const&, int, bool) 0x000000010b3555ed (Google Chrome Framework -render_frame_host_manager.cc:210 ) content::RenderFrameHostManager::Navigate(GURL const&, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, bool) 0x000000010b33b49f (Google Chrome Framework -navigator_impl.cc:373 ) content::NavigatorImpl::NavigateToEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, content::ReloadType, bool, bool, bool, scoped_refptr<content::ResourceRequestBodyImpl> const&) 0x000000010b33bc64 (Google Chrome Framework -navigator_impl.cc:467 ) content::NavigatorImpl::NavigateToPendingEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::ReloadType, bool) 0x000000010b32e3e8 (Google Chrome Framework -navigation_controller_impl.cc:1937 ) content::NavigationControllerImpl::NavigateToPendingEntryInternal(content::ReloadType) 0x000000010b32ad88 (Google Chrome Framework -navigation_controller_impl.cc:1879 ) content::NavigationControllerImpl::NavigateToPendingEntry(content::ReloadType) 0x000000010b32b9fa (Google Chrome Framework -navigation_controller_impl.cc:458 ) content::NavigationControllerImpl::LoadURLWithParams(content::NavigationController::LoadURLParams const&) 0x000000010e3921b7 (Google Chrome Framework -browser_navigator.cc:285 ) (anonymous namespace)::LoadURLInContents(content::WebContents*, GURL const&, chrome::NavigateParams*) 0x000000010e391d25 (Google Chrome Framework -browser_navigator.cc:551 ) chrome::Navigate(chrome::NavigateParams*) 0x000000010e38bfab (Google Chrome Framework -browser_commands.cc:555 ) chrome::OpenCurrentURL(Browser*) 0x000000010ba8ae87 (Google Chrome Framework -command_updater.cc:49 ) CommandUpdater::ExecuteCommandWithDisposition(int, WindowOpenDisposition) 0x000000010e3a6807 (Google Chrome Framework -chrome_omnibox_edit_controller.cc:30 ) ChromeOmniboxEditController::OnAutocompleteAccept(GURL const&, WindowOpenDisposition, ui::PageTransition, AutocompleteMatchType::Type) 0x000000010e293de7 (Google Chrome Framework -omnibox_edit_model.cc:679 ) OmniboxEditModel::OpenMatch(AutocompleteMatch, WindowOpenDisposition, GURL const&, std::__1::basic_string<unsigned short, base::string16_char_traits, std::__1::allocator<unsigned short> > const&, unsigned long) 0x000000010e29bdf6 (Google Chrome Framework -omnibox_view.cc:71 ) OmniboxView::OpenMatch(AutocompleteMatch const&, WindowOpenDisposition, GURL const&, std::__1::basic_string<unsigned short, base::string16_char_traits, std::__1::allocator<unsigned short> > const&, unsigned long) 0x000000010e58ac5c (Google Chrome Framework -omnibox_view_mac.mm:297 ) OmniboxViewMac::OpenMatch(AutocompleteMatch const&, WindowOpenDisposition, GURL const&, std::__1::basic_string<unsigned short, base::string16_char_traits, std::__1::allocator<unsigned short> > const&, unsigned long) 0x000000010e2935ed (Google Chrome Framework -omnibox_edit_model.cc:503 ) OmniboxEditModel::AcceptInput(WindowOpenDisposition, bool) 0x000000010e58c5c2 (Google Chrome Framework -omnibox_view_mac.mm:828 ) OmniboxViewMac::OnDoCommandBySelector(objc_selector*) 0x000000010e576fc5 (Google Chrome Framework -autocomplete_text_field_editor.mm:541 ) -[AutocompleteTextFieldEditor doCommandBySelector:] 0x00007fff8471ca28 (AppKit + 0x001fea28 ) -[NSTextInputContext(NSInputContext_WithCompletion) doCommandBySelector:completionHandler:] 0x00007fff846fa649 (AppKit + 0x001dc649 ) -[NSKeyBindingManager(NSKeyBindingManager_MultiClients) interpretEventAsCommand:forClient:] 0x00007fff84f31188 (AppKit + 0x00a13188 ) __84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke.1080 0x00007fff84f30fbc (AppKit + 0x00a12fbc ) __84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke_3 0x00007fff847027a0 (AppKit + 0x001e47a0 ) -[NSTextInputContext tryHandleEvent_HasMarkedText_withDispatchCondition:dispatchWork:continuation:] 0x00007fff84f30f37 (AppKit + 0x00a12f37 ) __84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke.1070 0x00007fff85f956cd (HIToolbox + 0x000636cd ) __TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_5 0x00007fff85f94511 (HIToolbox + 0x00062511 ) ___ZL23DispatchEventToHandlersP14EventTargetRecP14OpaqueEventRefP14HandlerCallRec_block_invoke 0x00007fff84f2a1cb (AppKit + 0x00a0c1cb ) __55-[NSTextInputContext handleTSMEvent:completionHandler:]_block_invoke.308 0x00007fff846fc078 (AppKit + 0x001de078 ) __55-[NSTextInputContext handleTSMEvent:completionHandler:]_block_invoke_2 0x00007fff846fbff9 (AppKit + 0x001ddff9 ) -[NSTextInputContext tryHandleTSMEvent_HasMarkedText_withDispatchCondition:dispatchWork:continuation:] 0x00007fff846fb9e8 (AppKit + 0x001dd9e8 ) -[NSTextInputContext handleTSMEvent:completionHandler:] 0x00007fff846fb0cc (AppKit + 0x001dd0cc ) _NSTSMEventHandler 0x00007fff85f3b354 (HIToolbox + 0x00009354 ) DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) 0x00007fff85f3a5c5 (HIToolbox + 0x000085c5 ) SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) 0x00007fff85f3a40e (HIToolbox + 0x0000840e ) SendEventToEventTargetWithOptions 0x00007fff85f91505 (HIToolbox + 0x0005f505 ) SendTSMEvent_WithCompletionHandler 0x00007fff85f919df (HIToolbox + 0x0005f9df ) __SendUnicodeTextAEToUnicodeDoc_WithCompletionHandler_block_invoke 0x00007fff85f91840 (HIToolbox + 0x0005f840 ) __SendFilterTextEvent_WithCompletionHandler_block_invoke 0x00007fff85f91556 (HIToolbox + 0x0005f556 ) SendTSMEvent_WithCompletionHandler 0x00007fff85f91340 (HIToolbox + 0x0005f340 ) SendFilterTextEvent_WithCompletionHandler 0x00007fff85f91001 (HIToolbox + 0x0005f001 ) SendUnicodeTextAEToUnicodeDoc_WithCompletionHandler 0x00007fff85f90db7 (HIToolbox + 0x0005edb7 ) __utDeliverTSMEvent_WithCompletionHandler_block_invoke_2 0x00007fff85f90c5d (HIToolbox + 0x0005ec5d ) __utDeliverTSMEvent_WithCompletionHandler_block_invoke 0x00007fff85f90a23 (HIToolbox + 0x0005ea23 ) TSMKeyEvent_WithCompletionHandler 0x00007fff85f90772 (HIToolbox + 0x0005e772 ) __TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_4 0x00007fff85f9059f (HIToolbox + 0x0005e59f ) __TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_3 0x00007fff85f902b5 (HIToolbox + 0x0005e2b5 ) __TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke_2 0x00007fff85f8ffec (HIToolbox + 0x0005dfec ) __TSMProcessRawKeyEventWithOptionsAndCompletionHandler_block_invoke 0x00007fff85f8f55c (HIToolbox + 0x0005d55c ) TSMProcessRawKeyEventWithOptionsAndCompletionHandler 0x00007fff84f30da8 (AppKit + 0x00a12da8 ) __84-[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:]_block_invoke.1061 0x00007fff84f30060 (AppKit + 0x00a12060 ) __204-[NSTextInputContext tryTSMProcessRawKeyEvent_orSubstitution:dispatchCondition:setupForDispatch:furtherCondition:doubleSpaceSubstitutionCondition:doubleSpaceSubstitutionWork:dispatchTSMWork:continuation:]_block_invoke.987 0x00007fff84f2feca (AppKit + 0x00a11eca ) -[NSTextInputContext tryTSMProcessRawKeyEvent_orSubstitution:dispatchCondition:setupForDispatch:furtherCondition:doubleSpaceSubstitutionCondition:doubleSpaceSubstitutionWork:dispatchTSMWork:continuation:] 0x00007fff84f307f2 (AppKit + 0x00a127f2 ) -[NSTextInputContext _handleEvent:options:allowingSyntheticEvent:completionHandler:] 0x00007fff84f2fd39 (AppKit + 0x00a11d39 ) -[NSTextInputContext _handleEvent:allowingSyntheticEvent:] 0x00007fff846f9ad0 (AppKit + 0x001dbad0 ) -[NSView interpretKeyEvents:] 0x000000010e576dde (Google Chrome Framework -autocomplete_text_field_editor.mm:482 ) -[AutocompleteTextFieldEditor interpretKeyEvents:] 0x00007fff846f98e4 (AppKit + 0x001db8e4 ) -[NSTextView keyDown:] 0x00007fff84e5199b (AppKit + 0x0093399b ) -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] 0x00007fff84e505d9 (AppKit + 0x009325d9 ) -[NSWindow(NSEventRouting) sendEvent:] 0x000000010e52602e (Google Chrome Framework -chrome_event_processing_window.mm:72 ) -[ChromeEventProcessingWindow sendEvent:] 0x00007fff84cdb51b (AppKit + 0x007bd51b ) -[NSApplication(NSEvent) sendEvent:] 0x000000010ba7611b (Google Chrome Framework -chrome_browser_application_mac.mm:277 ) __34-[BrowserCrApplication sendEvent:]_block_invoke 0x000000010bebe749 (Google Chrome Framework + 0x019a5749 ) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010ba75ef4 (Google Chrome Framework -chrome_browser_application_mac.mm:261 ) -[BrowserCrApplication sendEvent:] 0x00007fff8455a0b8 (AppKit + 0x0003c0b8 ) -[NSApplication run] 0x000000010bece31d (Google Chrome Framework -message_pump_mac.mm:637 ) base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) 0x000000010becd99b (Google Chrome Framework -message_pump_mac.mm:210 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x000000010beec2d2 (Google Chrome Framework -run_loop.cc:37 ) base::RunLoop::Run() 0x000000010ba7b218 (Google Chrome Framework -chrome_browser_main.cc:1987 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x000000010b25fcd3 (Google Chrome Framework -browser_main_loop.cc:1171 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x000000010b262991 (Google Chrome Framework -browser_main_runner.cc:141 ) content::BrowserMainRunnerImpl::Run() 0x000000010b25b87b (Google Chrome Framework -browser_main.cc:46 ) content::BrowserMain(content::MainFunctionParams const&) 0x000000010ba330ef (Google Chrome Framework -content_main_runner.cc:793 ) content::ContentMainRunnerImpl::Run() 0x000000010ba323b5 (Google Chrome Framework -content_main.cc:20 ) content::ContentMain(content::ContentMainParams const&) 0x000000010a51c37a (Google Chrome Framework -chrome_main.cc:112 ) ChromeMain 0x0000000108f74d99 (Google Chrome -chrome_exe_main_mac.c:85 ) main 0x00007fff9bcdd254 (libdyld.dylib + 0x00005254 ) start 0x00007fff9bcdd254 (libdyld.dylib + 0x00005254 ) start @anthonyvd -- Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner. Thank You.
,
Jan 9 2017
Users experienced this crash on the following builds: Mac Canary 57.0.2976.0 - 0.44 CPM, 1 reports, 1 clients (signature SigninErrorUI::SigninErrorUI) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Jan 9 2017
adding RBD label, please change if required.
,
Jan 9 2017
anthonyvd@, could you please revert the above suspect (https://codereview.chromium.org/2348423002) ASAP? Thank you!
,
Jan 9 2017
+msarda, new owner of this code. This bug should probably be fixed but it's definitely not a release blocker. chrome://signin-error is only meant to be loaded when navigating to an error modal that can't be shown in guest mode, so this shouldn't be a crash in the wild unless people manually navigate to that URL. As for reverting the CL linked above, this would disable a bunch of work done in that milestone (we'd have to disable the new User Menu and such), which is a pretty nuclear option considering how corner-case this crash is. I'll let Mihai's team prioritize this. Thanks!
,
Jan 9 2017
anthonyvd@, thank you so much for the quick update.
,
Jan 10 2017
I agree this should not be a release blocking bug.
,
Jan 10 2017
Note: We have the same crash in an incognito profile as well. I suppose we should even attempt to open these these URLS on incognito or in guest profiles.
,
Jan 11 2017
,
Jan 11 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a80bb6a60810ca919a1d01bc391716c040070b4f commit a80bb6a60810ca919a1d01bc391716c040070b4f Author: msarda <msarda@chromium.org> Date: Wed Jan 11 22:22:07 2017 Avoid loading the chrome sign-in URLs in incognito Chrome sign-in URLS are only supposed to be open in regular profiles and loading them in incognito or guest profiles leads to crashes. This CL avoids loading these URLs on incognito profiles. Screenshots after this change in a guest session: https://drive.google.com/a/chromium.org/file/d/0Bw1MJ8m7U5kbeHUxR0lZbGs4OFU/view?usp=sharing https://drive.google.com/a/chromium.org/file/d/0Bw1MJ8m7U5kbV2I4TnJ4enpuazg/view?usp=sharing https://drive.google.com/a/chromium.org/file/d/0Bw1MJ8m7U5kbLWdVOUZkc0JfeEU/view?usp=sharing BUG= 679265 Review-Url: https://codereview.chromium.org/2621083002 Cr-Commit-Position: refs/heads/master@{#443014} [modify] https://crrev.com/a80bb6a60810ca919a1d01bc391716c040070b4f/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc
,
Jan 12 2017
As per Comment#11, Tested this issue on windows 7, Mac 10.12.2, Linux Ubuntu 14.04 using chrome version-57.0.2979.0 & Windows clang build#57.0.2979.2 with the steps mentioned in comment #0. Observed chrome crash when user navigates to chrome://signin-error/# in guest mode & incognito mode. Please find the attached screen cast for the same. Adding TE-Verified labels. Thank you.
,
Jan 12 2017
,
Mar 24 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/82a6458a23cf1be17524e2d329e8f1c5668acb22 commit 82a6458a23cf1be17524e2d329e8f1c5668acb22 Author: zmin <zmin@chromium.org> Date: Fri Mar 24 15:53:02 2017 Make the chrome://signin-error accessiable by the incogtino System Profile. chrome://signin-error will be used by the profile of UserManager when force-sign-in policy is enabled so that the sign in error can be shown without opening browser window. Before: https://drive.google.com/open?id=0B7mk_V3OvgKRREY3cTBKSjdxSGc After: https://drive.google.com/open?id=0B7mk_V3OvgKRbFUwRmt4VVFRZ2c BUG= 642059 BUG= 679265 Review-Url: https://codereview.chromium.org/2769273002 Cr-Commit-Position: refs/heads/master@{#459436} [modify] https://crrev.com/82a6458a23cf1be17524e2d329e8f1c5668acb22/chrome/browser/ui/webui/chrome_web_ui_controller_factory.cc |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by yfulgaon...@etouch.net
, Jan 9 2017