Issue 692996 link

Starred by 4 users

Issue metadata

Status:	Duplicate
Owner:	toyoshim@chromium.org
Closed:	Feb 2017
Cc:	perezju@chromium.org █ abdulsyed@chromium.org ajha@chromium.org gov...@chromium.org █ manoranj...@chromium.org nyerramilli@chromium.org █ brajkumar@chromium.org █ msrchandra@chromium.org █ ranjitkan@chromium.org
Components:	Blink>WebMIDI UI>Browser>Permissions
EstimatedDays:	----
NextAction:	----
OS:	Linux , Android , Windows , Mac
Pri:	1
Type:	Bug-Regression
Stability-Crash Fracas HasTestcase ReleaseBlock-Stable M-58 hasbisect-per-revision FoundIn-M-58

Regression: Browser crash is seen after blocking 'MIDI' and reloading the page

Reported by jshan...@etouch.net, Feb 16 2017

Issue description

Chrome Version : 58.0.3013.3 (Official Build) f3229ac11997e2b5fe740be8738c2ac80ab9f4c3-refs/branch-heads/3013@{#6} 32/64 bit
OS : Windows (7,8,10), Mac(10.11.6, 10.12.1, 10.12), Linux(14.04 LTS)

Steps:
1. Launch Chrome and navigate to https://permission.site
2. Click on 'MIDI', click on 'Block' of permission bubble and reload the page
3. Observe

Actual: Browser crash is seen after blocking 'MIDI' and reloading the page

Expected: Browser should not crash

This is regression issue, broken in ‘M 58’ and will soon update other info :

Good build: 58.0.3008.0 
Bad build: 58.0.3009.0 

Crash ID 9213e928-76f6-4c1f-a118-0c178f0b8bb8 (Server ID: 62d2bd3580000000)

Actual_video.mov
2.5 MB Download

Expected_video.mov
4.7 MB Download

Comment 1 by brajkumar@chromium.org, Feb 16 2017

Cc: brajkumar@chromium.org
Labels: hasbisect-per-revision ReleaseBlock-Dev
Owner: perezju@chromium.org
Status: Assigned (was: Unconfirmed)

Stack Trace:
-------------
Thread 14 CRASHED [EXC_BAD_INSTRUCTION / EXC_I386_INVOP @ 0x000000010d7eb14f ] MAGIC SIGNATURE THREAD
Stack Quality78%Show frame trust levels
0x000000010d7eb14f	(Google Chrome Framework -lock.h )	midi::MidiService::EndSession(midi::MidiManagerClient*)
0x000000010b21aea5	(Google Chrome Framework -tuple.h:91 )	bool IPC::MessageT<MidiHostMsg_EndSession_Meta, std::__1::tuple<>, void>::Dispatch<content::MidiHost, content::MidiHost, void, void (content::MidiHost::*)()>(IPC::Message const*, content::MidiHost*, content::MidiHost*, void*, void (content::MidiHost::*)())
0x000000010b21a977	(Google Chrome Framework -midi_host.cc:82 )	content::MidiHost::OnMessageReceived(IPC::Message const&)
0x000000010af7a001	(Google Chrome Framework -browser_message_filter.cc:87 )	content::BrowserMessageFilter::Internal::OnMessageReceived(IPC::Message const&)
0x000000010cb162bc	(Google Chrome Framework -message_filter_router.cc:22 )	IPC::MessageFilterRouter::TryFilters(IPC::Message const&)
0x000000010cb07002	(Google Chrome Framework -ipc_channel_proxy.cc:88 )	IPC::ChannelProxy::Context::TryFilters(IPC::Message const&)
0x000000010cb07141	(Google Chrome Framework -ipc_channel_proxy.cc:123 )	IPC::ChannelProxy::Context::OnMessageReceived(IPC::Message const&)
0x000000010cb050fd	(Google Chrome Framework -ipc_channel_mojo.cc:414 )	IPC::ChannelMojo::OnMessageReceived(IPC::Message const&)
0x000000010cb0a79a	(Google Chrome Framework -ipc_message_pipe_reader.cc:110 )	IPC::internal::MessagePipeReader::Receive(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> > const&, base::Optional<std::__1::vector<mojo::StructPtr<IPC::mojom::SerializedHandle>, std::__1::allocator<mojo::StructPtr<IPC::mojom::SerializedHandle> > > >)
0x000000010abf5ebf	(Google Chrome Framework -ipc.mojom.cc:262 )	IPC::mojom::ChannelStubDispatch::Accept(IPC::mojom::Channel*, mojo::Message*)
0x000000010cb0cd89	(Google Chrome Framework -ipc_mojo_bootstrap.cc:752 )	IPC::(anonymous namespace)::ChannelAssociatedGroupController::Accept(mojo::Message*)
0x000000010c61deaa	(Google Chrome Framework -connector.cc:256 )	mojo::Connector::ReadSingleMessage(unsigned int*)
0x000000010c61e150	(Google Chrome Framework -connector.cc:281 )	mojo::Connector::OnWatcherHandleReady(unsigned int)
0x000000010c62b6b3	(Google Chrome Framework -callback.h:85 )	mojo::Watcher::OnHandleReady(unsigned int)
0x000000010c56fb9f	(Google Chrome Framework -callback.h:68 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x000000010c59446a	(Google Chrome Framework -message_loop.cc:423 )	base::MessageLoop::RunTask(base::PendingTask*)
0x000000010c5947bb	(Google Chrome Framework -message_loop.cc:434 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
0x000000010c594b82	(Google Chrome Framework -message_loop.cc:527 )	base::MessageLoop::DoWork()
0x000000010c597334	(Google Chrome Framework -message_pump_libevent.cc:218 )	base::MessagePumpLibevent::Run(base::MessagePump::Delegate*)
0x000000010c5b60f2	(Google Chrome Framework -run_loop.cc:37 )	base::RunLoop::Run()
0x000000010b061293	(Google Chrome Framework -browser_thread_impl.cc:277 )	content::BrowserThreadImpl::IOThreadRun(base::RunLoop*)
0x000000010b061353	(Google Chrome Framework -browser_thread_impl.cc:312 )	content::BrowserThreadImpl::Run(base::RunLoop*)
0x000000010c5e2968	(Google Chrome Framework -thread.cc:333 )	base::Thread::ThreadMain()
0x000000010c5dda56	(Google Chrome Framework -platform_thread_posix.cc:71 )	base::(anonymous namespace)::ThreadFunc(void*)
0x00007fffa24daaaa	(libsystem_pthread.dylib + 0x00003aaa )	_pthread_body
0x00007fffa24da9f6	(libsystem_pthread.dylib + 0x000039f6 )	_pthread_start
0x00007fffa24da220	(libsystem_pthread.dylib + 0x00003220 )	thread_start
0x000000010c5dd9ff	(Google Chrome Framework + 0x01a219ff )	

Link to the list of the builds:
---------------------------------
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27midi%3A%3AMidiService%3A%3AEndSession%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D

Bisect Information:
--------------------
Using the per-revision bisect providing the bisect results,

You are probably looking for a change made after 449578 (known good), but no later than 449579 (first known bad).

CHANGE-LOG URL:
---------------------------------------
https://chromium.googlesource.com/chromium/src/+log/7f190b5091427c5d08ad224415ff1b5e5f57b90f..f1860b973a77bc737dd64664cdc0e382cfbaccf0

From the CL above, assigning the issue to the concern owner
Review-Url: https://codereview.chromium.org/2672803002

perezju@ - Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Note: Since this is a regression issue marking it as RB-Dev please feel free to edit if this is not the case.

Thanks!

Comment 2 by brajkumar@chromium.org, Feb 16 2017

Issue 693023 has been merged into this issue.

Comment 3 by nyerramilli@chromium.org, Feb 16 2017

Cc: manoranj...@chromium.org gov...@chromium.org abdulsyed@chromium.org ajha@chromium.org

Comment 4 by perezju@chromium.org, Feb 16 2017

Cc: perezju@chromium.org
Owner: ----
Status: Untriaged (was: Assigned)

My change is on test runners, nothing that gets compiled into Chrome, so pretty sure it can't be related to crashes reproduced manually.

Comment 5 by perezju@chromium.org, Feb 16 2017

Owner: toyoshim@chromium.org
Status: Assigned (was: Untriaged)

Not exactly sure how this works, but the link above about the crash info points to:
r449574 Web MIDI: add dynamic MidiManager instantiation support for Linux

Which sounds like a lot more related to the stack above.

Comment 6 by ajha@chromium.org, Feb 16 2017

Components: -Blink Blink>WebMIDI
Labels: OS-Android

Just to update this seems to be specific to MIDI permission and Issue doesn't repro with other type of notifications on https://permission.site page. 

Link to the list of the OS where the crashes are seen:
=======================================================
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27midi%3A%3AMidiService%3A%3AEndSession%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D

Single digits of crashes instances are seen on Windows,Mac and Linux and Android latest M-58(58.0.3014.0) shows 17 instances from 6 clients.

Comment 7 by manoranj...@chromium.org, Feb 16 2017

Labels: -ReleaseBlock-Dev ReleaseBlock-Stable

Not a Dev blocker since this is not a P0 functional use case.

Thank you!

Project Member

Comment 8 by sheriffbot@chromium.org, Feb 16 2017

Labels: FoundIn-M-58 Fracas

Users experienced this crash on the following builds:

Mac Canary 58.0.3014.0 -  2.25 CPM, 3 reports, 3 clients (signature midi::MidiService::EndSession)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Comment 9 by toyoshim@chromium.org, Feb 17 2017

Mergedinto: 691172
Status: Duplicate (was: Assigned)

A fix is already under code review.
Note: this is not a regression, but one newly added assertion finds a potential problem that does not matter actually now, but will be a problem for the new design.

►

Issue 692996 link

Issue metadata

Regression: Browser crash is seen after blocking 'MIDI' and reloading the page

Issue description

Comment 1 by brajkumar@chromium.org, Feb 16 2017

Comment 1 Deleted

Comment 2 by brajkumar@chromium.org, Feb 16 2017

Comment 2 Deleted

Comment 3 by nyerramilli@chromium.org, Feb 16 2017

Comment 3 Deleted

Comment 4 by perezju@chromium.org, Feb 16 2017

Comment 4 Deleted

Comment 5 by perezju@chromium.org, Feb 16 2017

Comment 5 Deleted

Comment 6 by ajha@chromium.org, Feb 16 2017

Comment 6 Deleted

Comment 7 by manoranj...@chromium.org, Feb 16 2017

Comment 7 Deleted

Comment 8 by sheriffbot@chromium.org, Feb 16 2017

Comment 8 Deleted

Comment 9 by toyoshim@chromium.org, Feb 17 2017

Comment 9 Deleted

Sign in to add a comment