Regression:Tab crash occurs while closing hangout chat in gmail.com |
|||||||||||||
Issue descriptionChrome Version:58.0.3021.0 dev OS:Windows What steps will reproduce the problem? (1)Launch chrome and Sign into gmail.com (2)Open any chat,close it and Observe expected result:No crash should be seen Actual result:Tab crash is seen while closing hangout chat in gmail.com This is a Regression issue broken in M-58 Manual bisect info: =================== Good Build:58.0.3020.0 Bad Build:58.0.3021.0 Linux behaviour will be updated soon.
,
Feb 23 2017
Issue is reproducible on the Mac OS 10.12.2, chrome version: 58.0.3021.0(crash id: 08c03db580000000) as well. Linux for the same version is not yet available.
,
Feb 23 2017
Able to reproduce this issue on Mac OS 10.12 using chrome latest Dev #58.0.3021.0 by following steps mentioned in the original comment. Observed crash whiling closing the gmail chat window. Bisect Information: --------------------- Using the per-revision bisect providing the bisect results, You are probably looking for a change made after 452015 (known good), but no later than 452016 (first known bad). CHANGE-LOG URL: ----------------- https://chromium.googlesource.com/chromium/src/+log/c688ec0f1e7fa2ba31238c5e316f738cf29bfc14..0ac9c3a4fbf57ad4cc2f954fc452fa62a729e0e1 From the CL above, assigning the issue to the concern owner Review-Url: https://codereview.chromium.org/2702213004 jochen@ - Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Stack Trace : ------------- Thread 0 CRASHED [EXC_BREAKPOINT / EXC_I386_BPT @ 0x000000010b45767f ] MAGIC SIGNATURE THREAD Stack Quality48%Show frame trust levels 0x000000010b45767f (Google Chrome Framework -ScheduledAction.cpp:55 ) blink::ScheduledAction::create(blink::ScriptState*, blink::ExecutionContext*, blink::ScriptValue const&, WTF::Vector<blink::ScriptValue, 0ul, WTF::PartitionAllocator> const&) 0x000000010ba0ada9 (Google Chrome Framework -DOMWindowTimers.cpp:88 ) blink::DOMWindowTimers::setTimeout(blink::ScriptState*, blink::EventTarget&, blink::ScriptValue const&, int, WTF::Vector<blink::ScriptValue, 0ul, WTF::PartitionAllocator> const&) 0x000000010b688cde (Google Chrome Framework -V8Window.cpp:5016 ) blink::DOMWindowV8Internal::setTimeout1Method(v8::FunctionCallbackInfo<v8::Value> const&) 0x0000000107719800 (Google Chrome Framework -api-arguments.cc:25 ) v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) 0x000000010779c319 (Google Chrome Framework -builtins-api.cc:111 ) v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::HeapObject>, v8::internal::Handle<v8::internal::FunctionTemplateInfo>, v8::internal::Handle<v8::internal::Object>, v8::internal::BuiltinArguments) 0x000000010779b7ec (Google Chrome Framework -builtins-api.cc:140 ) v8::internal::Builtin_Impl_HandleApiCall(v8::internal::BuiltinArguments, v8::internal::Isolate*) 0x000033faadd8437c 0x000033faae4cd4bc 0x000033faaec4f78b 0x000033faadd8579a 0x000033faaeca7aa3 0x000033faaee9ca3a 0x000033faaeca81e6 0x000033faaeca8479 0x000033faade5ed4a 0x000033faade30c9b 0x000033faaebfbbc7 0x000033faaebfb972 0x000033faadd8579a 0x000033faaec57df2 0x000033faaec57c22 0x000033faadd8579a 0x000033faaf37e0f1 0x000033faaf2fee04 0x000033faade5ed4a 0x000033faade30c9b 0x000033faaec777d5 0x000033faade5e7aa 0x000033faade30c9b 0x000033faaec77376 0x000033faade5ed4a 0x000033faade30c9b 0x000033faadd8579a 0x000033faaddf2027 0x000033faade2fb78 0x000033faadda516c 0x0000000107af2fc2 (Google Chrome Framework -execution.cc:144 ) v8::internal::(anonymous namespace)::Invoke(v8::internal::Isolate*, bool, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Handle<v8::internal::Object>, v8::internal::Execution::MessageHandling) 0x0000000107af31dd (Google Chrome Framework -execution.cc:180 ) v8::internal::Execution::TryCall(v8::internal::Isolate*, v8::internal::Handle<v8::internal::Object>, v8::internal::Handle<v8::internal::Object>, int, v8::internal::Handle<v8::internal::Object>*, v8::internal::Execution::MessageHandling, v8::internal::MaybeHandle<v8::internal::Object>*) 0x0000000107bffb25 (Google Chrome Framework -isolate.cc:3366 ) v8::internal::Isolate::PromiseReactionJob(v8::internal::Handle<v8::internal::PromiseReactionJobInfo>, v8::internal::MaybeHandle<v8::internal::Object>*, v8::internal::MaybeHandle<v8::internal::Object>*) 0x0000000107c00662 (Google Chrome Framework -isolate.cc:3438 ) v8::internal::Isolate::RunMicrotasksInternal() 0x0000000107bff709 (Google Chrome Framework -isolate.cc:3419 ) v8::internal::Isolate::RunMicrotasks() 0x000000010b486962 (Google Chrome Framework -V8ScriptRunner.cpp:672 ) blink::V8ScriptRunner::callFunction(v8::Local<v8::Function>, blink::ExecutionContext*, v8::Local<v8::Value>, int, v8::Local<v8::Value>*, v8::Isolate*) 0x000000010b474f49 (Google Chrome Framework -V8EventListener.cpp:112 ) blink::V8EventListener::callListenerFunction(blink::ScriptState*, v8::Local<v8::Value>, blink::Event*) 0x000000010b46e41b (Google Chrome Framework -V8AbstractEventListener.cpp:142 ) blink::V8AbstractEventListener::invokeEventHandler(blink::ScriptState*, blink::Event*, v8::Local<v8::Value>) 0x000000010b46e2ee (Google Chrome Framework -V8AbstractEventListener.cpp:101 ) blink::V8AbstractEventListener::handleEvent(blink::ScriptState*, blink::Event*) 0x000000010b46e20d (Google Chrome Framework -V8AbstractEventListener.cpp:89 ) blink::V8AbstractEventListener::handleEvent(blink::ExecutionContext*, blink::Event*) 0x000000010b9eb312 (Google Chrome Framework -EventTarget.cpp:712 ) blink::EventTarget::fireEventListeners(blink::Event*, blink::EventTargetData*, blink::HeapVector<blink::RegisteredEventListener, 1ul>&) 0x000000010b9ea74c (Google Chrome Framework -EventTarget.cpp:574 ) blink::EventTarget::fireEventListeners(blink::Event*) 0x000000010b9ea62c (Google Chrome Framework -EventTarget.cpp:479 ) blink::EventTarget::dispatchEventInternal(blink::Event*) 0x000000010ba39ffa (Google Chrome Framework -LocalDOMWindow.cpp:641 ) blink::LocalDOMWindow::postMessageTimerFired(blink::PostMessageTimer*) 0x000000010ba3e229 (Google Chrome Framework -LocalDOMWindow.cpp:151 ) blink::PostMessageTimer::fired() 0x000000010b1766e4 (Google Chrome Framework -Timer.cpp:174 ) blink::TimerBase::runInternal() 0x000000010884addf (Google Chrome Framework -callback.h:68 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010b2c2e9b (Google Chrome Framework -task_queue_manager.cc:533 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, bool, blink::scheduler::LazyNow, base::TimeTicks*) 0x000000010b2c1071 (Google Chrome Framework -task_queue_manager.cc:331 ) blink::scheduler::TaskQueueManager::DoWork(bool) 0x000000010884addf (Google Chrome Framework -callback.h:68 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010887077a (Google Chrome Framework -message_loop.cc:423 ) base::MessageLoop::RunTask(base::PendingTask*) 0x0000000108870acb (Google Chrome Framework -message_loop.cc:434 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x000000010887108c (Google Chrome Framework -message_loop.cc:566 ) base::MessageLoop::DoDelayedWork(base::TimeTicks*) 0x0000000108874202 (Google Chrome Framework -message_pump_mac.mm:306 ) base::MessagePumpCFRunLoopBase::RunWork() 0x0000000108864ad9 (Google Chrome Framework + 0x019fbad9 ) base::mac::CallWithEHFrame(void () block_pointer) 0x0000000108873c63 (Google Chrome Framework -message_pump_mac.mm:278 ) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fffa4f8b8d0 (CoreFoundation + 0x000a48d0 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00007fffa4f6cc6b (CoreFoundation + 0x00085c6b ) __CFRunLoopDoSources0 0x00007fffa4f6c155 (CoreFoundation + 0x00085155 ) __CFRunLoopRun 0x00007fffa4f6bb53 (CoreFoundation + 0x00084b53 ) CFRunLoopRunSpecific 0x00007fffa699e611 (Foundation + 0x00022611 ) -[NSRunLoop(NSRunLoop) runMode:beforeDate:] 0x000000010887488d (Google Chrome Framework -message_pump_mac.mm:580 ) base::MessagePumpNSRunLoop::DoRun(base::MessagePump::Delegate*) 0x00000001088740ab (Google Chrome Framework -message_pump_mac.mm:210 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x0000000108892582 (Google Chrome Framework -run_loop.cc:37 ) base::RunLoop::Run() 0x000000010c6073bb (Google Chrome Framework -renderer_main.cc:200 ) content::RendererMain(content::MainFunctionParams const&) 0x00000001083cbd7f (Google Chrome Framework -content_main_runner.cc:836 ) content::ContentMainRunnerImpl::Run() 0x00000001083cb095 (Google Chrome Framework -content_main.cc:20 ) content::ContentMain(content::ContentMainParams const&) 0x0000000106e6c37a (Google Chrome Framework -chrome_main.cc:113 ) ChromeMain 0x000000010275dda9 (Google Chrome Helper -chrome_exe_main_mac.c:85 ) main 0x00007fffba568254 (libdyld.dylib + 0x00005254 ) start 0x00007fffba568254 (libdyld.dylib + 0x00005254 ) start
,
Feb 23 2017
Issue is also seen in Ubuntu 14.04 (#58.0.3021.0 dev)
,
Feb 23 2017
,
Feb 23 2017
Stack trace with magic signature 'blink::ScheduledAction::create' is top crasher on Windows and Mac canary(58.0.3021.0).
,
Feb 23 2017
looks like this is being reverted in https://codereview.chromium.org/2702213004
,
Feb 23 2017
Yeah, let's see whether it still applies
,
Feb 23 2017
Yeah, revert doesn't apply anymore :/
,
Feb 23 2017
Users experienced this crash on the following builds: Win Canary 58.0.3021.0 - 206.78 CPM, 821 reports, 567 clients (signature blink::ScheduledAction::create) Mac Canary 58.0.3021.0 - 92.48 CPM, 160 reports, 114 clients (signature blink::ScheduledAction::create) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Feb 23 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9a1bc1be11daef8aa12a72251bb7c9f9ca75cc36 commit 9a1bc1be11daef8aa12a72251bb7c9f9ca75cc36 Author: wfh <wfh@chromium.org> Date: Thu Feb 23 20:40:05 2017 Change security checks on scheduled actions to DCHECKs. BUG=693695, 694446 , 695336 Review-Url: https://codereview.chromium.org/2709383003 Cr-Commit-Position: refs/heads/master@{#452611} [modify] https://crrev.com/9a1bc1be11daef8aa12a72251bb7c9f9ca75cc36/third_party/WebKit/Source/bindings/core/v8/ScheduledAction.cpp
,
Feb 23 2017
Thx wfh for helping!
,
Feb 23 2017
Issue 695596 has been merged into this issue.
,
Feb 24 2017
Reproduce the issue on Chrome 58.0.3021.0/ CrOS9313.0.0 - Candy Crash ID : 1cc1a83ec0000000
,
Feb 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6385cf88e2c8d0c18c4ee08fca1398a2c4f66c0b commit 6385cf88e2c8d0c18c4ee08fca1398a2c4f66c0b Author: Grace Kihumba <gkihumba@google.com> Date: Sat Feb 25 00:47:38 2017 Change security checks on scheduled actions to DCHECKs. BUG=693695, 694446 , 695336 Review-Url: https://codereview.chromium.org/2709383003 Cr-Commit-Position: refs/heads/master@{#452611} (cherry picked from commit 9a1bc1be11daef8aa12a72251bb7c9f9ca75cc36) Review-Url: https://codereview.chromium.org/2717783002 . Cr-Commit-Position: refs/branch-heads/3021@{#3} Cr-Branched-From: 24ff81d5bbced05323d0ea9a56b3cac756015c7d-refs/heads/master@{#452347} [modify] https://crrev.com/6385cf88e2c8d0c18c4ee08fca1398a2c4f66c0b/third_party/WebKit/Source/bindings/core/v8/ScheduledAction.cpp
,
Feb 26 2017
,
Feb 27 2017
Not reproduce the issue on CrOS 9313.1.0/Chrome 58.0.3021.3 _candy, Peppy, Daisy
,
Feb 28 2017
Verified this issue on Windows-10, Mac 10.12.3 and Ubuntu-14.04 using Chrome version #58.0.3025.5 as per the comment #0. Observed that the fix is working as expected. Attaching the screen cast for reference. Hence, adding the verified labels. Thanks.
,
Mar 14 2017
Verified on ChromeOS 9334.9.0 / 58.0.3029.18 |
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by ratnavar...@techmahindra.com
, Feb 23 201729.5 MB
29.5 MB Download