RenderWidgetHostViewChildFrame::SetCrossProcessFrameConnector Crash |
|||||
Issue descriptionA crash is being seen in: RenderWidgetHostViewChildFrame::SetCrossProcessFrameConnector with the check parent_frame_sink_id_.is_valid() failing. Running on the 'oxygen build' target_os = "chromeos" is_debug = true is_component_build = true use_goma = true use_ozone = true ozone_auto_platforms = false ozone_platform_x11 = true ozone_platform = "x11" enable_nacl = false Reproduced with mash_browser_tests. Particularly:./out/oxygen/browser_tests --run-in-mash --gtest_filter=*ExtensionApiTest.ActiveTab* Stack Trace: [8859:8859:0329/165627.778458:FATAL:render_widget_host_view_child_frame.cc(98)] Check failed: parent_frame_sink_id_.is_valid(). #0 0x7f4c9cb7914b base::debug::StackTrace::StackTrace() #1 0x7f4c9cb7781c base::debug::StackTrace::StackTrace() #2 0x7f4c9cbdddec logging::LogMessage::~LogMessage() #3 0x7f4c94802252 content::RenderWidgetHostViewChildFrame::SetCrossProcessFrameConnector() #4 0x7f4c947298e2 content::CrossProcessFrameConnector::set_view() #5 0x7f4c947fcbdc content::RenderFrameProxyHost::SetChildRWHView() #6 0x7f4c947dcc81 content::RenderFrameHostManager::CommitPending() #7 0x7f4c947db86a content::RenderFrameHostManager::CommitPendingIfNecessary() #8 0x7f4c947db6be content::RenderFrameHostManager::DidNavigateFrame() #9 0x7f4c94783a1d content::NavigatorImpl::DidNavigate() #10 0x7f4c9478f50c content::RenderFrameHostImpl::OnDidCommitProvisionalLoad() #11 0x7f4c9478b896 content::RenderFrameHostImpl::OnMessageReceived() #12 0x7f4c94cbafa7 content::RenderProcessHostImpl::OnMessageReceived() #13 0x7f4c9822b638 IPC::ChannelProxy::Context::OnDispatchMessage() #14 0x7f4c98230ecf _ZN4base8internal13FunctorTraitsIMN3IPC12ChannelProxy7ContextEFvRKNS2_7MessageEEvE6InvokeIRK13scoped_refptrIS4_EJS7_EEEvS9_OT_DpOT0_ #15 0x7f4c98230db6 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN3IPC12ChannelProxy7ContextEFvRKNS4_7MessageEEJRK13scoped_refptrIS6_ES9_EEEvOT_DpOT0_ #16 0x7f4c98230d43 _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE7RunImplIRKSA_RKSt5tupleIJSC_S6_EEJLm0ELm1EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #17 0x7f4c98230c5c _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12ChannelProxy7ContextEFvRKNS3_7MessageEEJ13scoped_refptrIS5_ES6_EEEFvvEE3RunEPNS0_13BindStateBaseE #18 0x7f4c9cb7e80e _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #19 0x7f4c9cb7e111 base::debug::TaskAnnotator::RunTask() #20 0x7f4c9cc04e1e base::MessageLoop::RunTask() #21 0x7f4c9cc05084 base::MessageLoop::DeferOrRunPendingTask() #22 0x7f4c9cc05374 base::MessageLoop::DoWork() #23 0x7f4c9cc1b41c base::MessagePumpLibevent::Run() #24 0x7f4c9cc04a02 base::MessageLoop::RunHandler() #25 0x7f4c9cca77e4 base::RunLoop::Run() #26 0x000004d59a46 content::RunThisRunLoop() #27 0x000008809e5e extensions::ResultCatcher::GetNextResult() #28 0x000000a8439f extensions::(anonymous namespace)::ExtensionApiTest_ActiveTab_Test::RunTestOnMainThread() #29 0x000003bbfb15 InProcessBrowserTest::RunTestOnMainThreadLoop() #30 0x000004cce624 content::BrowserTestBase::ProxyRunTestOnMainThreadLoop() #31 0x0000008b3705 _ZN4base8internal13FunctorTraitsIM25RenderViewContextMenuBaseFvvEvE6InvokeIP21RenderViewContextMenuJEEEvS4_OT_DpOT0_ #32 0x0000008b3621 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKM25RenderViewContextMenuBaseFvvEJP21RenderViewContextMenuEEEvOT_DpOT0_ #33 0x000004ccf597 _ZN4base8internal7InvokerINS0_9BindStateIMN7content15BrowserTestBaseEFvvEJNS0_17UnretainedWrapperIS4_EEEEEFvvEE7RunImplIRKS6_RKSt5tupleIJS8_EEJLm0EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #34 0x000004ccf4dc _ZN4base8internal7InvokerINS0_9BindStateIMN7content15BrowserTestBaseEFvvEJNS0_17UnretainedWrapperIS4_EEEEEFvvEE3RunEPNS0_13BindStateBaseE #35 0x00000089a34d _ZNKR4base8CallbackIFvvELNS_8internal8CopyModeE1ELNS2_10RepeatModeE1EE3RunEv #36 0x000003c65b86 ChromeBrowserMainParts::PreMainMessageLoopRunImpl() #37 0x000003c64930 ChromeBrowserMainParts::PreMainMessageLoopRun() #38 0x0000028f9f6b chromeos::ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun() #39 0x7f4c94457bd1 content::BrowserMainLoop::PreMainMessageLoopRun() #40 0x7f4c938bc775 _ZN4base8internal13FunctorTraitsIMN7content22IndexedDBCallbacksImpl13InternalStateEFvvEvE6InvokeIPS4_JEEEvS6_OT_DpOT0_ #41 0x7f4c94461f91 _ZN4base8internal12InvokeHelperILb0EiE8MakeItSoIRKMN7content15BrowserMainLoopEFivEJPS5_EEEiOT_DpOT0_ #42 0x7f4c94461f37 _ZN4base8internal7InvokerINS0_9BindStateIMN7content15BrowserMainLoopEFivEJNS0_17UnretainedWrapperIS4_EEEEEFivEE7RunImplIRKS6_RKSt5tupleIJS8_EEJLm0EEEEiOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #43 0x7f4c94461e7c _ZN4base8internal7InvokerINS0_9BindStateIMN7content15BrowserMainLoopEFivEJNS0_17UnretainedWrapperIS4_EEEEEFivEE3RunEPNS0_13BindStateBaseE #44 0x7f4c937aa2ad _ZNKR4base8CallbackIFvvELNS_8internal8CopyModeE1ELNS2_10RepeatModeE1EE3RunEv #45 0x7f4c94f6cfdb content::StartupTaskRunner::RunAllTasksNow() #46 0x7f4c944558d0 content::BrowserMainLoop::CreateStartupTasks() #47 0x7f4c94465a17 content::BrowserMainRunnerImpl::Initialize() #48 0x7f4c94451f3f content::BrowserMain() #49 0x7f4c95b72906 content::RunNamedProcessTypeMain() #50 0x7f4c95b7489e content::ContentMainRunnerImpl::Run() #51 0x7f4c95b71d8a content::ContentServiceManagerMainDelegate::Run() #52 0x7f4c82297a1a service_manager::Main() #53 0x7f4c95b723fb content::ContentMain() #54 0x000004cce34c content::BrowserTestBase::SetUp() #55 0x000003bbe519 InProcessBrowserTest::SetUp() #56 0x0000015a2ced ExtensionBrowserTest::SetUp() #57 0x00000083b99e _ZN7testing8internal12InvokeHelperIRKNSt7__debug6vectorIPN12user_manager4UserESaIS6_EEESt5tupleIJEEE12InvokeMethodIN8chromeos15MockUserManagerEMSG_KFSA_vEEESA_PT_T0_RKSC_ #58 0x000004e739a2 testing::internal::HandleExceptionsInMethodIfSupported<>() #59 0x000004e68ca4 testing::Test::Run() #60 0x000004e6942d testing::TestInfo::Run() #61 0x000004e699cf testing::TestCase::Run()
,
Apr 28 2017
Repro'd this by visiting CWS and clicking on any extension/app. Chrome crashes when attempting to show the extension/app details.
,
Apr 28 2017
A simple solution would be to skip this work if the FrameSinkId is invalid. The FrameSinkId is invalid because we don't have a DelegatedFrameHost... Alternatively we can allocate the FrameSinkId earlier in RenderWidgetHostViewAura: https://cs.chromium.org/chromium/src/content/browser/renderer_host/render_widget_host_view_aura.cc?q=RenderWidgetHostViewAura+package:%5Echromium$&l=1936 But it won't actually do anything useful...
,
Apr 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b399a05453d7b3e2dfdec67865fefe6953bcc59e commit b399a05453d7b3e2dfdec67865fefe6953bcc59e Author: samans <samans@chromium.org> Date: Fri Apr 28 23:28:23 2017 Allocate a FrameSinkId for RenderWidgetHostViewAura in mus+ash RenderWidgetHostViewChildFrame expects its parent to have a valid FrameSinkId. Make sure RenderWidgetHostViewAura has a FrameSinkId even if DelegatedFrameHost is not used (in mus+ash). BUG= 706553 TBR=jam@chromium.org Review-Url: https://codereview.chromium.org/2847253003 Cr-Commit-Position: refs/heads/master@{#468179} [modify] https://crrev.com/b399a05453d7b3e2dfdec67865fefe6953bcc59e/content/browser/renderer_host/render_widget_host_view_aura.cc [modify] https://crrev.com/b399a05453d7b3e2dfdec67865fefe6953bcc59e/content/browser/renderer_host/render_widget_host_view_aura.h
,
Apr 30 2017
,
Feb 26 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by jonr...@chromium.org
, Mar 30 2017