chrome://welcome/ Aw, Snap!
Reported by
xftroxgpx@gmail.com,
Mar 31 2017
|
||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3046.0 Safari/537.36 Example URL: chrome://welcome/ Steps to reproduce the problem: 1. get latest chromium(or 460938 or 460718 ) via ./update.sh of https://github.com/xftroxgpx/chromium-latest-linux or directly: https://www.googleapis.com/download/storage/v1/b/chromium-browser-snapshots/o/Linux_x64%2F460938%2Fchrome-linux.zip?alt=media 2. run it via ./go 3. change settings to On Startup -> Continue where you left off Can also turn off "Use hardware acceleration when available" in Advanced and the "Continue running background apps when chromium is closed" 4. navigate to chrome://welcome/ if a tab of it is not already open 5. if it didn't crash yet, exit browser, re-run it and it should open chrome://welcome automatically. 6. retry step 5 until tab crashes Should crash at least once in 10 tries. What is the expected behavior? chrome://welcome tab does not crash with Aw, Snap! What went wrong? the chrome://welcome tab crashed on startup console shows: Received signal 11 SEGV_MAPERR 00000000000c #0 0x55911e2af7a7 base::debug::StackTrace::StackTrace() #1 0x55911e2af31f base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7f010468efe0 <unknown> #3 0x55911edcebeb cc::EffectTree::OnOpacityAnimated() #4 0x55911edf858f cc::LayerTreeImpl::SetOpacityMutated() #5 0x55911edf2bee cc::LayerTreeHostImpl::SetElementOpacityMutated() #6 0x55911ef9f433 cc::AnimationPlayer::TickAnimations() #7 0x55911ef9edf6 cc::AnimationPlayer::Tick() #8 0x55911ef9c82b cc::AnimationHost::TickAnimations() #9 0x55911edf19f7 cc::LayerTreeHostImpl::AnimateLayers() #10 0x55911ede774c cc::LayerTreeHostImpl::AnimateInternal() #11 0x55911ede7192 cc::LayerTreeHostImpl::UpdateSyncTreeAfterCommitOrImplSideInvalidation() #12 0x55911ede6fe0 cc::LayerTreeHostImpl::CommitComplete() #13 0x55911ee5a287 cc::ProxyImpl::ScheduledActionCommit() #14 0x55911ee33f9d cc::Scheduler::ProcessScheduledActions() #15 0x55911ee345ab cc::Scheduler::NotifyReadyToCommit() #16 0x55911ee58639 cc::ProxyImpl::NotifyReadyToCommitOnImpl() #17 0x55911e331b20 base::debug::TaskAnnotator::RunTask() #18 0x55911e2c7fed base::MessageLoop::RunTask() #19 0x55911e2c8308 base::MessageLoop::DeferOrRunPendingTask() #20 0x55911e2c8826 base::MessageLoop::DoWork() #21 0x55911e2c966a base::MessagePumpDefault::Run() #22 0x55911e2c7d17 base::MessageLoop::RunHandler() #23 0x55911e2e541e base::RunLoop::Run() #24 0x55911e307d37 base::Thread::ThreadMain() #25 0x55911e303863 base::(anonymous namespace)::ThreadFunc() #26 0x7f01046842e7 start_thread #27 0x7f00fdd6254f __GI___clone r8: 0000000000000000 r9: 3ff0000000000000 r10: 0000000000000000 r11: 0000000000000246 r12: 0000000000000005 r13: 0000338c1405b5a0 r14: 0000338c13fb69a0 r15: 0000000400000000 di: 0000338c13fb6828 si: 0000000400000000 bp: 0000000000000000 bx: 0000338c13fb6828 dx: 0000000000000005 ax: 0000000000000000 cx: 0000338c13fef360 sp: 00007f00f280c170 ip: 000055911edcebeb efl: 0000000000010246 cgf: 002b000000000033 erf: 0000000000000004 trp: 000000000000000e msk: 0000000000000000 cr2: 000000000000000c [end of stack trace] Calling _exit(1). Core file will not be generated. Does it occur on multiple sites: No Is it a problem with a plugin? No Did this work before? Yes no idea? Does this work in other browsers? Yes Chrome version: 59.0.3057.0 Channel: n/a OS Version: Flash Version: (Disabled) Thanks for your time! Cheers.
,
Mar 31 2017
I used ./update.sh to pull 457961 and it doesn't seem to crash after 20 restarts. So maybe that can be used as bisect start? I'll look up how to do a binaries-only bisect.
,
Mar 31 2017
Able to reproduce the issue on linux ubuntu 14.04 using chromium reported version-59.0.3057.0 by following the same steps mentioned in comment#0 & observed chromium getting crashed after trying 2 to 3 times. Note: Unable to reproduce the issue using same chrome version-59.0.3057.0 with same steps on Ubuntu 14.04. Hence marking it as Untriaged for further investigation from dev.Please find the attached screencast for reference. Could someone from dev team please look into this issue. Thanks!!
,
Mar 31 2017
My bisecting attempts (if good): LastBad: 460655 LastGood: 460649 rest are missing revisions
,
Mar 31 2017
I meant: LastGood: 460649 FirstBad: 460655
,
Mar 31 2017
I stand corrected, i managed to make 460649 crash too! (it's really random, kind of - possibly depends on cache/memory state) I'll rebisect... pls stand by.
,
Mar 31 2017
Ok new bisect shows: LastGood: 460645 (after 34 tries couldn't crash it) FirstBad: 460649
,
Mar 31 2017
omg, this is ridiculous:)) crashed 460645 too... after just waiting for a few minutes and re-running it. Chromium 59.0.3057.0 (Developer Build) (64-bit) Revision 174eb44312202a5132de900553f7c302da0feef6-refs/heads/master@{#460645} OS Linux JavaScript V8 5.9.134 Flash (Disabled) User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3057.0 Safari/537.36 I'll spend more time trying to crash them, ignore the above bisects! Will rebisect!
,
Mar 31 2017
Alright, I'm confident about this bisect now: LastGood: 460419 FirstBad: 460423 (inbetween are missing revisions, not found to be downloaded that is) -------- The version that crashes sometimes on 1st try and sometimes on 34th: The Chromium Authors Copyright 2017 The Chromium Authors. All rights reserved. Chromium 59.0.3056.0 (Developer Build) (64-bit) Revision ea09f3374e3fc4f7669390b1203b1354c3a9cd0e-refs/heads/master@{#460423} OS Linux JavaScript V8 5.9.128 Flash (Disabled) User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3056.0 Safari/537.36 Command Line ./latest/chrome --disk-cache-dir=/tmp/chromiumcache-run.sh --disable-sync-preferences --disable-plugins --cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83 --disable-component-extensions-with-background-pages --disable-background-networking --disable-internal-flash --disable-bundled-ppapi-flash --disable-default-apps --ssl-version-min=tls1 --disallow-autofill-sync-credential --disable-device-discovery-notifications --no-pings --disable-media-source --disable-ntp-other-sessions-menu --disable-prefixed-encrypted-media --disable-touch-adjustment --disable-views-rect-based-targeting --disable-webgl --disable-account-consistency --enable-async-dns --enable-deferred-image-decoding --enable-download-resumption --enable-drop-sync-credential --disable-material-design-ntp --disable-new-avatar-menu --disable-new-profile-management --enable-offline-auto-reload-visible-only --disable-offline-auto-reload --enable-offline-load-stale-cache --enable-one-copy --enable-panels --disable-password-generation --enable-permissions-bubbles --disable-extensions-on-chrome-urls --disable-pinch-virtual-viewport --disable-pinch --enable-quic --disable-save-password-bubble --enable-session-crashed-bubble --disable-settings-window --use-simple-cache-backend=off --disable-smooth-scrolling --disable-sync-app-list --disable-sync-synced-notifications --enable-tcp-fastopen --disable-touch-editing --enable-web-based-signin --disable-zero-copy --enable-harfbuzz-rendertext --enable-impl-side-painting --enable-lcd-text --num-raster-threads=4 --disable-origin-chip --disable-overlay-scrollbar --remember-cert-error-decisions=-1 --enable-search-button-in-omnibox-always --disable-spelling-auto-correct --tab-capture-downscale-quality=fast --tab-capture-upscale-quality=fast --touch-events=disabled --wallet-service-use-sandbox=0 --enable-gpu-vsync --show-component-extension-options --disable-gpu-rasterization --disable-hyperlink-auditing --enable-vertical-tabs --disable-audio-support-for-desktop-share --disable-gpu --disable-features=NoStatePrefetch --user-data-dir=./user-data-dir --log-net-log=/tmp/chromium-go-chrome-net-export-log.json --user-data-dir=/tmp/go --disk-cache-dir=/tmp/chromiumcache-go --flag-switches-begin --flag-switches-end Executable Path /home/xftroxgpx/build/2nonpkgs/browser.stuff/chromium.stuff/chromium-latest-linux/blobs/460423/chrome-linux/chrome Profile Path /tmp/go/Default Variations 6c18ba9d-f5103057 241fff6c-ca7d8d80 1e528f0f-15305a2 ba3f87da-92cc81ec cf558fa6-48a16532 a605b19e-3f4a17df 5ca89f9-3f4a17df f3499283-2f3631ce 5274eb09-3f4a17df 57f575bb-f23d1dea b684f56f-3f4a17df b791c1b8-3f4a17df 9773d3bd-3f4a17df b22b3d54-3f4a17df 9ef7d150-3f4a17df 2e109477-4f8eb0c8 64cbdfc2-3f4a17df 5139837c-3f4a17df 7f8176d9-3f4a17df b7786474-d93a0620 23a898eb-431d877b 7382e39a-3f4a17df 868bda90-3f4a17df 4ea303a6-3f4a17df ce152c12-3f4a17df 3a007b7-3f4a17df 64224f74-5087fa4a 56302f8c-3f4a17df 69bf80fa-3f4a17df ef25c1eb-3f4a17df 7fc902e8-3f4a17df d747916f-d747916f fe05be5f-4ad60575 11d91db8-d93a0620 828a5926-d8f52f32 The version that does NOT crash after at least 314 tries and another 59 tries after reboot: The Chromium Authors Copyright 2017 The Chromium Authors. All rights reserved. Chromium 59.0.3056.0 (Developer Build) (64-bit) Revision 7797e048d21a3dda3626236593f60c2af99f0e4c-refs/heads/master@{#460419} OS Linux JavaScript V8 5.9.128 Flash (Disabled) User Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3056.0 Safari/537.36 Command Line ./latest/chrome --disk-cache-dir=/tmp/chromiumcache-run.sh --disable-sync-preferences --disable-plugins --cipher-suite-blacklist=0x0001,0x0002,0x0004,0x0005,0x0017,0x0018,0xc002,0xc007,0xc00c,0xc011,0xc016,0xff80,0xff81,0xff82,0xff83 --disable-component-extensions-with-background-pages --disable-background-networking --disable-internal-flash --disable-bundled-ppapi-flash --disable-default-apps --ssl-version-min=tls1 --disallow-autofill-sync-credential --disable-device-discovery-notifications --no-pings --disable-media-source --disable-ntp-other-sessions-menu --disable-prefixed-encrypted-media --disable-touch-adjustment --disable-views-rect-based-targeting --disable-webgl --disable-account-consistency --enable-async-dns --enable-deferred-image-decoding --enable-download-resumption --enable-drop-sync-credential --disable-material-design-ntp --disable-new-avatar-menu --disable-new-profile-management --enable-offline-auto-reload-visible-only --disable-offline-auto-reload --enable-offline-load-stale-cache --enable-one-copy --enable-panels --disable-password-generation --enable-permissions-bubbles --disable-extensions-on-chrome-urls --disable-pinch-virtual-viewport --disable-pinch --enable-quic --disable-save-password-bubble --enable-session-crashed-bubble --disable-settings-window --use-simple-cache-backend=off --disable-smooth-scrolling --disable-sync-app-list --disable-sync-synced-notifications --enable-tcp-fastopen --disable-touch-editing --enable-web-based-signin --disable-zero-copy --enable-harfbuzz-rendertext --enable-impl-side-painting --enable-lcd-text --num-raster-threads=4 --disable-origin-chip --disable-overlay-scrollbar --remember-cert-error-decisions=-1 --enable-search-button-in-omnibox-always --disable-spelling-auto-correct --tab-capture-downscale-quality=fast --tab-capture-upscale-quality=fast --touch-events=disabled --wallet-service-use-sandbox=0 --enable-gpu-vsync --show-component-extension-options --disable-gpu-rasterization --disable-hyperlink-auditing --enable-vertical-tabs --disable-audio-support-for-desktop-share --disable-gpu --disable-features=NoStatePrefetch --user-data-dir=./user-data-dir --log-net-log=/tmp/chromium-go-chrome-net-export-log.json --user-data-dir=/tmp/go --disk-cache-dir=/tmp/chromiumcache-go --flag-switches-begin --flag-switches-end Executable Path /home/xftroxgpx/build/2nonpkgs/browser.stuff/chromium.stuff/chromium-latest-linux/blobs/460419/chrome-linux/chrome Profile Path /tmp/go/Default Variations 6c18ba9d-f5103057 241fff6c-ca7d8d80 1e528f0f-15305a2 ba3f87da-92cc81ec cf558fa6-48a16532 a605b19e-3f4a17df 5ca89f9-3f4a17df f3499283-2f3631ce 5274eb09-3f4a17df 57f575bb-f23d1dea b684f56f-3f4a17df b791c1b8-3f4a17df 9773d3bd-3f4a17df b22b3d54-3f4a17df 9ef7d150-3f4a17df 2e109477-4f8eb0c8 64cbdfc2-3f4a17df 5139837c-3f4a17df 7f8176d9-3f4a17df b7786474-d93a0620 23a898eb-431d877b 7382e39a-3f4a17df 868bda90-3f4a17df 4ea303a6-3f4a17df ce152c12-3f4a17df 3a007b7-3f4a17df 64224f74-5087fa4a 56302f8c-3f4a17df 69bf80fa-3f4a17df ef25c1eb-3f4a17df 7fc902e8-3f4a17df d747916f-d747916f fe05be5f-4ad60575 11d91db8-d93a0620 828a5926-d8f52f32
,
Apr 1 2017
Thanks for the report! We are looking at stopping this crash and looking into the root cause right now. Will update this bug as well w/ patch.
,
Apr 1 2017
,
Apr 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9975ad63f85f1fe76100602db98800b9232aa454 commit 9975ad63f85f1fe76100602db98800b9232aa454 Author: weiliangc <weiliangc@chromium.org> Date: Mon Apr 03 15:24:42 2017 cc: Avoid Crash in Effect Tree Animation by Element ID Instead of crash, early out of function trying to animate on effect tree by element id. The root cause of this crash is we are trying to animate a node that does not have element id set up in map yet. Before the bug was covered by operator[] used for access map, and that would ends up being a noop. R=wkorman BUG=706766, 707090 , 702774 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel Review-Url: https://codereview.chromium.org/2794673002 Cr-Commit-Position: refs/heads/master@{#461432} [modify] https://crrev.com/9975ad63f85f1fe76100602db98800b9232aa454/cc/trees/property_tree.cc
,
Apr 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9a3acfa5090cb502ba1af13609446a6b9a052dad commit 9a3acfa5090cb502ba1af13609446a6b9a052dad Author: Weiliang Chen <weiliangc@chromium.org> Date: Mon Apr 03 20:18:28 2017 cc: Avoid Crash in Effect Tree Animation by Element ID Instead of crash, early out of function trying to animate on effect tree by element id. The root cause of this crash is we are trying to animate a node that does not have element id set up in map yet. Before the bug was covered by operator[] used for access map, and that would ends up being a noop. R=wkorman BUG=706766, 707090 , 702774 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel Review-Url: https://codereview.chromium.org/2794673002 Cr-Commit-Position: refs/heads/master@{#461432} (cherry picked from commit 9975ad63f85f1fe76100602db98800b9232aa454) Review-Url: https://codereview.chromium.org/2792143002 . Cr-Commit-Position: refs/branch-heads/3061@{#3} Cr-Branched-From: 9e03960f75b3019372157db5c4fe5264dfc36616-refs/heads/master@{#461353} [modify] https://crrev.com/9a3acfa5090cb502ba1af13609446a6b9a052dad/cc/trees/property_tree.cc
,
Apr 3 2017
Hey, thanks for fixing this. One question: the previous comment seems to imply this was merged already, and yet I cannot find this with 'git log|less' or with 'git show 9a3acfa5090cb502ba1af13609446a6b9a052dad' even though I can see the latest commit just fine via both commands: https://chromium.googlesource.com/chromium/src/+/e3b13aecec9bb2473c003adb2d8e7dd0f350c9e7 Is it perhaps not really merged, yet? What am I missing?
,
Apr 4 2017
It is in tip of tree (comment#12) as well as the 59.0.3061.3 branch (comment#13), so you probably want to look for https://chromium.googlesource.com/chromium/src.git/+/9975ad63f85f1fe76100602db98800b9232aa454. Thanks for reporting this. Marking as fixed.
,
Apr 6 2017
Verified this issue on Ubuntu 14.04 with chrome version #59.0.3063.4 as steps mentioned in the comment #0. Restarted chrome for 20 times and didn't observe any crash while restarting the chrome browser. Fix is working as expected, hence adding TE-verified labels.
,
Apr 6 2017
Thanks all. Also verified 52 times with Chromium 59.0.3063.0 (Developer Build) (64-bit) Revision 55a0d68a285e26dec347e5c9eed05707b845486b-refs/heads/master@{#461715} PS: couldn't post c#16,c#17 would get autodeleted after Save, weirdly enough(see screenshot) |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by nyerramilli@chromium.org
, Mar 31 2017