Issue metadata
Sign in to add a comment
|
Crash load chrome://inspect if any extension has a "subframe" active |
||||||||||||||||||||||
Issue descriptionChrome Version: 59.0.3071.25 OS: ChromeOS Panther What steps will reproduce the problem? (Not sure what condition triggered this) (1) Open a new tab. (2) Type chrome://inspect. What is the expected result? Expect that chrome://inspect loads. What happens instead? Browser crashes (see crash Id 376c845d50000000). Not sure if this repros reliably in this build, yet, or if it's a rare thing.
,
May 1 2017
Adding the crash stack, and CC'ing vabr@, who has been doing a lot of base::Value memory-management cleanup lately. Stack Quality97%Show frame trust levels 0x00007f236f823510 (chrome + 0x02aaa510 ) base::internal::flat_tree<std::string, std::pair<std::string, std::unique_ptr<base::Value, std::default_delete<base::Value> > >, base::internal::GetKeyFromValuePairFirst<std::string, std::unique_ptr<base::Value, std::default_delete<base::Value> > >, std::less<std::string> >::equal_range(std::string const&) const 0x00007f236f820970 (chrome + 0x02aa7970 ) base::DictionaryValue::GetWithoutPathExpansion(base::BasicStringPiece<std::string>, base::Value const**) const 0x00007f236f820890 (chrome + 0x02aa7890 ) base::DictionaryValue::Get(base::BasicStringPiece<std::string>, base::Value const**) const 0x00007f236f820dfd (chrome + 0x02aa7dfd ) base::DictionaryValue::GetList(base::BasicStringPiece<std::string>, base::ListValue**) 0x00007f237123a15a (chrome + 0x044c115a ) (anonymous namespace)::LocalTargetsUIHandler::UpdateTargets() 0x00007f2371239226 (chrome + 0x044c0226 ) DevToolsTargetsUIHandler::CreateForLocal(base::Callback<void (std::string const&, base::ListValue const&), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&) 0x00007f23716d3767 (chrome + 0x0495a767 ) InspectUI::StartListeningNotifications() 0x00007f23716d2ef8 (chrome + 0x04959ef8 ) InspectUI::InitUI() 0x00007f236e4bf053 (chrome + 0x01746053 ) content::WebUIImpl::ProcessWebUIMessage(GURL const&, std::string const&, base::ListValue const&) 0x00007f236e4be15d (chrome + 0x0174515d ) bool IPC::MessageT<ViewHostMsg_WebUISend_Meta, std::tuple<GURL, std::string, base::ListValue>, void>::Dispatch<content::WebUIImpl, content::WebUIImpl, void, void (content::WebUIImpl::*)(GURL const&, std::string const&, base::ListValue const&)>(IPC::Message const*, content::WebUIImpl*, content::WebUIImpl*, void*, void (content::WebUIImpl::*)(GURL const&, std::string const&, base::ListValue const&)) 0x00007f236e4be032 (chrome + 0x01745032 ) content::WebUIImpl::OnMessageReceived(IPC::Message const&) 0x00007f236e496c61 (chrome + 0x0171dc61 ) content::WebContentsImpl::OnMessageReceived(content::RenderViewHostImpl*, IPC::Message const&) 0x00007f236e3d2259 (chrome + 0x01659259 ) content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&) 0x00007f236e3d6882 (chrome + 0x0165d882 ) content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const&) 0x00007f236e3c751b (chrome + 0x0164e51b ) content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&) 0x00007f236fc97454 (chrome + 0x02f1e454 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) 0x00007f236dc2003c (chrome + 0x00ea703c ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00007f236dc1a8bc (chrome + 0x00ea18bc ) base::MessageLoop::RunTask(base::PendingTask*) 0x00007f236dc1b662 (chrome + 0x00ea2662 ) base::MessageLoop::DoWork() 0x00007f236f7c08ea (chrome + 0x02a478ea ) base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) 0x00007f236f7dcc5d (chrome + 0x02a63c5d ) base::RunLoop::Run() 0x00007f236f459965 (chrome + 0x026e0965 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x00007f236e191530 (chrome + 0x01418530 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x00007f236e193e1c (chrome + 0x0141ae1c ) content::BrowserMainRunnerImpl::Run() 0x00007f236e18cc35 (chrome + 0x01413c35 ) content::BrowserMain(content::MainFunctionParams const&) 0x00007f236f417167 (chrome + 0x0269e167 ) content::ContentMainRunnerImpl::Run() 0x00007f2370970faa (chrome + 0x03bf7faa ) service_manager::Main(service_manager::MainParams const&) 0x00007f236f416111 (chrome + 0x0269d111 ) content::ContentMain(content::ContentMainParams const&) 0x00007f236dc9f4e3 (chrome + 0x00f264e3 ) ChromeMain 0x00007f236b598815 (libc-2.23.so -libc-start.c:289 ) __libc_start_main 0x00007f236dc9f318 (chrome + 0x00f26318 ) _start
,
May 1 2017
+brettw, on the off chance it's actually a flat_map/flat_set issue. Looks like this coming from the find() call at base/values.cc:869.
,
May 1 2017
,
May 2 2017
As per discussion offline, dropping to RB-Stable. Assigning to vabr@, since a couple of refactoring CLs in this code were merged to M59 recently.
,
May 2 2017
Could not reproduce with ASAN on CrOS ToT. Now trying on the 59.0.3071.25 tag.
,
May 2 2017
vabr: I've tracked this down to having one or more extensions with "subframes" active, e.g. the Hangouts extension. Adding SiteIsolation tag, since I think extension isolation may impact this.
,
May 3 2017
Thanks for the hint with Hangouts. I was able to reproduce on CrOS ASAN in 59.0.3071.25 with these steps: (1) Start with an empty profile. (2) Sign in at accounts.google.com. (3) Install https://chrome.google.com/webstore/detail/google-hangouts/nckgahadagoaajjgafhacjanaoiihapd (the Hangouts extension) (4) Visit about:inspect The stack trace confirms #2 here: this is in devtools_target_ui, which was fixed in bug 712119. And indeed, in 59.0.3071.30, which has the fixes (see #7 here), the issue no longer occurs. Therefore I am marking this as duplicate of bug 712119.
,
Nov 29
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by w...@chromium.org
, May 1 2017