Non-Regression: Browser is getting closed when clicked on helper extension for mosiac |
|||||
Issue descriptionChrome Version: 60.0.3110.0 OS: Ubuntu 14.04, Win 7 What steps will reproduce the problem? (1)Launch chrome>> Navigate to chrome web store>> search for helper extension for mosiac (2)Add extension>> keep clicking multiple times on extension present beside omnibox and observe crash id 707d626b70000000 Expected Browser should not close Actual Browser is getting closed For graphics-related bugs, please copy/paste the contents of the about:gpu page at the end of this report.
,
May 25 2017
Able to reproduce this issue on Mac OS 10.12.4 using chrome latest dev #60.0.3110.0. Stack Trace: ------------- Thread 0 CRASHED [DUMP_REQUESTED @ 0x000055c9a1d8ad83 ] MAGIC SIGNATURE THREAD Stack Quality96%Show frame trust levels 0x000055c9a1d8ad83 (chrome -exception_handler.cc:665 ) google_breakpad::ExceptionHandler::WriteMinidump() 0x000055c99f29a5f1 (chrome -breakpad_linux.cc:756 ) breakpad::(anonymous namespace)::DumpProcess() 0x000055c99ff90d5e (chrome -dump_without_crashing.cc:23 ) base::debug::DumpWithoutCrashing() 0x000055c99eec5818 (chrome -render_process_host_impl.cc:1807 ) content::RenderProcessHostImpl::ShutdownForBadMessage(content::RenderProcessHost::CrashReportMode) 0x000055c99ed73de7 (chrome -render_frame_host_impl.cc ) content::RenderFrameHostImpl::OnDidCommitProvisionalLoad(IPC::Message const&) 0x000055c99ed6c06d (chrome -render_frame_host_impl.cc:788 ) content::RenderFrameHostImpl::OnMessageReceived(IPC::Message const&) 0x000055c9a0497bc9 (chrome -ipc_channel_proxy.cc:329 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) 0x000055c9a00138bf (chrome -callback.h:91 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000055c99ffa7dbf (chrome -message_loop.cc:409 ) base::MessageLoop::RunTask(base::PendingTask*) 0x000055c99ffa8217 (chrome -message_loop.cc:420 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x000055c99ffa7835 (chrome -message_loop.cc:508 ) base::MessageLoop::DoWork() 0x000055c99ffa951c (chrome -message_pump_glib.cc:313 ) base::MessagePumpGlib::Run(base::MessagePump::Delegate*) 0x000055c99ffc6d5d (chrome -run_loop.cc:111 ) base::RunLoop::Run() 0x000055c99fe76e26 (chrome -chrome_browser_main.cc:1963 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x000055c99ec871dc (chrome -browser_main_loop.cc:1180 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x000055c99ec9994c (chrome -browser_main_runner.cc:142 ) content::BrowserMainRunnerImpl::Run() 0x000055c99ec81c12 (chrome -browser_main.cc:46 ) content::BrowserMain(content::MainFunctionParams const&) 0x000055c99fc38954 (chrome -content_main_runner.cc:705 ) content::ContentMainRunnerImpl::Run() 0x000055c99fc3f477 (chrome -main.cc:469 ) service_manager::Main(service_manager::MainParams const&) 0x000055c99fc376f1 (chrome -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x000055c99e802a7b (chrome -chrome_main.cc:109 ) ChromeMain 0x00007f07d0e92ec4 (libc-2.19.so -libc-start.c:287 ) __libc_start_main 0x000055c99e8028ac (chrome + 0x00b8b8ac ) _start 0x00007ffebb480077
,
May 25 2017
,
May 26 2017
Issue 726456 has been merged into this issue.
,
May 26 2017
Interesting - this is crashing in OnDidCommitProvisionalLoad() for a bad message. Charlie, know someone who might be able to investigate?
,
May 26 2017
Kill 1 is RFH_CAN_COMMIT_URL_BLOCKED
,
May 26 2017
Can repro with Windows canary. The extension here is https://chrome.google.com/webstore/detail/helper-extension-for-mosa/nnhknchgeoeghedkfolliaihjghiijih/related?hl=en. This does not appear to be a browser crash -- instead, it seems that the browser window closes. So the renderer kill may be a clue, but we'll also need to understand what's causing the browser window to close.
,
May 26 2017
The Browser close is initiated via the extension windows.remove API: chrome.dll!chrome::UnloadController::ShouldCloseWindow C++ chrome.dll!Browser::ShouldCloseWindow C++ chrome.dll!BrowserView::CanClose C++ views.dll!views::NonClientView::CanClose C++ views.dll!views::Widget::Close C++ chrome.dll!BrowserView::Close C++ > chrome.dll!extensions::WindowsRemoveFunction::Run C++ chrome.dll!ExtensionFunction::RunWithValidation C++ chrome.dll!extensions::ExtensionFunctionDispatcher::DispatchWithCallbackInternal C++ chrome.dll!extensions::ExtensionFunctionDispatcher::Dispatch C++ chrome.dll!extensions::ExtensionWebContentsObserver::OnRequest C++ chrome.dll!IPC::DispatchToMethodImpl<extensions::ExtensionWebContentsObserver,void (__cdecl extensions::ExtensionWebContentsObserver::*)(content::RenderFrameHost * __ptr64,ExtensionHostMsg_Request_Params const & __ptr64) __ptr64,content::RenderFrameHost,std::tuple<ExtensionHostMsg_Request_Params>,0> C++ chrome.dll!IPC::DispatchToMethod<extensions::ExtensionWebContentsObserver,content::RenderFrameHost,ExtensionHostMsg_Request_Params const & __ptr64,ExtensionHostMsg_Request_Params> C++ chrome.dll!IPC::MessageT<ExtensionHostMsg_Request_Meta,std::tuple<ExtensionHostMsg_Request_Params>,void>::Dispatch<extensions::ExtensionWebContentsObserver,extensions::ExtensionWebContentsObserver,content::RenderFrameHost,void (__cdecl extensions::ExtensionWebContentsObserver::*)(content::RenderFrameHost * __ptr64,ExtensionHostMsg_Request_Params const & __ptr64) __ptr64> C++ chrome.dll!extensions::ExtensionWebContentsObserver::OnMessageReceived C++ chrome.dll!extensions::ChromeExtensionWebContentsObserver::OnMessageReceived C++ content.dll!content::WebContentsImpl::OnMessageReceived C++ content.dll!content::RenderFrameHostImpl::OnMessageReceived C++ content.dll!content::RenderProcessHostImpl::OnMessageReceived C++ Probably just a bad extension.
,
May 26 2017
Is the browser closing causing the bad message in the renderer, or is that a separate issue?
,
May 31 2017
It's plausible that the bad message is coming from a side effect of triggering fast shutdown. However, I haven't yet managed to repro the kill in a local debug build. It's probably worth looking to figure out the kill here, and understand why this commit message arrives in renderer that's illegal for the URL.
,
May 31 2017
The kill could be a variation of bug 652708, which is already well understood. Or it could be a red herring. And, I can't repro it. My suspicion is that this extension is buggy. It seems it's supposed to move tabs into a view provided by a companion extension ('Mosaic', by the same author, https://chrome.google.com/webstore/detail/mosaic/jjkdinonnkgnnapdocolkjfnabepfkmj ), but kills the tabs regardless even if they didn't open properly in Mosaic -- for example, because Mosaic is not installed, as occurs in these repro instructions. Marking this WontFix.
,
Aug 3 2017
I am posting a reliable-looking repro for this crash here in case this is something to fix. 1- Install Multitab Browser Sample (or just the BrowserSample) from chrome WebStore (https://chrome.google.com/webstore/detail/nfcmophndjlljioblddmepjbcfnocnak). 2- Open the browser app and navigate the app to Chrome WebStore (or just simply paste the same URL in step 1 in the location bar of the browser app). This will crash the renderer process for <webview>. Sample reports from my machine: 4cf5f3ffe0000000 |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by divya.pa...@techmahindra.com
, May 25 2017