New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 732787 link

Starred by 2 users
Status: Archived
Owner:
fsam...@chromium.org
Last visit > 30 days ago
Closed: Jul 2017
Cc:
sadrul@chromium.org
jonr...@chromium.org
mustash-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

FrameSinkManager::RegisterFrameSinkId Crash

Project Member Reported by jonr...@chromium.org, Jun 13 2017 
A new crash has begun appearing consistently on the mus_browser_tests FYI bots for the test BrowserTest.InterstitialCancelsGuestViewDialogs

BrowserTestBase received signal: Segmentation fault. Backtrace:
#0 0x00000372c76c base::debug::StackTrace::StackTrace()
#1 0x000003e46732 content::(anonymous namespace)::DumpStackTraceSignalHandler()
#2 0x7f8cfa9f7cb0 <unknown>
#3 0x0000055997c2 std::_Hashtable<>::_M_insert<>()
#4 0x0000055981f1 cc::FrameSinkManager::RegisterFrameSinkId()
#5 0x0000023a458d content::RenderWidgetHostViewChildFrame::RenderWidgetHostViewChildFrame()
#6 0x0000023a6bc8 content::RenderWidgetHostViewGuest::RenderWidgetHostViewGuest()
#7 0x0000023a6b80 content::RenderWidgetHostViewGuest::Create()
#8 0x00000267b672 content::WebContentsViewGuest::CreateViewForWidget()
#9 0x00000267462f content::WebContentsImpl::CreateRenderWidgetHostViewForRenderManager()
#10 0x0000026747ad content::WebContentsImpl::CreateRenderViewForRenderManager()
#11 0x00000239b353 content::RenderFrameHostManager::InitRenderView()
#12 0x000002396194 content::RenderFrameHostManager::ReinitializeRenderFrame()
#13 0x000002395648 content::RenderFrameHostManager::Navigate()
#14 0x000002372d17 content::NavigatorImpl::NavigateToEntry()
#15 0x000002373715 content::NavigatorImpl::NavigateToPendingEntry()
#16 0x0000023622b7 content::NavigationControllerImpl::NavigateToPendingEntryInternal()
#17 0x00000235d01b content::NavigationControllerImpl::NavigateToPendingEntry()
#18 0x00000235d34d content::NavigationControllerImpl::LoadEntry()
#19 0x00000235e3b9 content::NavigationControllerImpl::LoadURLWithParams()
#20 0x00000235dded content::NavigationControllerImpl::LoadURL()
#21 0x000002872b22 extensions::MimeHandlerViewGuest::DidAttachToEmbedder()
#22 0x000005cb41c4 guest_view::GuestViewBase::DidAttach()
#23 0x00000225df26 content::BrowserPluginGuest::OnWillAttachComplete()
#24 0x000001b1cbd1 _ZN4base8internal7InvokerINS0_9BindStateIMN8chromeos12_GLOBAL__N_121PrinterDiscovererImplEFvPNS3_17PrinterDiscoverer8ObserverERKSt6vectorINS3_7PrinterESaISA_EEEJNS_7WeakPtrIS5_EES8_SC_EEEFvvEE3RunEPNS0_13BindStateBaseE
#25 0x000005cb4add guest_view::GuestViewBase::WillAttach()
#26 0x00000225ddec content::BrowserPluginGuest::Attach()
#27 0x0000022579dd _ZN3IPC8MessageTI32BrowserPluginHostMsg_Attach_MetaSt5tupleIJi34BrowserPluginHostMsg_Attach_ParamsEEvE8DispatchIN7content21BrowserPluginEmbedderES8_NS7_15RenderFrameHostEMS8_FvPS9_iRKS3_EEEbPKNS_7MessageEPT_PT0_PT1_T2_
#28 0x0000022578e6 content::BrowserPluginEmbedder::OnMessageReceived()
#29 0x000002660416 content::WebContentsImpl::OnMessageReceived()
#30 0x000002378cac content::RenderFrameHostImpl::OnMessageReceived()
#31 0x00000254fbcf content::RenderProcessHostImpl::OnMessageReceived()
#32 0x000004a8afa1 IPC::ChannelProxy::Context::OnDispatchMessage()
#33 0x0000021750f3 _ZN4base8internal7InvokerINS0_9BindStateINS0_18IgnoreResultHelperIMN7content20BrowserMessageFilter8InternalEFbRKN3IPC7MessageEEEEJ13scoped_refptrIS6_ES8_EEEFvvEE3RunEPNS0_13BindStateBaseE
#34 0x0000006a87b9 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE1ELNS2_10RepeatModeE1EE3RunEv
#35 0x0000037dbf74 base::debug::TaskAnnotator::RunTask()
#36 0x00000374d029 base::MessageLoop::RunTask()
#37 0x00000374d2eb base::MessageLoop::DeferOrRunPendingTask()
#38 0x00000374d6f7 base::MessageLoop::DoWork()
#39 0x00000374fcb9 base::MessagePumpLibevent::Run()
#40 0x00000374cc4b base::MessageLoop::Run()
#41 0x0000037770aa base::RunLoop::Run()
#42 0x000003e7c206 content::MessageLoopRunner::Run()
#43 0x000003e7b045 content::TestNavigationObserver::Wait()
#44 0x00000381ffb8 ui_test_utils::NavigateToURLWithDispositionBlockUntilNavigationsComplete()
#45 0x000000c77e40 BrowserTest_InterstitialCancelsGuestViewDialogs_Test::RunTestOnMainThread()
#46 0x000003e46497 content::BrowserTestBase::ProxyRunTestOnMainThreadLoop()
#47 0x00000385d8d6 ChromeBrowserMainParts::PreMainMessageLoopRunImpl()
#48 0x00000385c88d ChromeBrowserMainParts::PreMainMessageLoopRun()
#49 0x00000192b999 chromeos::ChromeBrowserMainPartsChromeos::PreMainMessageLoopRun()
#50 0x000002254091 content::BrowserMainLoop::PreMainMessageLoopRun()
#51 0x000002637207 content::StartupTaskRunner::RunAllTasksNow()
#52 0x000002252405 content::BrowserMainLoop::CreateStartupTasks()
#53 0x000002256a52 content::BrowserMainRunnerImpl::Initialize()
#54 0x00000224f947 content::BrowserMain()
#55 0x0000036d273c content::ContentMainRunnerImpl::Run()
#56 0x0000056a16a9 service_manager::Main()
#57 0x0000036d1574 content::ContentMain()
#58 0x000003e45e16 content::BrowserTestBase::SetUp()
#59 0x00000381be73 InProcessBrowserTest::SetUp()
#60 0x000001c2cf51 testing::Test::Run()
#61 0x000001c2da60 testing::TestInfo::Run()

First failing build: https://build.chromium.org/p/chromium.fyi/builders/Mojo%20ChromiumOS/builds/18673

Suspect change: https://chromium.googlesource.com/chromium/src/+/ea6969825e1264bf84d00ead0c7f8e849e06f570

Comment 1 by jonr...@chromium.org, Jun 13 2017 

Confirmed the suspect change as the cause

Comment 2 by jamescook@chromium.org, Jun 15 2017

Cc: sadrul@chromium.org
Labels: -Pri-3 Proj-Mustash-Mus OS-Chrome Pri-1
I'm seeing this consistently this morning on my Linux workstation. Chrome r479694

out/Default/chrome --ash-host-window-bounds="0+0-1366x768" --user-data-dir=/tmp/udd --ash-dev-shortcuts --ash-debug-shortcuts --login-manager --mus

Happens with --mash too

P1 because I'm blocked on this.
Project Member

Comment 3 by bugdroid1@chromium.org, Jun 16 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1fe92efb170e46e52dc25ca38e87beedd8e84830

commit 1fe92efb170e46e52dc25ca38e87beedd8e84830
Author: Fady Samuel <fsamuel@chromium.org>
Date: Fri Jun 16 01:50:40 2017

Mus+Ash: Fix RenderWidgetHostViewChildFrame

RenderWidgetHostViewChildFrame should not be directly accessing SurfaceManager
if it's running in Mushrome/Mus+Ash.

Bug:  732787 
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation
Change-Id: If881cd23f1390eb0474e787837a21bd89c094555
Reviewed-on: https://chromium-review.googlesource.com/537513
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Fady Samuel <fsamuel@chromium.org>
Cr-Commit-Position: refs/heads/master@{#479901}
[modify] https://crrev.com/1fe92efb170e46e52dc25ca38e87beedd8e84830/content/browser/frame_host/render_widget_host_view_child_frame.cc

Comment 4 by fsam...@chromium.org, Jul 30 2017

Status: Fixed (was: Assigned)

Comment 5 by dchan@chromium.org, Jan 22 2018

Status: Archived (was: Fixed)

Comment 6 by lafo...@chromium.org, Feb 26 2018

Components: -MUS Internals>Services>WindowService

Sign in to add a comment