New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 739260 link

Starred by 1 user
Status: Fixed
Owner:
lazyboy@chromium.org
Closed: Aug 2017
Cc:
manoranj...@chromium.org
nyerramilli@chromium.org
rbasuvula@chromium.org
msrchandra@chromium.org
ranjitkan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Tab crash is observed after clicking on 'Copy url' option in chrome://bookmarks.

Reported by rp...@etouch.net, Jul 5 2017 
Version: 61.0.3149.0 4485eb651f6f09c3183285927fe82d17fcd7a13e-refs/heads/master@{#484159}
OS: Windows (7,8,8.1,10),Linux (14.04 LTS),Mac OS X(10.11.6,10.12.3)

What steps will reproduce the problem?
1. Freshly launch chrome, navigate to chrome://bookmarks and click on bookmark icon in omnibox and bookmark the page itself.
2. Now click on 'More actions' iron icon and select 'Open in new window' option and close the window.
3. Now click on 'Delete' option from 'More actions' iron icon and then click on 'Copy url' and observe.

Actual: Tab crash is observed after clicking on 'Copy url' option 
Expected: Tab should not crash after clicking on 'Copy url' option 

Crash ID : Crash Report ID 1017b64d08000000 (Local Crash ID: 50b22098-ba2c-46dd-adc3-28da3411957d)

This is a non-regression issue, seen from M-60 series as 'Open in new window' option appears from build # 60.0.3101.0

Kindly review the attached video for reference.
Actual_video.mp4
370 KB View Download

Comment 1 by rbasuvula@chromium.org, Jul 5 2017

Cc: manoranj...@chromium.org
Labels: -M-61 M-60
Owner: lazyboy@chromium.org
Status: Assigned (was: Unconfirmed)
As per crash ID (1017b64d08000000) providing the below details from crash server.

Stack Trace:
------------
Thread 0 (id: 5972) CRASHED [Simulated Exception @ 0x000007fef2c0a54f ] MAGIC SIGNATURE THREAD
Stack Quality100%Show frame trust levels
0x000007fef2c0a54f	(chrome_elf.dll -crashpad.cc:306 )	crash_reporter::DumpWithoutCrashing()
0x000007feedac4ea8	(chrome.dll -render_process_host_impl.cc:2001 )	content::RenderProcessHostImpl::ShutdownForBadMessage(content::RenderProcessHost::CrashReportMode)
0x000007feedc6383f	(chrome.dll -extension_function.cc:543 )	UIThreadExtensionFunction::SetBadMessage()
0x000007feeed57d02	(chrome.dll -bookmark_manager_private_api.cc:376 )	extensions::ClipboardBookmarkManagerFunction::CopyOrCut(bool,std::vector<std::basic_string<char,std::char_traits<char>,std::allocator<char> >,std::allocator<std::basic_string<char,std::char_traits<char>,std::allocator<char> > > > const &)
0x000007feeed57e6c	(chrome.dll -bookmark_manager_private_api.cc:388 )	extensions::BookmarkManagerPrivateCopyFunction::RunOnReady()
0x000007feeed79d31	(chrome.dll -bookmarks_api.cc:237 )	extensions::BookmarksFunction::RunAndSendResponse()
0x000007feeed79665	(chrome.dll -bookmarks_api.cc:108 )	extensions::BookmarksFunction::RunAsync()
0x000007feeed39474	(chrome.dll -chrome_extension_function.cc:84 )	ChromeAsyncExtensionFunction::Run()
0x000007feedc63444	(chrome.dll -extension_function.cc:457 )	ExtensionFunction::RunWithValidation()
0x000007feedc654bf	(chrome.dll -extension_function_dispatcher.cc:454 )	extensions::ExtensionFunctionDispatcher::DispatchWithCallbackInternal(ExtensionHostMsg_Request_Params const &,content::RenderFrameHost *,int,base::Callback<void ,1,1> const &)
0x000007feedc65108	(chrome.dll -extension_function_dispatcher.cc:375 )	extensions::ExtensionFunctionDispatcher::Dispatch(ExtensionHostMsg_Request_Params const &,content::RenderFrameHost *,int)
0x000007feedc800b9	(chrome.dll -ipc_message_templates.h:121 )	IPC::MessageT<ExtensionHostMsg_Request_Meta,std::tuple<ExtensionHostMsg_Request_Params>,void>::Dispatch<extensions::ExtensionWebContentsObserver,extensions::ExtensionWebContentsObserver,content::RenderFrameHost,void ( extensions::ExtensionWebContentsObserver::*)(content::RenderFrameHost *,ExtensionHostMsg_Request_Params const &)>(IPC::Message const *,extensions::ExtensionWebContentsObserver *,extensions::ExtensionWebContentsObserver *,content::RenderFrameHost *,void ( extensions::ExtensionWebContentsObserver::*)(content::RenderFrameHost *,ExtensionHostMsg_Request_Params const &))
0x000007feedc7f9ed	(chrome.dll -extension_web_contents_observer.cc:164 )	extensions::ExtensionWebContentsObserver::OnMessageReceived(IPC::Message const &,content::RenderFrameHost *)
0x000007feeed24e47	(chrome.dll -chrome_extension_web_contents_observer.cc:90 )	extensions::ChromeExtensionWebContentsObserver::OnMessageReceived(IPC::Message const &,content::RenderFrameHost *)
0x000007feedb8ffd6	(chrome.dll -web_contents_impl.cc:796 )	content::WebContentsImpl::OnMessageReceived(content::RenderFrameHostImpl *,IPC::Message const &)
0x000007feed97df9b	(chrome.dll -render_frame_host_impl.cc:817 )	content::RenderFrameHostImpl::OnMessageReceived(IPC::Message const &)
0x000007feedac6951	(chrome.dll -render_process_host_impl.cc:2638 )	content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const &)
0x000007feee0cf1cb	(chrome.dll -ipc_channel_proxy.cc:329 )	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &)
0x000007feedfcc121	(chrome.dll -task_annotator.cc:59 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x000007feedf7b5a5	(chrome.dll -message_loop.cc:422 )	base::MessageLoop::RunTask(base::PendingTask *)
0x000007feedf7c102	(chrome.dll -message_loop.cc:540 )	base::MessageLoop::DoWork()
0x000007feedfcc6a0	(chrome.dll -message_pump_win.cc:173 )	base::MessagePumpForUI::DoRunLoop()
0x000007feedfcc323	(chrome.dll -message_pump_win.cc:56 )	base::MessagePumpWin::Run(base::MessagePump::Delegate *)
0x000007feedfa3d68	(chrome.dll -run_loop.cc:111 )	base::RunLoop::Run()
0x000007feedeaf3fb	(chrome.dll -chrome_browser_main.cc:1960 )	ChromeBrowserMainParts::MainMessageLoopRun(int *)
0x000007feed89e7d3	(chrome.dll -browser_main_runner.cc:142 )	content::BrowserMainRunnerImpl::Run()
0x000007feed897944	(chrome.dll -browser_main.cc:46 )	content::BrowserMain(content::MainFunctionParams const &)
0x000007feede02998	(chrome.dll -content_main_runner.cc:696 )	content::ContentMainRunnerImpl::Run()
0x000007feede1f04e	(chrome.dll -main.cc:469 )	service_manager::Main(service_manager::MainParams const &)
0x000007feede0216b	(chrome.dll -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const &)
0x000007feed53dc11	(chrome.dll -chrome_main.cc:133 )	ChromeMain
0x000000013f4a75b3	(chrome.exe -main_dll_loader_win.cc:199 )	MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks)
0x000000013f4a2628	(chrome.exe -chrome_exe_main_win.cc:268 )	wWinMain
0x000000013f56e992	(chrome.exe -exe_common.inl:253 )	__scrt_common_main_seh
0x76e1652c	(kernel32.dll + 0x0001652c )	BaseThreadInitThunk
0x76f4c520	(ntdll.dll + 0x0002c520 )	RtlUserThreadStart

Link to the list of builds:
----------------------------
https://goto.google.com/humyw

Using code search for the file, "extension_function.cc" suspecting the following CL.

https://chromium.googlesource.com/chromium/src/+log/d4f3029e7c0d0b14c89c2aa7cf7d68cf25e54580/extensions/browser/extension_function.cc

@lazyboy: Could you please look into the issue, kindly re-assign if this is not related to your changes.

Thank you!
Project Member

Comment 2 by sheriffbot@chromium.org, Jul 21 2017

Labels: Fracas FoundIn-M-61
Users experienced this crash on the following builds:

Mac Canary 61.0.3162.0 -  0.64 CPM, 2 reports, 2 clients (signature [Renderer kill] UIThreadExtensionFunction::SetBadMessage)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Project Member

Comment 3 by bugdroid1@chromium.org, Aug 24 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c7b1baa97de6b0d9884bd8e39dac474c2f2e4ee4

commit c7b1baa97de6b0d9884bd8e39dac474c2f2e4ee4
Author: Istiaque Ahmed <lazyboy@chromium.org>
Date: Thu Aug 24 22:40:51 2017

BookmarkManagerPrivate: Treat missing bookmark item as non-fatal error.

It is entirely possible to invoke cut/paste action on a bookmark
item that was deleted by other means. Treat this as a non-fatal error,
as opposed to killing the renderer. Also expand this treatment to similar
startDrag function.



on 3 dot menu to bring up the contextual menu of a particular bookmark, leave
the context menu opened. On the second window, delete that bookmark. On
the first window, select "Copy URL". Expect no more renderer/ crash/

Bug:  739260 
Test: Open two browser windows to chrome://bookmarks. On one window, click
Change-Id: If452108aedb8bf0d27ffc1853e46f6746c4fc68f
Reviewed-on: https://chromium-review.googlesource.com/627266
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Istiaque Ahmed <lazyboy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#497226}
[modify] https://crrev.com/c7b1baa97de6b0d9884bd8e39dac474c2f2e4ee4/chrome/browser/extensions/api/bookmark_manager_private/bookmark_manager_private_api.cc
[add] https://crrev.com/c7b1baa97de6b0d9884bd8e39dac474c2f2e4ee4/chrome/browser/extensions/api/bookmark_manager_private/bookmark_manager_private_api_unittest.cc
[modify] https://crrev.com/c7b1baa97de6b0d9884bd8e39dac474c2f2e4ee4/chrome/test/BUILD.gn

Comment 4 by lazyboy@chromium.org, Aug 24 2017

Status: Fixed (was: Assigned)

Sign in to add a comment