Issue metadata
Sign in to add a comment
|
Regression: Browser crash is seen on ending the task from task manager.
Reported by
aiman.an...@etouch.net,
Jul 27 2017
|
||||||||||||||||||||||
Issue descriptionChrome Version:62.0.3168.0 (Official Build)da2455bea333a5a4bfe61ba1fcfe9e325dc368e1-refs/heads/master@{#489803}(64-bit) OS: Mac(10.11.6, 10.12.3), Linux(14.04 LTS). Steps to reproduce: 1. Launch chrome, go to chrome://bookmarks. 2. Give Print command, Open Task manager from ‘Wrench icon > More tools’. 3. End Process for ‘Print: Bookmark Manage’. 4. Repeat step 2 and 3 and observe. Actual Result: Browser crash is observed on ending the process on second instance. Expected Result: Browser crash should not be seen on ending the process. Crash Report ID 7055895df8000000 (Local Crash ID: 5ac820fe-d7fa-470e-9fa5-76bd8fb347e2) This is Regression issue broken in M-60 and will soon update other bisect info. Manual Bisect Info: Good Build: 60.0.3102.0 Bad Build: 60.0.3014.0 Note: Issue is not seen on Win OS.
,
Jul 27 2017
Using the per-revision bisect providing the bisect results, Good build:60.0.3102.0(Revision:472262). Bad build:60.0.3104.0(Revision:473014). You are probably looking for a change made after 472324 (known good), but no later than 472325 (first known bad). CHANGE-LOG URL: --------------- https://chromium.googlesource.com/chromium/src/+log/afa32648e767d5288c0ea85ca18526ac8810fe0d..f2c4f1f94d10b019363f2d8c45defe00881cb5cb From the CL above, assigning the issue to the concern owner @lukasza : Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner. Review-Url: https://codereview.chromium.org/2857263003 Note :Able to reproduce the issue in Win 10.0,Ubuntu 14.04 & Mac 10.12.5 and Able to reproduce in latest Canary #62.0.3168.0 Stack Trace: ------------ Thread 0 (id: 104676) CRASHED [EXC_BREAKPOINT / EXC_I386_BPT @ 0x000000011080d918 ] MAGIC SIGNATURE THREAD Stack Quality78%Show frame trust levels 0x000000011080d918 (Google Chrome Framework -process_posix.cc:308 ) base::Process::Terminate(int, bool) const 0x000000011070fac3 (Google Chrome Framework -task.cc:72 ) task_manager::Task::Kill() 0x0000000113089d53 (Google Chrome Framework -task_manager_mac.mm:206 ) -[TaskManagerWindowController killSelectedProcesses:] 0x00007fff9966bc3c (libsystem_trace.dylib + 0x00005c3c ) _os_activity_initiate 0x00007fff820f3c9b (AppKit + 0x007c3c9b ) -[NSApplication(NSResponder) sendAction:to:from:] 0x00000001103c663a (Google Chrome Framework -chrome_browser_application_mac.mm:243 ) __43-[BrowserCrApplication sendAction:to:from:]_block_invoke 0x00000001107df8d9 (Google Chrome Framework + 0x01b1e8d9 ) base::mac::CallWithEHFrame(void () block_pointer) 0x00000001103c653d (Google Chrome Framework -chrome_browser_application_mac.mm:242 ) -[BrowserCrApplication sendAction:to:from:] 0x00007fff81bd945f (AppKit + 0x002a945f ) -[NSControl sendAction:to:] 0x00007fff81bd9387 (AppKit + 0x002a9387 ) __26-[NSCell _sendActionFrom:]_block_invoke 0x00007fff9966bc3c (libsystem_trace.dylib + 0x00005c3c ) _os_activity_initiate 0x00007fff81bd92df (AppKit + 0x002a92df ) -[NSCell _sendActionFrom:] 0x00007fff81c1bcd8 (AppKit + 0x002ebcd8 ) -[NSButtonCell _sendActionFrom:] 0x00007fff9966bc3c (libsystem_trace.dylib + 0x00005c3c ) _os_activity_initiate 0x00007fff81bd7bc5 (AppKit + 0x002a7bc5 ) -[NSCell trackMouse:inRect:ofView:untilMouseUp:] 0x00007fff81c1ba11 (AppKit + 0x002eba11 ) -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] 0x00007fff81bd657a (AppKit + 0x002a657a ) -[NSControl mouseDown:] 0x00007fff8226b602 (AppKit + 0x0093b602 ) -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] 0x00007fff82267e1f (AppKit + 0x00937e1f ) -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] 0x00007fff822672bd (AppKit + 0x009372bd ) -[NSWindow(NSEventRouting) sendEvent:] 0x00007fff820efbf4 (AppKit + 0x007bfbf4 ) -[NSApplication(NSEvent) sendEvent:] 0x00000001103c6a4b (Google Chrome Framework -chrome_browser_application_mac.mm:277 ) __34-[BrowserCrApplication sendEvent:]_block_invoke 0x00000001107df8d9 (Google Chrome Framework + 0x01b1e8d9 ) base::mac::CallWithEHFrame(void () block_pointer) 0x00000001103c6835 (Google Chrome Framework -chrome_browser_application_mac.mm:261 ) -[BrowserCrApplication sendEvent:] 0x00007fff8196bf80 (AppKit + 0x0003bf80 ) -[NSApplication run] 0x00000001107f052d (Google Chrome Framework -message_pump_mac.mm:749 ) base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) 0x00000001107eef2b (Google Chrome Framework -message_pump_mac.mm:141 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x0000000110811d02 (Google Chrome Framework -run_loop.cc:112 ) base::RunLoop::Run() 0x00000001103cbfd5 (Google Chrome Framework -chrome_browser_main.cc:1967 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x000000010f2abf53 (Google Chrome Framework -browser_main_loop.cc:1159 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x000000010f2ae601 (Google Chrome Framework -browser_main_runner.cc:142 ) content::BrowserMainRunnerImpl::Run() 0x000000010f2a7ffb (Google Chrome Framework -browser_main.cc:46 ) content::BrowserMain(content::MainFunctionParams const&) 0x00000001103825ff (Google Chrome Framework -content_main_runner.cc:687 ) content::ContentMainRunnerImpl::Run() 0x0000000111c907d3 (Google Chrome Framework -main.cc:469 ) service_manager::Main(service_manager::MainParams const&) 0x0000000110381be3 (Google Chrome Framework -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x000000010ecc4cb7 (Google Chrome Framework -chrome_main.cc:139 ) ChromeMain 0x000000010ec49dd3 (Google Chrome -chrome_exe_main_mac.cc:170 ) main 0x00007fff99439254 (libdyld.dylib + 0x00005254 ) start 0x00007fff99439254 (libdyld.dylib + 0x00005254 ) start
,
Jul 27 2017
lukasza@ is OOO. nick@, can you take a look?
,
Jul 28 2017
Thanks for this bug. Looking at the crash stack and the repro video, it seems likely that we call base::Process::Terminate with a PID of zero, and this results in the browser process force-terminating itself. The fix ought to be to make rows with PID zero unkillable (we already make the browser process task unkillable, we just need the same behavior for rows that wind up with pid zero due to startup races).
,
Aug 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a71ef16200f68e734b8f39817c24cdea5ccdc3bb commit a71ef16200f68e734b8f39817c24cdea5ccdc3bb Author: Charles Burnell <cburn@google.com> Date: Wed Aug 02 17:39:12 2017 Fix crash when terminating a task in the task manager with a PID of 0 Simple guard to prevent tasks with pid 0 from being killable. If a user tries to kill a task with pid 0 there is a crash. By doing a simple check to see if the pid is 0 we prevent this. A pid should also only be 0 for a short period of time in certain race conditions. Bug: 749459 Change-Id: Iba63b63d6606dbf403cbae3bf2fef4c882f395c5 Reviewed-on: https://chromium-review.googlesource.com/594308 Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Nick Carter <nick@chromium.org> Commit-Queue: Charles Burnell <cburn@google.com> Cr-Commit-Position: refs/heads/master@{#491424} [modify] https://crrev.com/a71ef16200f68e734b8f39817c24cdea5ccdc3bb/chrome/browser/task_manager/providers/task.cc [modify] https://crrev.com/a71ef16200f68e734b8f39817c24cdea5ccdc3bb/chrome/browser/task_manager/sampling/task_group_unittest.cc
,
Aug 22 2017
This is fixed now, right? |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by aiman.an...@etouch.net
, Jul 27 2017