Regression : Tab crash is seen after switching newly opened tabs.
Reported by
rp...@etouch.net,
Aug 2 2017
|
||||||||||||||
Issue descriptionVersion: 62.0.3174.0 02ca96925ccb743e83ad34bee8595e4a6eec8443-refs/heads/master@{#491203} OS: Windows(8,8.1,10) URL : https://www.google.co.in/?gfe_rd=cr&ei=CmWBWd79BJ7rugS36pdw What steps will reproduce the problem? 1. Launch chrome, navigate to above url and type elpee naukri in search 2. Now open below two to three links in new tab using middle click of mouse and try switching newly open tabs,observe Actual: Tab crash is seen after switching newly opened tabs Expected: Tab crash should not be seen after switching newly opened tabs Crash ID : 78c9086d04000000 (Local Crash ID: 453b4a6a-2b6e-4990-bdc0-faa611b22df0) This is regression issue, broken in ‘M 62’ and will soon update other info : Good build:62.0.3173.2 Bad build: 62.0.3174.0
,
Aug 2 2017
Using the per-revision bisect providing the bisect results, Good build: 62.0.3173.2 (Revision: 490802). Bad build : 62.0.3174.0 (Revision: 491203). You are probably looking for a change made after 490954 (known good), but no later than 490973 (first known bad). CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/c3b58c86b9181a5cc3690e05f38ee3160c1e912c..9f043c3f6c2e9ea2e3903964a3b917276661085d Suspecting Commit# https://chromium.googlesource.com/chromium/src/+/a976f2ea63383f6a46151ec26e00a5fcf52ccac4 Below is the Stack Trace for the Crash ID -- 78c9086d04000000 Thread 0 (id: 6444) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000018 ] MAGIC SIGNATURE THREAD Stack Quality100%Show frame trust levels 0x000007fb0923ecc9 (chrome_child.dll -scrollingcoordinator.cpp:788 ) blink::ScrollingCoordinator::SetTouchEventTargetRects(WTF::HashMap<blink::PaintLayer const *,WTF::Vector<blink::LayoutRect,0,WTF::PartitionAllocator>,WTF::PtrHash<blink::PaintLayer const >,WTF::HashTraits<blink::PaintLayer const *>,WTF::HashTraits<WTF::Vector<blink::LayoutRect,0,WTF::PartitionAllocator> >,WTF::PartitionAllocator> &) 0x000007fb0923e8ff (chrome_child.dll -scrollingcoordinator.cpp:718 ) blink::ScrollingCoordinator::UpdateTouchEventTargetRectsIfNeeded() 0x000007fb0923cf42 (chrome_child.dll -scrollingcoordinator.cpp:206 ) blink::ScrollingCoordinator::UpdateAfterCompositingChangeIfNeeded() 0x000007fb08ff1f05 (chrome_child.dll -localframeview.cpp:3171 ) blink::LocalFrameView::UpdateLifecyclePhasesInternal(blink::DocumentLifecycle::LifecycleState) 0x000007fb099269a9 (chrome_child.dll -pagewidgetdelegate.cpp:60 ) blink::PageWidgetDelegate::UpdateAllLifecyclePhases(blink::Page &,blink::LocalFrame &) 0x000007fb097b1ac7 (chrome_child.dll -webviewimpl.cpp:1984 ) blink::WebViewImpl::UpdateAllLifecyclePhases() 0x000007fb0a812543 (chrome_child.dll -render_widget.cc:990 ) content::RenderWidget::UpdateVisualState() 0x000007fb08e962e6 (chrome_child.dll -proxy_main.cc:194 ) cc::ProxyMain::BeginMainFrame(std::unique_ptr<cc::BeginMainFrameAndCommitState,std::default_delete<cc::BeginMainFrameAndCommitState> >) 0x000007fb08ea4008 (chrome_child.dll -bind_internal.h:340 ) base::internal::Invoker<base::internal::BindState<void ( cc::ProxyMain::*)(std::unique_ptr<cc::BeginMainFrameAndCommitState,std::default_delete<cc::BeginMainFrameAndCommitState> >),base::WeakPtr<cc::ProxyMain>,base::internal::PassedWrapper<std::unique_ptr<cc::BeginMainFrameAndCommitState,std::default_delete<cc::BeginMainFrameAndCommitState> > > >,void >::RunImpl<void ( cc::ProxyMain::*)(std::unique_ptr<cc::BeginMainFrameAndCommitState,std::default_delete<cc::BeginMainFrameAndCommitState> >),std::tuple<base::WeakPtr<cc::ProxyMain>,base::internal::PassedWrapper<std::unique_ptr<cc::BeginMainFrameAndCommitState,std::default_delete<cc::BeginMainFrameAndCommitState> > > >,0,1>(void ( cc::ProxyMain::*&&)(std::unique_ptr<cc::BeginMainFrameAndCommitState,std::default_delete<cc::BeginMainFrameAndCommitState> >),std::tuple<base::WeakPtr<cc::ProxyMain>,base::internal::PassedWrapper<std::unique_ptr<cc::BeginMainFrameAndCommitState,std::default_delete<cc::BeginMainFrameAndCommitState> > > > &&,base::IndexSequence<0,1>) 0x000007fb08ae9344 (chrome_child.dll -task_annotator.cc:59 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x000007fb09db0814 (chrome_child.dll -task_queue_manager.cc:532 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,bool,blink::scheduler::LazyNow,base::TimeTicks *) 0x000007fb09daf7f7 (chrome_child.dll -task_queue_manager.cc:330 ) blink::scheduler::TaskQueueManager::DoWork(bool) 0x000007fb0a273165 (chrome_child.dll -bind_internal.h:319 ) base::internal::Invoker<base::internal::BindState<void ( gpu::GpuWatchdogThread::*)(bool),base::WeakPtr<gpu::GpuWatchdogThread>,bool>,void >::Run(base::internal::BindStateBase *) 0x000007fb08ae9344 (chrome_child.dll -task_annotator.cc:59 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x000007fb08ab6608 (chrome_child.dll -message_loop.cc:404 ) base::MessageLoop::RunTask(base::PendingTask *) 0x000007fb08ab7162 (chrome_child.dll -message_loop.cc:522 ) base::MessageLoop::DoWork() 0x000007fb08b0953c (chrome_child.dll -message_pump_default.cc:33 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x000007fb08aceb68 (chrome_child.dll -run_loop.cc:112 ) base::RunLoop::Run() 0x000007fb0a7f29b1 (chrome_child.dll -renderer_main.cc:219 ) content::RendererMain(content::MainFunctionParams const &) 0x000007fb09ebcc22 (chrome_child.dll -content_main_runner.cc:408 ) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x000007fb09ebca6b (chrome_child.dll -content_main_runner.cc:687 ) content::ContentMainRunnerImpl::Run() 0x000007fb09ec2fbd (chrome_child.dll -main.cc:469 ) service_manager::Main(service_manager::MainParams const &) 0x000007fb09ebc2c7 (chrome_child.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x000007fb09a5645c (chrome_child.dll -chrome_main.cc:139 ) ChromeMain 0x000007f7e1821162 (chrome.exe -main_dll_loader_win.cc:199 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x000007f7e182025f (chrome.exe -chrome_exe_main_win.cc:266 ) wWinMain 0x000007f7e1851242 (chrome.exe -exe_common.inl:253 ) __scrt_common_main_seh 0x000007fb30a21841 (KERNEL32.DLL + 0x00001841 ) BaseThreadInitThunk 0x000007fb32efdf10 (ntdll.dll + 0x0003df10 ) RtlUserThreadStart @xida Chen: Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner. Adding RB Label as this is a recent Regression. Please remove if not required. Also providing the URL where the Crash is available in the builds -- https://goto.google.com/dtghy Thank You.
,
Aug 2 2017
,
Aug 2 2017
Just to update, this is ranked as #1 renderer crash on the latest Windows canary version: 62.0.3174.2. xidachen@: Please revert the CL or land the fix as we are closer to the scheduled M-62 dev release.
,
Aug 2 2017
ajha@: I am investigating it now, If I cannot have the solution today, I will revert the CL. Thanks.
,
Aug 2 2017
We are planning to trigger a Dev RC soon, please expedite. Also revert in 3174 branch.
,
Aug 2 2017
I have a CL up here: https://chromium-review.googlesource.com/c/598123, I will land it today.
,
Aug 2 2017
CL is now in CQ.
,
Aug 2 2017
One more simple repro: ======================= 1. Login to Gmail and open compose window 2. Click on '$' Crash ID# c55aa5ffe0000000 Thank you!
,
Aug 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e6f39cd100dd46e90118013a9de76dd47efc68b7 commit e6f39cd100dd46e90118013a9de76dd47efc68b7 Author: Xida Chen <xidachen@chromium.org> Date: Wed Aug 02 20:28:50 2017 Fix a crash in ScrollingCoordinator In a previous CL: https://chromium-review.googlesource.com/c/581907, when we access to the |composited_layer| inside the for loop, we didn't perform any null check, and that's causing crash. This CL adds the null check. NOTRY=true Bug: 751389 Change-Id: I5a0861d416b017af5c51ea82ce3add032b0b2316 Reviewed-on: https://chromium-review.googlesource.com/598123 Commit-Queue: Xida Chen <xidachen@chromium.org> Reviewed-by: David Bokan <bokan@chromium.org> Cr-Commit-Position: refs/heads/master@{#491483} [modify] https://crrev.com/e6f39cd100dd46e90118013a9de76dd47efc68b7/third_party/WebKit/Source/core/page/scrolling/ScrollingCoordinator.cpp
,
Aug 2 2017
The problem should be fixed now. Please try it on tmr's canary build.
,
Aug 2 2017
Please merge the CL in - 3174 branch. We are triggering a Dev RC soon.
,
Aug 3 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5a2ba247955b4ec2616bfaad166983d90789965e commit 5a2ba247955b4ec2616bfaad166983d90789965e Author: Xida Chen <xidachen@chromium.org> Date: Thu Aug 03 01:04:37 2017 Fix a crash in ScrollingCoordinator In a previous CL: https://chromium-review.googlesource.com/c/581907, when we access to the |composited_layer| inside the for loop, we didn't perform any null check, and that's causing crash. This CL adds the null check. NOTRY=true TBR=xidachen@chromium.org (cherry picked from commit e6f39cd100dd46e90118013a9de76dd47efc68b7) Bug: 751389 Change-Id: I5a0861d416b017af5c51ea82ce3add032b0b2316 Reviewed-on: https://chromium-review.googlesource.com/598123 Commit-Queue: Xida Chen <xidachen@chromium.org> Reviewed-by: David Bokan <bokan@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#491483} Reviewed-on: https://chromium-review.googlesource.com/599154 Reviewed-by: Xida Chen <xidachen@chromium.org> Cr-Commit-Position: refs/branch-heads/3174@{#3} Cr-Branched-From: 02ca96925ccb743e83ad34bee8595e4a6eec8443-refs/heads/master@{#491203} [modify] https://crrev.com/5a2ba247955b4ec2616bfaad166983d90789965e/third_party/WebKit/Source/core/page/scrolling/ScrollingCoordinator.cpp
,
Aug 3 2017
ligimole@: it is now merged to 3174.
,
Aug 3 2017
Great .. Thank you.
,
Aug 3 2017
Crash affects Android too.
,
Aug 3 2017
Rechecked the above issue on Mac and Linux OS with latest canary chrome version : 62.0.3175.0 and the issue is not reproducible.
,
Aug 3 2017
Note : Will soon update windows OS status once latest build is available.
,
Aug 3 2017
Note : Rechecked the above issue on Windows 10 OS with latest canary chrome version : 62.0.3175.0 and the issue is not reproducible.
,
Aug 3 2017
Correction : Rechecked the above issue on Windows 10 OS with latest windows clang build : 62.0.3175.2 and the issue is not reproducible.
,
Aug 3 2017
|
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by rp...@etouch.net
, Aug 2 2017