Issue metadata
Sign in to add a comment
|
Regression : PDF page crashes while switching between tabs.
Reported by
avsha...@etouch.net,
Aug 8 2017
|
||||||||||||||||||||||
Issue descriptionChrome version : 62.0.3179.0 (Official Build) b5b73b0139e1b065902ba751610210b6322c827f-refs/heads/master@{#492477} 64 bit OS : Windows (7,8) Test URL : https://pdfobject.com/ What steps will reproduce the problem? 1. Launch chrome and open above test URL in two different tabs. 2. Keep switching between these two tabs and observe. Actual Result : Tab crashes while switching between tabs. Expected Result : Tab should not crash. Crash-Id : fb6408e848000000 (Local Crash ID: 56d9deb2-f17a-40dc-9087-b205295d8394) Note : will soon update other info.
,
Aug 8 2017
Update : Issue is also reproducible in Mac(10.11.6, 10.12.3, 10.12.5) OS and the same is working fine in Linux(14.04 LTS) with latest #62.0.3179.0 build. Note : Above issue is also observed on other web pages such as - 1. https://www.gogi.in/ 2. https://pdfobject.com/static.html
,
Aug 8 2017
Using the per-revision bisect providing the bisect results, Good build:62.0.3178.0(Revision:492239). Bad build:62.0.3179.0(Revision:492477). You are probably looking for a change made after 492380 (known good), but no later than 492381 (first known bad). CHANGE-LOG URL: --------------- https://chromium.googlesource.com/chromium/src/+log/ab0745ba2d65b6a800660718c797d673956b6bac..fba28538a586e30b97ae1938765150fb910e3fdb From the CL above, assigning the issue to the concern owner @juncai: Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner. Reviewed-On:https://chromium-review.googlesource.com/550921 Note :Able to reproduce the issue in Win 10.0,Mac 10.12.5 & not in Ubuntu 14.04 and It is working fine in today's Dev #62.0.3178.0 Adding Release Block-Dev for this issue.Please remove if not the case. Stack Trace: ------------ Thread 0 (id: 2624) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 ] MAGIC SIGNATURE THREAD Stack Quality91%Show frame trust levels 0x00007ffc7ac88956 (chrome_child.dll -device_motion_event_pump.cc:78 ) content::DeviceMotionEventPump::SendStartMessage() 0x00007ffc7ac5a8bf (chrome_child.dll -renderer_blink_platform_impl.cc:1225 ) content::RendererBlinkPlatformImpl::StartListening(blink::WebPlatformEventType,blink::WebPlatformEventListener *) 0x00007ffc7bc0aef1 (chrome_child.dll -PlatformEventDispatcher.cpp:26 ) blink::PlatformEventDispatcher::AddController(blink::PlatformEventController *) 0x00007ffc7bc0bd28 (chrome_child.dll -PlatformEventController.cpp:38 ) blink::PlatformEventController::StartUpdating() 0x00007ffc78c69ed9 (chrome_child.dll -PageVisibilityNotifier.cpp:36 ) blink::PageVisibilityNotifier::NotifyPageVisibilityChanged() 0x00007ffc78be5a02 (chrome_child.dll -Page.cpp:435 ) blink::Page::SetVisibilityState(blink::PageVisibilityState,bool) 0x00007ffc78be5991 (chrome_child.dll -WebViewImpl.cpp:4024 ) blink::WebViewImpl::SetVisibilityState(blink::WebPageVisibilityState,bool) 0x00007ffc78c6b50d (chrome_child.dll -render_frame_impl.cc:4868 ) content::RenderFrameImpl::WasShown() 0x00007ffc78c6b23a (chrome_child.dll -render_widget.cc:805 ) content::RenderWidget::OnWasShown(bool,ui::LatencyInfo const &) 0x00007ffc78c6aa53 (chrome_child.dll -ipc_message_templates.h:120 ) IPC::MessageT<ViewMsg_WasShown_Meta, std::tuple<bool, ui::LatencyInfo>, void>::Dispatch<content::RenderWidget,content::RenderWidget,void,void (content::RenderWidget::*)(bool, const ui::LatencyInfo &)> 0x00007ffc78c68f13 (chrome_child.dll -render_widget.cc:639 ) content::RenderWidget::OnMessageReceived(IPC::Message const &) 0x00007ffc78c66dbe (chrome_child.dll -render_view_impl.cc:1201 ) content::RenderViewImpl::OnMessageReceived(IPC::Message const &) 0x00007ffc78bd73ec (chrome_child.dll -message_router.cc:56 ) IPC::MessageRouter::RouteMessage(IPC::Message const &) 0x00007ffc78b9f770 (chrome_child.dll -ipc_channel_proxy.cc:329 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &) 0x00007ffc78b33020 (chrome_child.dll -task_annotator.cc:57 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x00007ffc78b7f428 (chrome_child.dll -task_queue_manager.cc:532 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,bool,blink::scheduler::LazyNow,base::TimeTicks *) 0x00007ffc78b7dd3e (chrome_child.dll -task_queue_manager.cc:330 ) blink::scheduler::TaskQueueManager::DoWork(bool) 0x00007ffc78b33020 (chrome_child.dll -task_annotator.cc:57 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x00007ffc78b32773 (chrome_child.dll -message_loop.cc:410 ) base::MessageLoop::RunTask(base::PendingTask *) 0x00007ffc79c5acb8 (chrome_child.dll -message_loop.cc:421 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x00007ffc78b31147 (chrome_child.dll -message_loop.cc:528 ) base::MessageLoop::DoWork() 0x00007ffc78b2b0f8 (chrome_child.dll -message_pump_default.cc:33 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x00007ffc78b2b960 (chrome_child.dll -run_loop.cc:123 ) base::RunLoop::Run() 0x00007ffc78b17130 (chrome_child.dll -renderer_main.cc:219 ) content::RendererMain(content::MainFunctionParams const &) 0x00007ffc78b16d4d (chrome_child.dll -content_main_runner.cc:408 ) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x00007ffc78b0ffff (chrome_child.dll -content_main_runner.cc:690 ) content::ContentMainRunnerImpl::Run() 0x00007ffc78ae5cb0 (chrome_child.dll -main.cc:469 ) service_manager::Main(service_manager::MainParams const &) 0x00007ffc78ae5825 (chrome_child.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x00007ffc78ae1eeb (chrome_child.dll -chrome_main.cc:122 ) ChromeMain 0x00007ff77be93d30 (chrome.exe -main_dll_loader_win.cc:199 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x00007ff77be91774 (chrome.exe -chrome_exe_main_win.cc:275 ) wWinMain 0x00007ff77bf61d52 (chrome.exe -exe_common.inl:253 ) __scrt_common_main_seh 0x00007ffcd61562b3 (KERNEL32.DLL + 0x000062b3 ) 0x00007ffcd6e3fda0 (ntdll.dll + 0x0005fda0 ) 0x00007ffcd323cd2f (KERNELBASE.dll + 0x0004cd2f )
,
Aug 8 2017
The suspect CL was reverted at: https://chromium-review.googlesource.com/c/605787 I am working on a fix.
,
Aug 8 2017
Thanks for the update. We will verify in today's canary.
,
Aug 8 2017
Issue 753315 has been merged into this issue.
,
Aug 8 2017
Issue 753337 has been merged into this issue.
,
Aug 9 2017
Update : Retested above issue in latest canary #62.0.3180.0 on Win(7,8,10) & Mac(10.11.6, 10.12.3, 10.12.5) OS and issue is fixed as the suspect CL was reverted (https://chromium-review.googlesource.com/c/605787). The fix is working as intended. Thank you!!
,
Aug 14 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/339480b39644cb3c98c57a69d183f04acdd5d2c5 commit 339480b39644cb3c98c57a69d183f04acdd5d2c5 Author: Jun Cai <juncai@chromium.org> Date: Mon Aug 14 19:24:07 2017 Reland of Refactor DeviceMotionEventPump to use //services/device/generic_sensor instead of //device/sensors The initial upload patch of this CL is the same as: https://chromium-review.googlesource.com/c/550921 The latest patch of this CL contains the fix for issue 753263 . TBR=reillyg@chromium.org, timvolodine@chromium.org Bug: 721427 , 735420, 753263 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation Change-Id: If5f1d9ba33eabfc9c80858276daad8d5d08df435 Reviewed-on: https://chromium-review.googlesource.com/606611 Commit-Queue: Jun Cai <juncai@chromium.org> Reviewed-by: Jun Cai <juncai@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Cr-Commit-Position: refs/heads/master@{#494130} [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/browser/device_sensors/device_sensor_browsertest.cc [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/browser/frame_host/render_frame_host_impl.cc [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/renderer/BUILD.gn [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/renderer/device_sensors/device_motion_event_pump.cc [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/renderer/device_sensors/device_motion_event_pump.h [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/renderer/device_sensors/device_motion_event_pump_unittest.cc [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/renderer/renderer_blink_platform_impl.cc [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/test/BUILD.gn [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/test/DEPS [add] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/test/data/device_sensors/device_motion_only_some_sensors_are_available_test.html [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/content/test/data/device_sensors/device_motion_test.html [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/services/device/device_service.cc [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/services/device/device_service.h [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/services/device/generic_sensor/BUILD.gn [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/services/device/generic_sensor/DEPS [modify] https://crrev.com/339480b39644cb3c98c57a69d183f04acdd5d2c5/services/device/generic_sensor/sensor_provider_impl.cc
,
Aug 14 2017
avshaikh@ Please verify in today's canary.
,
Aug 15 2017
This crash is back again. Unable to repro as per the manual steps. But it triggers ~40% of the renderer crash in latest canary- 62.0.3186.0.
,
Aug 15 2017
What is the stack trace? Is it still related to the content::DeviceMotionEventPump?
,
Aug 15 2017
Yes its device_motion_event_pump Sample crash report =================== https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20AND%20product.version%3D%2762.0.3186.0%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27content%3A%3ADeviceMotionEventPump%3A%3ASendStartMessage%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D&unnest=&stbtiq=&reportid=&index=0
,
Aug 15 2017
Thanks! I will take a look at it.
,
Aug 16 2017
Desktop stability sheriff here. You should revert this, it has caused a spike in crashes in 62.0.3186.0 canary (eg 18% of renderer crashes on Windows; 60% of renderer crashes on Mac; etc.)
,
Aug 16 2017
Just to update, we have scheduled Dev release tomorrow(08/17) and this will block the Dev RC.
,
Aug 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0 commit 1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0 Author: Jun Cai <juncai@chromium.org> Date: Wed Aug 16 15:07:03 2017 Revert "Reland of Refactor DeviceMotionEventPump to use //services/device/generic_sensor instead of //device/sensors" This reverts commit 339480b39644cb3c98c57a69d183f04acdd5d2c5. Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=753263 Original change's description: > Reland of Refactor DeviceMotionEventPump to use //services/device/generic_sensor instead of //device/sensors > > The initial upload patch of this CL is the same as: > https://chromium-review.googlesource.com/c/550921 > > The latest patch of this CL contains the fix for issue 753263 . > > TBR=reillyg@chromium.org, timvolodine@chromium.org > > Bug: 721427 , 735420, 753263 > Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation > Change-Id: If5f1d9ba33eabfc9c80858276daad8d5d08df435 > Reviewed-on: https://chromium-review.googlesource.com/606611 > Commit-Queue: Jun Cai <juncai@chromium.org> > Reviewed-by: Jun Cai <juncai@chromium.org> > Reviewed-by: John Abd-El-Malek <jam@chromium.org> > Cr-Commit-Position: refs/heads/master@{#494130} TBR=jam@chromium.org,reillyg@chromium.org,timvolodine@chromium.org,juncai@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 721427 , 735420, 753263 Change-Id: I7d88ee2b6121c76cfb2520d816c52ce07387c6f5 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation Reviewed-on: https://chromium-review.googlesource.com/616820 Reviewed-by: Jun Cai <juncai@chromium.org> Commit-Queue: Jun Cai <juncai@chromium.org> Cr-Commit-Position: refs/heads/master@{#494785} [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/browser/device_sensors/device_sensor_browsertest.cc [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/browser/frame_host/render_frame_host_impl.cc [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/renderer/BUILD.gn [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/renderer/device_sensors/device_motion_event_pump.cc [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/renderer/device_sensors/device_motion_event_pump.h [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/renderer/device_sensors/device_motion_event_pump_unittest.cc [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/renderer/renderer_blink_platform_impl.cc [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/test/BUILD.gn [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/test/DEPS [delete] https://crrev.com/337a87dc2c9e67d0185d0058f7c466d5f1448d41/content/test/data/device_sensors/device_motion_only_some_sensors_are_available_test.html [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/content/test/data/device_sensors/device_motion_test.html [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/services/device/device_service.cc [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/services/device/device_service.h [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/services/device/generic_sensor/BUILD.gn [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/services/device/generic_sensor/DEPS [modify] https://crrev.com/1f1b44798411b0e4b0febc57bf4eb62f0f40ffe0/services/device/generic_sensor/sensor_provider_impl.cc
,
Aug 16 2017
The suspect CL: https://chromium-review.googlesource.com/c/550921 was reverted at: https://chromium-review.googlesource.com/c/616820
,
Aug 16 2017
Correction: The suspect CL: https://chromium-review.googlesource.com/c/606611 was reverted at: https://chromium-review.googlesource.com/c/616820
,
Aug 16 2017
Please revert the CL in 3187 branch. We are planning a Dev RC today.
,
Aug 16 2017
I reverted the CL from the 3187 branch: https://chromium-review.googlesource.com/c/617582
,
Aug 17 2017
Just to update there have been no crashes reported for magic signature 'content::DeviceMotionEventPump::SendStartMessag' on Windows and Mac canary(62.0.3188.0) since last 8 hrs. Revert seems to be WAI and this no longer blocks the next Dev release. Link to the list of OS/Builds: =============================== https://goto.google.com/wwjcm
,
Aug 17 2017
Stability sheriff: I think this can be marked fixed as the regression is not present in the most recent canary; however, please reference this Bug # when relanding the patch so that future testers and sheriffs can get the history here.
,
Aug 17 2017
If there is no pending work, can we tag as fixed?
,
Aug 17 2017
Sure, I will mark this bug as fixed. Thanks!
,
Aug 17 2017
,
Aug 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f commit 4cd3f707add7024916ab41cf0b681f7f7d0d8c1f Author: Jun Cai <juncai@chromium.org> Date: Fri Aug 25 00:29:39 2017 Refactor DeviceMotionEventPump to use generic sensor instead of sensors The initial upload patch of this CL is the same as: https://chromium-review.googlesource.com/c/606611 The latest patch of this CL contains the fix for issue 753263 , 753679, which is caused by RenderFrame not being valid when it is accessed. So instead of passing the |render_frame| to DeviceMotionEventPump's constructor, DeviceMotionEventPump::SendStartMessage gets the |render_frame| from |web_frame| when needed. This will make sure the |render_frame| is valid when it is needed. TBR=jam@chromium.org, timvolodine@chromium.org Bug: 721427 , 735420, 753263 , 753679 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_site_isolation Change-Id: I6bf90580ce9ced8b26383ebf45ee27f9cfb4d867 Reviewed-on: https://chromium-review.googlesource.com/618162 Commit-Queue: Jun Cai <juncai@chromium.org> Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Jun Cai <juncai@chromium.org> Cr-Commit-Position: refs/heads/master@{#497254} [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/chrome/browser/generic_sensor/sensor_permission_context.cc [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/browser/device_sensors/device_sensor_browsertest.cc [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/browser/frame_host/render_frame_host_impl.cc [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/renderer/BUILD.gn [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/renderer/device_sensors/device_motion_event_pump.cc [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/renderer/device_sensors/device_motion_event_pump.h [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/renderer/device_sensors/device_motion_event_pump_unittest.cc [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/test/BUILD.gn [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/test/DEPS [add] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/test/data/device_sensors/device_motion_only_some_sensors_are_available_test.html [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/content/test/data/device_sensors/device_motion_test.html [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/services/device/device_service.cc [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/services/device/device_service.h [modify] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/services/device/generic_sensor/DEPS [add] https://crrev.com/4cd3f707add7024916ab41cf0b681f7f7d0d8c1f/third_party/WebKit/LayoutTests/device_orientation/motion/detached-frame.html |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by avsha...@etouch.net
, Aug 8 2017787 KB
787 KB View Download
3.0 MB
3.0 MB View Download