New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 757751 link

Starred by 4 users
Status: Fixed
Owner:
s...@chromium.org
Closed: Aug 2017
Cc:
krajshree@chromium.org
ajha@chromium.org
brajkumar@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Regression: Chrome crashes on navigating to chrome://history in Guest mode

Project Member Reported by sc00335...@techmahindra.com, Aug 22 2017 
Chrome Version: 62.0.3193.0 dev
OS: Ubuntu 14.04 

What steps will reproduce the problem?
(1) Browser crashes on navigating to chrome://history in guest mode

Expected: Browser should not crash.
Actual: Instead browser crash is seen.

This is a regression issue broken in M62. Will update other info soon

Crash ids: 673581881a7736a5 , 5c66623d5c6a3a57

Comment 1 by sc00335...@techmahindra.com, Aug 22 2017

Labels: OS-Windows
Issue is seen in windows as well.

Manual Bisect Info:
====================
Good Build: 62.0.3192.0
Bad Build: 62.0.3193.0

Comment 2 by ajha@chromium.org, Aug 22 2017

Labels: ReleaseBlock-Beta OS-Mac
Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on the latest Mac canary(62.0.3193.0) as well.

Stack trace of the crash id 5c66623d5c6a3a57:

Thread 0 (id: 14927) CRASHED [SIGSEGV @ 0x00000120 ] MAGIC SIGNATURE THREAD
Stack Quality77%Show frame trust levels
0x0000559a08f910c5	(chrome -vector:1473 )	content::RenderFrameImpl::AddObserver(content::RenderFrameObserver*)
0x0000559a0928c55a	(chrome -scoped_observer.h:32 )	history::BrowsingHistoryService::BrowsingHistoryService(history::BrowsingHistoryDriver*, history::HistoryService*, syncer::SyncService*)
0x0000559a0928a0b2	(chrome -memory:3065 )	BrowsingHistoryHandler::RegisterMessages()
0x0000559a06491210	(chrome -web_ui_impl.cc:269 )	content::WebUIImpl::AddMessageHandler(std::__1::unique_ptr<content::WebUIMessageHandler, std::__1::default_delete<content::WebUIMessageHandler> >)
0x0000559a092896f3	(chrome -md_history_ui.cc:205 )	MdHistoryUI::MdHistoryUI(content::WebUI*)
0x0000559a091f3b0e	(chrome -chrome_web_ui_controller_factory.cc:226 )	content::WebUIController* (anonymous namespace)::NewWebUI<MdHistoryUI>(content::WebUI*, GURL const&)
0x0000559a0648e072	(chrome -web_ui_controller_factory_registry.cc:43 )	content::WebUIControllerFactoryRegistry::CreateWebUIControllerForURL(content::WebUI*, GURL const&) const
0x0000559a0646c8d6	(chrome -web_contents_impl.cc:5725 )	content::WebContentsImpl::CreateWebUI(GURL const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
0x0000559a0647dc23	(chrome -web_contents_impl.cc:5465 )	non-virtual thunk to content::WebContentsImpl::CreateWebUIForRenderFrameHost(GURL const&)
0x0000559a06220dbd	(chrome -render_frame_host_impl.cc:3475 )	content::RenderFrameHostImpl::UpdatePendingWebUI(GURL const&, int)
0x0000559a06229fb7	(chrome -render_frame_host_manager.cc:2418 )	content::RenderFrameHostManager::GetFrameHostForNavigation(content::NavigationRequest const&)
0x0000559a06229dcd	(chrome -render_frame_host_manager.cc:691 )	content::RenderFrameHostManager::DidCreateNavigationRequest(content::NavigationRequest*)
0x0000559a061eb62b	(chrome -frame_tree_node.cc:464 )	content::FrameTreeNode::CreatedNavigationRequest(std::__1::unique_ptr<content::NavigationRequest, std::__1::default_delete<content::NavigationRequest> >)
0x0000559a06205c32	(chrome -navigator_impl.cc:1188 )	content::NavigatorImpl::RequestNavigation(content::FrameTreeNode*, GURL const&, content::Referrer const&, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, content::ReloadType, int, bool, bool, scoped_refptr<content::ResourceRequestBody> const&, base::TimeTicks)
0x0000559a0620542f	(chrome -navigator_impl.cc:378 )	content::NavigatorImpl::NavigateToEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, content::ReloadType, bool, bool, bool, scoped_refptr<content::ResourceRequestBody> const&)
0x0000559a06205e13	(chrome -navigator_impl.cc:500 )	content::NavigatorImpl::NavigateToPendingEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::ReloadType, bool)
0x0000559a061f62e6	(chrome -navigation_controller_impl.cc:2100 )	content::NavigationControllerImpl::NavigateToPendingEntryInternal(content::ReloadType)
0x0000559a061f1e6e	(chrome -navigation_controller_impl.cc:2057 )	content::NavigationControllerImpl::NavigateToPendingEntry(content::ReloadType)
0x0000559a061f2c47	(chrome -navigation_controller_impl.cc:477 )	content::NavigationControllerImpl::LoadURLWithParams(content::NavigationController::LoadURLParams const&)
0x0000559a092457b6	(chrome -browser_navigator.cc:289 )	(anonymous namespace)::LoadURLInContents(content::WebContents*, GURL const&, chrome::NavigateParams*)
0x0000559a09245178	(chrome -browser_navigator.cc:557 )	chrome::Navigate(chrome::NavigateParams*)
0x0000559a092343c2	(chrome -browser.cc:1480 )	Browser::OpenURLFromTab(content::WebContents*, content::OpenURLParams const&)
0x0000559a0647402b	(chrome -web_contents_impl.cc:2920 )	content::WebContentsImpl::OpenURL(content::OpenURLParams const&)
0x0000559a06206b39	(chrome -navigator_impl.cc:808 )	content::NavigatorImpl::RequestOpenURL(content::RenderFrameHostImpl*, GURL const&, bool, scoped_refptr<content::ResourceRequestBody> const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::Referrer const&, WindowOpenDisposition, bool, bool, bool, blink::WebTriggeringEventInfo)
0x0000559a0620f8a3	(chrome -render_frame_host_impl.cc:1368 )	content::RenderFrameHostImpl::OnOpenURL(FrameHostMsg_OpenURL_Params const&)
0x0000559a0620f658	(chrome -tuple.h:56 )	bool IPC::MessageT<FrameHostMsg_OpenURL_Meta, std::__1::tuple<FrameHostMsg_OpenURL_Params>, void>::Dispatch<content::RenderFrameHostImpl, content::RenderFrameHostImpl, void, void (content::RenderFrameHostImpl::*)(FrameHostMsg_OpenURL_Params const&)>(IPC::Message const*, content::RenderFrameHostImpl*, content::RenderFrameHostImpl*, void*, void (content::RenderFrameHostImpl::*)(FrameHostMsg_OpenURL_Params const&))
0x0000559a0620bbe1	(chrome -render_frame_host_impl.cc:867 )	content::RenderFrameHostImpl::OnMessageReceived(IPC::Message const&)
0x0000559a074dbfa8	(chrome -ipc_channel_proxy.cc:329 )	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&)
0x0000559a072efada	(chrome -callback.h:91 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x0000559a0730829f	(chrome -message_loop.cc:406 )	base::MessageLoop::RunTask(base::PendingTask*)
0x0000559a0730899b	(chrome -message_loop.cc:417 )	base::MessageLoop::DoWork()
0x0000559a0730a478	(chrome -message_pump_glib.cc:267 )	base::(anonymous namespace)::WorkSourceDispatch(_GSource*, int (*)(void*), void*)
0x00007fdb62ec0e03	(libglib-2.0.so.0.4002.0 + 0x00048e03 )	
0x00007fdb62ecfb3f	(libglib-2.0.so.0.4002.0 + 0x00057b3f )	
0x00007fdb62ec1047	(libglib-2.0.so.0.4002.0 + 0x00049047 )	
0x00007fdb62ec10eb	(libglib-2.0.so.0.4002.0 + 0x000490eb )	
0x0000559a0730a325	(chrome -message_pump_glib.cc:309 )	base::MessagePumpGlib::Run(base::MessagePump::Delegate*)
0x0000559a0732930f	(chrome -run_loop.cc:123 )	base::RunLoop::Run()
0x0000559a06ffcd7f	(chrome -chrome_browser_main.cc:1916 )	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x0000559a0610d13c	(chrome -browser_main_loop.cc:1173 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x0000559a0610fc3c	(chrome -browser_main_runner.cc:152 )	content::BrowserMainRunnerImpl::Run()
0x0000559a061086e5	(chrome -browser_main.cc:46 )	content::BrowserMain(content::MainFunctionParams const&)
0x0000559a06fdf9cc	(chrome -content_main_runner.cc:693 )	content::ContentMainRunnerImpl::Run()
0x0000559a06fe820a	(chrome -main.cc:469 )	service_manager::Main(service_manager::MainParams const&)
0x0000559a06fde461	(chrome -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const&)
0x0000559a05b787a4	(chrome -chrome_main.cc:122 )	ChromeMain
0x00007fdb5de85f44	(libc-2.19.so + 0x00021f44 )	
0x0000559a05b786ef	(chrome + 0x017ac6ef )	
0x0000559a05a6ffff	(chrome + 0x016a3fff )	
0x00007fdb641701f2	(ld-2.19.so + 0x000101f2 )	
0x0000559a05a6ffff	(chrome + 0x016a3fff )	
0x0000559a05a70028	(chrome + 0x016a4028 )	_start
0x00007fff7a5f7647

Comment 3 by sandeepkumars@chromium.org, Aug 22 2017

Labels: -Needs-Bisect hasbisect-per-revision
Owner: s...@chromium.org
Status: Assigned (was: Untriaged)
Bisect Information:
-------------------
You are probably looking for a change made after 496127 (known good), but no later than 496128 (first known bad).

CHANGELOG URL:
--------------
https://chromium.googlesource.com/chromium/src/+log/f03bf8e4b1141991303b445875f92b41e95ec8a5..e174f5f6d4f170e2b9014698988480cef99be240

@skym: Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Thanks!!

Comment 4 by s...@chromium.org, Aug 22 2017

Status: Started (was: Assigned)
Yikes! Sorry about that... This change has been reverted, see https://chromium-review.googlesource.com/c/chromium/src/+/626416

Comment 5 by s...@chromium.org, Aug 22 2017

Status: Fixed (was: Started)
Closing now that this has been reverted.

The problem was that my change had accidentally removed a necessary null check on the SyncService. In Guest mode ProfileSyncServiceFactory returns a nullptr when asked for a SyncService, and without the null check we blindly tried to add an observer to this nullptr.

Moving forward will continue to be tracked in the original bug ( issue 756097 ).

Reland CL has been posted at https://chromium-review.googlesource.com/c/chromium/src/+/626776 which adds unit tests to try to cover constructor and dependency presence logic.

Sign in to add a comment