New issue
Advanced search Search tips

Issue 758204 link

Starred by 3 users
Status: Fixed
Owner: ----
Closed: Sep 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

DCHECK Crashes at DocumentMarkerController.cpp(518) and url_info.cc(137)

Project Member Reported by maxlg@chromium.org, Aug 23 2017 
Chrome Version: (copy from chrome://version)
Chromium	62.0.3194.0 (Developer Build) (64-bit)
Revision	c20d574e8bb9e3d6cdec450a575f91a483ae6a07-
OS	Linux
JavaScript	V8 6.2.327
Flash	(Disabled)
User Agent	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3194.0 Safari/537.36
Command Line	./out/Default/chrome --flag-switches-begin --flag-switches-end
Executable Path	/usr/local/google/home/maxlg/Develop/gitRepo/chrome/chromium3/src/out/Default/chrome
Profile Path	/usr/local/google/home/maxlg/.config/chromium/Default
Variations	BackgroundVideoOptimizations:BackgroundOptimizationEnabled1sOrLessMediaSource
BrowserScheduler:RedirectWithDefaultInitParams
CSSExternalScanner:Enabled_ScanAndPreload
CheckerImaging:CheckerImaging
DelayNavigation:DelayNavigation
DisallowFetchForDocWrittenScriptsInMainFrame:DocumentWriteScriptBlockGroup_20161208_Launch
DynamicExpectCT:DynamicExpectCTEnabled
GpuScheduler:Enabled
GuestViewCrossProcessFrames:Enabled
Html5ByDefault:Enabled
IdleTimeSpellChecking:Enabled
IncognitoWindowPromo:Enabled
InstanceID:Enabled
LazyParseCSS:Control
LoadingWithMojo:Enabled
MaxDelayableRequestsNetworkOverride:MaxDelayable4
NTPCaptureThumbnail:Enabled
NTPTilesInInstantService:Enabled
NetDelayableH2AndQuicRequests:Enabled
NetworkSchedulerYielding:Enabled
NewTabInProductHelp:Enabled_1
NoStatePrefetchValidation:NoStatePrefetchWithoutInstant
NonDelayableThrottlesDelayable:NonDelayableWeight2
OffMainThreadFetch:Enabled
OneGoogleBarOnLocalNtp:Enabled
PageRevisitInstrumentation:Enabled
PassiveDocumentEventListeners:Enabled
PassiveEventListenersDueToFling:Enabled
PermissionPromptUIViews:BlockPromptsEnabled
PersistentHistograms:EnabledOnDisk5
PreconnectMore:Enabled
QUIC:Enabled
RafAlignedMouseInput:Enabled
RafAlignedTouchInput:Enabled
ReportingAPI:ReportingEnabled
ResourceLoadScheduler:Enabled_bg_limit_16
SafeBrowsingScoutTransitionStudy:CanShowScoutOptInGroup2
SafeBrowsingThreatDomDetailsTagAttributes:AdIdentifiers
ServiceWorkerScriptStreaming:Enabled
SimpleCacheTrial:ExperimentYes
SocketReadIfReady:Enabled
SubresourceFilter:EnabledForPhishingSites
SyncUSSAutocomplete:Enabled
TLS13Variant:Experiment
TokenBinding:TokenBinding
TranslateRankerModel:Enforcement20170329
TranslateUserEvents:Enabled
UKM:Enabled
V8AsmJSToWasm:AsmJsToWebAssembly
V8CacheStrategiesForCacheStorage:default
V8WasmTrapHandler:WasmTrapHandlerActive
VideoCaptureService:Enabled
VsyncAlignedInput:Enable
WebFontsInterventionV2:Enabled‑3g

OS: Linux

What steps will reproduce the problem?
(1) Open chrome by ./out/Default/chrome
(2) Draw the demo.html into the browser
(3) Wait and scroll up and down to read the messages in the log box at the bottom.
(4) After less than 1 min, the tab crashes. The stack trace is in the attachment, position being DocumentMarkerController.cpp(518)].
(5) Reopen chrome.
(6) Drag demo.html into the browser.
(7) The browser (not just the tab) crashes immediately. The stack trace is in the attachment, position being url_info.cc(137).

What is the expected result?
It doesn't crashes

What happens instead?
Two crashes. Please read the steps.

Please use labels and text to provide additional information.


For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.
demo.html
3.1 KB View Download
CrashImg.png
21.7 KB View Download
DocumentMarkerController.cpp(518)] Check failed: !document_->View()->NeedsLayout().
8.6 KB View Download
DocumentMarkerController.cpp(519)] Check failed: !document_->NeedsLayoutTreeUpdate(). .
7.9 KB Download
url_info.cc(137)] Check failed: ASSIGNED == state_.
12.3 KB Download

Comment 1 by maxlg@chromium.org, Aug 23 2017

Description: Show this description
Project Member

Comment 2 by bugdroid1@chromium.org, Aug 31 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/191bc9d35eccd1e57861a85e3720c1f6883decac

commit 191bc9d35eccd1e57861a85e3720c1f6883decac
Author: Alexandr Ilin <alexilin@chromium.org>
Date: Thu Aug 31 18:29:20 2017

Reland "net: Set a UrlInfo's final state before delete"

This reverts commit 3eb9c381ad0e5868df09682d09d7291a4a0117b5.

Reason for reland: It's unlikely the cause for 760656 and the fix for
DCHECK crashes in 757458c#3 and 758204 is in the CL.

The DCHECK crash was actually introduced in http://crrev.com/c/612380. 
The crash appears when the resolution work queue has a backlog and this 
case wasn't properly tested.

The CL fixes the issue of DCHECKs (incorrect transition in the state
graph) and adds the browsertest for the work queue congestion control.

Bug:  757458 ,  758204 
Change-Id: I11c867a94f52bb860e3146d3cc26e5ee270b83f6
Reviewed-on: https://chromium-review.googlesource.com/646248
Reviewed-by: Charlie Harrison <csharrison@chromium.org>
Reviewed-by: Helen Li <xunjieli@chromium.org>
Commit-Queue: Alexandr Ilin <alexilin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#498926}
[modify] https://crrev.com/191bc9d35eccd1e57861a85e3720c1f6883decac/chrome/browser/net/predictor.cc
[modify] https://crrev.com/191bc9d35eccd1e57861a85e3720c1f6883decac/chrome/browser/net/predictor.h
[modify] https://crrev.com/191bc9d35eccd1e57861a85e3720c1f6883decac/chrome/browser/net/predictor_browsertest.cc
[modify] https://crrev.com/191bc9d35eccd1e57861a85e3720c1f6883decac/chrome/browser/net/url_info.cc

Comment 3 by alexilin@chromium.org, Sep 1 2017 

The crash in url_info.cc should be fixed in the next canary build. 
Can't help you with the first crash, sorry!

Comment 4 by dtapu...@chromium.org, Sep 5 2017

Status: Fixed (was: Untriaged)
The document marker control crash is tracked via  issue 734202

Sign in to add a comment