Issue metadata
Sign in to add a comment
|
Regression : Browser crashes on cancelling an Audits.
Reported by
avsha...@etouch.net,
Sep 12 2017
|
||||||||||||||||||||||
Issue descriptionChrome version : 63.0.3213.0 (Official Build) 58ee71082b735f6dae76665b444d534d9832b45c-refs/heads/master@{#501132} 64 bit OS : Windows 7 What steps will reproduce the problem? 1. Launch chrome and open devtools on NTP. 2. Navigate to Audits tab and run an Audit. 3. Let Audit run for 1 min and click on 'Cancel' button and observe. Actual Result : Browser crashes on canceling an Audits Expected Result : Browser should not crash. Crash Report ID 841cd6b4ccb204bb (Local Crash ID: be683228-1631-44de-8f43-b4f0306fccda) This is a regression issue broken in ‘M-63’ and will soon update remaining information.
,
Sep 12 2017
Manual regression range: Good build : 63.0.3212.0 (Revision:500793). Bad build : 63.0.3213.0 (Revision:501132). Crash ID fd08bf14670f6977 (Local Crash ID: 9e2ef200-b7dd-4d0c-ba26-2ec68a765c86) Note : Unable to narrow down the range using the per-revision bisect script since the original crash in not reproducible on continuous chrome builds, hence assigning the issue through CL. Change Log URL : https://chromium.googlesource.com/chromium/src/+log/63.0.3212.0..63.0.3213.0?pretty=fuller&n=10000 Suspecting : r501081 ? from Change log @alexmos : Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner. Note : 1. In good builds, Audit process completes in few seconds without any issues but in bad build 'Auditing' takes more time to complete and browser crashes on clicking 'Cancel' button. 2. Issue is only reproducible on Windows 7 OS and the same issue is not reproducible on Win(8,10), Linux(14.04) and Mac(10.11.6, 10.12.3, 10.12.5) OS. Thank you!
,
Sep 12 2017
Adding RB Label as this is a recent Regression. Please remove if not required. Providing Stack Trace for the Crash ID -- 841cd6b4ccb204bb. Stack Trace :: ============== Thread 0 (id: 3180) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 ] MAGIC SIGNATURE THREAD Stack Quality100%Show frame trust levels 0x000007fed09965e7 (chrome_child.dll -render_widget.cc:2013 ) content::RenderWidget::OnOrientationChange() 0x000007fed09974a6 (chrome_child.dll -render_widget.cc:1331 ) content::RenderWidget::Resize(content::ResizeParams const &) 0x000007fed09f03ca (chrome_child.dll -render_widget_screen_metrics_emulator.cc:138 ) content::RenderWidgetScreenMetricsEmulator::Apply() 0x000007fed099581f (chrome_child.dll -render_widget.cc:777 ) content::RenderWidget::OnEnableDeviceEmulation(blink::WebDeviceEmulationParams const &) 0x000007fed098f26e (chrome_child.dll -ipc_message_templates.h:146 ) IPC::MessageT<ViewMsg_EnableDeviceEmulation_Meta,std::tuple<blink::WebDeviceEmulationParams>,void>::Dispatch<content::RenderWidget,content::RenderWidget,void,void ( content::RenderWidget::*)(blink::WebDeviceEmulationParams const &)>(IPC::Message const *,content::RenderWidget *,content::RenderWidget *,void *,void ( content::RenderWidget::*)(blink::WebDeviceEmulationParams const &)) 0x000007fed0995f73 (chrome_child.dll -render_widget.cc:635 ) content::RenderWidget::OnMessageReceived(IPC::Message const &) 0x000007fed09755e6 (chrome_child.dll -render_view_impl.cc:1197 ) content::RenderViewImpl::OnMessageReceived(IPC::Message const &) 0x000007fed0de511a (chrome_child.dll -message_router.cc:56 ) IPC::MessageRouter::RouteMessage(IPC::Message const &) 0x000007fed0765836 (chrome_child.dll -child_thread_impl.cc:759 ) content::ChildThreadImpl::OnMessageReceived(IPC::Message const &) 0x000007fed014cc8b (chrome_child.dll -ipc_channel_proxy.cc:320 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const &) 0x000007fed014bac1 (chrome_child.dll -bind_internal.h:349 ) base::internal::Invoker<base::internal::BindState<void ( IPC::ChannelProxy::Context::*)(IPC::Message const &),scoped_refptr<IPC::ChannelProxy::Context>,IPC::Message>,void >::RunImpl<void ( IPC::ChannelProxy::Context::*const &)(IPC::Message const &),std::tuple<scoped_refptr<IPC::ChannelProxy::Context>,IPC::Message> const &,0,1>(void ( IPC::ChannelProxy::Context::*const &)(IPC::Message const &),std::tuple<scoped_refptr<IPC::ChannelProxy::Context>,IPC::Message> const &,std::integer_sequence<unsigned __int64,0,1>) 0x000007feceb8c234 (chrome_child.dll -task_annotator.cc:61 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x000007fecff2b9e0 (chrome_child.dll -task_queue_manager.cc:515 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,bool,blink::scheduler::LazyNow,base::TimeTicks *) 0x000007fecff2ab7f (chrome_child.dll -task_queue_manager.cc:312 ) blink::scheduler::TaskQueueManager::DoWork(bool) 0x000007fecfcb0adc (chrome_child.dll -bind_internal.h:297 ) base::internal::InvokeHelper<1,void>::MakeItSo<void ( media::VideoRendererImpl::*const &)(bool),base::WeakPtr<media::VideoRendererImpl> const &,bool>(void ( media::VideoRendererImpl::*const &)(bool),base::WeakPtr<media::VideoRendererImpl> const &,bool &&) 0x000007fecff296f7 (chrome_child.dll -bind_internal.h:349 ) base::internal::Invoker<base::internal::BindState<void ( blink::scheduler::TaskQueueManager::*)(bool),base::WeakPtr<blink::scheduler::TaskQueueManager>,bool>,void >::RunImpl<void ( blink::scheduler::TaskQueueManager::*const &)(bool),std::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>,bool> const &,0,1>(void ( blink::scheduler::TaskQueueManager::*const &)(bool),std::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>,bool> const &,std::integer_sequence<unsigned __int64,0,1>) 0x000007feceb8c234 (chrome_child.dll -task_annotator.cc:61 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x000007feceb5a772 (chrome_child.dll -message_loop.cc:406 ) base::MessageLoop::RunTask(base::PendingTask *) 0x000007feceb5b102 (chrome_child.dll -message_loop.cc:524 ) base::MessageLoop::DoWork() 0x000007fecebab8f0 (chrome_child.dll -message_pump_default.cc:33 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x000007feceb72108 (chrome_child.dll -run_loop.cc:123 ) base::RunLoop::Run() 0x000007fed097755f (chrome_child.dll -renderer_main.cc:220 ) content::RendererMain(content::MainFunctionParams const &) 0x000007fed00466be (chrome_child.dll -content_main_runner.cc:425 ) content::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *) 0x000007fed0046509 (chrome_child.dll -content_main_runner.cc:703 ) content::ContentMainRunnerImpl::Run() 0x000007fed004d31d (chrome_child.dll -main.cc:469 ) service_manager::Main(service_manager::MainParams const &) 0x000007fed0045d67 (chrome_child.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x000007fecfb36bbd (chrome_child.dll -chrome_main.cc:122 ) ChromeMain 0x000000013f89dd12 (chrome.exe -main_dll_loader_win.cc:199 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x000000013f89cc9a (chrome.exe -chrome_exe_main_win.cc:275 ) wWinMain 0x000000013f8cf302 (chrome.exe -exe_common.inl:253 ) __scrt_common_main_seh 0x774e59cc (kernel32.dll + 0x000159cc ) BaseThreadInitThunk 0x7787b980 (ntdll.dll + 0x0002b980 ) RtlUserThreadStart Thank You.
,
Sep 12 2017
This is most likely related to issue 764202 . This is a browser crash looking at the video in the report; however, the crash in #3 is actually a renderer-side crash. In any case, I'm investigating.
,
Sep 13 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0b409c439665e83096af5cbc6ae6edc0bb67467b commit 0b409c439665e83096af5cbc6ae6edc0bb67467b Author: Alex Moshchuk <alexmos@chromium.org> Date: Wed Sep 13 02:09:00 2017 Don't try to send screen orientation change events to provisional frames DevTools audits trigger a ViewMsg_EnableDeviceEmulation on a pending RenderFrameHost (see EmulationHandler::UpdateDeviceEmulationState, via RenderFrameDevToolsAgentHost::AboutToNavigateRenderFrame), which is processed by the frame's widget (WebViewFrameWidget) before the frame commits. In that state, RenderWidget::OnOrientationChange crashed, because even though IsWebFrameWidget() was true for this widget, WebViewFrameWidget::LocalRoot() returned null, since the frame wasn't swapped into the tree yet. The LocalRoot() was then used to send screen orientation change events. It doesn't make sense to fire events on a frame that hasn't committed and isn't in the frame tree yet, so work around this by null-checking LocalRoot(). Bug: 764202 , 764206 Change-Id: I26c1c9ce938abb7b18757b88356559a30aa08fec Reviewed-on: https://chromium-review.googlesource.com/662904 Commit-Queue: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Cr-Commit-Position: refs/heads/master@{#501517} [modify] https://crrev.com/0b409c439665e83096af5cbc6ae6edc0bb67467b/content/browser/screen_orientation/screen_orientation_browsertest.cc [modify] https://crrev.com/0b409c439665e83096af5cbc6ae6edc0bb67467b/content/renderer/render_widget.cc
,
Sep 15 2017
Issue 765546 has been merged into this issue.
,
Sep 18 2017
The duped Issue 765546 in comment#6 is still reproducible on latest M63-63.0.3218.0 on Ubuntu 14.04 with crash IDs: 1515d025b0a6fdf6 , 07daa87863b80d2d
,
Sep 19 2017
Update : Retested above issue in latest chrome canary #63.0.3219.0 on Windows(7,8,10) & Linux(14.04 LTS) OS and issue seems fixed. Now 'Audits' process terminates on clicking 'Cancel' button without crashing the entire browser, hence adding TE-Verified labels. Kindly review an attached screen cast. Thank you!
,
Sep 20 2017
I've also tested this on Mac canary 63.0.3219.0, which includes the fix in r502651, and didn't see this crash anymore, so I'll mark this as fixed. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by avsha...@etouch.net
, Sep 12 20171.6 MB
1.6 MB View Download