Regression : Browser crash is observe after clicking on 'Ok,Got it' button.
Reported by
vineetha...@etouch.net,
Oct 5 2017
|
||||||||||||||
Issue descriptionSteps to reproduce: 1.Launch chrome, sign in to chrome with valid credentials. 2. Click on the 'Ok,Got it' button,observe Actual Result : Browser crash is observe after clicking on 'Ok,Got it' button Expected Result : Browser shouldn't crash after clicking on 'Ok,Got it' button Crash ID : Uploaded Crash Report ID 763a39c248ede91e (Local Crash ID: Chrome) This is a regression issue broken in ‘M-63’ and will soon update other info Good build : 63.0.3232.0 Bad build : 63.0.3233.0
,
Oct 5 2017
This is a regression issue broken in ‘M-63’ and using the per-revision bisect providing the bisect results, Good build : 63.0.3232.0 (Revision : 506257) Bad build : 63.0.3233.0 (Revision : 506599) You are probably looking for a change made after 506570 (known good), but no later than 506571 (first known bad). CHANGELOG URL: The script might not always return single CL as suspect as some perf builds might get missing due to failure. https://chromium.googlesource.com/chromium/src/+log/b861eb3cfc6a6a97d3a0f3d74464ac71ba88e97a..47979a379875353b08f4e70ece65a78d7a5187ac Suspect : https://chromium.googlesource.com/chromium/src/+/47979a379875353b08f4e70ece65a78d7a5187ac @meacer : Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner. Note: This issue is also seen in Mac(10.12.6)
,
Oct 5 2017
,
Oct 5 2017
My CL just reenabled a flaky test, it shouldn't cause any changes to production code. I'm unassigning from myself, but in the meanwhile can you please try redoing the bisect?
,
Oct 5 2017
Tagging issue with blocker label, please undo if not the case.
,
Oct 5 2017
Re bisected on different machine and providing the bisect results accordingly: You are probably looking for a change made after 506575 (known good), but no later than 506576 (first known bad). CHANGELOG URL: The script might not always return single CL as suspect as some perf builds might get missing due to failure. https://chromium.googlesource.com/chromium/src/+log/f8a0c12d86a0c33342a669dc93406204e01a99bc..0ff0ce07098193d46000c413a8ef976bc5ee493d Suspect : https://chromium.googlesource.com/chromium/src/+/0ff0ce07098193d46000c413a8ef976bc5ee493d @avi : Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner.
,
Oct 5 2017
Stack trace of the crash id 6bb224e5509cddfe: Thread 0 (id: 282769) CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000020 ] MAGIC SIGNATURE THREAD Stack Quality79%Show frame trust levels 0x00000001090871d4 (Google Chrome Framework -web_contents_modal_dialog_manager.cc:29 ) web_modal::WebContentsModalDialogManager::SetDelegate(web_modal::WebContentsModalDialogManagerDelegate*) 0x0000000109735b58 (Google Chrome Framework -signin_view_controller_delegate.cc:44 ) SigninViewControllerDelegate::~SigninViewControllerDelegate() 0x00000001098489b9 (Google Chrome Framework -signin_view_controller_delegate_mac.mm:65 ) SigninViewControllerDelegateMac::~SigninViewControllerDelegateMac() 0x000000010984d52a (Google Chrome Framework -single_web_contents_dialog_manager_cocoa.mm:62 ) SingleWebContentsDialogManagerCocoa::Close() 0x0000000109735dd2 (Google Chrome Framework -signin_view_controller_delegate.cc:56 ) SigninViewControllerDelegate::PerformNavigation() 0x0000000105f20154 (Google Chrome Framework -callback.h:92 ) content::WebUIImpl::ProcessWebUIMessage(GURL const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, base::ListValue const&) 0x0000000105f1f7c1 (Google Chrome Framework -tuple.h:56 ) bool IPC::MessageT<ViewHostMsg_WebUISend_Meta, std::__1::tuple<GURL, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, base::ListValue>, void>::Dispatch<content::WebUIImpl, content::WebUIImpl, void, void (content::WebUIImpl::*)(GURL const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, base::ListValue const&)>(IPC::Message const*, content::WebUIImpl*, content::WebUIImpl*, void*, void (content::WebUIImpl::*)(GURL const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, base::ListValue const&)) 0x0000000105f1f6e2 (Google Chrome Framework -web_ui_impl.cc:97 ) <name omitted> 0x0000000105ef393f (Google Chrome Framework -web_contents_impl.cc:775 ) content::WebContentsImpl::OnMessageReceived(content::RenderViewHostImpl*, IPC::Message const&) 0x0000000105dfeb22 (Google Chrome Framework -render_view_host_impl.cc:728 ) content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&) 0x0000000105e03936 (Google Chrome Framework -render_widget_host_impl.cc:592 ) content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const&) 0x000000010738178a (Google Chrome Framework -ipc_channel_proxy.cc:320 ) IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) 0x00000001070403cb (Google Chrome Framework -callback.h:64 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00000001070645a3 (Google Chrome Framework -message_loop.cc:406 ) base::MessageLoop::RunTask(base::PendingTask*) 0x0000000107064c47 (Google Chrome Framework -message_loop.cc:417 ) base::MessageLoop::DoWork() 0x0000000107067289 (Google Chrome Framework -message_pump_mac.mm:452 ) base::MessagePumpCFRunLoopBase::RunWork() 0x0000000107058739 (Google Chrome Framework + 0x01b99739 ) base::mac::CallWithEHFrame(void () block_pointer) 0x0000000107066bae (Google Chrome Framework -message_pump_mac.mm:428 ) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fff9fce8320 (CoreFoundation + 0x000a7320 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00007fff9fcc921c (CoreFoundation + 0x0008821c ) __CFRunLoopDoSources0 0x00007fff9fcc8715 (CoreFoundation + 0x00087715 ) __CFRunLoopRun 0x00007fff9fcc8113 (CoreFoundation + 0x00087113 ) CFRunLoopRunSpecific 0x00007fff9f228ebb (HIToolbox + 0x00030ebb ) RunCurrentEventLoopInMode 0x00007fff9f228cf0 (HIToolbox + 0x00030cf0 ) ReceiveNextEventCommon 0x00007fff9f228b25 (HIToolbox + 0x00030b25 ) _BlockUntilNextEventMatchingListInModeWithFilter 0x00007fff9d7c1a53 (AppKit + 0x00046a53 ) _DPSNextEvent 0x00007fff9df3d7ed (AppKit + 0x007c27ed ) -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 0x0000000106ca49ff (Google Chrome Framework -chrome_browser_application_mac.mm:187 ) __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke 0x0000000107058739 (Google Chrome Framework + 0x01b99739 ) base::mac::CallWithEHFrame(void () block_pointer) 0x0000000106ca4943 (Google Chrome Framework -chrome_browser_application_mac.mm:186 ) -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 0x00007fff9d7b63da (AppKit + 0x0003b3da ) -[NSApplication run] 0x0000000107067b46 (Google Chrome Framework -message_pump_mac.mm:801 ) base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) 0x00000001070666cd (Google Chrome Framework -message_pump_mac.mm:179 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x00000001070892b9 (Google Chrome Framework -run_loop.cc:118 ) <name omitted> 0x0000000106caa307 (Google Chrome Framework -chrome_browser_main.cc:1911 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x0000000105b351d3 (Google Chrome Framework -browser_main_loop.cc:1188 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x0000000105b37561 (Google Chrome Framework -browser_main_runner.cc:140 ) content::BrowserMainRunnerImpl::Run() 0x0000000105b3137b (Google Chrome Framework -browser_main.cc:46 ) content::BrowserMain(content::MainFunctionParams const&) 0x0000000106c610b9 (Google Chrome Framework -content_main_runner.cc:704 ) content::ContentMainRunnerImpl::Run() 0x000000010850ce59 (Google Chrome Framework -main.cc:469 ) service_manager::Main(service_manager::MainParams const&) 0x0000000106c60663 (Google Chrome Framework -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x00000001054c2d6e (Google Chrome Framework -chrome_main.cc:123 ) ChromeMain 0x0000000105445dd3 (Google Chrome Canary + 0x00000dd3 ) 0x00007fffb5450234 (libdyld.dylib + 0x00005234 ) start Link to the list of the builds: ================================ https://goto.google.com/lhvyq
,
Oct 5 2017
This is the #1 crash in latest canary- 63.0.3233.0, 90.07% - 136 reports from 136 unique clients. Please have a fix/ revert ASAP.
,
Oct 5 2017
Users experienced this crash on the following builds: Mac Canary 63.0.3233.0 - 116.31 CPM, 77 reports, 73 clients (signature web_modal::WebContentsModalDialogManager::SetDelegate) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Oct 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/96c972ea0b7a98c522ae2c4aaee22a9d324fad38 commit 96c972ea0b7a98c522ae2c4aaee22a9d324fad38 Author: Avi Drissman <avi@chromium.org> Date: Thu Oct 05 18:24:55 2017 Don't call to a possibly-null manager. The SigninViewControllerDelegate, as a modal dialog manager delegate, will outlive the manager. If so, don't call through to a non-existent manager. BUG= 771872 ,771142 TBR=wittman@chromium.org Change-Id: Ia020c026094c3092e4946155d3437c2855951595 Reviewed-on: https://chromium-review.googlesource.com/702515 Reviewed-by: Avi Drissman <avi@chromium.org> Commit-Queue: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/master@{#506794} [modify] https://crrev.com/96c972ea0b7a98c522ae2c4aaee22a9d324fad38/chrome/browser/ui/signin_view_controller_delegate.cc
,
Oct 5 2017
,
Oct 5 2017
,
Oct 5 2017
That should fix it; please verify.
,
Oct 6 2017
Rechecked the above issue on Windows ,Linux and Mac OS with latest Chrome Canary version :63.0.3234.0 and the issue is not reproducible. Kindly refer the attached screen cast for reference.Thank you.
,
Oct 8 2017
Related Issue 772745
,
Oct 8 2017
I think above fix didn't work, as I've a build which includes above commit and it's still crashing. Please check the linked issue for full stacktrace.
,
Oct 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ffc55b2b3676fdc290f8ccfcaa41ebf8be02381b commit ffc55b2b3676fdc290f8ccfcaa41ebf8be02381b Author: Avi Drissman <avi@chromium.org> Date: Thu Oct 12 03:24:19 2017 Don't do work in ~SigninViewControllerDelegate(). It's not clear what the control flow is here, and previous attempts to do the right thing by deregistering in it have yielded crashes. For now, do a partial revert of 0ff0ce07098193d46000c413a8ef976bc5ee493d, keeping the change in WebContentsModalDialogManager::WillClose(). That change should prevent the original crash that this was intended to address. BUG= 772745 , 771872 ,771142 Change-Id: I34fe8615a758fd12e1c8817651937009261d0b08 Reviewed-on: https://chromium-review.googlesource.com/707199 Reviewed-by: Mike Wittman <wittman@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Avi Drissman <avi@chromium.org> Cr-Commit-Position: refs/heads/master@{#508244} [modify] https://crrev.com/ffc55b2b3676fdc290f8ccfcaa41ebf8be02381b/chrome/browser/ui/signin_view_controller_delegate.cc
,
Oct 13 2017
Rechecked the above issue on Windows ,Linux and Mac OS with latest Chrome Canary version :63.0.3239.0 and the issue is not reproducible. Kindly refer the attached screen cast for reference.Thank you. |
||||||||||||||
►
Sign in to add a comment |
||||||||||||||
Comment 1 by vineetha...@etouch.net
, Oct 5 2017