New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 777323 link

Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Closed: Oct 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Regression: Browser gets crashed after navigating to chrome://interventions-internals in 'Guest' mode.

Reported by db...@etouch.net, Oct 23 2017

Issue description

Chrome Version: 64.0.3247.0 f82a02e15b3f72736818cbc449df901b90622ecd-refs/heads/master@{#510691}(32/64 bit)
OS: Windows (7,8,8.1,10),Linux (14.04 LTS),Mac OS X(10.12.6)

What steps will reproduce the problem?
(1) Launch chrome switch to Guest mode and navigate to chrome://interventions-internals/
(2) Observe

Actual: Browser gets crashed
Crash Id: Uploaded Crash Report ID be4e07f815206c6f (Local Crash ID: 59506d24-7195-4d8e-bf35-6d6696af7f1f)

Expected: Browser should not crash.

This is a regression issue, broken in 'M63', will soon update the other info:

Good Build: 63.0.3236.0
Bad Build: 63.0.3238.0

 
Actual_Crash.mov
6.6 MB Download
Stack trace for the Crash ID provided:

CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000008 ] MAGIC SIGNATURE THREAD
Stack Quality73%Show frame trust levels
0x000000010529439b	(Google Chrome Framework -memory:2519 )	InterventionsInternalsUI::InterventionsInternalsUI(content::WebUI*)
0x00000001052839f1	(Google Chrome Framework -chrome_web_ui_controller_factory.cc:224 )	content::WebUIController* (anonymous namespace)::NewWebUI<InterventionsInternalsUI>(content::WebUI*, GURL const&)
0x0000000101c1b583	(Google Chrome Framework -web_ui_controller_factory_registry.cc:45 )	content::WebUIControllerFactoryRegistry::CreateWebUIControllerForURL(content::WebUI*, GURL const&) const
0x0000000101c077d2	(Google Chrome Framework -web_contents_impl.cc:5757 )	content::WebContentsImpl::CreateWebUI(GURL const&)
0x0000000101c07861	(Google Chrome Framework -web_contents_impl.cc:5494 )	non-virtual thunk to content::WebContentsImpl::CreateWebUIForRenderFrameHost(GURL const&)
0x000000010197b759	(Google Chrome Framework -render_frame_host_impl.cc:3550 )	content::RenderFrameHostImpl::UpdatePendingWebUI(GURL const&, int)
0x0000000101989ac4	(Google Chrome Framework -render_frame_host_manager.cc:2438 )	content::RenderFrameHostManager::GetFrameHostForNavigation(content::NavigationRequest const&)
0x00000001019898d0	(Google Chrome Framework -render_frame_host_manager.cc:690 )	content::RenderFrameHostManager::DidCreateNavigationRequest(content::NavigationRequest*)
0x0000000101943db7	(Google Chrome Framework -frame_tree_node.cc:467 )	content::FrameTreeNode::CreatedNavigationRequest(std::__1::unique_ptr<content::NavigationRequest, std::__1::default_delete<content::NavigationRequest> >)
0x0000000101961e7b	(Google Chrome Framework -navigator_impl.cc:1192 )	content::NavigatorImpl::RequestNavigation(content::FrameTreeNode*, GURL const&, content::Referrer const&, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, content::ReloadType, int, bool, bool, scoped_refptr<content::ResourceRequestBody> const&, base::TimeTicks)
0x0000000101961498	(Google Chrome Framework -navigator_impl.cc:375 )	content::NavigatorImpl::NavigateToEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::NavigationEntryImpl const&, content::ReloadType, bool, bool, bool, scoped_refptr<content::ResourceRequestBody> const&)
0x0000000101962053	(Google Chrome Framework -navigator_impl.cc:496 )	content::NavigatorImpl::NavigateToPendingEntry(content::FrameTreeNode*, content::FrameNavigationEntry const&, content::ReloadType, bool)
0x0000000101950916	(Google Chrome Framework -navigation_controller_impl.cc:2114 )	content::NavigationControllerImpl::NavigateToPendingEntryInternal(content::ReloadType)
0x000000010194cb21	(Google Chrome Framework -navigation_controller_impl.cc:2071 )	content::NavigationControllerImpl::NavigateToPendingEntry(content::ReloadType)
0x000000010194d8f2	(Google Chrome Framework -navigation_controller_impl.cc:474 )	content::NavigationControllerImpl::LoadURLWithParams(content::NavigationController::LoadURLParams const&)
0x00000001052d2514	(Google Chrome Framework -browser_navigator.cc:287 )	(anonymous namespace)::LoadURLInContents(content::WebContents*, GURL const&, chrome::NavigateParams*)
0x00000001052d20ab	(Google Chrome Framework -browser_navigator.cc:558 )	chrome::Navigate(chrome::NavigateParams*)
0x00000001052c5326	(Google Chrome Framework -browser.cc:1475 )	Browser::OpenURLFromTab(content::WebContents*, content::OpenURLParams const&)
0x0000000101bfed3f	(Google Chrome Framework -web_contents_impl.cc:2945 )	content::WebContentsImpl::OpenURL(content::OpenURLParams const&)
0x0000000101962b07	(Google Chrome Framework -navigator_impl.cc:793 )	content::NavigatorImpl::RequestOpenURL(content::RenderFrameHostImpl*, GURL const&, bool, scoped_refptr<content::ResourceRequestBody> const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, content::Referrer const&, WindowOpenDisposition, bool, bool, bool, blink::WebTriggeringEventInfo)
0x000000010196a04a	(Google Chrome Framework -render_frame_host_impl.cc:1392 )	content::RenderFrameHostImpl::OnOpenURL(FrameHostMsg_OpenURL_Params const&)
0x0000000101969e2d	(Google Chrome Framework -tuple.h:52 )	bool IPC::MessageT<FrameHostMsg_OpenURL_Meta, std::__1::tuple<FrameHostMsg_OpenURL_Params>, void>::Dispatch<content::RenderFrameHostImpl, content::RenderFrameHostImpl, void, void (content::RenderFrameHostImpl::*)(FrameHostMsg_OpenURL_Params const&)>(IPC::Message const*, content::RenderFrameHostImpl*, content::RenderFrameHostImpl*, void*, void (content::RenderFrameHostImpl::*)(FrameHostMsg_OpenURL_Params const&))
0x0000000101967ae9	(Google Chrome Framework -render_frame_host_impl.cc:880 )	content::RenderFrameHostImpl::OnMessageReceived(IPC::Message const&)
0x00000001030a6faa	(Google Chrome Framework -ipc_channel_proxy.cc:320 )	IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&)
0x0000000102d699eb	(Google Chrome Framework -callback.h:64 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x0000000102d8e5a3	(Google Chrome Framework -message_loop.cc:392 )	base::MessageLoop::RunTask(base::PendingTask*)
0x0000000102d8eaa8	(Google Chrome Framework -message_loop.cc:404 )	base::MessageLoop::DoWork()
0x0000000102d908d9	(Google Chrome Framework -message_pump_mac.mm:452 )	base::MessagePumpCFRunLoopBase::RunWork()
0x0000000102d81bc9	(Google Chrome Framework + 0x01c6ebc9 )	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000102d901fe	(Google Chrome Framework -message_pump_mac.mm:428 )	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fff8b37e7e0	(CoreFoundation + 0x000aa7e0 )	
0x00007fff8b35df0b	(CoreFoundation + 0x00089f0b )	
0x00007fff8b35d42e	(CoreFoundation + 0x0008942e )	
0x00007fff8b35ce27	(CoreFoundation + 0x00088e27 )	
0x00007fff99353934	(HIToolbox + 0x00030934 )	RunCurrentEventLoopInMode
0x00007fff9935376e	(HIToolbox + 0x0003076e )	ReceiveNextEventCommon
0x00007fff993535ae	(HIToolbox + 0x000305ae )	_BlockUntilNextEventMatchingListInModeWithFilter
0x00007fff95131df5	(AppKit + 0x00048df5 )	_DPSNextEvent
0x00007fff95131225	(AppKit + 0x00048225 )	-[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
0x00000001029d7e4f	(Google Chrome Framework -chrome_browser_application_mac.mm:187 )	__71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke
0x0000000102d81bc9	(Google Chrome Framework + 0x01c6ebc9 )	base::mac::CallWithEHFrame(void () block_pointer)
0x00000001029d7d93	(Google Chrome Framework -chrome_browser_application_mac.mm:186 )	-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
0x00007fff95125d7f	(AppKit + 0x0003cd7f )	-[NSApplication run]
0x0000000102d91196	(Google Chrome Framework -message_pump_mac.mm:804 )	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x0000000102d8fd1d	(Google Chrome Framework -message_pump_mac.mm:179 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000102db2879	(Google Chrome Framework -run_loop.cc:118 )	<name omitted>
0x00000001029dd727	(Google Chrome Framework -chrome_browser_main.cc:1900 )	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x000000010183c803	(Google Chrome Framework -browser_main_loop.cc:1206 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x000000010183f071	(Google Chrome Framework -browser_main_runner.cc:140 )	content::BrowserMainRunnerImpl::Run()
0x0000000101838e8b	(Google Chrome Framework -browser_main.cc:46 )	content::BrowserMain(content::MainFunctionParams const&)
0x000000010299279e	(Google Chrome Framework -content_main_runner.cc:707 )	content::ContentMainRunnerImpl::Run()
0x0000000104167077	(Google Chrome Framework -main.cc:456 )	service_manager::Main(service_manager::MainParams const&)
0x0000000102991d53	(Google Chrome Framework -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const&)
0x000000010111646e	(Google Chrome Framework -chrome_main.cc:123 )	ChromeMain
0x0000000100eaedd3	(Google Chrome -chrome_exe_main_mac.cc:165 )	main
0x00007fff9c9785ac	(libdyld.dylib + 0x000035ac )	
Labels: -M-64 M-63

Comment 3 by db...@etouch.net, Oct 23 2017

Labels: hasbisect-per-revision
Owner: thanhdle@chromium.org
Status: Assigned (was: Unconfirmed)
You are probably looking for a change made after 508089 (known good), but no later than 508090 (first known bad).

CHANGELOG URL:
The script might not always return single CL as suspect as some perf builds might get missing due to failure.

https://chromium.googlesource.com/chromium/src/+log/bbe776a20641c354b23e9d79c14c7a2392ec86e1..c52018d4a712ff7f74d920f2c5271947c4e80d22

Suspecting: https://chromium.googlesource.com/chromium/src/+/c52018d4a712ff7f74d920f2c5271947c4e80d22
Labels: ReleaseBlock-Stable
Tagging with blocker label, please undo if not the case.
Project Member

Comment 5 by bugdroid1@chromium.org, Oct 25 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c489f2c7dca913aa85f6cd3a8d23419086c8df59

commit c489f2c7dca913aa85f6cd3a8d23419086c8df59
Author: Thanh Le <thanhdle@chromium.org>
Date: Wed Oct 25 05:00:31 2017

Fix crash in 'Guest mode' when navigate to chrome://interventions-internals.

Check for PreviewsService before initialize sources, display error
message saying that the page is not supported in 'Guest Mode'.

Screenshot: https://drive.google.com/open?id=0B_MBksOU85S3ZVRZWGNJd2ZJVnc

Bug:  777323 
Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation
Change-Id: I5c4a6dc40381d600d4d017d58e9fb85516df8f9c
Reviewed-on: https://chromium-review.googlesource.com/733853
Commit-Queue: Thanh Le <thanhdle@chromium.org>
Reviewed-by: Tarun Bansal <tbansal@chromium.org>
Reviewed-by: Tim Sergeant <tsergeant@chromium.org>
Reviewed-by: Ryan Sturm <ryansturm@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511375}
[modify] https://crrev.com/c489f2c7dca913aa85f6cd3a8d23419086c8df59/chrome/browser/browser_resources.grd
[modify] https://crrev.com/c489f2c7dca913aa85f6cd3a8d23419086c8df59/chrome/browser/resources/interventions_internals/index.css
[add] https://crrev.com/c489f2c7dca913aa85f6cd3a8d23419086c8df59/chrome/browser/resources/interventions_internals/unsupported_page.html
[modify] https://crrev.com/c489f2c7dca913aa85f6cd3a8d23419086c8df59/chrome/browser/ui/webui/interventions_internals/interventions_internals_ui.cc

Status: Fixed (was: Assigned)
Labels: Merge-TBD
[Auto-generated comment by a script] We noticed that this issue is targeted for M-63; it appears the fix may have landed after branch point, meaning a merge might be required. Please confirm if a merge is required here - if so add Merge-Request-63 label, otherwise remove Merge-TBD label. Thanks.
Labels: Merge-Request-63
Owner: ryansturm@chromium.org
Status: Started (was: Fixed)
Requesting merge for 63, since this can crash there.
Cc: ryansturm@chromium.org thanhdle@chromium.org
 Issue 778285  has been merged into this issue.
Labels: -Merge-TBD
Project Member

Comment 11 by sheriffbot@chromium.org, Oct 26 2017

Labels: -Merge-Request-63 Merge-Review-63 Hotlist-Merge-Review
This bug requires manual review: There is .grd file changes and we are only 39 days from stable.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), gkihumba@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 12 by db...@etouch.net, Oct 26 2017

Labels: TE-Verified-M64 TE-Verified-64.0.3250.0
Just to update:

Above issue is fixed on Latest canary build 64.0.3250.0
Labels: -Merge-Review-63 Merge-Approved-63
Approving merge to M63 branch 3239 as this is M63 regression and marked as "RBS". Please merge to M63 branch ASAP as it includes .grd file change and we need to submit string for translation.
Will merge today. Thanks you.
Project Member

Comment 15 by bugdroid1@chromium.org, Oct 26 2017

Labels: -merge-approved-63 merge-merged-3239
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/01fc89481452edc1577da79f7df4901f575c6179

commit 01fc89481452edc1577da79f7df4901f575c6179
Author: Thanh Le <thanhdle@chromium.org>
Date: Thu Oct 26 20:08:21 2017

Fix crash in 'Guest mode' when navigate to chrome://interventions-internals.

Check for PreviewsService before initialize sources, display error
message saying that the page is not supported in 'Guest Mode'.

Screenshot: https://drive.google.com/open?id=0B_MBksOU85S3ZVRZWGNJd2ZJVnc

Bug:  777323 
Cq-Include-Trybots: master.tryserver.chromium.linux:closure_compilation
Change-Id: I5c4a6dc40381d600d4d017d58e9fb85516df8f9c
Reviewed-on: https://chromium-review.googlesource.com/733853
Commit-Queue: Thanh Le <thanhdle@chromium.org>
Reviewed-by: Tarun Bansal <tbansal@chromium.org>
Reviewed-by: Tim Sergeant <tsergeant@chromium.org>
Reviewed-by: Ryan Sturm <ryansturm@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#511375}(cherry picked from commit c489f2c7dca913aa85f6cd3a8d23419086c8df59)
Reviewed-on: https://chromium-review.googlesource.com/739763
Cr-Commit-Position: refs/branch-heads/3239@{#248}
Cr-Branched-From: adb61db19020ed8ecee5e91b1a0ea4c924ae2988-refs/heads/master@{#508578}
[modify] https://crrev.com/01fc89481452edc1577da79f7df4901f575c6179/chrome/browser/browser_resources.grd
[modify] https://crrev.com/01fc89481452edc1577da79f7df4901f575c6179/chrome/browser/resources/interventions_internals/index.css
[add] https://crrev.com/01fc89481452edc1577da79f7df4901f575c6179/chrome/browser/resources/interventions_internals/unsupported_page.html
[modify] https://crrev.com/01fc89481452edc1577da79f7df4901f575c6179/chrome/browser/ui/webui/interventions_internals/interventions_internals_ui.cc

Status: Fixed (was: Started)

Comment 17 by db...@etouch.net, Nov 1 2017

Labels: TE-Verified-M63 TE-Verified-63.0.3239.30
Just to update:
Retested above issue on Windows(7,8,10), Mac(10.12.6) & Linux (14.04 LTS) OS using Beta #63.0.3239.30 build and issue is fixed. Kindly review an attached video.
Actual_Fix.mov
1.5 MB Download

Sign in to add a comment