Crash on zoom controller related to a Guest WebView |
|||
Issue descriptionChrome Version: ToT OS: Win10, Linux What steps will reproduce the problem? (1) In a new Chrome profile, navigate to chrome://chrome-signin/?access_point=6&reason=0&constrained=1 (Note the entire URL is important, do not use autocomplete for the URL) (2) Sign in with any Google account (3) On the sync confirmation dialog, click OK, got it Result: Crash: Received signal 11 <unknown> 000000000000 #0 0x7fb5b75f3efd base::debug::StackTrace::StackTrace() #1 0x7fb5b75f232c base::debug::StackTrace::StackTrace() #2 0x7fb5b75f38b5 base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7fb5b7b8f330 <unknown> #4 0x001c989e12d7 zoom::ZoomController::UpdateState() #5 0x001c989e3282 zoom::ZoomController::DidFinishNavigation() #6 0x7fb5b26de41a content::WebContentsImpl::DidFinishNavigation() #7 0x7fb5b1e0ef39 content::NavigationHandleImpl::~NavigationHandleImpl() #8 0x7fb5b1e0fdc9 content::NavigationHandleImpl::~NavigationHandleImpl() #9 0x7fb5b1e32807 content::NavigatorImpl::DidNavigate() #10 0x7fb5b1e4f6ab content::RenderFrameHostImpl::DidCommitProvisionalLoad() #11 0x7fb5b0d7857f content::mojom::FrameHostStubDispatch::Accept() #12 0x7fb5b1e79443 content::mojom::FrameHostStub<>::Accept() #13 0x7fb5b5bd018b mojo::InterfaceEndpointClient::HandleValidatedMessage() #14 0x7fb5b5bcec81 mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept() #15 0x7fb5b5bcd2fc mojo::FilterChain::Accept() #16 0x7fb5b5bd2dc1 mojo::InterfaceEndpointClient::HandleIncomingMessage() #17 0x7fb5b5a6b325 IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnProxyThread() #18 0x7fb5b5a6244a _ZN4base8internal13FunctorTraitsIMN3IPC12_GLOBAL__N_132ChannelAssociatedGroupControllerEFvN4mojo7MessageEEvE6InvokeIRK13scoped_refptrIS4_EJS6_EEEvS8_OT_DpOT0_ #19 0x7fb5b5a6230f _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN3IPC12_GLOBAL__N_132ChannelAssociatedGroupControllerEFvN4mojo7MessageEEJRK13scoped_refptrIS6_ES8_EEEvOT_DpOT0_ #20 0x7fb5b5a6227f _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12_GLOBAL__N_132ChannelAssociatedGroupControllerEFvN4mojo7MessageEEJ13scoped_refptrIS5_ENS0_13PassedWrapperIS7_EEEEEFvvEE7RunImplIRKS9_RKNSt3__15tupleIJSB_SD_EEEJLm0ELm1EEEEvOT_OT0_NSK_16integer_sequenceImJXspT1_EEEE #21 0x7fb5b5a6213c _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12_GLOBAL__N_132ChannelAssociatedGroupControllerEFvN4mojo7MessageEEJ13scoped_refptrIS5_ENS0_13PassedWrapperIS7_EEEEEFvvEE3RunEPNS0_13BindStateBaseE #22 0x7fb5b75a2fb1 _ZNO4base12OnceCallbackIFvvEE3RunEv #23 0x7fb5b75f81fa base::debug::TaskAnnotator::RunTask() #24 0x7fb5b7697ae5 base::internal::IncomingTaskQueue::RunTask() #25 0x7fb5b76a0a1e base::MessageLoop::RunTask() #26 0x7fb5b76a0cc6 base::MessageLoop::DeferOrRunPendingTask() #27 0x7fb5b76a1010 base::MessageLoop::DoWork() #28 0x7fb5b76a46ec base::MessagePumpGlib::HandleDispatch() #29 0x7fb5b76a4e91 base::(anonymous namespace)::WorkSourceDispatch() #30 0x7fb5a05fbe04 g_main_context_dispatch #31 0x7fb5a05fc048 <unknown> #32 0x7fb5a05fc0ec g_main_context_iteration #33 0x7fb5b76a47ef base::MessagePumpGlib::Run() #34 0x7fb5b76a01bc base::MessageLoop::Run() #35 0x7fb5b7749b5b base::RunLoop::Run() #36 0x001c96a617fd ChromeBrowserMainParts::MainMessageLoopRun() #37 0x7fb5b1a21d16 content::BrowserMainLoop::RunMainMessageLoopParts() #38 0x7fb5b1a2a5ff content::BrowserMainRunnerImpl::Run() #39 0x7fb5b1a15eeb content::BrowserMain() #40 0x7fb5b3512a64 content::RunNamedProcessTypeMain() #41 0x7fb5b3515622 content::ContentMainRunnerImpl::Run() #42 0x7fb5b351023d content::ContentServiceManagerMainDelegate::RunEmbedderProcess() #43 0x7fb5b7e5b7f5 service_manager::Main() #44 0x7fb5b35118bf content::ContentMain() #45 0x001c9531f22e ChromeMain #46 0x001c9531f142 main #47 0x7fb59df8cf45 __libc_start_main #48 0x001c9531f029 <unknown> r8: 0000000000000000 r9: 00007fff4eae7de0 r10: fffffffffffffe20 r11: 00007fb59e0f5110 r12: 00003d558febf980 r13: 0000000000000000 r14: 00007fb5b76a4e70 r15: 00003d559052a8e0 di: 00003d55939640d8 si: 00007fff4eae88b0 bp: 00007fff4eae8c50 bx: 0000000000000000 dx: d0ded4d59614b600 ax: 3636363636363636 cx: d0ded4d59614b600 sp: 00007fff4eae8770 ip: 0000001c989e12d7 efl: 0000000000010206 cgf: 0100000000000033 erf: 0000000000000000 trp: 000000000000000d msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace] Note: This is blocking the removal of the usage of the programmatic_auth endpoint (see https://bugs.chromium.org/p/chromium/issues/detail?id=775009), which must be ready for Chrome M64. Thus I am marking this bug as P1.
,
Oct 30 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/133744fb0d69f642e5567043187ec967a262a648 commit 133744fb0d69f642e5567043187ec967a262a648 Author: Mihai Sardarescu <msarda@chromium.org> Date: Mon Oct 30 09:54:24 2017 Always remove the GuestView from observing zoom events It looks like in some cases, WebViewGuest does not remove itselfs from the observers of the embedded zoom controller. This leads to a crash (see attached bug). This CL always removes the WebViewGuest from the observers of the embedded zoom controller (removing an observer that is not present in an observer list is a no-op). Bug: 779059 Change-Id: I12e828b7d90e172653f8be457517db6809803c67 Reviewed-on: https://chromium-review.googlesource.com/741714 Commit-Queue: Mihai Sardarescu <msarda@chromium.org> Reviewed-by: James MacLean <wjmaclean@chromium.org> Cr-Commit-Position: refs/heads/master@{#512462} [modify] https://crrev.com/133744fb0d69f642e5567043187ec967a262a648/components/guest_view/browser/guest_view_base.cc
,
Oct 30 2017
,
Oct 31 2017
Verified the issue on windows 10 , ubuntu 14.04 and Mac OS 10.12.6 using chrome M64 #64.0.3254.0 and issue is fixed. No crash is seen on syncing the profile after signing into chrome. Adding TE-Verified labels. Thanks! |
|||
►
Sign in to add a comment |
|||
Comment 1 by msarda@chromium.org
, Oct 27 2017