Updated link will all Chrome versions and filtering by 'TaskQueueManager::OnExitNestedRunLoop': https://goto.google.com/djdiw

The crashes started around Jan 6, therefore suspecting https://chromium-review.googlesource.com/817595.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e803632e9b6c578015ef112babf8c3fc515d527b

commit e803632e9b6c578015ef112babf8c3fc515d527b
Author: Alexander Timin <altimin@chromium.org>
Date: Thu Feb 01 11:56:00 2018

[scheduler] Fix crash involving fences and non-nestable tasks.

When a non-nestable task is posted inside a nested message loop and a
queue blocked by fence subsequently that means that a blocked queue
will have work posted before inserting a fence and will become unblocked.

Check for this case to correctly notify WorkQueueSets about this
situation (OnTaskPushedToEmptyQueue instead of OnFrontTaskChanged).

R=alexclarke@chromium.org
BUG= 807297 

Change-Id: I66acf84003da655771b4f7a44f77b519ce72170b
Reviewed-on: https://chromium-review.googlesource.com/895587
Commit-Queue: Alexander Timin <altimin@chromium.org>
Reviewed-by: Alex Clarke <alexclarke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#533642}
[modify] https://crrev.com/e803632e9b6c578015ef112babf8c3fc515d527b/third_party/WebKit/Source/platform/scheduler/base/task_queue_manager_unittest.cc
[modify] https://crrev.com/e803632e9b6c578015ef112babf8c3fc515d527b/third_party/WebKit/Source/platform/scheduler/base/work_queue.cc

Users experienced this crash on the following builds:

Win Dev 65.0.3325.31 -  0.11 CPM, 42 reports, 41 clients (signature blink::scheduler::IntrusiveHeap<blink::scheduler::internal::WorkQueueSets::OldestTaskEnqueueOrder>::MoveHoleDownAndFillWithLeafElement)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Still crash instances are observed on chrome latest beta #65.0.3325.51 with 128 instances. As per the below link observing continuous crashes on latest M65. Currently this crash is ranked as number #30 under renderer process for windows platform. As of no crash instances are seen on market dev and canary builds. Last crash is seen on #66.0.3336.6 with 1 instance. 

Link to list of the builds:
----------------------------
https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20%20AND%20expanded_custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3Ascheduler%3A%3AIntrusiveHeap%3Cblink%3A%3Ascheduler%3A%3Ainternal%3A%3AWorkQueueSets%3A%3AOldestTaskEnqueueOrder%3E%3A%3AMoveHoleDownAndFillWithLeafElement%27#-samplereports,productversion:1000,-magicsignature:50,-magicsignature2:50,-stablesignature:50,-magicsignaturesorted:50

alexclarke@ Could you please take a look in to this issue?

Thanks!

There are no crashes on canary since 66.0.3336.6, so we just need to merge the fix back to M65.

This bug requires manual review: M65 has already been promoted to the beta branch, so this requires manual review
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), bhthompson@(ChromeOS), govind@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Before we approve merge to M65, could you pls confirm followings?

Is the change well baked/verified in Canary, having enough automation tests coverage and safe to merge?
Any other imp details to justify the merge.

Please note M65 is already promoted to Beta so merge bar is very high. Thank you.

Re 7: Yes, it's been in Canary for 2 weeks, has test coverage and the number of crashes went down.

Approving merge to M65 branch 3325 based on comment #8. Please merge ASAP so we can pick it up for next week beta release. Thank you.

This issue has been approved for a merge. Please merge the fix to any appropriate branches as soon as possible!

If all merges have been completed, please remove any remaining Merge-Approved labels from this issue.

Thanks for your time! To disable nags, add the Disable-Nags label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/586ef45901b422fcf8e89600a1ad00024679223c

commit 586ef45901b422fcf8e89600a1ad00024679223c
Author: Alexander Timin <altimin@chromium.org>
Date: Tue Feb 20 17:58:38 2018

[scheduler] Fix crash involving fences and non-nestable tasks.

When a non-nestable task is posted inside a nested message loop and a
queue blocked by fence subsequently that means that a blocked queue
will have work posted before inserting a fence and will become unblocked.

Check for this case to correctly notify WorkQueueSets about this
situation (OnTaskPushedToEmptyQueue instead of OnFrontTaskChanged).

R=alexclarke@chromium.org
TBR=altimin@chromium.org
BUG= 807297 

(cherry picked from commit e803632e9b6c578015ef112babf8c3fc515d527b)

Change-Id: I66acf84003da655771b4f7a44f77b519ce72170b
Reviewed-on: https://chromium-review.googlesource.com/895587
Commit-Queue: Alexander Timin <altimin@chromium.org>
Reviewed-by: Alex Clarke <alexclarke@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#533642}
Reviewed-on: https://chromium-review.googlesource.com/926941
Reviewed-by: Alexander Timin <altimin@chromium.org>
Cr-Commit-Position: refs/branch-heads/3325@{#507}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/586ef45901b422fcf8e89600a1ad00024679223c/third_party/WebKit/Source/platform/scheduler/base/task_queue_manager_unittest.cc
[modify] https://crrev.com/586ef45901b422fcf8e89600a1ad00024679223c/third_party/WebKit/Source/platform/scheduler/base/work_queue.cc