Issue metadata
Sign in to add a comment
|
Regression : YouTube page crashes after running an Audit.
Reported by
avsha...@etouch.net,
Feb 5 2018
|
||||||||||||||||||||||
Issue descriptionChrome Version : 66.0.3340.0 (Official Build) cf4b77e4ccc0da994c6322f71863b0d17bb5c99f-refs/heads/master@{#534315} 32-bit OS : Windows(7,8,8.1,10) What steps will reproduce the problem? 1. Launch chrome, navigate to www.youtube.com and open devtools. 2. Go to ‘Audits’ tab and run the audit. 3. Let the audit process complete and observe the YouTube page. Actual Result : YouTube page crashes after running an Audit. Expected Result : Web page should not crash after running an Audit. Crash ID: ————————— 84680e1687c18410 (Local Crash ID: 9af42290-c5bd-4f2c-a4b8-3480d3c89106) This is a regression issue broken in ‘M-66’ and providing the bisect using old bisect script : Good build : 66.0.3336.0 (Revision: 533410) Bad build : 66.0.3338.0 (Revision: 534242) You are probably looking for a change made after 533607 (known good), but no later than 533614 (first known bad). (Unable to bisect this issue using ‘per-revision’ script since issue is specific to chrome 32-bit builds only, hence providing the bisect using old script) Narrow Bisect URL: https://chromium.googlesource.com/chromium/src/+log/8559af4f67f2900ab4a43a8770dd081a9cbdf3d2..3a4c261bd3ad024718bee0ce877ee3f974a34650?pretty=fuller&n=10000 Suspecting : r533610 @bratell : Could you please look into the issue, pardon me if it has nothing to do with your changes and if possible please assign it to concern owner. Note : 1. This crash is only reproducible on Windows 32-bit Clang builds and same is working fine in Win 64-bit Clang builds. 2. Issue is not reproducible on Mac(10.12.6, 10.13.1, 10.13.3) & Linux(14.04 LTS) OS.
,
Feb 5 2018
Stack Trace for the provided crash id: -------------------------------------- Thread 20 (id: 12808) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x7ff7ffff ] MAGIC SIGNATURE THREAD Stack Quality99%Show frame trust levels 0x610986db (chrome_child.dll -lookup.cc:132 ) v8::internal::LookupIterator::Start<0>() 0x61b9d1a3 (chrome_child.dll -isolate.cc:2073 ) v8::internal::`anonymous namespace'::InternalPromiseHasUserDefinedRejectHandler 0x61b9cf86 (chrome_child.dll -isolate.cc:2055 ) v8::internal::`anonymous namespace'::InternalPromiseHasUserDefinedRejectHandler 0x61b9d1f2 (chrome_child.dll -isolate.cc:2073 ) v8::internal::`anonymous namespace'::InternalPromiseHasUserDefinedRejectHandler 0x61b9ce6e (chrome_child.dll -isolate.cc:2093 ) v8::internal::Isolate::PromiseHasUserDefinedRejectHandler(v8::internal::Handle<v8::internal::Object>) 0x61b0c14e (chrome_child.dll -debug.cc:1653 ) v8::internal::Debug::OnException(v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>) 0x61b0c580 (chrome_child.dll -debug.cc:1599 ) v8::internal::Debug::OnPromiseReject(v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>) 0x61c9d2a7 (chrome_child.dll -runtime-promise.cc:38 ) v8::internal::Runtime_PromiseRejectEventFromStack(int,v8::internal::Object * *,v8::internal::Isolate *) 0x3420615d 0x27f19548 0x3420c71c 0x342126f7 0x34241c0f 0x34224a16 0x34208470 0x61b4c760 (chrome_child.dll -execution.cc:149 ) v8::internal::`anonymous namespace'::Invoke 0x61b4c93c (chrome_child.dll -execution.cc:237 ) v8::internal::Execution::TryCall(v8::internal::Isolate *,v8::internal::Handle<v8::internal::Object>,v8::internal::Handle<v8::internal::Object>,int,v8::internal::Handle<v8::internal::Object> * const,v8::internal::Execution::MessageHandling,v8::internal::MaybeHandle<v8::internal::Object> *,v8::internal::Execution::Target) 0x61b4ca41 (chrome_child.dll -execution.cc:270 ) v8::internal::Execution::RunMicrotasks(v8::internal::Isolate *,v8::internal::Execution::MessageHandling,v8::internal::MaybeHandle<v8::internal::Object> *) 0x60eda46d (chrome_child.dll -isolate.cc:3855 ) v8::internal::Isolate::RunMicrotasks() 0x6118f1d4 (chrome_child.dll -V8ScriptRunner.cpp:772 ) blink::V8ScriptRunner::CallFunction(v8::Local<v8::Function>,blink::ExecutionContext *,v8::Local<v8::Value>,int,v8::Local<v8::Value> * const,v8::Isolate *) 0x63c6a5d8 (chrome_child.dll -V8WorkerOrWorkletEventListener.cpp:83 ) blink::V8WorkerOrWorkletEventListener::CallListenerFunction(blink::ScriptState *,v8::Local<v8::Value>,blink::Event *) 0x6118e744 (chrome_child.dll -V8AbstractEventListener.cpp:153 ) blink::V8AbstractEventListener::InvokeEventHandler(blink::ScriptState *,blink::Event *,v8::Local<v8::Value>) 0x63c6a520 (chrome_child.dll -V8WorkerOrWorkletEventListener.cpp:68 ) blink::V8WorkerOrWorkletEventListener::HandleEvent(blink::ScriptState *,blink::Event *) 0x6118ccd3 (chrome_child.dll -V8AbstractEventListener.cpp:92 ) blink::V8AbstractEventListener::handleEvent(blink::ExecutionContext *,blink::Event *) 0x6118c8b1 (chrome_child.dll -EventTarget.cpp:809 ) blink::EventTarget::FireEventListeners(blink::Event *,blink::EventTargetData *,blink::HeapVector<blink::RegisteredEventListener,1> &) 0x60f5bdc2 (chrome_child.dll -EventTarget.cpp:661 ) blink::EventTarget::FireEventListeners(blink::Event *) 0x63aeca04 (chrome_child.dll -IDBEventDispatcher.cpp:52 ) blink::IDBEventDispatcher::Dispatch(blink::Event *,blink::HeapVector<blink::Member<blink::EventTarget>,0> &) 0x63ae83ea (chrome_child.dll -IDBRequest.cpp:702 ) blink::IDBRequest::DispatchEventInternal(blink::Event *) 0x6301e63a (chrome_child.dll -WorkerEventQueue.cpp:102 ) blink::WorkerEventQueue::DispatchEvent(blink::Event *) 0x6301ee51 (chrome_child.dll -bind_internal.h:329 ) base::internal::Invoker<base::internal::BindState<void (blink::Animation::*)(blink::ScriptPromiseProperty<blink::Member<blink::Animation>,blink::Member<blink::Animation>,blink::Member<blink::DOMException> > *) __attribute__((thiscall)),blink::Persistent<blink::Animation>,blink::Persistent<blink::ScriptPromiseProperty<blink::Member<blink::Animation>,blink::Member<blink::Animation>,blink::Member<blink::DOMException> > > >,void ()>::RunOnce 0x60e6aba8 (chrome_child.dll -task_annotator.cc:53 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x61e21a5c (chrome_child.dll -task_queue_manager.cc:561 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue *,blink::scheduler::LazyNow,base::TimeTicks *) 0x60e8dd62 (chrome_child.dll -task_queue_manager.cc:359 ) blink::scheduler::TaskQueueManager::DoWork(blink::scheduler::internal::Sequence::WorkType) 0x60e8dbf0 (chrome_child.dll -bind_internal.h:343 ) base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(blink::scheduler::internal::Sequence::WorkType) __attribute__((thiscall)),base::WeakPtr<blink::scheduler::TaskQueueManager>,blink::scheduler::internal::Sequence::WorkType>,void ()>::Run 0x60e6aba8 (chrome_child.dll -task_annotator.cc:53 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x60e8da58 (chrome_child.dll -thread_controller_impl.cc:99 ) blink::scheduler::internal::ThreadControllerImpl::DoWork(blink::scheduler::internal::Sequence::WorkType) 0x6350aa86 (chrome_child.dll -bind_internal.h:343 ) base::internal::Invoker<base::internal::BindState<void (base::win::ObjectWatcher::*)(base::win::ObjectWatcher::Delegate *) __attribute__((thiscall)),base::WeakPtr<base::win::ObjectWatcher>,base::win::ObjectWatcher::Delegate *>,void ()>::Run 0x60e6aba8 (chrome_child.dll -task_annotator.cc:53 ) base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *) 0x60e6ab02 (chrome_child.dll -incoming_task_queue.cc:124 ) base::internal::IncomingTaskQueue::RunTask(base::PendingTask *) 0x60e6a655 (chrome_child.dll -message_loop.cc:399 ) base::MessageLoop::RunTask(base::PendingTask *) 0x60e6a476 (chrome_child.dll -message_loop.cc:411 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x60e6217d (chrome_child.dll -message_loop.cc:455 ) base::MessageLoop::DoWork() 0x60e62086 (chrome_child.dll -message_pump_default.cc:37 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x60e61fde (chrome_child.dll -message_loop.cc:350 ) base::MessageLoop::Run(bool) 0x60e61e2d (chrome_child.dll -run_loop.cc:133 ) base::RunLoop::Run() 0x60e61dfa (chrome_child.dll -thread.cc:255 ) base::Thread::Run(base::RunLoop *) 0x60e61c64 (chrome_child.dll -thread.cc:338 ) base::Thread::ThreadMain() 0x61f1ccca (chrome_child.dll -platform_thread_win.cc:91 ) base::`anonymous namespace'::ThreadFunc 0x76f88743 (KERNEL32.DLL + 0x00018743 ) BaseThreadInitThunk 0x770b582c (ntdll.dll + 0x0006582c ) __RtlUserThreadStart 0x770b57fc (ntdll.dll + 0x000657fc ) _RtlUserThreadStart 1)This crash is first started on 60.0.3112.78 and on latest Canary 66.0.3340.0 seeing 1 from 1 different clients. 2)This crash seen on Windows>Render and it is in 68th rank position. 66.0.3340.0 0.04% 1 - Canary 66.0.3339.1 0.07% 2 66.0.3339.0 0.18% 5 64.0.3282.140 0.29% 8 - Beta & Stable 64.0.3282.119 0.79% 22 64.0.3282.39 0.07% 2 Link to the list of builds: ---------------------------- https://crash.corp.google.com/browse?q=product.name%3D%27Chrome%27%20AND%20expanded_custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27v8%3A%3Ainternal%3A%3ALookupIterator%3A%3AStart%3C0%3E%27#productversion:1010 Seems this issue is similar to issue 667649 adding related dev in cc. Adding release blocker label for this issue.Please reduce priority or remove if not the case. Thank You!
,
Feb 5 2018
I'm currently reverting and testing to see what caused this but I suspect the v8 or the oilpan change.
,
Feb 5 2018
It looks like this crash is present outside (before) the suspected range. At least I can reproduce it at 533607.
,
Feb 6 2018
Users experienced this crash on the following builds: Win Canary 66.0.3340.0 - 0.41 CPM, 7 reports, 5 clients (signature v8::internal::LookupIterator::Start<0>) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Feb 6 2018
Tracked it down to a v8 roll which happens to contain changes to promise code. Handing this bug over to bmeurer, hoping he can bring it to a fix. commit 8559af4f67f2900ab4a43a8770dd081a9cbdf3d2 Author: v8-autoroll <v8-autoroll@chromium.org> Date: Thu Feb 1 09:05:03 2018 +0000 Update V8 to version 6.6.125. Summary of changes available at: https://chromium.googlesource.com/v8/v8/+log/c5c99c66..bcbf9928 Please follow these instructions for assigning/CC'ing issues: https://github.com/v8/v8/wiki/Triaging%20issues Please close rolling in case of a roll revert: https://v8-roll.appspot.com/ This only works with a Google account. Change-Id: I4d13bc5eb230d1d085c49d466d5c57574285d2a5 Reviewed-on: https://chromium-review.googlesource.com/896448 Reviewed-by: v8 autoroll <v8-autoroll@chromium.org> Commit-Queue: v8 autoroll <v8-autoroll@chromium.org> Cr-Commit-Position: refs/heads/master@{#533606}
,
Feb 6 2018
,
Feb 6 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by avsha...@etouch.net
, Feb 5 2018