New issue
Advanced search Search tips

Issue 810476 link

Starred by 1 user
Status: Untriaged
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Canary crashes with bad IPC message

Project Member Reported by alph@chromium.org, Feb 8 2018 
Repro steps:
1. In MacOS Canary navigate to facebook.com/shakira
2. Scroll page down for several (20+) pages
3. Renderer crashes

[59461:775:0208/112050.222244:ERROR:validation_errors.cc(87)] Invalid message: VALIDATION_ERROR_MAX_RECURSION_DEPTH
[59461:775:0208/112050.222268:ERROR:render_process_host_impl.cc(4129)] Terminating render process for bad Mojo message: Received bad user message: Validation failed for FrameHost RequestValidator [VALIDATION_ERROR_MAX_RECURSION_DEPTH]
[59461:775:0208/112050.222282:ERROR:bad_message.cc(25)] Terminating renderer for bad IPC message, reason 123

Crash id is e485a7a6a27e796a

0x000000010c873f0b	(Google Chrome Framework -crashpad.cc:235 )	crash_reporter::DumpWithoutCrashing()
0x0000000109e5b6f1	(Google Chrome Framework -dump_without_crashing.cc:23 )	base::debug::DumpWithoutCrashing()
0x0000000108801fb1	(Google Chrome Framework -bad_message.cc:54 )	content::bad_message::ReceivedBadMessage(int, content::bad_message::BadMessageReason)
0x0000000108ae6f13	(Google Chrome Framework -render_process_host_impl.cc:4135 )	content::RenderProcessHostImpl::OnMojoError(int, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
0x000000010b3f1f87	(Google Chrome Framework -callback.h:94 )	mojo::edk::NodeChannel::NotifyBadMessage(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
0x000000010b3f6df6	(Google Chrome Framework -node_controller.cc:356 )	mojo::edk::NodeController::NotifyBadMessageFrom(mojo::edk::ports::NodeName const&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&)
0x000000010b3ea15a	(Google Chrome Framework -core.cc:782 )	mojo::edk::Core::NotifyBadMessage(unsigned long, char const*, unsigned long)
0x0000000109f57c6e	(Google Chrome Framework -validation_errors.cc )	mojo::internal::ReportValidationError(mojo::internal::ValidationContext*, mojo::internal::ValidationError, char const*)
0x000000010804693a	(Google Chrome Framework -validation_util.h )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046b8c	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::ListValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080469b7	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
... 46 more
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001080468b3	(Google Chrome Framework -validation_util.h:173 )	mojo::common::mojom::internal::Value_Data::Validate(void const*, mojo::internal::ValidationContext*, bool)
0x0000000108046ebc	(Google Chrome Framework -validation_util.h:185 )	mojo::internal::ArraySerializationHelper<mojo::common::mojom::internal::Value_Data, true, false>::ValidateElements(mojo::internal::ArrayHeader const*, mojo::common::mojom::internal::Value_Data const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108047081	(Google Chrome Framework -validation_util.h:160 )	mojo::internal::Map_Data<mojo::internal::Pointer<mojo::internal::Array_Data<char> >, mojo::common::mojom::internal::Value_Data>::Validate(void const*, mojo::internal::ValidationContext*, mojo::internal::ContainerValidateParams const*)
0x0000000108046d41	(Google Chrome Framework -validation_util.h:160 )	mojo::common::mojom::internal::DictionaryValue_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001081b23cc	(Google Chrome Framework -validation_util.h:173 )	content::mojom::internal::BeginNavigationParams_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x00000001081a403f	(Google Chrome Framework -validation_util.h:173 )	content::mojom::internal::FrameHost_BeginNavigation_Params_Data::Validate(void const*, mojo::internal::ValidationContext*)
0x0000000108144c85	(Google Chrome Framework -validation_util.h:90 )	content::mojom::FrameHostRequestValidator::Accept(mojo::Message*)
0x0000000109f4a75b	(Google Chrome Framework -filter_chain.cc:38 )	mojo::FilterChain::Accept(mojo::Message*)
0x000000010a1a6035	(Google Chrome Framework -ipc_mojo_bootstrap.cc:792 )	IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnProxyThread(mojo::Message)
0x000000010a1a4ac8	(Google Chrome Framework -bind_internal.h:211 )	base::internal::Invoker<base::internal::BindState<void (IPC::(anonymous namespace)::ChannelAssociatedGroupController::*)(mojo::Message), scoped_refptr<IPC::(anonymous namespace)::ChannelAssociatedGroupController>, base::internal::PassedWrapper<mojo::Message> >, void ()>::Run(base::internal::BindStateBase*)
0x0000000109e5cdbb	(Google Chrome Framework -callback.h:65 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0x0000000109e81b73	(Google Chrome Framework -message_loop.cc:399 )	base::MessageLoop::RunTask(base::PendingTask*)
0x0000000109e82078	(Google Chrome Framework -message_loop.cc:411 )	base::MessageLoop::DoWork()
0x0000000109e83e99	(Google Chrome Framework -message_pump_mac.mm:462 )	base::MessagePumpCFRunLoopBase::RunWork()
0x0000000109e75969	(Google Chrome Framework + 0x01e65969 )	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000109e837be	(Google Chrome Framework -message_pump_mac.mm:438 )	base::MessagePumpCFRunLoopBase::RunWorkSource(void*)
0x00007fff3784c720	(CoreFoundation + 0x000a3720 )	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x00007fff379060ab	(CoreFoundation + 0x0015d0ab )	__CFRunLoopDoSource0
0x00007fff3782f25f	(CoreFoundation + 0x0008625f )	__CFRunLoopDoSources0
0x00007fff3782e6dc	(CoreFoundation + 0x000856dc )	__CFRunLoopRun
0x00007fff3782df42	(CoreFoundation + 0x00084f42 )	CFRunLoopRunSpecific
0x00007fff36b45e25	(HIToolbox + 0x0002fe25 )	RunCurrentEventLoopInMode
0x00007fff36b45b95	(HIToolbox + 0x0002fb95 )	ReceiveNextEventCommon
0x00007fff36b45913	(HIToolbox + 0x0002f913 )	_BlockUntilNextEventMatchingListInModeWithFilter
0x00007fff34e10f5e	(AppKit + 0x00041f5e )	_DPSNextEvent
0x00007fff355a6b4b	(AppKit + 0x007d7b4b )	-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:]
0x0000000109ab6def	(Google Chrome Framework -chrome_browser_application_mac.mm:174 )	__71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke
0x0000000109e75969	(Google Chrome Framework + 0x01e65969 )	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000109ab6d33	(Google Chrome Framework -chrome_browser_application_mac.mm:173 )	-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
0x00007fff34e05d6c	(AppKit + 0x00036d6c )	-[NSApplication run]
0x0000000109e8475b	(Google Chrome Framework -message_pump_mac.mm:815 )	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x0000000109e832dd	(Google Chrome Framework -message_pump_mac.mm:189 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000109ea8024	(Google Chrome Framework -run_loop.cc:133 )	<name omitted>
0x0000000109abd397	(Google Chrome Framework -chrome_browser_main.cc:2207 )	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x00000001088243b3	(Google Chrome Framework -browser_main_loop.cc:1162 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x0000000108826981	(Google Chrome Framework -browser_main_runner.cc:145 )	content::BrowserMainRunnerImpl::Run()
0x0000000108820adb	(Google Chrome Framework -browser_main.cc:46 )	content::BrowserMain(content::MainFunctionParams const&)
0x0000000109a6ee5f	(Google Chrome Framework -content_main_runner.cc:713 )	content::ContentMainRunnerImpl::Run()
0x000000010b42ab5a	(Google Chrome Framework -main.cc:456 )	service_manager::Main(service_manager::MainParams const&)
0x0000000109a6e3a3	(Google Chrome Framework -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const&)
0x0000000108014469	(Google Chrome Framework -chrome_main.cc:144 )	ChromeMain
0x0000000107fc2dd3	(Google Chrome Canary + 0x00000dd3 )	
0x00007fff5f141114	(libdyld.dylib + 0x00001114 )	start

Sign in to add a comment