Entire web app crashes in the new chrome release 65
Reported by
elton2j...@gmail.com,
Mar 12 2018
|
||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36 Steps to reproduce the problem: 1. Go to https://web.flock.com 2. Sign up or login using your gmail account or use these creds (flockchrome@yopmail.com/123456) 3. When through, the app crashes entirely after loading some sections of the app. What is the expected behavior? Shouldn't crash What went wrong? when tried on Chrome with --enable-logging, it shows this error: [21291:775:0312/153208.920196:ERROR:bad_message.cc(25)] Terminating renderer for bad IPC message, reason 188 Crashed report ID: crash/1b7c30493c07a2ef How much crashed? Just one tab Is it a problem with a plugin? No Did this work before? Yes Chrome 64 Chrome version: 65.0.3325.146 Channel: stable OS Version: OS X 10.12.6 Flash Version: We used chromium bisect-builds util to get to this message: You are probably looking for a change made after 522194 (known good), but no later than 522207 (first known bad). CHANGELOG URL: https://chromium.googlesource.com/chromium/src/+log/e9ef5260cdea70b3f1aabf1bf19ee1985d01c236..8e333b2c009f030f93165d00c7a858d6bb1518a2
,
Mar 12 2018
@elton2jain, as a work-around, any chance you can tweak your app so as to avoid having a navigation from: about:blank to: about:blank#__platform=BROWSER&__containerType= in the frame where there is subsequently a navigation to: https://web.flock.com/2.2.57/client_base/apps/group_conversation/index.html#
,
Mar 12 2018
Regarding the cause, it seems like the problem is with an initial `about:blank` to `about:blank#ref` navigation. This classifies as a same-document navigation, yet committing the second URL flips the RenderFrameHostImpls's `has_committed_real_load()` flag. This way, a third navigation to a URL that is same-origin with the parent frame is not considered the first real load by content/browser, but it is considered that by Blink. I'm working on a fix.
,
Mar 12 2018
Issue 820980 has been merged into this issue.
,
Mar 12 2018
Issue 821039 has been merged into this issue.
,
Mar 12 2018
,
Mar 12 2018
Based on the bug report and provided details this is a regression which started in M65, hence marking the bug as stable blocker.
,
Mar 12 2018
,
Mar 12 2018
,
Mar 12 2018
As per discussion with CC'ed folks, given the relatively low crash rate and the fact the fix has not had any time bake yet, we will proceed with the current M65 respin without this fix as planned to fix the other critical issues; but at the same time try to get https://crrev.com/c/958925 landed ASAP so that it can be included in the next M65 respin if at all possible.
,
Mar 12 2018
Also, in the meantime it looks like web.flock.com has been tweaked and is back in working order.
,
Mar 12 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c8a7cccf6d7bd53821b7e860446d3768ff0aaa91 commit c8a7cccf6d7bd53821b7e860446d3768ff0aaa91 Author: Balazs Engedy <engedy@chromium.org> Date: Mon Mar 12 23:00:49 2018 Let `about:blank#ref` also be classified as initial empty document. Before this CL, content::FrameTreeNode used to classify only the literal `about:blank` as the URL corresponding to the initial empty document. However, navigations from the initial empty document to URLs such as `about:blank#ref` are same-document and therefore re-use the initial empty document, so committing any such same-document navigations should not be considered "real loads" by FrameTreeNode (given they are not considered "real loads" by Blink). This CL changes FrameTreeNode::SetCurrentURL() to use !IsAboutBlank() to determine whether the first real load is currently taking place in a frame, that is, whether it is a first time a URL is being committed that is not the initial empty document (modulo an optional #fragment). Bug: 821022 , 729021 Change-Id: I040a11f58bf27174e0c450377f8cd81a7abeac70 Reviewed-on: https://chromium-review.googlesource.com/958925 Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Balazs Engedy <engedy@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#542645} [modify] https://crrev.com/c8a7cccf6d7bd53821b7e860446d3768ff0aaa91/content/browser/frame_host/frame_tree_node.cc [modify] https://crrev.com/c8a7cccf6d7bd53821b7e860446d3768ff0aaa91/content/browser/frame_host/render_frame_host_impl_browsertest.cc
,
Mar 13 2018
Thanks for taking this up on priority. We were able to deploy a fix as suggested by engedy to web.flock.com and webapp seems to be working fine now. It would be great if this fix lands to stable branch in next spin.
,
Mar 13 2018
engedy@chromuum.org thanks for the initial pointers. it helped for a quick fix.
,
Mar 13 2018
Issue 821017 has been merged into this issue.
,
Mar 21 2018
,
Mar 21 2018
This bug requires manual review: M66 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: cmasso@(Android), cmasso@(iOS), josafat@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 21 2018
Now with web.flock.com fixed, crashes are no longer concentrated on any single site, and the overall crash rate is rather low (<0.1 in a million page loads). With that, I would propose not trying to merge this to M65. Still, we should try to squeeze it into M66.
,
Mar 23 2018
Approving merge to M66. Branch:3359
,
Mar 25 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/435b91b4297de17578c3cf4cd0375dbdc394eba1 commit 435b91b4297de17578c3cf4cd0375dbdc394eba1 Author: Balazs Engedy <engedy@chromium.org> Date: Sun Mar 25 10:34:43 2018 Let `about:blank#ref` also be classified as initial empty document. Before this CL, content::FrameTreeNode used to classify only the literal `about:blank` as the URL corresponding to the initial empty document. However, navigations from the initial empty document to URLs such as `about:blank#ref` are same-document and therefore re-use the initial empty document, so committing any such same-document navigations should not be considered "real loads" by FrameTreeNode (given they are not considered "real loads" by Blink). This CL changes FrameTreeNode::SetCurrentURL() to use !IsAboutBlank() to determine whether the first real load is currently taking place in a frame, that is, whether it is a first time a URL is being committed that is not the initial empty document (modulo an optional #fragment). Bug: 821022 , 729021 Change-Id: I040a11f58bf27174e0c450377f8cd81a7abeac70 Reviewed-on: https://chromium-review.googlesource.com/958925 Reviewed-by: Charlie Reis <creis@chromium.org> Commit-Queue: Balazs Engedy <engedy@chromium.org> Commit-Queue: Charlie Reis <creis@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#542645}(cherry picked from commit c8a7cccf6d7bd53821b7e860446d3768ff0aaa91) Reviewed-on: https://chromium-review.googlesource.com/979652 Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/branch-heads/3359@{#418} Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276} [modify] https://crrev.com/435b91b4297de17578c3cf4cd0375dbdc394eba1/content/browser/frame_host/frame_tree_node.cc [modify] https://crrev.com/435b91b4297de17578c3cf4cd0375dbdc394eba1/content/browser/frame_host/render_frame_host_impl_browsertest.cc
,
Apr 2 2018
|
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by rsesek@chromium.org
, Mar 12 2018Labels: -Pri-2 Pri-1
Owner: engedy@chromium.org
Status: Assigned (was: Unconfirmed)