Regression: Tab crashed is seen after adding 'PDF viewer' extension.
Reported by
db...@etouch.net,
Apr 4 2018
|
||||||
Issue descriptionChrome Version: 67.0.3388.0 Revision 8bc8a7968d90763c45cf7db09c45058afe2540f4-refs/heads/master@{#547923} OS: Linux(14.04 LTS) URL: https://chrome.google.com/webstore/detail/pdf-viewer/oemmndcbldboiebfnladdacbdfmadadm What steps will reproduce the problem? (1) Launch chrome, navigate to above url and click on 'ADD TO CHROME' button. (2) Now open NTP and observe. Actual: Tab crashed is seen after adding PDF viewer extension. Crash Id: Uploaded Crash Report ID f9825f67a687db3c (Local Crash ID: Chrome) Expected: tab should not crashed. This is a regression issue, broken in 'M67',will provide bisect info: Good Build:67.0.3387.0 Bad Build: 67.0.3388.0nd Mac Note: Issue is not seen on windows(7,8,8.1,10) and Mac(10.12.6,10.13.1,10.13.4) OS.
,
Apr 4 2018
This is ranked as #1 renderer process related crash on Windows and Mac canary version: 67.0.3388.0. Windows canary has reported 427 crashes from 423 clients and Mac canary 34 from 34 clients so far. Stack trace of f9825f67a687db3c Thread 0 (id: 12733) CRASHED [SIGSEGV @ 0x00000024 ] MAGIC SIGNATURE THREAD Stack Quality100%Show frame trust levels 0x00007fd162fb4327 (chrome -SecurityOrigin.h:186 ) blink::SecurityOrigin::ToUrlOrigin() const 0x00007fd162f06290 (chrome -WebSecurityOrigin.cpp:133 ) blink::WebSecurityOrigin::operator url::Origin() const 0x00007fd16438cb03 (chrome -renderer_blink_platform_impl.cc:528 ) content::RendererBlinkPlatformImpl::CacheMetadataInCacheStorage(blink::WebURL const&, base::Time, char const*, unsigned long, blink::WebSecurityOrigin const&, blink::WebString const&) 0x00007fd16065ce4d (chrome -Resource.cpp:180 ) blink::ServiceWorkerCachedMetadataSender::Send(char const*, unsigned long) 0x00007fd160682b9a (chrome -SourceKeyedCachedMetadataHandler.cpp:214 ) blink::SourceKeyedCachedMetadataHandler::SendToPlatform() 0x00007fd1606833ff (chrome -SourceKeyedCachedMetadataHandler.cpp:37 ) blink::SourceKeyedCachedMetadataHandler::SingleKeyHandler::SetCachedMetadata(unsigned int, char const*, unsigned long, blink::CachedMetadataHandler::CacheType) 0x00007fd162fe0aa2 (chrome -V8ScriptRunner.cpp:518 ) blink::V8ScriptRunner::ProduceCache(v8::Isolate*, v8::Local<v8::Script>, blink::ScriptSourceCode const&, blink::V8ScriptRunner::ProduceCacheOptions, v8::ScriptCompiler::CompileOptions) 0x00007fd16315904a (chrome -ScriptController.cpp:151 ) blink::ScriptController::ExecuteScriptAndReturnValue(v8::Local<v8::Context>, blink::ScriptSourceCode const&, blink::KURL const&, blink::ScriptFetchOptions const&, blink::AccessControlStatus) 0x00007fd163159afc (chrome -ScriptController.cpp:356 ) blink::ScriptController::EvaluateScriptInMainWorld(blink::ScriptSourceCode const&, blink::KURL const&, blink::ScriptFetchOptions const&, blink::AccessControlStatus, blink::ScriptController::ExecuteScriptPolicy) 0x00007fd163159d69 (chrome -ScriptController.cpp:321 ) blink::ScriptController::ExecuteScriptInMainWorld(blink::ScriptSourceCode const&, blink::KURL const&, blink::ScriptFetchOptions const&, blink::AccessControlStatus) 0x00007fd163b5eb00 (chrome -ScriptLoader.cpp:853 ) blink::ScriptLoader::ExecuteScriptBlock(blink::PendingScript*, blink::KURL const&) 0x00007fd163b4f630 (chrome -HTMLParserScriptRunner.cpp:93 ) blink::(anonymous namespace)::DoExecuteScript(blink::PendingScript*, blink::KURL const&) 0x00007fd163b4f524 (chrome -HTMLParserScriptRunner.cpp:235 ) blink::HTMLParserScriptRunner::ExecutePendingScriptAndDispatchEvent(blink::PendingScript*, blink::ScriptStreamer::Type) 0x00007fd163b50885 (chrome -HTMLParserScriptRunner.cpp:353 ) blink::HTMLParserScriptRunner::ExecuteParsingBlockingScripts() 0x00007fd163b50aa0 (chrome -HTMLParserScriptRunner.cpp:380 ) blink::HTMLParserScriptRunner::ExecuteScriptsWaitingForResources() 0x00007fd16368ab2b (chrome -HTMLDocumentParser.cpp:1116 ) blink::HTMLDocumentParser::ExecuteScriptsWaitingForResources() 0x00007fd162ee5d3f (chrome -callback.h:95 ) blink::TaskHandle::Runner::Run(blink::TaskHandle const&) 0x00007fd160a837ac (chrome -callback.h:95 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00007fd16069c956 (chrome -thread_controller_impl.cc:162 ) blink::scheduler::internal::ThreadControllerImpl::DoWork(blink::scheduler::internal::SequencedTaskSource::WorkType) 0x00007fd160a837ac (chrome -callback.h:95 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00007fd160a9e26a (chrome -message_loop.cc:391 ) base::MessageLoop::RunTask(base::PendingTask*) 0x00007fd160a9e8b4 (chrome -message_loop.cc:403 ) base::MessageLoop::DoWork() 0x00007fd160aa0c74 (chrome -message_pump_default.cc:37 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate*) 0x00007fd160ac2ee3 (chrome -run_loop.cc:130 ) <name omitted> 0x00007fd1643ab1af (chrome -renderer_main.cc:247 ) content::RendererMain(content::MainFunctionParams const&) 0x00007fd16079bd7e (chrome -content_main_runner.cc:356 ) content::ContentMainRunnerImpl::Run() 0x00007fd1607a5d33 (chrome -main.cc:453 ) service_manager::Main(service_manager::MainParams const&) 0x00007fd16079a8e3 (chrome -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x00007fd15ed90a02 (chrome -chrome_main.cc:101 ) ChromeMain 0x00007fd157459f44 (libc-2.19.so + 0x00021f44 ) 0x00007fd15ed9097f (chrome + 0x0187a97f ) 0x00007fd15ecb5fff (chrome + 0x0179ffff ) 0x00007fd15d3013c2 (ld-2.19.so + 0x000103c2 ) 0x00007fd15ecb5fff (chrome + 0x0179ffff ) 0x00007fd15ecb6029 (chrome + 0x017a0029 ) _start 0x00007fff8a177fc7 Link to the list of the builds: ================================ https://goto.google.com/udhvs https://chromium-review.googlesource.com/c/chromium/src/+/893401 looks more related for 'SourceKeyedCachedMetadataHandler.cpp' related change. leszeks@: Could you please take a look at these crashes. Thank you!
,
Apr 4 2018
Looks like this is it, the feature for SourceKeyedCachedMetadataHandler is being finched at 50% on canary and dev as of 67.0.3388.0. We can turn off that experiment for now.
,
Apr 4 2018
Pls turn off the feature ASAP. Thank you.
,
Apr 4 2018
Already done, I'll investigate the root cause.
,
Apr 4 2018
Great,thank you so much.
,
Apr 4 2018
Users experienced this crash on the following builds: Win Canary 67.0.3388.0 - 371.32 CPM, 2500 reports, 1747 clients (signature blink::SecurityOrigin::ToUrlOrigin) Mac Canary 67.0.3388.0 - 281.77 CPM, 378 reports, 232 clients (signature blink::SecurityOrigin::ToUrlOrigin) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Apr 5 2018
Is the finch turned off? Still seeing the crashes in latest canary-67.0.3389.0 & ranks #1, last report was uploaded today @ 9:34 AM. leszeks@ could you please confirm.
,
Apr 5 2018
The finch config is rolled back (cr/191586802), don't know how long it takes finch to update.
,
Apr 5 2018
rkaplow@, could you ptal comments #8 and #9 pls?
,
Apr 5 2018
It takes about 30 minutes for the seed to propagate, however users will need to restart. As well they only request seeds every few hours, so it's possible even after a restart they'll still be on the old seed if they hadn't fetched in the few hours before. May want to double check manually which is easy. Just restart a couple times on a new dev/canary, and put your variations in chrome://version into go/finch-hashes
,
Apr 6 2018
Meanwhile, looks like the cause is service worker cache senders not having a source origin -- which is an existing problem, just not exposed because we weren't using them. hiroshige@, this is more your domain than mine...
,
Apr 9 2018
Gentle ping to take a look into it as it is marked as Dev blocker & M67 branch is coming very soon on 04/12. Thanks..!
,
Apr 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2c42643100bf650dcf815cd006ab950470167ae5 commit 2c42643100bf650dcf815cd006ab950470167ae5 Author: Leszek Swirski <leszeks@chromium.org> Date: Mon Apr 09 09:07:42 2018 [loader] Check SW-fetched resources have a source origin Ensure that a resource fetched by a service worker has a non-null source origin before creating its CachedMetadataSender -- otherwise, use the null sender. Bug: chromium:828838 Change-Id: Ice176848b6cdb9c288df9294dcee9e2d55026359 Reviewed-on: https://chromium-review.googlesource.com/999655 Commit-Queue: Leszek Swirski <leszeks@chromium.org> Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org> Reviewed-by: Nate Chapin <japhet@chromium.org> Cr-Commit-Position: refs/heads/master@{#549132} [modify] https://crrev.com/2c42643100bf650dcf815cd006ab950470167ae5/third_party/blink/renderer/platform/loader/fetch/resource.cc
,
Apr 9 2018
The above patch should fix the root cause, and the finch trial is rolled back. Looks like crashes have gone down (https://crash.corp.google.com/browse?q=stable_signature%3D%27blink%3A%3ASecurityOrigin%3A%3AToUrlOrigin-03131309%27) marking as fixed.
,
Apr 10 2018
,
Apr 10 2018
Pls mark as fixed if nothing else is pending. Thank you.
,
Apr 10 2018
,
Jul 3
Adding SW as this was SW-related. |
||||||
►
Sign in to add a comment |
||||||
Comment 1 by db...@etouch.net
, Apr 4 2018Owner: robliao@chromium.org
Status: Assigned (was: Unconfirmed)