Issue metadata
Sign in to add a comment
|
Browser crash when clicking on Hangouts extension icon |
||||||||||||||||||||||
Issue descriptionChrome Version: 68.0.3437.0 OS: ChromeOS What steps will reproduce the problem? (1) Sign-in. (2) Install Hangouts. (4) Click on the Hangouts extension icon. What is the expected result? Expect that Hangouts is displayed. What happens instead? Hangouts window does briefly appear, but then the entire browser crashes (e.g. report 05626e158627c057). This only appears to have regressed in today's M68 dev-channel push to ChromeOS.
,
May 24 2018
Passing along to enne@ because this looks more raster related I think since it gets into cc::PictureLayer::Update()?
,
May 27 2018
,
May 27 2018
Marking RB-Beta since this does not seem to require multi-sign-in.
,
May 29 2018
Raster-related seems unlikely. Looking at the crash output, it looks like there's a layer in the tree that has a null layer_tree_host(). I'm not sure how it would get into such a state. There were no changes in cc in https://chromium.googlesource.com/chromium/src/+log/68.0.3436.0..68.0.3437.0?pretty=fuller&n=10000. I'm guessing those are the versions you mean by today vs previous dev channel. I tried reproing this locally on Linux with a ChromeOS build but it did not crash. Are you set up to easily bisect this? I can try to dig up a ChromeOS machine but I don't have one handy and I haven't deployed to one in a while.
,
May 29 2018
Re #5: No, I'm not currently set up to bisect ChromeOS builds, sorry! I could try building ChromeOS-Chrome for Linux and attempt to repro there, with my personal account signed-in, perhaps? FWIW I am 100% reliably able to repro this on all my ChromeOS devices, with my personal account. I was not able to repro it w/ my corp account, nor was a colleague able to with an enterprise (non-Google-corp) account. Enterprise/non-enterprise seems an unlikely distinction, and the fact that I get this across all devices rules out an experiment, I think, so my guess is that there is something specific about the actual content in one of my Hangouts chats.
,
May 29 2018
Can you try a Linux build of ChromeOS? That sounds like a promising experiment.
,
May 29 2018
Re #7: Hurrah! Fails for me locally with a Chrome-ChromeOS build! :D
,
May 29 2018
Locally I'm getting a crash at: [175419:175419:0529/153742.270822:FATAL:layer.cc(232)] Check failed: IsPropertyChangeAllowed(). #0 0x55e53c70350c base::debug::StackTrace::StackTrace() #1 0x55e53c68438b logging::LogMessage::~LogMessage() #2 0x55e53db6f873 cc::Layer::RemoveFromParent() #3 0x55e53dcc91d6 ui::Layer::Remove() #4 0x55e53e091661 views::InkDropImpl::AnimateToState() #5 0x55e53e090007 views::InkDropHostView::AnimateInkDrop() #6 0x55e53f05c0aa BrowserActionsContainer::Layout() #7 0x55e53f064163 ToolbarView::Layout() #8 0x55e53e0d9dde views::View::SetBounds() #9 0x55e53f025f5f BrowserViewLayout::Layout() #10 0x55e53e0dc4a0 views::View::Layout() #11 0x55e53f02418e BrowserView::Layout() #12 0x55e53e0f1bb9 views::NonClientView::Layout() #13 0x55e53e0d1bd8 views::FillLayout::Layout() #14 0x55e53e0dc4a0 views::View::Layout() #15 0x55e53e0dfa5b views::View::PreferredSizeChanged() #16 0x55e53e0dfa5b views::View::PreferredSizeChanged() #17 0x55e53ec1642a ash::FrameCaptionButton::SetImage() #18 0x55e53ec16886 ash::FrameCaptionButton::SetBackgroundColor() #19 0x55e53ec184b9 ash::FrameCaptionButtonContainerView::SetBackgroundColor() #20 0x55e53ec1b1e1 ash::FrameHeader::PaintHeader() #21 0x55e53f21fe3e BrowserNonClientFrameViewAsh::OnPaint() #22 0x55e53e0ddc36 views::View::Paint() #23 0x55e53e0dfe13 views::View::RecursivePaintHelper() #24 0x55e53e0dfc44 views::View::PaintChildren() #25 0x55e53e0ddc64 views::View::Paint() #26 0x55e53e0dfe13 views::View::RecursivePaintHelper() #27 0x55e53e0dfc44 views::View::PaintChildren() #28 0x55e53e0ddc64 views::View::Paint() #29 0x55e53e0e0fab views::View::OnPaintLayer() #30 0x55e53dccde58 ui::Layer::PaintContentsToDisplayList() #31 0x55e53dccdfc2 ui::Layer::PaintContentsToDisplayList() #32 0x55e54082fa4e cc::PictureLayer::Update() #33 0x55e53dbd479a cc::LayerTreeHost::PaintContent() #34 0x55e53dbd3b9b cc::LayerTreeHost::DoUpdateLayers() #35 0x55e53dbd3267 cc::LayerTreeHost::UpdateLayers() #36 0x55e53dbe2b08 cc::SingleThreadProxy::BeginMainFrame() #37 0x55e539b9ae50 _ZN4base8internal7InvokerINS0_9BindStateIMN3net14MDnsClientImpl4CoreEFvRKNSt3__14pairINS6_12basic_stringIcNS6_11char_traitsIcEENS6_9allocatorIcEEEEtEEEJNS_7WeakPtrIS5_EESE_EEEFvvEE3RunEPNS0_13BindStateBaseE #38 0x55e53c6713b5 base::debug::TaskAnnotator::RunTask() #39 0x55e53c7298e9 base::internal::IncomingTaskQueue::RunTask() #40 0x55e53c68c87b base::MessageLoop::RunTask() #41 0x55e53c68cc0a base::MessageLoop::DeferOrRunPendingTask() #42 0x55e53c68ce5c base::MessageLoop::DoWork() #43 0x55e53c71fe99 base::MessagePumpLibevent::Run() #44 0x55e53c68c264 base::MessageLoop::Run() #45 0x55e53c6b2b29 base::RunLoop::Run() #46 0x55e53c30809b ChromeBrowserMainParts::MainMessageLoopRun() #47 0x55e53a637c87 content::BrowserMainLoop::RunMainMessageLoopParts() #48 0x55e53a63a856 content::BrowserMainRunnerImpl::Run() #49 0x55e53a634264 content::BrowserMain() #50 0x55e53c2f3cc3 content::RunBrowserProcessMain() #51 0x55e53c2f4c4d content::ContentMainRunnerImpl::Run() #52 0x55e53c2fe2fc service_manager::Main() #53 0x55e53c2f2ce4 content::ContentMain() #54 0x55e5397da2e3 ChromeMain #55 0x7fe8248112b1 __libc_start_main #56 0x55e5397da15a _start
,
May 29 2018
Ah, yes. You can't remove a layer in the middle of painting, otherwise bad things happen. Seems likely to be: https://chromium-review.googlesource.com/1065020
,
May 30 2018
FYI I wound back to that CL and was able to repro the issue both with it, and at the preceding revision. Rolled-back to last-known-good revision (last dev-channel build) to bisect...
,
May 30 2018
Bisect reports revision 7220276a6790683a346e3a3ddfc0bdddeaea2d08 (https://chromium-review.googlesource.com/1053116) as the culprit -> assigning to estade@.
,
May 30 2018
,
May 30 2018
looking at the stack and reading the above, I think this has to do with the state of the user's account in terms of the Chrome extensions they have installed and what state they're in. It probably requires some extension or extensions to be "highlighting". I don't think it has to do with the contents of the hangouts chats. wez@, could you screencast the crash? There's also a potential fix here[1] [1] https://chromium-review.googlesource.com/c/chromium/src/+/1079461
,
May 30 2018
I can repro this but it seems necessary to have an unread message. Also, there needs to be no hangouts window or the hangouts window should be not-on-top (the main browser window needs to lose activation). Also, the presence of some bubbles such as the crash/restore tabs bubble can interfere. Also, I think you need a theme installed.
,
May 31 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/04c548c3e4fa5e6222df1e63f291bbc70f37f645 commit 04c548c3e4fa5e6222df1e63f291bbc70f37f645 Author: Evan Stade <estade@chromium.org> Date: Thu May 31 22:37:48 2018 Avoid extra layouts when changing caption button icons This avoids extra work and also avoids triggering a layout from within Paint (see stack trace on attached bug), which can cause crashes as ink drops are added or removed. Bug: 846474 Change-Id: If3e27e0436725df1d7316215fc81220bc6507d28 Reviewed-on: https://chromium-review.googlesource.com/1079461 Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Evan Stade <estade@chromium.org> Cr-Commit-Position: refs/heads/master@{#563408} [modify] https://crrev.com/04c548c3e4fa5e6222df1e63f291bbc70f37f645/ash/frame/caption_buttons/frame_caption_button.cc
,
Jun 1 2018
,
Jun 2 2018
Your change meets the bar and is auto-approved for M68. Please go ahead and merge the CL to branch 3440 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), kariahda@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 4 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f65850047bf2ff1b737d4acf597a0b6e2c6ed6f0 commit f65850047bf2ff1b737d4acf597a0b6e2c6ed6f0 Author: Evan Stade <estade@chromium.org> Date: Mon Jun 04 18:44:39 2018 Avoid extra layouts when changing caption button icons This avoids extra work and also avoids triggering a layout from within Paint (see stack trace on attached bug), which can cause crashes as ink drops are added or removed. Bug: 846474 Change-Id: If3e27e0436725df1d7316215fc81220bc6507d28 Reviewed-on: https://chromium-review.googlesource.com/1079461 Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Evan Stade <estade@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#563408}(cherry picked from commit 04c548c3e4fa5e6222df1e63f291bbc70f37f645) Reviewed-on: https://chromium-review.googlesource.com/1085498 Reviewed-by: Evan Stade <estade@chromium.org> Cr-Commit-Position: refs/branch-heads/3440@{#151} Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733} [modify] https://crrev.com/f65850047bf2ff1b737d4acf597a0b6e2c6ed6f0/ash/frame/caption_buttons/frame_caption_button.cc
,
Jun 4 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by w...@chromium.org
, May 24 2018