Issue metadata
Sign in to add a comment
|
Regression: Browser get crashed on selecting "View Page Source" from context menu
Reported by
khushal....@etouch.net,
Aug 27
|
||||||||||||||||||||||
Issue descriptionChrome Version: 70.0.3534.0 (Official Build) Revision 68a5d485789e45a91c9fa90aab4dd33113131ccd-refs/branch-heads/3534@{#1} (32/64-bit) OS: Win (7, 8, 8.1, 10) What steps will reproduce the problem? (1) Launch chrome, open NTP and right click to open context menu. (2) Now select "View Page Source" option and Observe. Actual Result: Browser get crashed on selecting "View Page Source" from context menu. Expected Result: Source page should open properly on selecting "View Page Source" from context menu. This is a Regression issue seen from 'M-70' and will provide the bisect info soon: Good Build: 70.0.3530.0 Bad Build: 70.0.3531.0 Thank You..!!
,
Aug 27
Correction: Rebisected on different machines and found below range, Narrow Bisect URL: (Unable to provide bisect using per-revision script, hence providing bisect with old script): https://chromium.googlesource.com/chromium/src/+log/bfa6245cb858745ed1c875dc637818f788c9d0ce..d2c3c8fb842ac9a74e8592684ae8b1d4d0b17c20?pretty=fuller&n=10000 Suspecting: https://chromium.googlesource.com/chromium/src/+/21a01d667ee70c8b38e1ca53a15d81e6833d8bde from narrow bisect. @xhwang: Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. NOTE: Unable to provide bisect: 1. Bisect tried on other machines. 2. Tried by increasing the regression range. 3. Tried chromium bisect script. Thank You..!!
,
Aug 27
Update: Crash ID: Uploaded Crash Report ID 2db862dff3db8bbd (Local Crash ID: 4c195dbd-18c8-43f9-a3e9-0e80d4d06c3e) Thank You..!!
,
Aug 27
Stack trace for the provided crash id: -------------------------------------- Thread 0 (id: 0xb3c) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x000000a8 ] MAGIC SIGNATURE THREAD Stack Quality100%Show frame trust levels 0x00007ff9ed81ed52 (chrome.dll -tab_lifecycle_unit.cc:356 ) resource_coordinator::TabLifecycleUnitSource::TabLifecycleUnit::SetRecentlyAudible(bool) 0x00007ff9ed5bda49 (chrome.dll -tab_strip_model.cc:647 ) TabStripModel::UpdateWebContentsStateAt(int,TabChangeType) 0x00007ff9ed736742 (chrome.dll -browser.cc:2324 ) Browser::ProcessPendingUIUpdates() 0x00007ff9ed500f4c (chrome.dll -browser.cc:1105 ) Browser::ActiveTabChanged(content::WebContents *,content::WebContents *,int,int) 0x00007ff9ed5000ba (chrome.dll -tab_strip_model.cc:1489 ) TabStripModel::NotifyIfActiveTabChanged(TabStripSelectionChange const &) 0x00007ff9ed4ffd46 (chrome.dll -tab_strip_model.cc:1496 ) TabStripModel::NotifyIfActiveOrSelectionChanged(TabStripSelectionChange const &) 0x00007ff9ed4ff91d (chrome.dll -tab_strip_model.cc:1526 ) TabStripModel::SetSelection(ui::ListSelectionModel,TabStripModelObserver::ChangeReason,bool) 0x00007ff9ed4e5b32 (chrome.dll -tab_strip_model.cc:352 ) TabStripModel::InsertWebContentsAt(int,std::unique_ptr<content::WebContents,std::default_delete<content::WebContents> >,int) 0x00007ff9ed4e575e (chrome.dll -tab_strip_model.cc:887 ) TabStripModel::AddWebContents(std::unique_ptr<content::WebContents,std::default_delete<content::WebContents> >,int,ui::PageTransition,int) 0x00007ff9ed45eb4c (chrome.dll -browser_navigator.cc:646 ) Navigate(NavigateParams *) 0x00007ff9eed67585 (chrome.dll -browser_tabstrip.cc:68 ) chrome::AddWebContents(Browser *,content::WebContents *,std::unique_ptr<content::WebContents,std::default_delete<content::WebContents> >,WindowOpenDisposition,gfx::Rect const &) 0x00007ff9eec433e2 (chrome.dll -browser.cc:1545 ) Browser::AddNewContents(content::WebContents *,std::unique_ptr<content::WebContents,std::default_delete<content::WebContents> >,WindowOpenDisposition,gfx::Rect const &,bool,bool *) 0x00007ff9ee077c07 (chrome.dll -web_contents_impl.cc:4410 ) content::WebContentsImpl::ViewSource(content::RenderFrameHostImpl *) 0x00007ff9ef5f3f93 (chrome.dll -menu_model_adapter.cc:140 ) views::MenuModelAdapter::ExecuteCommand(int,int) 0x00007ff9ef4fb5a7 (chrome.dll -menu_runner_impl.cc:179 ) views::internal::MenuRunnerImpl::OnMenuClosed(views::internal::MenuControllerDelegate::NotifyType,views::MenuItemView *,int) 0x00007ff9ef8e5dde (chrome.dll -menu_controller.cc:2719 ) views::MenuController::ExitMenu() 0x00007ff9ef8e71d4 (chrome.dll -menu_controller.cc:737 ) views::MenuController::OnMouseReleased(views::SubmenuView *,ui::MouseEvent const &) 0x00007ff9ed54f641 (chrome.dll -widget.cc:1234 ) views::Widget::OnMouseEvent(ui::MouseEvent *) 0x00007ff9ed54de23 (chrome.dll -event_handler.cc:32 ) ui::EventHandler::OnEvent(ui::Event *) 0x00007ff9ed54dd52 (chrome.dll -event_dispatcher.cc:191 ) ui::EventDispatcher::DispatchEvent(ui::EventHandler *,ui::Event *) 0x00007ff9ed54d916 (chrome.dll -event_dispatcher.cc:139 ) ui::EventDispatcher::ProcessEvent(ui::EventTarget *,ui::Event *) 0x00007ff9ed54d7f0 (chrome.dll -event_dispatcher.cc:86 ) ui::EventDispatcherDelegate::DispatchEventToTarget(ui::EventTarget *,ui::Event *) 0x00007ff9ed54c9bf (chrome.dll -event_dispatcher.cc:58 ) ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget *,ui::Event *) 0x00007ff9ed54b5ba (chrome.dll -event_processor.cc:57 ) ui::EventProcessor::OnEventFromSource(ui::Event *) 0x00007ff9ed54b2eb (chrome.dll -event_source.cc:84 ) ui::EventSource::SendEventToSinkFromRewriter(ui::Event *,ui::EventRewriter const *) 0x00007ff9ed54b131 (chrome.dll -event_source.cc:44 ) ui::EventSource::SendEventToSink(ui::Event *) 0x00007ff9eec635f3 (chrome.dll -desktop_window_tree_host_win.cc:884 ) views::DesktopWindowTreeHostWin::HandleGestureEvent(ui::GestureEvent *) 0x00007ff9ed549a1f (chrome.dll -hwnd_message_handler.cc:2880 ) views::HWNDMessageHandler::HandleMouseEventInternal(unsigned int,unsigned __int64,__int64,bool) 0x00007ff9ed3cf69e (chrome.dll -hwnd_message_handler.h:329 ) views::HWNDMessageHandler::_ProcessWindowMessage(HWND__ *,unsigned int,unsigned __int64,__int64,__int64 &,unsigned long) 0x00007ff9ed3cf465 (chrome.dll -hwnd_message_handler.cc:969 ) views::HWNDMessageHandler::OnWndProc(unsigned int,unsigned __int64,__int64) 0x00007ff9ed1c499e (chrome.dll -wrapped_window_proc.h:76 ) base::win::WrappedWindowProc<&gfx::WindowImpl::WndProc(HWND__ *,unsigned int,unsigned __int64,__int64)>(HWND__ *,unsigned int,unsigned __int64,__int64) 0x00007ffa2ea16cc0 (USER32.dll + 0x00016cc0 ) UserCallWinProcCheckWow(_ACTIVATION_CONTEXT *,__int64 (*)(tagWND *,unsigned int,unsigned __int64,__int64),HWND__ *,_WM_VALUE,unsigned __int64,__int64,void *,int) 0x00007ffa2ea16692 (USER32.dll + 0x00016692 ) DispatchMessageWorker 0x00007ff9ed5426be (chrome.dll -message_pump_win.cc:382 ) base::MessagePumpForUI::ProcessMessageHelper(tagMSG const &) 0x00007ff9ed24bec6 (chrome.dll -message_pump_win.cc:175 ) base::MessagePumpForUI::DoRunLoop() 0x00007ff9ed13d2dd (chrome.dll -message_pump_win.cc:52 ) base::MessagePumpWin::Run(base::MessagePump::Delegate *) 0x00007ff9ed13d040 (chrome.dll -run_loop.cc:102 ) base::RunLoop::Run() 0x00007ff9ed53f2a5 (chrome.dll -chrome_browser_main.cc:2065 ) ChromeBrowserMainParts::MainMessageLoopRun(int *) 0x00007ff9ed53f0b7 (chrome.dll -browser_main_loop.cc:1033 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x00007ff9ed53f062 (chrome.dll -browser_main_runner_impl.cc:162 ) content::BrowserMainRunnerImpl::Run() 0x00007ff9ed13de9f (chrome.dll -browser_main.cc:47 ) content::BrowserMain(content::MainFunctionParams const &) 0x00007ff9ed13dd63 (chrome.dll -content_main_runner_impl.cc:536 ) content::RunBrowserProcessMain(content::MainFunctionParams const &,content::ContentMainDelegate *) 0x00007ff9ed1389cf (chrome.dll -content_main_runner_impl.cc:888 ) content::ContentMainRunnerImpl::Run(bool) 0x00007ff9ed124ff7 (chrome.dll -main.cc:472 ) service_manager::Main(service_manager::MainParams const &) 0x00007ff9ed124bf7 (chrome.dll -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const &) 0x00007ff9ed1219c9 (chrome.dll -chrome_main.cc:101 ) ChromeMain 0x00007ff71787376b (chrome.exe -main_dll_loader_win.cc:201 ) MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) 0x00007ff717871698 (chrome.exe -chrome_exe_main_win.cc:230 ) wWinMain 0x00007ff717924771 (chrome.exe -exe_common.inl:283 ) __scrt_common_main_seh 0x00007ffa2e8f3033 (KERNEL32.dll + 0x00013033 ) BaseThreadInitThunk 0x00007ffa2ec31430 (ntdll.dll + 0x00071430 ) RtlUserThreadStart 1)This crash is first started on 67.0.3396.79 and on latest Canary 70.0.3534.0 seeing 2 from 2 different clients. 2)This crash seen on only on Windows>Browser and it is in 11th rank position. 3)This crash is not seen in latest Dev(70.0.3528.4) Beta(69.0.3497.57). 70.0.3534.0 8.82% 6 70.0.3533.0 10.29% 7 70.0.3532.5 2.94% 2 70.0.3532.2 20.59% 14 70.0.3532.1 1.47% 1 70.0.3532.0 14.71% 10 70.0.3531.0 8.82% 6 68.0.3440.106 1.47% 1 Link to the list of builds: --------------------------- https://goto.google.com/rtykb Adding release blocker label for this issue.Please reduce priority or remove if not the case. Note: This issue is similar to issue 818454 and adding related dev in cc. Thank You!
,
Aug 27
Issue 877748 has been merged into this issue.
,
Aug 27
My CL only affects chrome://media-internals page and should not cause this crash. Assign back to sangwoo108@chromium.org since the crash is related to TabLifecycleUnit.
,
Aug 27
,
Aug 27
Downgrading to RBB , since the crash reproduces only in NTP. 10 reports as of now in canary-70.0.3534.0 Link to the builds which introduced the crash ============================================= https://crash.corp.google.com/browse?q=product_name%3D%27Chrome%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27browser%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27resource_coordinator%3A%3ATabLifecycleUnitSource%3A%3ATabLifecycleUnit%3A%3ASetRecentlyAudible%27#-daygraph,-samplereports,-productname:1000,productversion:1000,-magicsignature:50,-magicsignature2:50,-stablesignature:50,-magicsignaturesorted:50 Possible suspect ================ https://chromium.googlesource.com/chromium/src/+/668642c32bf49830c55f4d1e134288cbeb00adb6 Please have a fix/revert soon.
,
Aug 27
,
Aug 27
khushal.pawar@ Please provide one correct per revision bisect result( #1, #2). There is only a single script for bisecting, what do you mean by old script?
,
Aug 28
Thank you all. I think https://chromium.googlesource.com/chromium/src/+log/bfa6245cb858745ed1c875dc637818f788c9d0ce..d2c3c8fb842ac9a74e8592684ae8b1d4d0b17c20?pretty=fuller&n=10000 (from #1) did cause this crash. Let me handle this :)
,
Aug 28
,
Aug 29
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5795e69b9c7f28cf7876158f0bca18b0d5c173cb commit 5795e69b9c7f28cf7876158f0bca18b0d5c173cb Author: sangwoo.ko <sangwoo108@chromium.org> Date: Wed Aug 29 02:02:03 2018 Fix crash when executing "view source" from NTP This crash is caused by recent refactoring for tabstrip model observer API. We can't guarantee that TabChangedAt() will be called after lifecycle_unit created. Bug: 877940 Change-Id: I800c3bca6ae975bbbacdf4ef17a6b6176e209409 Reviewed-on: https://chromium-review.googlesource.com/1192377 Commit-Queue: Sang Woo Ko <sangwoo108@chromium.org> Reviewed-by: Chris Hamilton <chrisha@chromium.org> Cr-Commit-Position: refs/heads/master@{#586993} [modify] https://crrev.com/5795e69b9c7f28cf7876158f0bca18b0d5c173cb/chrome/browser/resource_coordinator/tab_lifecycle_unit_source.cc
,
Aug 29
khushal.pawar@, I landed a patch to fix this. Could you verify this?
,
Aug 30
Update: Rechecked the above issue on Win (7, 8, 8.1, 10) using latest canary version #70.0.3536.0 and the issue is found FIXED. Hence, adding respective labels. Please refer the attached screen-cast. Thank You..!!
,
Sep 3
As it is WAI on M70 , please feel free to merge the code fix to M69 beta if it is safe merge. Thanks..!
,
Sep 4
Hi jmukthavaram@. It seems 69.0.3497.72 doesn't contain the problematic patch. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by khushal....@etouch.net
, Aug 27Owner: sangwoo108@chromium.org
Status: Assigned (was: Unconfirmed)