Rapidly opening and closing add share dialog causes crash |
||||||||
Issue descriptionRapidly opening and closing the add share dialog (~10 times) causes chrome to crash: Received signal 11 SEGV_MAPERR 000000000018 #0 0x5e2da9f741cf <unknown> #1 0x5e2da9f73d41 <unknown> #2 0x74e53afd02e0 <unknown> #3 0x5e2da7bff4d1 <unknown> #4 0x5e2da7bfcc7c <unknown> #5 0x5e2da7bfd48a <unknown> #6 0x5e2da7bfdee6 <unknown> #7 0x5e2da9f8adc9 <unknown> #8 0x5e2da9efb32e <unknown> #9 0x5e2da9efb861 <unknown> #10 0x5e2da9f8772d <unknown> #11 0x5e2da9f1b0b5 <unknown> #12 0x5e2da9bc61ba <unknown> #13 0x5e2da8512c74 <unknown> #14 0x5e2da8515722 <unknown> #15 0x5e2da850f248 <unknown> #16 0x5e2da9bb6287 <unknown> #17 0x5e2da9bbccec <unknown> #18 0x5e2da9bb45d1 <unknown> #19 0x5e2da790605f <unknown> #20 0x74e53a3b4736 __libc_start_main #21 0x5e2da7905e89 <unknown> r8: 00007ffd980d97c0 r9: 0000000000000001 r10: 000001b91681f120 r11: 00000000000001b4 r12: 00007ffd980d9720 r13: 0000000000000000 r14: 000001b9141ee408 r15: 000000000000000c di: 0000000000000010 si: 00007ffd980d9720 bp: 00007ffd980d96c0 bx: 000001b9141ee3f0 dx: 0000000000000000 ax: 0000000000000000 cx: 00005e2da7bfde50 sp: 00007ffd980d9660 ip: 00005e2da7bff4d1 efl: 0000000000010206 cgf: 0000000000000033 erf: 0000000000000004 trp: 000000000000000e msk: 0000000000000000 cr2: 0000000000000018 [end of stack trace] Calling _exit(1). Core file will not be generated.
,
Oct 8
Investigate whether it's the number or just the rapidity that causes this.
,
Oct 9
It seems that the cause is rapidly opening/closes the dialog. Also seems to be a chrome issue, investigating on the root of this crash.
,
Oct 10
,
Oct 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a676fff41c35a3e1c420074d5fa4c9fa9dc8faef commit a676fff41c35a3e1c420074d5fa4c9fa9dc8faef Author: jimmy <jimmyxgong@chromium.org> Date: Wed Oct 10 21:08:23 2018 Reset MdnsHostLocator when finding hosts - This fixes a race condition crash when rapidly opening and closing the Add Share dialog. - The crash occurs because |mdns_client_| runs into a race condition in which an older state of |mdns_client_| will attempt to create Transactions from an invalid state. Previously, |mdns_client_| gets reassigned to a new object at every new Add Share dialog. Because Host Locators run asynchronously, |mdns_client| will attempt to create all its Transactions. This means that if a user closes the Add Share dialog and reopens it, an older state of |mdns_client| will continue to attempt to create Transactions despite being in an invalid state. - The fix is to prevent an invalid |mdns_client| from accessing any old data by resetting MdnsHostLocator at the start of a new Add Share dialog. Bug: chromium:892287 Change-Id: Ie054eadc6cdf83553b31a9cae86df54ea9a986c8 Reviewed-on: https://chromium-review.googlesource.com/c/1272807 Reviewed-by: Zentaro Kavanagh <zentaro@chromium.org> Commit-Queue: Zentaro Kavanagh <zentaro@chromium.org> Cr-Commit-Position: refs/heads/master@{#598502} [modify] https://crrev.com/a676fff41c35a3e1c420074d5fa4c9fa9dc8faef/chrome/browser/chromeos/smb_client/discovery/mdns_host_locator.cc
,
Oct 11
Workaround landed with CL in #5. Moving to 72 to consider longer term fix
,
Oct 12
,
Oct 15
Dropping to P2 now that the workaround is in place.
,
Oct 22
,
Nov 27
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6405d08c931487287b11d654f4681515bd6051b7 commit 6405d08c931487287b11d654f4681515bd6051b7 Author: Jimmy Gong <jimmyxgong@google.com> Date: Tue Nov 27 23:27:22 2018 Add discovery and share callback vectors to SmbShareFinder - Adds vectors for both discovery and share callbacks. - Solves the race condition in which multiple dialogs of "Add Smb Share" would use a shared instance of each HostLocator. - If a SmbShareFinder::GatherSharesInNetwork call comes in when one is already running, the callbacks are stored and run when the original GatherSharesInNetwork call finishes. - Adds additional unit test to reflect on the changes. Bug: chromium:892287 Test: end-to-end Change-Id: I9551532dc08fd9338803786bdd89f0398f4ce7db Reviewed-on: https://chromium-review.googlesource.com/c/1336435 Reviewed-by: Bailey Berro <baileyberro@chromium.org> Reviewed-by: Zentaro Kavanagh <zentaro@chromium.org> Commit-Queue: jimmy gong <jimmyxgong@chromium.org> Cr-Commit-Position: refs/heads/master@{#611409} [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chrome/browser/chromeos/smb_client/discovery/in_memory_host_locator.cc [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chrome/browser/chromeos/smb_client/discovery/in_memory_host_locator.h [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chrome/browser/chromeos/smb_client/discovery/network_scanner.cc [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chrome/browser/chromeos/smb_client/discovery/network_scanner.h [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chrome/browser/chromeos/smb_client/smb_share_finder.cc [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chrome/browser/chromeos/smb_client/smb_share_finder.h [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chrome/browser/chromeos/smb_client/smb_share_finder_unittest.cc [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chromeos/dbus/fake_smb_provider_client.cc [modify] https://crrev.com/6405d08c931487287b11d654f4681515bd6051b7/chromeos/dbus/fake_smb_provider_client.h
,
Dec 19
,
Dec 21
Verified and observed no crash on open/close of Add File Share dialog. (Settings> Network file shares> Add File Share) Google Chrome(72.0.3626.30,11316.36.0) Hence, marking the issue as verified. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by zentaro@chromium.org
, Oct 8Owner: jimmyxgong@chromium.org