New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 898773 link

Starred by 1 user
Status: Duplicate
Owner:
mstensho@chromium.org
Closed: Oct 25
Cc:
manoranj...@chromium.org
nyerramilli@chromium.org
rbasuvula@chromium.org
dcheng@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Regression: PDF Viewer extension crashes on reloading PDF page.

Reported by aiman.an...@etouch.net, Oct 25 
Chrome Version: 72.0.3591.0 (Official Build) Revision 148434e1b31c81381aec3e1346c9bf7954de39d6-refs/branch-heads/3591@{#1} (32/64-bit)

OS: Win(7,8,8.1,10), Mac(10.13.1, 10.13.6, 10.14.1).

Pre-Condition: Install extension from https://chrome.google.com/webstore/detail/pdf-viewer/oemmndcbldboiebfnladdacbdfmadadm?hl=en

Test URL: http://cb.vu/unixtoolbox.pdf

Steps to reproduce:
1. Launch chrome, click on extension icon in omnibox and select Options from context menu.
2. On PDF Viewer extension option overlay and change first two drop-down options.
3. Navigate to above test url and observe

Actual Result: PDF Viewer extension crashes on reloading PDF page.
Expected Result: Extension should not crash reload on reloading pdf page.

Crash Report ID 282f2a10f7be1323 (Local Crash ID: f4fc40e1-2784-4c93-a66d-4b8a33e87018)

This is Regression issue seen in M-72, and will soon update other info.
Good Build: 72.0.3590.0
Bad Build: 72.0.3591.0

Kindly refer attached screen-cast for reference.

Thank You!
Actual Result.mp4
1.3 MB View Download
Expected Result.mp4
2.1 MB View Download

Comment 1 by aiman.an...@etouch.net, Oct 25

Labels: hasbisect OS-Linux
Owner: mstensho@chromium.org
Status: Assigned (was: Unconfirmed)
Update:

This is Regression issue broken in M-72, and below is the bisect info:
Good Build: 72.0.3590.0 (Revision:602168)
Bad Build: 72.0.3591.0 (Revision:602531)

Change-Log URL:

Narrow Bisect: 
https://chromium.googlesource.com/chromium/src/+log/c1917dd47a5fed7edf77bfa80ed3e3dccf17b693..e12fcfe093c58aa7519aa416d9a77cb4f66b311c?pretty=fuller&n=10000

Suspecting: r602304 ?

mstensho@: Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Note:
1. Unable to provide 'per-revision' bisect as it shows "RuntimeError : We don't have enough builds to bisect..." error message for above range. (tried on other machines but still getting the same error)
2. Hence provided suspect through 'Chromium bisect'
3. Issue is also Linux (14.04 LTS) OS.

Thank You!

Comment 2 by rbasuvula@chromium.org, Oct 25

Cc: manoranj...@chromium.org
Labels: ReleaseBlock-Beta
Stack trace for the crash id:
-----------------------------
Thread 0 (id: 0x14b4) CRASHED [EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000020 ] MAGIC SIGNATURE THREAD
Stack Quality97%Show frame trust levels
0x000007fee1cbb8d0	(chrome_child.dll + 0x0086b8d0 )	BIO_get_data
0x000007fee150a674	(chrome_child.dll -web_string.cc:183 )	blink::WebString::operator AtomicString
0x000007fee1586ce4	(chrome_child.dll -web_local_frame_impl.cc:1681 )	blink::WebLocalFrameImpl::CreateMainFrame(blink::WebView *,blink::WebLocalFrameClient *,blink::InterfaceRegistry *,blink::WebFrame *,blink::WebString const &,blink::WebSandboxFlags)
0x000007fee1585ba0	(chrome_child.dll -render_frame_impl.cc:1272 )	content::RenderFrameImpl::CreateMainFrame(content::RenderViewImpl *,int,mojo::InterfacePtr<service_manager::mojom::InterfaceProvider>,int,bool,content::ScreenInfo const &,content::CompositorDependencies *,blink::WebFrame *,base::UnguessableToken const &,content::FrameReplicationState const &,bool)
0x000007fee1567847	(chrome_child.dll -render_view_impl.cc:537 )	content::RenderViewImpl::Initialize(mojo::StructPtr<content::mojom::CreateViewParams>,base::OnceCallback<void >,scoped_refptr<base::SingleThreadTaskRunner>)
0x000007fee156618b	(chrome_child.dll -render_view_impl.cc:1035 )	content::RenderViewImpl::Create(content::CompositorDependencies *,mojo::StructPtr<content::mojom::CreateViewParams>,base::OnceCallback<void >,scoped_refptr<base::SingleThreadTaskRunner>)
0x000007fee15660dd	(chrome_child.dll -render_thread_impl.cc:2117 )	content::RenderThreadImpl::CreateView(mojo::StructPtr<content::mojom::CreateViewParams>)
0x000007fee1522743	(chrome_child.dll -renderer.mojom.cc:946 )	content::mojom::RendererStubDispatch::Accept(content::mojom::Renderer *,mojo::Message *)
0x000007fee3968864	(chrome_child.dll -ipc_mojo_bootstrap.cc:877 )	IPC::`anonymous namespace'::ChannelAssociatedGroupController::AcceptOnProxyThread
0x000007fee3966d39	(chrome_child.dll -bind_internal.h:671 )	base::internal::Invoker<base::internal::BindState<void (IPC::(anonymous namespace)::ChannelAssociatedGroupController::*)(mojo::Message),scoped_refptr<IPC::(anonymous namespace)::ChannelAssociatedGroupController>,base::internal::PassedWrapper<mojo::Message> >,void ()>::Run
0x000007fee14a6d3f	(chrome_child.dll -task_annotator.cc:99 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x000007fee14fc4c1	(chrome_child.dll -thread_controller_impl.cc:196 )	base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType)
0x000007fee14a6d3f	(chrome_child.dll -task_annotator.cc:99 )	base::debug::TaskAnnotator::RunTask(char const *,base::PendingTask *)
0x000007fee14a65de	(chrome_child.dll -message_loop.cc:547 )	base::MessageLoop::RunTask(base::PendingTask *)
0x000007fee14a0244	(chrome_child.dll -message_loop.cc:630 )	base::MessageLoop::DoWork()
0x000007fee14a0098	(chrome_child.dll -message_pump_default.cc:37 )	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x000007fee149f470	(chrome_child.dll -run_loop.cc:102 )	base::RunLoop::Run()
0x000007fee148312c	(chrome_child.dll -renderer_main.cc:202 )	content::RendererMain(content::MainFunctionParams const &)
0x000007fee147cb62	(chrome_child.dll -content_main_runner_impl.cc:918 )	content::ContentMainRunnerImpl::Run(bool)
0x000007fee145497f	(chrome_child.dll -main.cc:472 )	service_manager::Main(service_manager::MainParams const &)
0x000007fee1454584	(chrome_child.dll -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const &)
0x000007fee1451a0d	(chrome_child.dll -chrome_main.cc:102 )	ChromeMain
0x000000013f53374b	(chrome.exe -main_dll_loader_win.cc:201 )	MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks)
0x000000013f5315ef	(chrome.exe -chrome_exe_main_win.cc:229 )	wWinMain
0x000000013f607351	(chrome.exe -exe_common.inl:283 )	__scrt_common_main_seh
0x778459cc	(KERNEL32.dll + 0x000159cc )	BaseThreadInitThunk
0x7797b980	(ntdll.dll + 0x0002b980 )	RtlUserThreadStart

As this is recent regression adding release blocker label for this issue.Please reduce priority or remove if not the case.

Thank You!

Comment 3 by mstensho@chromium.org, Oct 25

Mergedinto: 898772
Status: Duplicate (was: Assigned)
Did a bisect and ended up at
https://chromium-review.googlesource.com/c/chromium/src/+/1297000

The stack trace is different from the one in comment #2 above, though. I kept getting:

Received signal 11 SEGV_MAPERR 000000000020
#0 0x7f48ad0a553f base::debug::StackTrace::StackTrace()
#1 0x7f48ad0a50b1 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f48a32d30c0 <unknown>
#3 0x7f48a5df4210 <unknown>
#4 0x7f48a6584c7d blink::FrameTree::IsDescendantOf()
#5 0x7f48a6130cc2 blink::LocalFrame::HasTransientUserActivation()
#6 0x7f48ab211c03 content::RenderFrameImpl::WillSendRequest()
#7 0x7f48a608c1e9 blink::LocalFrameClientImpl::DispatchWillSendRequest()
#8 0x7f48a652c2d1 blink::FrameFetchContext::PrepareRequest()
#9 0x7f48a4d8c95b blink::ResourceFetcher::PrepareRequest()
#10 0x7f48a4d8ccb2 blink::ResourceFetcher::RequestResource()
#11 0x7f48a6552916 blink::ImageResource::Fetch()
#12 0x7f48a6555789 blink::ImageResourceContent::Fetch()
#13 0x7f48a6539c8b blink::ImageLoader::DoUpdateFromElement()
#14 0x7f48a653b5ef blink::ImageLoader::Task::Run()
#15 0x7f48a653b7bb _ZN4base8internal7InvokerINS0_9BindStateIMN5blink11ImageLoader4TaskEFvvEJN3WTF13PassedWrapperINSt3__110unique_ptrIS5_NSA_14default_deleteIS5_EEEEEEEEEFvvEE7RunOnceEPNS0_13BindStateBaseE
#16 0x7f48a4bdb19a blink::MicrotaskFunctionCallback()
#17 0x7f48a75337de v8::internal::Runtime_RunMicrotaskCallback()
#18 0x7f48a777e8ae <unknown>

The CL got reverted earlier today. This bug is a duplicate.

Comment 4 by mustaq@chromium.org, Oct 26

Cc: dcheng@chromium.org

Sign in to add a comment