[Magic Signature] google_apis::UrlFetchRequestBase::WriteFileData |
|||||||
Issue descriptionChrome OS version: M71 (11151.29.0, 71.0.3578.49) beta channel eve, elm devices. What steps will reproduce the problem? (1) Open a .DOCX file from Files app> Drive folder. (2) It opens by default with MS word ARC app (3) While the document is still loading, long press Ctrl key What is the expected result? What happens instead? Chrome browser crash seen. Issue is not 100% reproducible, happens (3/5) times [Stable Signature] std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::__grow_by_and_replace-c38e4c9f Feedback report: https://listnr.corp.google.com/report/85784964050 Crash report: https://crash.corp.google.com/browse?stbtiq=a18374bd3d6b8999 Crash info: 0x00007f600aaa0b36 (libc-2.23.so + 0x00136b36 ) __memcpy_avx_unaligned 0x00007f600adda6ad (libc++.so.1.0 -string3.h:65 ) std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::__grow_by_and_replace(unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long, char const*) 0x00007f600adda52c (libc++.so.1.0 -string:2247 ) std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::append(char const*, unsigned long) 0x0000580dd3f50917 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/google_apis/drive/base_requests.cc:425 ) google_apis::UrlFetchRequestBase::WriteFileData(base::BasicStringPiece<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > >, google_apis::UrlFetchRequestBase::DownloadData*) 0x0000580dd3902aaf (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) void base::internal::ReturnAsParamAdapter<bool>(base::OnceCallback<bool ()>, std::__1::unique_ptr<bool, std::__1::default_delete<bool> >*) 0x0000580dd3902b62 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:416 ) base::internal::Invoker<base::internal::BindState<void (*)(base::OnceCallback<GURL ()>, std::__1::unique_ptr<GURL, std::__1::default_delete<GURL> >*), base::OnceCallback<GURL ()>, std::__1::unique_ptr<GURL, std::__1::default_delete<GURL> >*>, void ()>::RunOnce(base::internal::BindStateBase*) 0x0000580dd679bf42 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) base::(anonymous namespace)::PostTaskAndReplyRelay::RunTaskAndPostReply(base::(anonymous namespace)::PostTaskAndReplyRelay) 0x0000580dd679c232 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:416 ) base::internal::Invoker<base::internal::BindState<void (*)(base::(anonymous namespace)::PostTaskAndReplyRelay), base::(anonymous namespace)::PostTaskAndReplyRelay>, void ()>::RunOnce(base::internal::BindStateBase*) 0x0000580dd37a75ac (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x0000580dd67967f9 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/task/task_scheduler/task_tracker.cc:653 ) base::internal::TaskTracker::RunOrSkipTask(base::internal::Task, base::internal::Sequence*, bool) 0x0000580dd67d2596 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/task/task_scheduler/task_tracker_posix.cc:23 ) base::internal::TaskTrackerPosix::RunOrSkipTask(base::internal::Task, base::internal::Sequence*, bool) 0x0000580dd6796010 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/task/task_scheduler/task_tracker.cc:508 ) base::internal::TaskTracker::RunAndPopNextTask(scoped_refptr<base::internal::Sequence>, base::internal::CanScheduleSequenceObserver*) 0x0000580dd67e4d5b (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/task/task_scheduler/scheduler_worker.cc:332 ) base::internal::SchedulerWorker::RunWorker() 0x0000580dd67e4ad0 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/task/task_scheduler/scheduler_worker.cc:224 ) base::internal::SchedulerWorker::RunPooledWorker() 0x0000580dd67d29eb (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/threading/platform_thread_posix.cc:80 ) base::(anonymous namespace)::ThreadFunc(void*) 0x00007f600bfdd2b7 (libpthread-2.23.so -pthread_create.c:333 ) start_thread 0x00007f600aa60fac (libc-2.23.so + 0x000f6fac ) clone
,
Nov 14
,
Nov 15
Observed this crash again on M71 build (11151.33.0, 71.0.3578.57) on Nocturne device. Crash report: https://crash.corp.google.com/browse?stbtiq=9201fe58ec9d6062
,
Nov 28
Observed this crash on coral device with build 11151.45.0, 71.0.3578.71 Crash report: https://crash.corp.google.com/browse?stbtiq=d2049dc91a72ea9c
,
Dec 3
The crash is in this code:
// Even when writing response to a file save the first 1 MiB of the response
// body so that it can be used to get error information in case of server side
// errors. The size limit is to avoid consuming too much redundant memory.
const size_t kMaxStringSize = 1024 * 1024;
if (download_data->response_body.size() < kMaxStringSize) {
size_t bytes_to_copy =
std::min(string_piece.size(),
kMaxStringSize - download_data->response_body.size());
download_data->response_body.append(string_piece.data(), bytes_to_copy);
}
This was introduced by cmumford@ in https://chromium-review.googlesource.com/1176363
,
Dec 3
I guess it's possible for download_data_ to be destructed before/while WriteFileData is being executed on the blocking task runner.
if (!download_data_->output_file_path.empty()) {
DownloadData* download_data_ptr = download_data_.get();
base::PostTaskAndReplyWithResult(
blocking_task_runner(), FROM_HERE,
base::BindOnce(&UrlFetchRequestBase::WriteFileData,
std::move(string_piece), download_data_ptr),
base::BindOnce(&UrlFetchRequestBase::OnWriteComplete,
weak_ptr_factory_.GetWeakPtr(),
std::move(download_data_), std::move(resume)));
return;
}
,
Dec 3
Actually I guess it shouldn't be due to how it's being moved() into the second callback. I took a long stare and couldn't find anything obviously wrong - assigning to the code author cmumford@ who may have more insight.
,
Dec 20
Observed this issue on M72(11316.29.0, 72.0.3626.22) nautilus device while opening audio file from drive. Crash report: https://crash.corp.google.com/samples?stbtiq=4e59b8c5c29175b5
,
Jan 15
,
Jan 16
,
Jan 16
(6 days ago)
Issue 922221 has been merged into this issue.
,
Jan 16
(6 days ago)
cmumford@ - any chance of taking a look at this? still getting user feedback and crash reports rolling in. I guess it's way past the point or reverting this code. Thanks!
,
Jan 17
(6 days ago)
Saw this crash on M72 (11316.82.0, 72.0.3626.59) eve. Repro steps: 1. Goto to Drive folder of Files app 2. Select a video file (Eg. .MP4), click on OPEN button from top panel and select ARC++ Photos app What happens? Results in browser crash. Observed this mainly while opening an audio/video file through ARC++ app. Crash report: https://crash.corp.google.com/browse?stbtiq=f51d8a08077bc595 Feedback report: https://listnr.corp.google.com/report/85912972918
,
Jan 20
(2 days ago)
,
Jan 20
(2 days ago)
Here are the last few crashes, which I'm 99% sure is related to this issue: Uploaded Crash Report ID beba17be594bed54 (Local Crash ID: Chrome) Crash report uploaded on Sunday, January 20, 2019 at 10:52:25 PM Provide additional details Uploaded Crash Report ID 674e33808df58f07 (Local Crash ID: Chrome) Crash report uploaded on Friday, January 18, 2019 at 12:37:54 PM Provide additional details Uploaded Crash Report ID 590c493b19aa0a59 (Local Crash ID: Chrome) Crash report uploaded on Tuesday, January 15, 2019 at 7:43:06 PM Provide additional details Uploaded Crash Report ID 87926b2cdca47d9f (Local Crash ID: Chrome) Crash report uploaded on Monday, January 14, 2019 at 1:30:21 PM Provide additional details Uploaded Crash Report ID 970241832e092f75 (Local Crash ID: Chrome) Crash report uploaded on Sunday, January 13, 2019 at 5:16:25 PM Provide additional details Uploaded Crash Report ID 3d3f2e030683e3a0 (Local Crash ID: Chrome) Crash report uploaded on Sunday, January 13, 2019 at 5:08:31 PM Provide additional details Uploaded Crash Report ID 033b5e748e53c353 (Local Crash ID: Chrome) Crash report uploaded on Thursday, January 10, 2019 at 9:29:13 PM Provide additional details Uploaded Crash Report ID ed44dc361def8f6e (Local Crash ID: Chrome) Crash report uploaded on Thursday, January 10, 2019 at 9:27:35 PM Provide additional details |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by mkarkada@chromium.org
, Nov 14