Issue metadata
Sign in to add a comment
|
Pixelbook (Eve) - Crashes after type 4 characters. Happened to two different devices in 2 days.
Reported by
jonathan...@newspring.cc,
Nov 19
|
||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; CrOS x86_64 11151.29.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.49 Safari/537.36 Platform: 10895.78.0 (Official Build) stable-channel eve Steps to reproduce the problem: 1. Log in as any user on the device (g suite or gmail) 2. type 4 characters in any field 3. Black screen for 5 seconds and crash Check out this video for an example: https://drive.google.com/open?id=1CiyAGuczXPt4r_H_DZLDlL3WnI6brjTZ What is the expected behavior? being able to type in a text field What went wrong? Chrome crashes Crashed report ID: fcb21d9ce89fd43d, edffbe2dca34245a and many more How much crashed? Whole browser Is it a problem with a plugin? No Did this work before? Yes Earlier v69 builds, Chrome version: 69.0.3497.120 Channel: stable OS Version: 69 Flash Version: I don't think this started with a new v69 build. It's really odd. We have around 230 Pixelbooks in staff hands and had them pinned to v69 for now as we were waiting for one more build of v70. The first one we fixed by doing a usb restore to the same version of 69 and it fixed it. The second one was fixed by updated to the latest v70 stable build. Either way this seems like a major bug
,
Nov 19
Just fyi this does not happen at the login window, only once logged in.
,
Nov 19
Issue 906314 has been merged into this issue.
,
Nov 19
Issue 906780 has been merged into this issue.
,
Nov 19
We have over 70,000 chromebooks holding at 69 until we get approval that the testing app we use is secure on 70.
,
Nov 19
Can someone gather device logs after reproducing this? https://support.google.com/chrome/a/answer/3293821?hl=en Also network logs as described at: https://support.google.com/chrome/a/answer/6271171?hl=en would be useful. If this is fixed in 70 then the solution is to update to 70, we don't backport fixes to older versions. If you are seeing this issue in 70, please gather above logs.
,
Nov 19
,
Nov 19
did a quick check on two customer users seeing this issue and no special policy is set for omnibox search provider or search suggest.
,
Nov 20
I don't have another device producing the issue that I can test with. Whats odd is that the issue did not seem to appear as part of a new v69 build. It just started happening later. I was confused but wrote it off with the first one, but 2 in 2 days was strange. We forced everything up to v70 yesterday and that is a valid solution for us. Still wanted to bring the issue up incase it was something bigger
,
Nov 20
Closing based on Comment 9. jonathan.evans@newspring.cc: Please feel free to re-open if you encounter this issue again.
,
Nov 20
we are still experiencing this issue. we cannot update to v70 yet, hope to soon as our state mandated testing vendor, Pearson, supports v70 for standardized testing. we have sent logs/videos of issue to our open support case with Google, they directed us to this bug forum.
,
Nov 23
skare@: FYI, looks like some kind of crash down in DocumentSuggestionsService::AccessTokenAvailable(). Reopening because I'm concerned if this bug just goes away, as I don't see anything that would explicitly fix it. +blundell since this is going through the identity service framework so he may know something about an M69 crash in this area.
,
Nov 26
Hi, I agree that we should not close this bug without understanding better what is happening. There is no crash that I know of that would explain this. I looked at DocumentSuggestionsService::AccessTokenAvailable() and I don't see anything problematic.
,
Nov 26
+Sylvain Sylvain, do you see anything subtle in the way that the AccessTokenFetcher/PAATF handle AccessTokenInfo that could result in this crash stack? One difference that I see between this usage site and common usage is the calling of c_str() on the returned access_token_info.token. Could that be exposing some subtle bug with how we're passing through the state? I doublechecked everything and didn't see a problem, but maybe I'm missing something. Thanks! https://crash.corp.google.com/browse?stbtiq=fcb21d9ce89fd43d
,
Nov 26
AFAICT from reading the callstack, the crash happens after the value from the AccessTokenInfo has been used (i.e. the call to StringPrintf has completed). As the crash happens when accessing address 0x000001d8, it looks likely that this correspond to a nullptr network::RessourceRequest (from a quick examination of network::ResourceRequest it is likely for the offset of headers.headers_ to be 0x1d8 bytes).
,
Nov 26
drive-by: Document provider is a feature under development / experimentation. The fact that the bug appeared and disappeared based on version number probably has to do do with how the configs enabling the feature have been set up and changed at various points. I agree the root cause should be investigated and fixed, certainly before enabling the feature more widely.
,
Nov 27
Thank you for the insights, Sylvain and Mark! Sylvain's analysis makes sense to me. That said, the ResourceRequest being null seems extremely odd indeed from looking at the code: https://cs.chromium.org/chromium/src/components/omnibox/browser/document_suggestions_service.cc?sq=package:chromium&g=0&l=109 https://cs.chromium.org/chromium/src/components/omnibox/browser/document_suggestions_service.cc?sq=package:chromium&g=0&l=125 https://cs.chromium.org/chromium/src/components/omnibox/browser/document_suggestions_service.cc?sq=package:chromium&g=0&l=137
,
Nov 27
,
Dec 10
apologies, thought I updated this earlier. Looking at the history, I believe the following change had a block that fixes the crash, but it wasn't shipped until M70 - a recent study enabled the code for 1% then 2%, including M69. https://chromiumdash.appspot.com/commits?commit=d52d2fed09a28d0b9e9b2eb200df8c82eb33b247&platform=Android
,
Dec 12
For anyone following along at home, the problem was that |request| was std::move'd twice in a row :). Sylvain's hunch from c#15 that there was a null ResourceRequest was indeed correct :).
,
Dec 12
Thanks for the work to resolve this! |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by dtapu...@chromium.org
, Nov 19