Issue metadata
Sign in to add a comment
|
Regression: Tab crash is seen after print preview turns unresponsive on chrome://credits. |
||||||||||||||||||||||
Issue descriptionChrome Version: 73.0.3630.0 (Official Build)4e0c28599deef67a295ba4ecd2e0180a4b5157e0-refs/branch-heads/3630@{#1} (32/64 Bit). OS: Windows(7,8,8.1,10), Linux(14.04 LTS). What steps will reproduce the problem? 1. Launch chrome, go to chrome://credits and click on 'Print' in top right. 2. On Print preview, check Background graphics options. 3. Change scale value 5-6 times by entering valid random numbers. 4. Now, uncheck background graphic option and again change scale value 2-3 times. 5. Observe. (Page unresponsive bubble appears select 'Exit Page' option) Actual Result: Print preview page turns unresponsive and Tab crash is seen when clicked on Exit Page. Expected Result: Print preview page should not turn unresponsive and also no crash should be seen. This is a regression issue, broken in M-72 series, and below is the per-revision bisect info: Good Build: 72.0.3597.0(Revision:) Bad Build: 72.0.3598.0(Revision:) Uploaded Crash Report ID 5ac754eef55011d0 (Local Crash ID: 06ccee15-5f32-4ca4-8af1-c2462dad36a2) You are probably looking for a change made after 604399 (known good), but no later than 604400 (first known bad). CHANGE-LOG URL: The script might not always return single CL as suspect as some perf builds might get missing due to failure. https://chromium.googlesource.com/chromium/src/+log/b52ebdc80dde907896fdf8bafc231e30b348b30b..c3736ed68a7fc7f5d683bce471f926d56505027d Suspect: https://chromium.googlesource.com/chromium/src/+/c3736ed68a7fc7f5d683bce471f926d56505027d avi: Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Note: 1. Issue is not seen on Mac(10.13.1, 10.13.6, 10.14.2) OS. 2. Issue is also reproducible on Dev build #72.0.3622.0 3. Frequency of occurrence of this issue is 3/5 Kindly refer the screen cast from the link given below Thank You!
,
Dec 4
This is associated in the crash server with 'crash_reporter::DumpWithoutCrashing'. As per the crash server data this specific magic signature has spiked on the latest Windows canary 73.0.3630.0, reported 19 crashes from 18 clients so far. Link to the list of the builds with the crashes: ================================================= https://goto.google.com/bwgcn Based on the crash server spike on canary considering below as the changelog: =================================================================== https://chromium.googlesource.com/chromium/src/+log/73.0.3629.0..73.0.3630.0?pretty=fuller&n=10000 Suspecting: https://chromium-review.googlesource.com/c/chromium/src/+/1357941 for 'crashpad.cc:268' related change. +jperaza@ for inputs.
,
Dec 5
This doesn't look related to the Crashpad CL. That CL should only affect Android. DumpWithoutCrashing() here looks to be working as intended. It is triggering a crash dump in response to a hang. https://cs.chromium.org/chromium/src/chrome/browser/hang_monitor/hang_crash_dump_win.cc?rcl=4f03013104e9848b0c0d6ca0c0fdbd2c30410395&l=19
,
Dec 5
As updated in C#3 the CL pointed in C#2 is unrelated as that affects Android but seeing only this as relevant in the regression range as this modified crashpad.cc. Putting this into sheriff's queue as 'crash_reporter::DumpWithoutCrashing' is top crash on canary 73.0.3630.0 spiked on this version only.
,
Dec 5
,
Dec 6
Hi, Re-bisected the above bug today on different machines and getting the same suspect as mentioned in the bug. Change-Log: https://chromium.googlesource.com/chromium/src/+log/b52ebdc80dde907896fdf8bafc231e30b348b30b..c3736ed68a7fc7f5d683bce471f926d56505027d Thank You!
,
Dec 6
Just to update, there are no crashes seen with the magic signature 'crash_reporter::DumpWithoutCrashing' on the latest Windows canary 73.0.3632.0 live for 5 hrs so far. aimana@: Could you please check this on the latest canary and confirm if this is still an issue for you. If yes, please attach crash id from there.
,
Dec 7
Removing blocker label, since this is not a straight/consistent (3/5) repro.
,
Dec 8
DumpWithoutCrashing is called as part of hung-renderer reporting; if the tab itself crashed, then that will appear under an entirely separate crash report, with a different signature. There are no other crash reports with the same client-Id, AFAICT, so we can't determine what the real crasher was. Note that we should not see DumpWithoutCrashing reported in this case- the Crash server should be setting a Magic Signature of the form "[Hung renderer] ...". Looking at the hung thread in the report, it is stuck in printing::PrintRenderFrameHelper::RequestPrintPreview, waiting for a reply to a synchronous IPC - we have two bugs filed for that signature, the latest being issue 903296. If we expand the crash filter to _all_ reports which have a thread in printing::PrintRenderFrameHelper::RequestPrintPreview then we get an average of about 4000 reports per-day: https://crash.corp.google.com/browse?q=EXISTS+%28SELECT+1+FROM+UNNEST%28thread%29+CROSS+JOIN+UNNEST%28StackTrace.StackFrame%29+WHERE+FunctionName%3D%27printing%3A%3APrintRenderFrameHelper%3A%3ARequestPrintPreview%28printing%3A%3APrintRenderFrameHelper%3A%3APrintPreviewRequestType%29%27%29+AND+stable_signature%3D%27crash_reporter%3A%3ADumpWithoutCrashing-0f153b79%27&stbtiq=&reportid=&index=0#0 These reports affect all platforms, but Windows is by far the most common. Three-quarters of all reports also have a thread in DumpProcessForHungInputThread, indicating that these are hang reports (we have other uses for DumpWithoutCrashing). https://crash.corp.google.com/browse?q=EXISTS+%28SELECT+1+FROM+UNNEST%28thread%29+CROSS+JOIN+UNNEST%28StackTrace.StackFrame%29+WHERE+FunctionName%3D%27printing%3A%3APrintRenderFrameHelper%3A%3ARequestPrintPreview%28printing%3A%3APrintRenderFrameHelper%3A%3APrintPreviewRequestType%29%27%29+AND+EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29+WHERE+FunctionName%3D%27crash_reporter%3A%3Ainternal%3A%3ADumpProcessForHungInputThread%28void+*%29%27%29#-propertyselector,samplereports,+productname:1000,-magicsignature:50,-magicsignature2:50,-stablesignature:50 These reports correspond to issue 903296 so I've followed-up there; we should fix this code path not to report bogus hangs! Punting this back to aimana@ to repro and get a report-Id for the actual crash, rather than a renderer-hang report-Id. :)
,
Dec 8
On the crash server, I only see 1 crash listed for the client that sent the hung crash report. Not sure what happened to the actual crash.
,
Dec 8
Oh, hitting "exit page" results in a renderer kill. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by rbasuvula@google.com
, Dec 4Labels: ReleaseBlock-Stable