New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 139164 link

Starred by 18 users

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Oct 2012
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug

Blocking:
issue 115437



Sign in to add a comment

Chrome_Mac: Crash Report - Stack Signature: CGSReconfigNotifierCalloutListInvokeAll-061...

Reported by dharani@chromium.org, Jul 26 2012

Issue description

All these crashes are from Mountain Lion. rsesek@: please triage.

Product: Chrome_Mac
Stack Signature: -6D82B8
New Signature Label: CGSReconfigNotifierCalloutListInvokeAll
New Signature Hash: 061c237f_58a78bb0_468587ed_e95e9c0f_22a949f5

Report link: http://go/crash/reportdetail?reportid=5afe1bbcb1a0d3e9

Meta information:
Product Name: Chrome_Mac
Product Version: 22.0.1217.0
Report ID: 5afe1bbcb1a0d3e9
Report Time: 2012/07/26 12:18:33, Thu
Uptime: 3 sec
Cumulative Uptime: 0 sec
OS Name: Mac OS X
OS Version: 10.8.0 12A269
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 58 stepping 9
ptype: browser


Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE @ 0x00000000 )

0x0f0ae5df	 [QuickTimeUSBVDCDigitizer]	 + 0x0000e5df]	
0x0f0bf45e	 [QuickTimeUSBVDCDigitizer]	 + 0x0001f45e]	
0x0f0befc8	 [QuickTimeUSBVDCDigitizer]	 + 0x0001efc8]	
0x90d7b138	 [CoreGraphics]	 + 0x00326138]	
CGSReconfigNotifierCalloutListInvokeAll
0x90dba77b	 [CoreGraphics]	 + 0x0036577b]	
displayConfigFinalizedProc
0x90dbaa38	 [CoreGraphics]	 + 0x00365a38]	
displayAcceleratorChangedProc
0x90abf60d	 [CoreGraphics]	 + 0x0006a60d]	
CGSPostLocalNotification
0x90afcfa5	 [CoreGraphics]	 + 0x000a7fa5]	
notify_datagram_handler
0x90abcf2a	 [CoreGraphics]	 + 0x00067f2a]	
CGSDispatchDatagramsFromStream
0x90abcb22	 [CoreGraphics]	 + 0x00067b22]	
snarf_events
0x90abc84b	 [CoreGraphics]	 + 0x0006784b]	
CGSGetNextEventRecordInternal
0x90abc783	 [CoreGraphics]	 + 0x00067783]	
CGEventCreateNextEvent
0x91356b41	 [HIToolbox]	 + 0x0005eb41]	
PullEventsFromWindowServerOnConnection(unsigned int, unsigned char)
0x9135ca50	 [HIToolbox]	 + 0x00064a50]	
PullEventsFromWindowServer
0x9135c9d5	 [HIToolbox]	 + 0x000649d5]	
FlushSpecificEventsFromQueue
0x943c6900	 [AppKit]	 + 0x0021d900]	
+[NSEvent _discardCursorEventsForWindowNumber:criteria:]
0x943c6871	 [AppKit]	 + 0x0021d871]	
_NXResetCursorState
0x943e2647	 [AppKit]	 + 0x00239647]	
_handleInvalidCursorRectsNote
0x94956126	 [AppKit]	 + 0x007ad126]	
__35-[NSWindow _postInvalidCursorRects]_block_invoke_02879
0x95fb990c	 [CoreFoundation]	 + 0x0008c90c]	
_runLoopObserverWithBlockContext
0x95f8a51d	 [CoreFoundation]	 + 0x0005d51d]	
__CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__
0x95f8a45c	 [CoreFoundation]	 + 0x0005d45c]	
__CFRunLoopDoObservers
0x95f64545	 [CoreFoundation]	 + 0x00037545]	
__CFRunLoopRun
0x95f63d69	 [CoreFoundation]	 + 0x00036d69]	
CFRunLoopRunSpecific
0x95f63bda	 [CoreFoundation]	 + 0x00036bda]	
CFRunLoopRunInMode
0x9134f8a9	 [HIToolbox]	 + 0x000578a9]	
RunCurrentEventLoopInMode
0x9134f618	 [HIToolbox]	 + 0x00057618]	
ReceiveNextEventCommon
0x9134f493	 [HIToolbox]	 + 0x00057493]	
BlockUntilNextEventMatchingListInMode
0x9430ca59	 [AppKit]	 + 0x00163a59]	
_DPSNextEvent
0x9430c28b	 [AppKit]	 + 0x0016328b]	
-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
0x943026db	 [AppKit]	 + 0x001596db]	
-[NSApplication run]
0x00e022c0	 [Google Chrome Framework]	 - message_pump_mac.mm:574	
base::MessagePumpNSApplication::DoRun
0x00e01dfb	 [Google Chrome Framework]	 - message_pump_mac.mm:169	
base::MessagePumpCFRunLoopBase::Run
0x00e2f7bf	 [Google Chrome Framework]	 - message_loop.cc:419	
MessageLoop::RunHandler
0x00e41f30	 [Google Chrome Framework]	 - run_loop.cc:45	
base::RunLoop::Run
0x0035023f	 [Google Chrome Framework]	 - chrome_browser_main.cc:1960	
ChromeBrowserMainParts::MainMessageLoopRun
0x00124e6f	 [Google Chrome Framework]	 - browser_main_loop.cc:451	
content::BrowserMainLoop::RunMainMessageLoopParts
0x0012b3c2	 [Google Chrome Framework]	 - browser_main_runner.cc:99	
(anonymous namespace)::BrowserMainRunnerImpl::Run
0x00123f10	 [Google Chrome Framework]	 - browser_main.cc:21	
BrowserMain
0x00da3eda	 [Google Chrome Framework]	 - content_main_runner.cc:375	
content::ContentMainRunnerImpl::Run
0x00da317f	 [Google Chrome Framework]	 - content_main.cc:35	
content::ContentMain
0x00048f38	 [Google Chrome Framework]	 - chrome_main.cc:32	
ChromeMain
0x00042f57	 [Google Chrome Canary]	 - chrome_exe_main_mac.cc:16	
main
0x00042f04	 [Google Chrome Canary]	 + 0x00000f04]	
start
0x00000001	
 

Comment 2 by rsesek@chromium.org, Jul 26 2012

This crash correlates precisely with 10.7.4 and 10.8, based on my querying. We also don't see this happen before 22.0.1182.0.

SELECT OS.Version, CrashedStackTrace.Label, Product.Version, COUNT(*)
FROM crash.prod.latest
WHERE Product.Name = 'Chrome_Mac'
AND RequestingThread = 0
AND CrashedStackTrace.StackFrame.Module.DebugFile = 'QuickTimeUSBVDCDigitizer'
AND ptype = 'browser'
GROUP BY OS.Version, CrashedStackTrace.Label, Product.Version
ORDER BY Product.Version DESC;

+----------------+-----------------------------------------------+-----------------+----------+
| OS.Version     | CrashedStackTrace.Label                       | Product.Version | COUNT(*) |
+----------------+-----------------------------------------------+-----------------+----------+
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1218.0     |        3 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1218.0     |        9 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1218.0     |        3 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1217.0     |       51 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1217.0     |       72 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1216.0     |        3 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1216.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1216.0     |       54 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1216.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1215.2     |        9 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1215.1     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1215.1     |        9 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1215.1     |        9 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1215.0     |       36 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1215.0     |        6 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1215.0     |        6 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1215.0     |       37 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1214.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1214.0     |       51 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1214.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1213.0     |       30 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1213.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1212.0     |       69 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1212.0     |       12 |
| 10.7.4 11E2068 | CFArrayApplyFunction                          | 22.0.1212.0     |        3 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1212.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1211.0     |       63 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1211.0     |        6 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1211.0     |       12 |
| 10.7.4 11E2617 | displayConfigFinalizedProc                    | 22.0.1211.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1210.0     |       42 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1210.0     |        3 |
| 10.7.4 11E2520 | _ZL38PullEventsFromWindowServerOnConnectionjh | 22.0.1209.0     |        3 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1209.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1209.0     |       39 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1208.0     |        9 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1208.0     |       68 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1208.0     |        9 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1208.0     |        2 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1207.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1207.0     |       45 |
| 10.7.4 11E2520 | _ZL38PullEventsFromWindowServerOnConnectionjh | 22.0.1207.0     |        3 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1207.0     |        9 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1206.0     |        6 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1206.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1206.0     |       42 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1205.0     |       42 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1205.0     |       12 |
| 10.7.4 11E2520 | _ZL38PullEventsFromWindowServerOnConnectionjh | 22.0.1205.0     |        3 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1205.0     |        9 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1205.0     |        3 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1205.0     |        3 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1204.0     |        6 |
| 10.7.4 11E53   | displayConfigFinalizedProc                    | 22.0.1204.0     |        4 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1204.0     |       33 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1204.0     |        9 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1204.0     |        3 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1204.0     |        3 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1203.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1203.0     |       45 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1203.0     |       18 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1203.0     |        3 |
| 10.8.0 12A239  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1203.0     |        3 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1203.0     |       21 |
| 10.8.0 12A269  | base::MessagePumpNSApplication::DoRun         | 22.0.1202.0     |       11 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1202.0     |        9 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1202.0     |        6 |
| 10.8.0 12A269  | CGSReconfigNotifierCalloutListInvokeAll       | 22.0.1202.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1202.0     |       61 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1201.0     |       42 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1201.0     |        3 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1201.0     |        9 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1201.0     |        3 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1200.0     |       12 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1200.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1200.0     |       48 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1200.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1199.0     |       38 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1199.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1198.0     |       51 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1198.0     |        6 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1198.0     |        6 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1197.0     |        3 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1197.0     |        9 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1197.0     |        9 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1197.0     |       27 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1194.1     |       18 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1194.1     |       83 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1194.1     |        3 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1194.1     |        6 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1194.0     |        3 |
| 10.7.4 11E2520 | _ZL38PullEventsFromWindowServerOnConnectionjh | 22.0.1194.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1194.0     |       15 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1194.0     |        3 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1194.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1193.0     |       57 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1193.0     |        9 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1192.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1192.0     |       18 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1192.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1191.1     |       21 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1191.1     |        3 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1191.1     |        3 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1191.1     |        3 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1190.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1190.0     |       36 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1190.0     |        6 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1190.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1189.0     |       27 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1189.0     |        3 |
| 10.7.4 11E53   | displayConfigFinalizedProc                    | 22.0.1189.0     |        8 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1188.0     |       27 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1188.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1187.0     |       15 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1187.0     |        6 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1186.0     |       12 |
| 10.8.0 12A256  | base::MessagePumpNSApplication::DoRun         | 22.0.1186.0     |        6 |
| 10.7.4 11E2068 | __NSArrayEnumerate                            | 22.0.1186.0     |        3 |
| 10.8.0 12A248  | base::MessagePumpNSApplication::DoRun         | 22.0.1186.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1185.0     |       15 |
| 10.8.0 12A248  | base::MessagePumpNSApplication::DoRun         | 22.0.1185.0     |        6 |
| 10.7.4 11E2068 | __CFMachPortPerform                           | 22.0.1185.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1183.0     |       33 |
| 10.8.0 12A248  | base::MessagePumpNSApplication::DoRun         | 22.0.1182.0     |        3 |
| 10.7.4 11E2620 | displayConfigFinalizedProc                    | 22.0.1182.0     |        6 |
+----------------+-----------------------------------------------+-----------------+----------+

Comment 3 by rsesek@chromium.org, Jul 26 2012

Cc: rsesek@chromium.org sail@chromium.org
Owner: sh...@chromium.org
Status: Assigned
The changelog between 1182 and 1181 is this:

http://build.chromium.org/f/chromium/perf/dashboard/ui/changelog.html?url=/trunk/src&range=143152:143348&mode=html

Nothing touches media/ and looks relevant, which is something I'd expect with a QuickTime-related component crash. However, there is http://src.chromium.org/viewvc/chrome?view=rev&revision=143233, which enables Pepper Flash by default on canary.

I added the |channel| column to my above query (SELECT and GROUP BY) and saw very high correlation with canary channel. There's a spattering of dev, which I think makes sense for an opt-in feature. But I think this is coincidence enough to hand off.

Comment 4 by sh...@chromium.org, Jul 26 2012

My impression is that this relates to the built-in camera and/or microphone.  I think.

Comment 5 by rsesek@chromium.org, Jul 26 2012

That's my impression, too. I find it odd that there's nothing from before 10.7.4/10.8, though. That could just be our sampling of canary users, but I find it a little odd.

Comment 6 by sh...@chromium.org, Jul 26 2012

There were some crashes in the plugin process back in M-17, but things went way quiet in April.  ALL of the browser crashes are 10.7.4 or 10.8.0, the other versions are in plugins process, and have a different backtrace.  The date on my Lion 11E53 system's file is June 15, while my Lion 11E2620 system's file is Jul 12, and the file is larger, so they are changing things.  [Older system is MacBook Air, newer is MBP/retina, so I do expect them to diverge somewhat.]

I can only find one browser crash with this module in a build which _isn't_ a recent 11E2xxx.  I think it's
http://go/crash/reportdetail?reportid=946f30e594949d3f , the stack trace looks about the same.  This makes me wonder if all this is somehow related to HiDPI.  The outlier could be someone testing with an older machine.  But I cannot figure out how to determine HiDPI from dremel info (maybe we should change that?).

Comment 7 by rsesek@chromium.org, Jul 30 2012

 Issue 139528  has been merged into this issue.
Quick comment from my side, since the crash that I had reported (http://code.google.com/p/chromium/issues/detail?id=139528) has been merged into this thread. I have both dev channel and canary installed on all my machines, and I have only seen this crash on the MacBook Pro w/ Retina Display, i.e. hi-DPI. It hasn't occurred on either 10.7.x or 10.8.x on my older MacBook Pro or on the desktop machine. And I've seen it in dev channel and canary.

Comment 9 by rsesek@chromium.org, Jul 30 2012

Labels: ReleaseBlock-Beta
This is the #1 crash. Probably can't ship Flapper with it.

Comment 10 by k...@google.com, Aug 1 2012

Labels: Feature-Flash

Comment 11 by k...@google.com, Aug 13 2012

Scott, any updates here?

Comment 12 by k...@google.com, Aug 17 2012

Labels: -Mstone-22 Mstone-23
flapper's out for 22 on mac.

Comment 13 by sail@chromium.org, Sep 4 2012

Owner: sail@chromium.org
Grabbing!

Comment 14 by sail@chromium.org, Sep 4 2012

It looks like this is an Apple bug caused. Other apps on MacBook Pro Retina seem to be having the same issue. See:
http://www.scribd.com/doc/79122348/Skype

Also, I haven't found a way to reproduce this bug. I tried chatroulette.com and it didn't cause a crash.

I then tried airtime.com but that causes  bug 140175  instead.

Comment 15 by sail@chromium.org, Sep 4 2012

I filed a bug with Apple about this issue:
http://openradar.appspot.com/radar?id=1928402

I'll continue working on this to see if I can find a workaround.

Comment 16 by sail@chromium.org, Sep 4 2012

Cc: vclarke@chromium.org
+vclarke who's also looking into this bug
Reminder to self: This is a release blocker for Mac Flapper.
Cc: jeffreyc@chromium.org
Blocking: chromium:115437

Comment 20 by csom...@gmail.com, Sep 14 2012

appeared to LogMeIn join.me QA team also, on Windows as well, on resize
flash crash at browser resize.png
325 KB View Download
Sailesh said that he can't reproduce this. What do we want to do with this?
This is still a huge crasher on dev channel 23.0.1262.0. Looks to be #1 crash for code that we control.
What's the next step here, Sailesh?

Comment 24 by sail@chromium.org, Sep 19 2012

> What's the next step here, Sailesh?
I talked to Karen. The best thing seems to keep pinging Apple and also see if 10.8.2 fixes this.
I really can't think of a way to debug this on my side.
We can use the above Dremel query in comment #2 to see if there's any incidence on 10.8.2.

Comment 26 by sail@chromium.org, Sep 24 2012

Labels: -ReleaseBlock-Beta ReleaseBlock-Stable
I ran Robert's dremel query and it still shows crashes on 10.8.2.
I don't think there are enough crashes to block beta though.

Comment 28 by kareng@google.com, Oct 4 2012

ping so what's next here?

Comment 29 by j...@usmoores.org, Oct 5 2012

I don't know if this helps but I since I updated my older MacBook Pro 5,3 to Mountain Lion I have had almost constant crashes/hanging on Chrome. Here is a copy of the Apple Crash log if it helps: (attached)
Chrome Mountain Lion Crash log.pdf
1.0 MB Download
john: That's  issue 151707 , which should be fixed shortly. In the future, please just upload plain text attachments to a new bug. It's better to be duped into another bug than to add different reports to the same bug.
Apple unfortunately strips the QuickTimeUSBVDCDigitizer binary, so we can't see what's going on inside. But because this is a loadable QuickTime component, there's likely an entry proc:

$ nm -U /System/Library/QuickTime/QuickTimeUSBVDCDigitizer.component/Contents/MacOS/QuickTimeUSBVDCDigitizer
000184cc T _APWVDOUSBVDCDigitizerEntry
05614542 - 00 0000   OPT radr://5614542

Running Chrome with a breakpoint on APWVDOUSBVDCDigitizerEntry reveals where this gets initialized (using the test case from  bug 152916 ):

Breakpoint 2, 0x246c84cf in APWVDOUSBVDCDigitizerEntry ()
(gdb) bt
#0  0x246c84cf in APWVDOUSBVDCDigitizerEntry ()
#1  0x94cf4aee in CallComponent ()
#2  0x94cf4b48 in CallComponentDispatch ()
#3  0x94d87ad7 in CallComponentOpen ()
#4  0x94cf46b5 in OpenAComponent ()
#5  0x97ded280 in _SGVideoComponentDispatch ()
#6  0x94d89adb in callComponentStorage_44 ()
#7  0x94d7aabf in CallComponentFunctionCommonWithStorage ()
#8  0x94d7aaff in CallComponentFunctionWithStorageProcInfo ()
#9  0x97de5db1 in _SGVideoComponentDispatch ()
#10 0x94cf4aee in CallComponent ()
#11 0x94cf4b48 in CallComponentDispatch ()
#12 0x97ef68bb in QDM2Encoder_ComponentDispatch ()
#13 0x97deabf2 in _SGVideoComponentDispatch ()
#14 0x94d89adb in callComponentStorage_44 ()
#15 0x94d7aabf in CallComponentFunctionCommonWithStorage ()
#16 0x94d7aaff in CallComponentFunctionWithStorageProcInfo ()
#17 0x97de5db1 in _SGVideoComponentDispatch ()
#18 0x94cf4aee in CallComponent ()
#19 0x94cf4b48 in CallComponentDispatch ()
#20 0x97ef6331 in QDM2Encoder_ComponentDispatch ()
#21 0x97dd9af2 in _SGComponentDispatch ()
#22 0x94d8991f in callComponentStorage_444 ()
#23 0x94d7aabf in CallComponentFunctionCommonWithStorage ()
#24 0x94d7aaff in CallComponentFunctionWithStorageProcInfo ()
#25 0x97dd8c1e in _SGComponentDispatch ()
#26 0x94cf4aee in CallComponent ()
#27 0x94cf4b48 in CallComponentDispatch ()
#28 0x97ef53f9 in QDM2Encoder_ComponentDispatch ()
#29 0x97dd9bc6 in _SGComponentDispatch ()
#30 0x94d8991f in callComponentStorage_444 ()
#31 0x94d7aabf in CallComponentFunctionCommonWithStorage ()
#32 0x94d7aaff in CallComponentFunctionWithStorageProcInfo ()
#33 0x97dd8c1e in _SGComponentDispatch ()
#34 0x94cf4aee in CallComponent ()
#35 0x94cf4b48 in CallComponentDispatch ()
#36 0x9060bdeb in SGNewChannel ()
#37 0x24228a50 in CMIOUnitVDIGInputEntry ()
#38 0x2422b19b in CMIOUnitVDIGInputEntry ()
#39 0x2422b5bf in CMIOUnitVDIGInputEntry ()
#40 0x24208a8c in dyld_stub_vm_deallocate ()
#41 0x24225caa in CMIOUnitVideoDecompressorEntry ()
#42 0x938e235c in +[QTCaptureVDIGDevice _refreshDevices] ()
#43 0x938e1fe4 in +[QTCaptureVDIGDevice devicesWithIOType:] ()
#44 0x938458b6 in +[QTCaptureDevice devicesWithIOType:] ()
#45 0x938324f8 in +[QTCaptureDevice inputDevices] ()
#46 0x9383243f in +[QTCaptureDevice inputDevicesWithMediaType:] ()
#47 0x0245bbe8 in +[VideoCaptureDeviceQTKit deviceNames] (self=0xa688c38, _cmd=0x908e7195) at ../../media/video/capture/mac/video_capture_device_qtkit_mac.mm:20
#48 0x024591e1 in media::VideoCaptureDevice::GetDeviceNames (device_names=0xbbf425e8) at ../../media/video/capture/mac/video_capture_device_mac.mm:19
#49 0x04b1dd8e in media_stream::VideoCaptureManager::GetAvailableDevices (this=0x16253150, device_names=0xbbf425e8) at ../../content/browser/renderer_host/media/video_capture_manager.cc:385
#50 0x04b1b96a in media_stream::VideoCaptureManager::OnEnumerateDevices (this=0x16253150) at ../../content/browser/renderer_host/media/video_capture_manager.cc:127
#51 0x04b2b1e4 in base::internal::RunnableAdapter<void (media_stream::VideoCaptureManager::*)()>::Run (this=0xbbf42740, object=0x16253150) at bind_internal.h:134
#52 0x04b2b133 in base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (media_stream::VideoCaptureManager::*)()>, void ()(media_stream::VideoCaptureManager* const&)>::MakeItSo (runnable={method_ = {ptr = 78755872, ptr = 0}}, a1=@0x16245fb4) at bind_internal.h:870
#53 0x04b2b0cc in base::internal::Invoker<1, base::internal::BindState<base::internal::RunnableAdapter<void (media_stream::VideoCaptureManager::*)()>, void ()(media_stream::VideoCaptureManager*), void ()(media_stream::VideoCaptureManager*)>, void ()(media_stream::VideoCaptureManager*)>::Run (base=0x16245fa0) at bind_internal.h:1172
#54 0x0330a5bb in base::Callback<void ()()>::Run (this=0xbbf429e4) at callback.h:389
#55 0x03307c57 in MessageLoop::RunTask (this=0xbbf42e28, pending_task=@0xbbf429d0) at ../../base/message_loop.cc:470
#56 0x03308152 in MessageLoop::DeferOrRunPendingTask (this=0xbbf42e28, pending_task=@0xbbf429d0) at ../../base/message_loop.cc:482
#57 0x03308352 in MessageLoop::DoWork (this=0xbbf42e28) at ../../base/message_loop.cc:661
#58 0x03318581 in base::MessagePumpDefault::Run (this=0x189a73b0, delegate=0xbbf42e28) at ../../base/message_pump_default.cc:28
#59 0x03307482 in MessageLoop::RunInternal (this=0xbbf42e28) at ../../base/message_loop.cc:427
#60 0x0330733b in MessageLoop::RunHandler (this=0xbbf42e28) at ../../base/message_loop.cc:400
#61 0x033610c8 in base::RunLoop::Run (this=0xbbf42ce8) at ../../base/run_loop.cc:45
#62 0x03306736 in MessageLoop::Run (this=0xbbf42e28) at ../../base/message_loop.cc:307
#63 0x033d4ed2 in base::Thread::Run (this=0x154740b0, message_loop=0xbbf42e28) at ../../base/threading/thread.cc:133
#64 0x033d5083 in base::Thread::ThreadMain (this=0x154740b0) at ../../base/threading/thread.cc:169
#65 0x033c0535 in base::(anonymous namespace)::ThreadFunc (params=0x15498bb0) at ../../base/threading/platform_thread_posix.cc:65
#66 0x9a5a7557 in _pthread_start ()
#67 0x9a591cee in thread_start ()

So it looks like this is being triggered when we're enumerating the devices with +[VideoCaptureDeviceQTKit deviceNames], which of course calls out through QTKit. This isn't the first crash we've seen reported with probing devices and drivers through media_stream::VideoCaptureManager::OnEnumerateDevices; there's  issue 153412 , too.

I don't know if this is related to Flash, though, unless it too calls through to that function somehow. However I cannot see any media/video capture changes that look related in the changelog I posted above.

I wonder if we can somehow block the loading of these buggy modules, similar to how we block InputManagers and other CFBundles. But I also do not know what affect that would have on the system or users being able to use their media devices. Another solution could be to do something similar to what I did for plugin loading/discovery: push the enumeration of all devices out to an un-sandboxed utility process. That way, if the process crashes, the browser can stay alive, albeit with diminished functionality.
Confirmed with PepperFlash and http://www.testwebcam.com/ that the crashing QuickTime component gets loaded at that exact same stack trace.
Cc: wjia@chromium.org mflodman@chromium.org
+some media folks working on  issue 153412 .
Labels: Feature-Plugins-Pepper
Project Member

Comment 35 by bugdroid1@chromium.org, Oct 10 2012

Summary: Chrome_Mac: Crash Report - Stack Signature: CGSReconfigNotifierCalloutListInvokeAll-061...
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=161024

------------------------------------------------------------------------
r161024 | shess@chromium.org | 2012-10-10T02:45:25.730366Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/media/video/capture/mac/video_capture_device_qtkit_mac.mm?r1=161024&r2=161023&pathrev=161024

[Mac] Enumerate webcam devices on the main thread.

The associated bug is about a crash in code which is only loaded due
to +deviceNames, though the crash does not have any such code on the
stack.  If that call were not thread-safe, then possibly using it on a
different thread breaks assumptions about where things are allocated
and released.

BUG= 139164 


Review URL: https://chromiumcodereview.appspot.com/11017045
------------------------------------------------------------------------
Project Member

Comment 36 by bugdroid1@chromium.org, Oct 10 2012

The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=161025

------------------------------------------------------------------------
r161025 | sail@chromium.org | 2012-10-10T02:49:56.834306Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/media/video/capture/mac/video_capture_device_qtkit_mac.mm?r1=161025&r2=161024&pathrev=161025

Add crash key for Mac video capture

This CL calls SetCrashKeyValue() if a video capture device is opened. This can
be used to determine if the crash involves video capture or if simply
enumerating video capture device is enough to cause a crash.

BUG= 139164 


Review URL: https://chromiumcodereview.appspot.com/11096030
------------------------------------------------------------------------

Comment 37 by sail@chromium.org, Oct 11 2012

I re-ran Robert's dremel query. I see crashes from yesterday's Canary (24.0.1291.1) but none from today's.

It's probably too early to say for sure that this is fixed. Lets wait for one more day and check again.

Comment 38 by kareng@google.com, Oct 11 2012

sg ty

Comment 39 by sh...@chromium.org, Oct 12 2012

Still don't see any for 1292.1 or 1293...

Comment 40 by sail@chromium.org, Oct 12 2012

Labels: Merge-Requested
Woot, I don't see any either. Lets just merge Scott's change (r161024).

Comment 41 by kareng@google.com, Oct 15 2012

Labels: -Merge-Requested Merge-Approved
Project Member

Comment 42 by bugdroid1@chromium.org, Oct 15 2012

Labels: -Merge-Approved merge-merged-1271
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=161917

------------------------------------------------------------------------
r161917 | shess@chromium.org | 2012-10-15T19:13:29.914123Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1271/src/media/video/capture/mac/video_capture_device_qtkit_mac.mm?r1=161917&r2=161916&pathrev=161917

Merge 161024 - [Mac] Enumerate webcam devices on the main thread.

The associated bug is about a crash in code which is only loaded due
to +deviceNames, though the crash does not have any such code on the
stack.  If that call were not thread-safe, then possibly using it on a
different thread breaks assumptions about where things are allocated
and released.

BUG= 139164 


Review URL: https://chromiumcodereview.appspot.com/11017045

TBR=shess@chromium.org
Review URL: https://codereview.chromium.org/11155018
------------------------------------------------------------------------

Comment 43 by sh...@chromium.org, Oct 15 2012

Status: Fixed
Cc: tnakamura@chromium.org sh...@chromium.org
 Issue 153412  has been merged into this issue.
Project Member

Comment 45 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-23 -Feature-Flash -Feature-Plugins-Pepper Cr-Content-Plugins-Flash M-23 Cr-Content-Plugins-Pepper
Project Member

Comment 46 by bugdroid1@chromium.org, Apr 6 2013

Labels: Cr-Blink
Project Member

Comment 47 by bugdroid1@chromium.org, Apr 6 2013

Labels: -Cr-Content-Plugins-Flash Cr-Internals-Plugins-Flash
Project Member

Comment 48 by bugdroid1@chromium.org, Apr 6 2013

Labels: Cr-Internals-Plugins
Project Member

Comment 49 by bugdroid1@chromium.org, Apr 6 2013

Labels: -Cr-Content-Plugins-Pepper Cr-Internals-Plugins-Pepper

Comment 50 by laforge@google.com, Jul 24 2013

Cc: -jeffreyc@chromium.org

Sign in to add a comment