New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 153902 link

Starred by 1 user

Issue metadata

Status: Fixed
Email to this user bounced
Closed: Nov 2012
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug

Sign in to add a comment

Chrome_Mac: Crash Report - Stack Signature: -[PreviewableContentsController showPreview...

Reported by, Oct 3 2012

Issue description

could it be related to

Product: Chrome_Mac
Stack Signature: -[PreviewableContentsController showPreview:]-B1F1154
New Signature Label: -[PreviewableContentsController showPreview:]
New Signature Hash: 53010142_f09bdc2f_f98913b1_6382854a_14448fb8

Report link: http://go/crash/reportdetail?reportid=e9fda4da2a5707e1

Meta information:
Product Name: Chrome_Mac
Product Version: 24.0.1284.2
Report ID: e9fda4da2a5707e1
Report Time: 2012/10/03 16:28:28, Wed
Uptime: 3095 sec
Cumulative Uptime: 0 sec
OS Name: Mac OS X
OS Version: 10.8.2 12C54
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 58 stepping 9
ptype: browser


0x02c837b1	 [Google Chrome Framework]	 -]	-[PreviewableContentsController showPreview:]
0x02c0d2ac	 [Google Chrome Framework]	 -]	-[BrowserWindowController showInstant:]
0x02c08034	 [Google Chrome Framework]	 -]	BrowserWindowCocoa::ShowInstant
0x02bd97fa	 [Google Chrome Framework]	 -]	chrome::BrowserInstantController::ShowInstant
0x00584ec9	 [Google Chrome Framework]	 -]	InstantController::Show
0x00586193	 [Google Chrome Framework]	 -]	InstantController::SetSuggestions
0x0058a27a	 [Google Chrome Framework]	 -]	InstantLoader::WebContentsDelegateImpl::OnMessageReceived
0x0058a33a	 [Google Chrome Framework]	 + 0x004bc33a]	non-virtual thunk to InstantLoader::WebContentsDelegateImpl::OnMessageReceived(IPC::Message const&)
0x02abbf25	 [Google Chrome Framework]	 -]	WebContentsImpl::OnMessageReceived
0x02abe381	 [Google Chrome Framework]	 + 0x029f0381]	non-virtual thunk to WebContentsImpl::OnMessageReceived(content::RenderViewHost*, IPC::Message const&)
0x02a671d2	 [Google Chrome Framework]	 -]	content::RenderViewHostImpl::OnMessageReceived
0x02a6af2a	 [Google Chrome Framework]	 + 0x0299cf2a]	non-virtual thunk to content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&)
0x02a605d4	 [Google Chrome Framework]	 -]	content::RenderProcessHostImpl::OnMessageReceived
0x02a60b9a	 [Google Chrome Framework]	 + 0x02992b9a]	non-virtual thunk to content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&)
0x00edc4f4	 [Google Chrome Framework]	 -]	IPC::ChannelProxy::Context::OnDispatchMessage
0x00eddd58	 [Google Chrome Framework]	 - ../base/bind_internal.h:190 (cs|src|ann)]	base::internal::Invoker<2, base::internal::BindState<base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(const IPC::Message &)>, void (IPC::ChannelProxy::Context *, const IPC::Message &), void (IPC::ChannelProxy::Context *, IPC::Message)>, void (IPC::ChannelProxy::Context *, const IPC::Message &)>::Run
0x00bdbc72	 [Google Chrome Framework]	 - ../base/callback.h:389 (cs|src|ann)]	MessageLoop::RunTask
0x00bdc0ac	 [Google Chrome Framework]	 -]	MessageLoop::DoWork
0x00baf674	 [Google Chrome Framework]	 -]	base::MessagePumpCFRunLoopBase::RunWork
0x97ed066e	 [CoreFoundation]	 + 0x0001266e]	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x97ed0098	 [CoreFoundation]	 + 0x00012098]	__CFRunLoopDoSources0
0x97ef5e45	 [CoreFoundation]	 + 0x00037e45]	__CFRunLoopRun
0x97ef5639	 [CoreFoundation]	 + 0x00037639]	CFRunLoopRunSpecific
0x97ef54aa	 [CoreFoundation]	 + 0x000374aa]	CFRunLoopRunInMode
0x932a5159	 [HIToolbox]	 + 0x00058159]	RunCurrentEventLoopInMode
0x932a4ec8	 [HIToolbox]	 + 0x00057ec8]	ReceiveNextEventCommon
0x932a4d43	 [HIToolbox]	 + 0x00057d43]	BlockUntilNextEventMatchingListInMode
0x95266a39	 [AppKit]	 + 0x00163a39]	_DPSNextEvent
0x9526626b	 [AppKit]	 + 0x0016326b]	-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
0x9525c6cb	 [AppKit]	 + 0x001596cb]	-[NSApplication run]
0x00bafa30	 [Google Chrome Framework]	 -]	base::MessagePumpNSApplication::DoRun
0x00baf56b	 [Google Chrome Framework]	 -]	base::MessagePumpCFRunLoopBase::Run
0x00bdb6ef	 [Google Chrome Framework]	 -]	MessageLoop::RunHandler
0x00bed790	 [Google Chrome Framework]	 -]	base::RunLoop::Run
0x003695d2	 [Google Chrome Framework]	 -]	ChromeBrowserMainParts::MainMessageLoopRun
0x02981dff	 [Google Chrome Framework]	 -]	content::BrowserMainLoop::RunMainMessageLoopParts
0x02982522	 [Google Chrome Framework]	 -]	(anonymous namespace)::BrowserMainRunnerImpl::Run
0x02980e80	 [Google Chrome Framework]	 -]	BrowserMain
0x00b4276a	 [Google Chrome Framework]	 -]	content::ContentMainRunnerImpl::Run
0x00b41a7f	 [Google Chrome Framework]	 -]	content::ContentMain
0x000d0048	 [Google Chrome Framework]	 -]	ChromeMain
0x000caf77	 [Google Chrome]	 -]	main
0x000caf54	 [Google Chrome]	 + 0x00000f54]	start
Status: Started
I just managed to reproduce this. Will have a fix shortly.
Project Member

Comment 2 by, Oct 5 2012

Summary: Chrome_Mac: Crash Report - Stack Signature: -[PreviewableContentsController showPreview...
The following revision refers to this bug:

r160433 | | 2012-10-05T18:46:19.071555Z

Changed paths:

Fix crash when using Instant.

Steps to reproduce (on Mac OS, with Chrome Instant enabled):
1. On the NTP, type a partial query (without hitting Enter).
2. After the results preview appears, hit Alt-Enter to open it in a new
   foreground tab.
3. Without doing anything else, close the tab. The previous NTP tab is
   now the active tab again.
4. Type another partial query.
--> Previously, this would crash. This CL fixes the crash.

The root cause is that, after step 2, previewContents_ still referred to
the now committed tab. So, when that tab disappears in step 3,
previewContents_ is left dangling, causing the crash in step 4.

The bug was caused by my earlier CL (, which
removed the HideInstant() call that we made after every Instant commit.
HideInstant() nulls out previewContents_, which is why this crash
surfaced after that call was removed. Instead of just putting back
HideInstant(), I think the right thing to do is to adjust
previewContents_, in much the same way that
MakePreviewContentsActiveContents() does in the views UI code.

BUG= 153902
TEST=See steps above.

Review URL:
Status: Fixed
Please verify.
Status: Assigned
Still happens on 24.0.1290.1, and is in fact one of the top crashers.
Another kind of a crash, probably the same root cause as the earlier one:

Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0xffffffff87c0d3b4 )

0x02c8533d	 [Google Chrome Framework]	 -]	-[PreviewableContentsController hidePreview]
0x02c0db75	 [Google Chrome Framework]	 -]	-[BrowserWindowController onReplaceTabWithContents:]
0x02c92d57	 [Google Chrome Framework]	 -]	-[TabStripController tabReplacedWithContents:previousContents:atIndex:]
0x02c974ee	 [Google Chrome Framework]	 -]	TabStripModelObserverBridge::TabReplacedAt
0x001a574b	 [Google Chrome Framework]	 -]	TabStripModel::ReplaceTabContentsAt
0x02bd35bc	 [Google Chrome Framework]	 + 0x02afb5bc]	non-virtual thunk to Browser::SwapTabContents(content::WebContents*, content::WebContents*)
0x0080e9bf	 [Google Chrome Framework]	 -]	prerender::PrerenderManager::MaybeUsePrerenderedPage
0x02bdd704	 [Google Chrome Framework]	 -]	chrome::Navigate
0x02bd50b0	 [Google Chrome Framework]	 -]	chrome::OpenCurrentURL
0x02bd9025	 [Google Chrome Framework]	 -]	chrome::BrowserCommandController::ExecuteCommandWithDisposition
0x003c4d68	 [Google Chrome Framework]	 -]	CommandUpdater::ExecuteCommand
0x02c64ab3	 [Google Chrome Framework]	 -]	LocationBarViewMac::OnAutocompleteAccept
0x02c64b1f	 [Google Chrome Framework]	 + 0x02b8cb1f]	non-virtual thunk to LocationBarViewMac::OnAutocompleteAccept(GURL const&, WindowOpenDisposition, content::PageTransition, GURL const&)
0x000ecce6	 [Google Chrome Framework]	 -]	OmniboxEditModel::OpenMatch
0x0010dd0b	 [Google Chrome Framework]	 -]	OmniboxView::OpenMatch
0x000ec5ae	 [Google Chrome Framework]	 -]	OmniboxEditModel::AcceptInput
0x02c71aef	 [Google Chrome Framework]	 -]	OmniboxViewMac::OnDoCommandBySelector
0x02c71cfa	 [Google Chrome Framework]	 + 0x02b99cfa]	non-virtual thunk to OmniboxViewMac::OnDoCommandBySelector(objc_selector*)
0x02c604a6	 [Google Chrome Framework]	 -]	-[AutocompleteTextFieldEditor doCommandBySelector:]
0x99a980e2	 [AppKit]	 + 0x000e40e2]	-[NSTextInputContext doCommandBySelector:]
0x99a9805c	 [AppKit]	 + 0x000e405c]	-[NSTextInputContext _handleCommand:]
0x99a92a28	 [AppKit]	 + 0x000dea28]	-[NSKeyBindingManager(NSKeyBindingManager_MultiClients) interpretEventAsCommand:forClient:]
0x99a91eb4	 [AppKit]	 + 0x000ddeb4]	-[NSTextInputContext handleEvent:]
0x99a91924	 [AppKit]	 + 0x000dd924]	-[NSView interpretKeyEvents:]
0x02c602f1	 [Google Chrome Framework]	 -]	-[AutocompleteTextFieldEditor interpretKeyEvents:]
0x999d46a7	 [AppKit]	 + 0x000206a7]	-[NSTextView keyDown:]
0x99bf8bf0	 [AppKit]	 + 0x00244bf0]	-[NSWindow sendEvent:]
0x02c13f18	 [Google Chrome Framework]	 -]	-[ChromeEventProcessingWindow sendEvent:]
0x02c4599d	 [Google Chrome Framework]	 -]	-[FramedBrowserWindow sendEvent:]
0x99bf3a0e	 [AppKit]	 + 0x0023fa0e]	-[NSApplication sendEvent:]
0x0036abbd	 [Google Chrome Framework]	 -]	-[BrowserCrApplication sendEvent:]
0x99b0d72b	 [AppKit]	 + 0x0015972b]	-[NSApplication run]
0x00b96270	 [Google Chrome Framework]	 -]	base::MessagePumpNSApplication::DoRun
0x00b95dab	 [Google Chrome Framework]	 -]	base::MessagePumpCFRunLoopBase::Run
0x00bc1fef	 [Google Chrome Framework]	 -]	MessageLoop::RunHandler
0x00bd48d0	 [Google Chrome Framework]	 -]	base::RunLoop::Run
0x003723b2	 [Google Chrome Framework]	 -]	ChromeBrowserMainParts::MainMessageLoopRun
0x0298157f	 [Google Chrome Framework]	 -]	content::BrowserMainLoop::RunMainMessageLoopParts
0x02981ca2	 [Google Chrome Framework]	 -]	(anonymous namespace)::BrowserMainRunnerImpl::Run
0x02980600	 [Google Chrome Framework]	 -]	BrowserMain
0x00b28b3a	 [Google Chrome Framework]	 -]	content::ContentMainRunnerImpl::Run
0x00b27e4f	 [Google Chrome Framework]	 -]	content::ContentMain
0x000da548	 [Google Chrome Framework]	 -]	ChromeMain
0x000d3f77	 [Google Chrome]	 -]	main
0x000d3f54	 [Google Chrome]	 + 0x00000f54]	start

Labels: OS-Mac
Labels: -Pri-1 Pri-2 changed a bunch of things around the Instant UI code. 24.0.1309.0 is the first version with that revision. So far no crashes, but it has only been a couple of days, so it's still too early to tell. Lowering the priority for now.
Status: Fixed
Project Member

Comment 9 by, Mar 10 2013

Labels: -Mstone-24 -Feature-Instant Cr-UI-Browser-Instant M-24

Sign in to add a comment