New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 153902 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Nov 2012
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Chrome_Mac: Crash Report - Stack Signature: -[PreviewableContentsController showPreview...

Reported by dharani@chromium.org, Oct 3 2012

Issue description

could it be related to http://src.chromium.org/viewvc/chrome?view=rev&revision=158613

Product: Chrome_Mac
Stack Signature: -[PreviewableContentsController showPreview:]-B1F1154
New Signature Label: -[PreviewableContentsController showPreview:]
New Signature Hash: 53010142_f09bdc2f_f98913b1_6382854a_14448fb8

Report link: http://go/crash/reportdetail?reportid=e9fda4da2a5707e1

Meta information:
Product Name: Chrome_Mac
Product Version: 24.0.1284.2
Report ID: e9fda4da2a5707e1
Report Time: 2012/10/03 16:28:28, Wed
Uptime: 3095 sec
Cumulative Uptime: 0 sec
OS Name: Mac OS X
OS Version: 10.8.2 12C54
CPU Architecture: x86
CPU Info: GenuineIntel family 6 model 58 stepping 9
ptype: browser


Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x491226f9 )

0x02c837b1	 [Google Chrome Framework]	 - previewable_contents_controller.mm:30]	-[PreviewableContentsController showPreview:]
0x02c0d2ac	 [Google Chrome Framework]	 - browser_window_controller.mm:1904]	-[BrowserWindowController showInstant:]
0x02c08034	 [Google Chrome Framework]	 - browser_window_cocoa.mm:567]	BrowserWindowCocoa::ShowInstant
0x02bd97fa	 [Google Chrome Framework]	 - browser_instant_controller.cc:63]	chrome::BrowserInstantController::ShowInstant
0x00584ec9	 [Google Chrome Framework]	 - instant_controller.cc:695]	InstantController::Show
0x00586193	 [Google Chrome Framework]	 - instant_controller.cc:544]	InstantController::SetSuggestions
0x0058a27a	 [Google Chrome Framework]	 - instant_loader.cc:221]	InstantLoader::WebContentsDelegateImpl::OnMessageReceived
0x0058a33a	 [Google Chrome Framework]	 + 0x004bc33a]	non-virtual thunk to InstantLoader::WebContentsDelegateImpl::OnMessageReceived(IPC::Message const&)
0x02abbf25	 [Google Chrome Framework]	 - web_contents_impl.cc:695]	WebContentsImpl::OnMessageReceived
0x02abe381	 [Google Chrome Framework]	 + 0x029f0381]	non-virtual thunk to WebContentsImpl::OnMessageReceived(content::RenderViewHost*, IPC::Message const&)
0x02a671d2	 [Google Chrome Framework]	 - render_view_host_impl.cc:908]	content::RenderViewHostImpl::OnMessageReceived
0x02a6af2a	 [Google Chrome Framework]	 + 0x0299cf2a]	non-virtual thunk to content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&)
0x02a605d4	 [Google Chrome Framework]	 - render_process_host_impl.cc:1058]	content::RenderProcessHostImpl::OnMessageReceived
0x02a60b9a	 [Google Chrome Framework]	 + 0x02992b9a]	non-virtual thunk to content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&)
0x00edc4f4	 [Google Chrome Framework]	 - ipc_channel_proxy.cc:261]	IPC::ChannelProxy::Context::OnDispatchMessage
0x00eddd58	 [Google Chrome Framework]	 - ../base/bind_internal.h:190 (cs|src|ann)]	base::internal::Invoker<2, base::internal::BindState<base::internal::RunnableAdapter<void (IPC::ChannelProxy::Context::*)(const IPC::Message &)>, void (IPC::ChannelProxy::Context *, const IPC::Message &), void (IPC::ChannelProxy::Context *, IPC::Message)>, void (IPC::ChannelProxy::Context *, const IPC::Message &)>::Run
0x00bdbc72	 [Google Chrome Framework]	 - ../base/callback.h:389 (cs|src|ann)]	MessageLoop::RunTask
0x00bdc0ac	 [Google Chrome Framework]	 - message_loop.cc:482]	MessageLoop::DoWork
0x00baf674	 [Google Chrome Framework]	 - message_pump_mac.mm:250]	base::MessagePumpCFRunLoopBase::RunWork
0x97ed066e	 [CoreFoundation]	 + 0x0001266e]	__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
0x97ed0098	 [CoreFoundation]	 + 0x00012098]	__CFRunLoopDoSources0
0x97ef5e45	 [CoreFoundation]	 + 0x00037e45]	__CFRunLoopRun
0x97ef5639	 [CoreFoundation]	 + 0x00037639]	CFRunLoopRunSpecific
0x97ef54aa	 [CoreFoundation]	 + 0x000374aa]	CFRunLoopRunInMode
0x932a5159	 [HIToolbox]	 + 0x00058159]	RunCurrentEventLoopInMode
0x932a4ec8	 [HIToolbox]	 + 0x00057ec8]	ReceiveNextEventCommon
0x932a4d43	 [HIToolbox]	 + 0x00057d43]	BlockUntilNextEventMatchingListInMode
0x95266a39	 [AppKit]	 + 0x00163a39]	_DPSNextEvent
0x9526626b	 [AppKit]	 + 0x0016326b]	-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
0x9525c6cb	 [AppKit]	 + 0x001596cb]	-[NSApplication run]
0x00bafa30	 [Google Chrome Framework]	 - message_pump_mac.mm:574]	base::MessagePumpNSApplication::DoRun
0x00baf56b	 [Google Chrome Framework]	 - message_pump_mac.mm:169]	base::MessagePumpCFRunLoopBase::Run
0x00bdb6ef	 [Google Chrome Framework]	 - message_loop.cc:427]	MessageLoop::RunHandler
0x00bed790	 [Google Chrome Framework]	 - run_loop.cc:45]	base::RunLoop::Run
0x003695d2	 [Google Chrome Framework]	 - chrome_browser_main.cc:1499]	ChromeBrowserMainParts::MainMessageLoopRun
0x02981dff	 [Google Chrome Framework]	 - browser_main_loop.cc:481]	content::BrowserMainLoop::RunMainMessageLoopParts
0x02982522	 [Google Chrome Framework]	 - browser_main_runner.cc:122]	(anonymous namespace)::BrowserMainRunnerImpl::Run
0x02980e80	 [Google Chrome Framework]	 - browser_main.cc:21]	BrowserMain
0x00b4276a	 [Google Chrome Framework]	 - content_main_runner.cc:441]	content::ContentMainRunnerImpl::Run
0x00b41a7f	 [Google Chrome Framework]	 - content_main.cc:35]	content::ContentMain
0x000d0048	 [Google Chrome Framework]	 - chrome_main.cc:32]	ChromeMain
0x000caf77	 [Google Chrome]	 - chrome_exe_main_mac.cc:16]	main
0x000caf54	 [Google Chrome]	 + 0x00000f54]	start
0x00000001	
 
Status: Started
I just managed to reproduce this. Will have a fix shortly.
Project Member

Comment 2 by bugdroid1@chromium.org, Oct 5 2012

Summary: Chrome_Mac: Crash Report - Stack Signature: -[PreviewableContentsController showPreview...
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=160433

------------------------------------------------------------------------
r160433 | sreeram@chromium.org | 2012-10-05T18:46:19.071555Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/cocoa/browser_window_controller.mm?r1=160433&r2=160432&pathrev=160433
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/cocoa/tabs/tab_strip_controller.h?r1=160433&r2=160432&pathrev=160433
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/cocoa/tabs/tab_strip_controller_unittest.mm?r1=160433&r2=160432&pathrev=160433
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/cocoa/tabs/tab_strip_controller.mm?r1=160433&r2=160432&pathrev=160433
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/cocoa/tab_contents/previewable_contents_controller.h?r1=160433&r2=160432&pathrev=160433
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/cocoa/tab_contents/previewable_contents_controller.mm?r1=160433&r2=160432&pathrev=160433

Fix crash when using Instant.

Steps to reproduce (on Mac OS, with Chrome Instant enabled):
1. On the NTP, type a partial query (without hitting Enter).
2. After the results preview appears, hit Alt-Enter to open it in a new
   foreground tab.
3. Without doing anything else, close the tab. The previous NTP tab is
   now the active tab again.
4. Type another partial query.
--> Previously, this would crash. This CL fixes the crash.

The root cause is that, after step 2, previewContents_ still referred to
the now committed tab. So, when that tab disappears in step 3,
previewContents_ is left dangling, causing the crash in step 4.

The bug was caused by my earlier CL (http://crrev.com/158613), which
removed the HideInstant() call that we made after every Instant commit.
HideInstant() nulls out previewContents_, which is why this crash
surfaced after that call was removed. Instead of just putting back
HideInstant(), I think the right thing to do is to adjust
previewContents_, in much the same way that
MakePreviewContentsActiveContents() does in the views UI code.

BUG= 153902 
R=sky@chromium.org
TEST=See steps above.


Review URL: https://chromiumcodereview.appspot.com/11026050
------------------------------------------------------------------------
Status: Fixed
Please verify.
Status: Assigned
Still happens on 24.0.1290.1, and is in fact one of the top crashers.
Another kind of a crash, probably the same root cause as the earlier one:

https://crash.corp.google.com/reportdetail?reportid=7abd2c5ba93a3cfd#crashing_thread

Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0xffffffff87c0d3b4 )

0x02c8533d	 [Google Chrome Framework]	 - previewable_contents_controller.mm:47]	-[PreviewableContentsController hidePreview]
0x02c0db75	 [Google Chrome Framework]	 - browser_window_controller.mm:1563]	-[BrowserWindowController onReplaceTabWithContents:]
0x02c92d57	 [Google Chrome Framework]	 - tab_strip_controller.mm:1309]	-[TabStripController tabReplacedWithContents:previousContents:atIndex:]
0x02c974ee	 [Google Chrome Framework]	 - tab_strip_model_observer_bridge.mm:95]	TabStripModelObserverBridge::TabReplacedAt
0x001a574b	 [Google Chrome Framework]	 - tab_strip_model.cc:181]	TabStripModel::ReplaceTabContentsAt
0x02bd35bc	 [Google Chrome Framework]	 + 0x02afb5bc]	non-virtual thunk to Browser::SwapTabContents(content::WebContents*, content::WebContents*)
0x0080e9bf	 [Google Chrome Framework]	 - prerender_manager.cc:407]	prerender::PrerenderManager::MaybeUsePrerenderedPage
0x02bdd704	 [Google Chrome Framework]	 - browser_navigator.cc:300]	chrome::Navigate
0x02bd50b0	 [Google Chrome Framework]	 - browser_commands.cc:398]	chrome::OpenCurrentURL
0x02bd9025	 [Google Chrome Framework]	 - browser_command_controller.cc:346]	chrome::BrowserCommandController::ExecuteCommandWithDisposition
0x003c4d68	 [Google Chrome Framework]	 - command_updater.cc:52]	CommandUpdater::ExecuteCommand
0x02c64ab3	 [Google Chrome Framework]	 - location_bar_view_mac.mm:284]	LocationBarViewMac::OnAutocompleteAccept
0x02c64b1f	 [Google Chrome Framework]	 + 0x02b8cb1f]	non-virtual thunk to LocationBarViewMac::OnAutocompleteAccept(GURL const&, WindowOpenDisposition, content::PageTransition, GURL const&)
0x000ecce6	 [Google Chrome Framework]	 - omnibox_edit_model.cc:649]	OmniboxEditModel::OpenMatch
0x0010dd0b	 [Google Chrome Framework]	 - omnibox_view.cc:82]	OmniboxView::OpenMatch
0x000ec5ae	 [Google Chrome Framework]	 - omnibox_edit_model.cc:533]	OmniboxEditModel::AcceptInput
0x02c71aef	 [Google Chrome Framework]	 - omnibox_view_mac.mm:758]	OmniboxViewMac::OnDoCommandBySelector
0x02c71cfa	 [Google Chrome Framework]	 + 0x02b99cfa]	non-virtual thunk to OmniboxViewMac::OnDoCommandBySelector(objc_selector*)
0x02c604a6	 [Google Chrome Framework]	 - autocomplete_text_field_editor.mm:446]	-[AutocompleteTextFieldEditor doCommandBySelector:]
0x99a980e2	 [AppKit]	 + 0x000e40e2]	-[NSTextInputContext doCommandBySelector:]
0x99a9805c	 [AppKit]	 + 0x000e405c]	-[NSTextInputContext _handleCommand:]
0x99a92a28	 [AppKit]	 + 0x000dea28]	-[NSKeyBindingManager(NSKeyBindingManager_MultiClients) interpretEventAsCommand:forClient:]
0x99a91eb4	 [AppKit]	 + 0x000ddeb4]	-[NSTextInputContext handleEvent:]
0x99a91924	 [AppKit]	 + 0x000dd924]	-[NSView interpretKeyEvents:]
0x02c602f1	 [Google Chrome Framework]	 - autocomplete_text_field_editor.mm:405]	-[AutocompleteTextFieldEditor interpretKeyEvents:]
0x999d46a7	 [AppKit]	 + 0x000206a7]	-[NSTextView keyDown:]
0x99bf8bf0	 [AppKit]	 + 0x00244bf0]	-[NSWindow sendEvent:]
0x02c13f18	 [Google Chrome Framework]	 - chrome_event_processing_window.mm:134]	-[ChromeEventProcessingWindow sendEvent:]
0x02c4599d	 [Google Chrome Framework]	 - framed_browser_window.mm:279]	-[FramedBrowserWindow sendEvent:]
0x99bf3a0e	 [AppKit]	 + 0x0023fa0e]	-[NSApplication sendEvent:]
0x0036abbd	 [Google Chrome Framework]	 - chrome_browser_application_mac.mm:438]	-[BrowserCrApplication sendEvent:]
0x99b0d72b	 [AppKit]	 + 0x0015972b]	-[NSApplication run]
0x00b96270	 [Google Chrome Framework]	 - message_pump_mac.mm:574]	base::MessagePumpNSApplication::DoRun
0x00b95dab	 [Google Chrome Framework]	 - message_pump_mac.mm:169]	base::MessagePumpCFRunLoopBase::Run
0x00bc1fef	 [Google Chrome Framework]	 - message_loop.cc:427]	MessageLoop::RunHandler
0x00bd48d0	 [Google Chrome Framework]	 - run_loop.cc:45]	base::RunLoop::Run
0x003723b2	 [Google Chrome Framework]	 - chrome_browser_main.cc:1502]	ChromeBrowserMainParts::MainMessageLoopRun
0x0298157f	 [Google Chrome Framework]	 - browser_main_loop.cc:481]	content::BrowserMainLoop::RunMainMessageLoopParts
0x02981ca2	 [Google Chrome Framework]	 - browser_main_runner.cc:122]	(anonymous namespace)::BrowserMainRunnerImpl::Run
0x02980600	 [Google Chrome Framework]	 - browser_main.cc:21]	BrowserMain
0x00b28b3a	 [Google Chrome Framework]	 - content_main_runner.cc:441]	content::ContentMainRunnerImpl::Run
0x00b27e4f	 [Google Chrome Framework]	 - content_main.cc:35]	content::ContentMain
0x000da548	 [Google Chrome Framework]	 - chrome_main.cc:32]	ChromeMain
0x000d3f77	 [Google Chrome]	 - chrome_exe_main_mac.cc:16]	main
0x000d3f54	 [Google Chrome]	 + 0x00000f54]	start
0x00000001			

Labels: OS-Mac
Labels: -Pri-1 Pri-2
http://crrev.com/164350 changed a bunch of things around the Instant UI code. 24.0.1309.0 is the first version with that revision. So far no crashes, but it has only been a couple of days, so it's still too early to tell. Lowering the priority for now.
Status: Fixed
Project Member

Comment 9 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-24 -Feature-Instant Cr-UI-Browser-Instant M-24

Sign in to add a comment