Crash on first run on Mac |
|||||||||||||||||
Issue descriptionChrome canary 53.0.2784.1 on macOS 10.12dp1 16A201W When there’s no user profile and Chrome would show its in-app first run UI, it crashes. dialog.png shows the dialog that’s displayed. details.png shows what’s present in “Show Details”. crashreport.txt shows the crash report that’s generated when “Crash” is clicked. crashreport_symbolized.txt is a crsym-symbolized version of this report (I had to drop Report Version to 11 to get crsym to accept it). go/crash/3679105600000000 is a Crashpad report generated from another occurrence of this crash. Note that Crashpad will catch these crashes if the user clicks “Crash” but it will not upload them because it occurs during the first-run flow and the upload pref is turned off at that stage. That means that this crash, which will happen in large numbers, will not be visible to us on the crash server. Upon subsequent launch, Chrome opens normally, without showing the first run UI. (So crash reporting is left turned off, because the first run UI never had a chance to turn it on.) Is our NSException catcher still supposed to work? Because it didn’t work here. Crashing on exception: -[NSObject countByEnumeratingWithState:objects:count:]: unrecognized selector sent to instance 0x648000200b00 Thread 0 Crashed:: CrBrowserMain Dispatch queue: com.apple.main-thread 0 com.apple.AppKit 0x00007fff8240c91e -[NSApplication _crashOnException:] + 109 1 com.apple.AppKit 0x00007fff824dbb3c -[NSApplication _showException:] + 747 2 com.apple.AppKit 0x00007fff8240c88d -[NSApplication reportException:] + 359 3 com.apple.AppKit 0x00007fff824d4541 uncaughtErrorProc + 158 4 com.apple.CoreFoundation 0x00007fff8446e4e9 __handleUncaughtException + 745 5 libobjc.A.dylib 0x00007fff97c2a934 _objc_terminate() + 94 6 libc++abi.dylib 0x00007fff97112b19 std::__terminate(void (*)()) + 8 7 libc++abi.dylib 0x00007fff9711258e __cxa_throw + 121 8 libobjc.A.dylib 0x00007fff97c28933 objc_exception_throw + 345 9 com.apple.CoreFoundation 0x00007fff84471294 -[NSObject(NSObject) doesNotRecognizeSelector:] + 132 10 com.apple.CoreFoundation 0x00007fff8436a333 ___forwarding___ + 1059 11 com.apple.CoreFoundation 0x00007fff84369e88 _CF_forwarding_prep_0 + 120 12 com.google.Chrome.framework 0x000000011331dcb9 -[FirstRunDialogController show] + first_run_dialog.mm:168 13 com.google.Chrome.framework 0x000000011331dbd5 (anonymous namespace)::FirstRunShowBridge::ShowDialog() + first_run_dialog.mm:51 14 com.google.Chrome.framework 0x000000011018c94b base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) + callback.h:389 15 com.google.Chrome.framework 0x00000001101af0bc base::MessageLoop::RunTask(base::PendingTask const&) + vector:640 16 com.google.Chrome.framework 0x00000001101af3cc base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) + message_loop.cc:502 17 com.google.Chrome.framework 0x00000001101af72b base::MessageLoop::DoWork() + message_loop.cc:624 18 com.google.Chrome.framework 0x0000000110181c8d base::MessagePumpCFRunLoopBase::RunWork() + message_pump_mac.mm:330 19 com.google.Chrome.framework 0x00000001101a500a base::mac::CallWithEHFrame(void () block_pointer) + 20 com.google.Chrome.framework 0x0000000110181694 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + message_pump_mac.mm:309
,
Jun 30 2016
I broke out that obnoxious dialog into bug 624885 . I also filed bug 624880 and bug 624883 for crsym improvements. The rest of this bug, the actual exception and crash in the first run UI, still stands.
,
Jul 1 2016
Moving this nonessential bug to the next milestone. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 1 2016
You don’t know what you’re talking about, sheriffbot.
,
Jul 1 2016
* thread #1: tid = 0xd5646, 0x00007fff835b991e AppKit`-[NSApplication _crashOnException:] + 109, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
frame #0: 0x00007fff835b991e AppKit`-[NSApplication _crashOnException:] + 109
AppKit`-[NSApplication _crashOnException:]:
-> 0x7fff835b991e <+109>: ud2
0x7fff835b9920 <+111>: movq %rax, %rdi
0x7fff835b9923 <+114>: callq 0x7fff83cc671a ; symbol stub for: objc_begin_catch
0x7fff835b9928 <+119>: xorl %edi, %edi
(lldb) bt
* thread #1: tid = 0xd5646, 0x00007fff835b991e AppKit`-[NSApplication _crashOnException:] + 109, name = 'CrBrowserMain', queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=EXC_I386_INVOP, subcode=0x0)
* frame #0: 0x00007fff835b991e AppKit`-[NSApplication _crashOnException:] + 109
frame #1: 0x00007fff83688b3c AppKit`-[NSApplication _showException:] + 747
frame #2: 0x00007fff835b988d AppKit`-[NSApplication reportException:] + 359
frame #3: 0x00007fff83681541 AppKit`uncaughtErrorProc + 158
frame #4: 0x00007fff8561b4e9 CoreFoundation`__handleUncaughtException + 745
frame #5: 0x00007fff98dd7934 libobjc.A.dylib`_objc_terminate() + 94
frame #6: 0x00007fff982bfb19 libc++abi.dylib`std::__terminate(void (*)()) + 8
frame #7: 0x00007fff982bf58e libc++abi.dylib`__cxa_throw + 121
frame #8: 0x00007fff98dd5933 libobjc.A.dylib`objc_exception_throw + 345
frame #9: 0x00007fff8561e294 CoreFoundation`-[NSObject(NSObject) doesNotRecognizeSelector:] + 132
frame #10: 0x00007fff85517333 CoreFoundation`___forwarding___ + 1059
frame #11: 0x00007fff85516e88 CoreFoundation`__forwarding_prep_0___ + 120
frame #12: 0x0000000105c84539 Google Chrome Framework`::-[FirstRunDialogController show](self=0x000000010f539ad0, _cmd=<unavailable>) + 201 at first_run_dialog.mm:168 [opt]
frame #13: 0x0000000105c84455 Google Chrome Framework`(anonymous namespace)::FirstRunShowBridge::ShowDialog(this=<unavailable>) + 21 at first_run_dialog.mm:50 [opt]
frame #14: 0x000000010107a91b Google Chrome Framework`base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) [inlined] base::Callback<void (), (base::internal::CopyMode)1>::Run() const + 8 at callback.h:389 [opt]
frame #15: 0x000000010107a913 Google Chrome Framework`base::debug::TaskAnnotator::RunTask(this=<unavailable>, queue_function="MessageLoop::PostTask", pending_task=0x00007fff5fbfd7b0) + 179 at task_annotator.cc:51 [opt]
frame #16: 0x000000010109e28c Google Chrome Framework`base::MessageLoop::RunTask(this=<unavailable>, pending_task=<unavailable>) + 508 at message_loop.cc:493 [opt]
frame #17: 0x000000010109e59c Google Chrome Framework`base::MessageLoop::DeferOrRunPendingTask(this=0x000000010023af00, pending_task=0x00007fff5fbfd7b0) + 44 at message_loop.cc:502 [opt]
frame #18: 0x000000010109e8fb Google Chrome Framework`base::MessageLoop::DoWork(this=<unavailable>) + 299 at message_loop.cc:624 [opt]
frame #19: 0x00000001010a0cfd Google Chrome Framework`base::MessagePumpCFRunLoopBase::RunWork(this=0x0000000100234070) + 45 at message_pump_mac.mm:330 [opt]
frame #20: 0x00000001010931ba Google Chrome Framework`base::mac::CallWithEHFrame(void () block_pointer) + 10
frame #21: 0x00000001010a0704 Google Chrome Framework`base::MessagePumpCFRunLoopBase::RunWorkSource(info=<unavailable>) + 68 at message_pump_mac.mm:306 [opt]
frame #22: 0x00007fff8553b6b1 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
frame #23: 0x00007fff8551bc8c CoreFoundation`__CFRunLoopDoSources0 + 556
frame #24: 0x00007fff8551b176 CoreFoundation`__CFRunLoopRun + 934
frame #25: 0x00007fff8551ab6d CoreFoundation`CFRunLoopRunSpecific + 285
frame #26: 0x00007fff84aed27c HIToolbox`RunCurrentEventLoopInMode + 240
frame #27: 0x00007fff84aed0b1 HIToolbox`ReceiveNextEventCommon + 432
frame #28: 0x00007fff84aecee6 HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 71
frame #29: 0x00007fff8325c101 AppKit`_DPSNextEvent + 1093
frame #30: 0x00007fff83961a0c AppKit`-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 670
frame #31: 0x00007fff83250a3e AppKit`-[NSApplication run] + 929
frame #32: 0x00000001010a152e Google Chrome Framework`base::MessagePumpNSApplication::DoRun(this=<unavailable>, delegate=<unavailable>) + 302 at message_pump_mac.mm:665 [opt]
frame #33: 0x00000001010a0b54 Google Chrome Framework`base::MessagePumpCFRunLoopBase::Run(this=0x0000000100234070, delegate=0x000000010023af00) + 100 at message_pump_mac.mm:238 [opt]
frame #34: 0x00000001010bc121 Google Chrome Framework`base::RunLoop::Run(this=0x00007fff5fbfef10) + 113 at run_loop.cc:35 [opt]
frame #35: 0x000000010109d94d Google Chrome Framework`base::MessageLoop::Run(this=<unavailable>) + 29 at message_loop.cc:295 [opt]
frame #36: 0x0000000105c843f3 Google Chrome Framework`::-[FirstRunDialogController showWindow:](self=0x000000010f539ad0, _cmd=<unavailable>, sender=<unavailable>) + 195 at first_run_dialog.mm:149 [opt]
frame #37: 0x0000000105c841a4 Google Chrome Framework`first_run::ShowFirstRunDialog(Profile*) + 68 at first_run_dialog.mm:70 [opt]
frame #38: 0x0000000105c84160 Google Chrome Framework`first_run::ShowFirstRunDialog(profile=0x000000010042fba0) + 16 at first_run_dialog.mm:115 [opt]
frame #39: 0x0000000104fef196 Google Chrome Framework`first_run::internal::DoPostImportPlatformSpecificTasks(profile=0x000000010042fba0) + 70 at first_run_internal_posix.cc:34 [opt]
frame #40: 0x0000000104fee744 Google Chrome Framework`first_run::DoPostImportTasks(profile=<unavailable>, make_chrome_default_for_user=<unavailable>) + 388 at first_run.cc:860 [opt]
frame #41: 0x0000000104d088b8 Google Chrome Framework`ChromeBrowserMainParts::PreMainMessageLoopRunImpl(this=<unavailable>) + 2008 at chrome_browser_main.cc:1645 [opt]
frame #42: 0x0000000104d07fde Google Chrome Framework`ChromeBrowserMainParts::PreMainMessageLoopRun(this=0x00000001002098f0) + 62 at chrome_browser_main.cc:1211 [opt]
frame #43: 0x0000000102315e53 Google Chrome Framework`content::BrowserMainLoop::PreMainMessageLoopRun(this=0x0000000100209750) + 67 at browser_main_loop.cc:925 [opt]
frame #44: 0x0000000102600150 Google Chrome Framework`content::StartupTaskRunner::RunAllTasksNow() [inlined] base::Callback<int (), (base::internal::CopyMode)1>::Run() const + 7 at callback.h:389 [opt]
frame #45: 0x0000000102600149 Google Chrome Framework`content::StartupTaskRunner::RunAllTasksNow(this=<unavailable>) + 41 at startup_task_runner.cc:45 [opt]
frame #46: 0x0000000102314873 Google Chrome Framework`content::BrowserMainLoop::CreateStartupTasks(this=0x0000000100209750) + 579 at browser_main_loop.cc:815 [opt]
frame #47: 0x000000010231827e Google Chrome Framework`content::BrowserMainRunnerImpl::Initialize(this=<unavailable>, parameters=<unavailable>) + 526 at browser_main_runner.cc:140 [opt]
frame #48: 0x00000001023124f5 Google Chrome Framework`content::BrowserMain(parameters=0x00007fff5fbff808) + 149 at browser_main.cc:42 [opt]
frame #49: 0x0000000104cc6b20 Google Chrome Framework`content::ContentMainRunnerImpl::Run(this=<unavailable>) + 576 at content_main_runner.cc:785 [opt]
frame #50: 0x0000000104cc5d66 Google Chrome Framework`content::ContentMain(params=<unavailable>) + 54 at content_main.cc:20 [opt]
frame #51: 0x00000001010031ea Google Chrome Framework`::ChromeMain(argc=2, argv=0x00007fff5fbff9e8) + 58 at chrome_main.cc:84 [opt]
frame #52: 0x0000000100000d42 Google Chrome`main(argc=2, argv=0x00007fff5fbff9e8) + 530 at chrome_exe_main_mac.c:87 [opt]
frame #53: 0x0000000100000b24 Google Chrome`start + 52
,
Jul 1 2016
Prior to the exception, during nib loading, this is logged: 2016-07-01 14:41:55.045 Google Chrome[88635:1284708] Unknown class 'GTMIBArray', using 'NSObject' instead. Encountered in Interface Builder file at path /chrome/git/src/out/gn_debug_branded/Google Chrome.app/Contents/Versions/54.0.2786.0/Google Chrome Framework.framework/Resources/FirstRunDialog.nib. 2016-07-01 14:41:55.060 Google Chrome[88635:1284708] Failed to connect (object1_) outlet from (NSObject) to (GTMWidthBasedTweaker): missing setter or instance variable 2016-07-01 14:41:55.060 Google Chrome[88635:1284708] Failed to connect (object2_) outlet from (NSObject) to (NSButton): missing setter or instance variable 2016-07-01 14:41:55.060 Google Chrome[88635:1284708] Failed to connect (object3_) outlet from (NSObject) to (NSButton): missing setter or instance variable 2016-07-01 14:41:55.060 Google Chrome[88635:1284708] Failed to connect (object5_) outlet from (NSObject) to (NSTextField): missing setter or instance variable GTMIBArray is unknown? That’s no good. This class is supposed to come from third_party/google_toolbox_for_mac/src/AppKit/GTMIBArray.m. That file’s there, let’s see what the build files say. Nope. Missing. We lost this in https://codereview.chromium.org/2099823002. This bug actually isn’t 10.12-specific. We broke first run for everyone and didn’t even notice.
,
Jul 1 2016
,
Jul 1 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8262005142234430a1879764a9d84bf26b599661 commit 8262005142234430a1879764a9d84bf26b599661 Author: mark <mark@chromium.org> Date: Fri Jul 01 20:05:36 2016 Restore GTM Foundation/GTMIBArray.m to the build c23cd73367a4 removed this file from the build under the premise that it was unused, but it's actually referenced by chrome/app/nibs/FirstRunDialog.xib. BUG= 624850 TEST=Run an official build with a new --user-data-dir, get first run UI Review-Url: https://codereview.chromium.org/2114123002 Cr-Commit-Position: refs/heads/master@{#403507} [modify] https://crrev.com/8262005142234430a1879764a9d84bf26b599661/third_party/google_toolbox_for_mac/BUILD.gn [modify] https://crrev.com/8262005142234430a1879764a9d84bf26b599661/third_party/google_toolbox_for_mac/google_toolbox_for_mac.gyp
,
Jul 1 2016
,
Jul 1 2016
M53 is branched today (2785) and will be promoted to Beta this month.Your bug is labelled as Beta ReleaseBlock, pls make sure to land and merge the fix to M53 branch 2785 by 5:00 PM PST on Friday 07/22 (sooner the better so it gets chance to bake in M53 dev releases it self). Thank you.
,
Jul 1 2016
Regarding comment 10: I’d love to. Can you set Merge-Approved, then?
,
Jul 2 2016
Your change meets the bar and is auto-approved for M53 (branch: 2785)
,
Jul 2 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/370f1caeb3c2b09b3e9afd5388948a3b4c6466e6 commit 370f1caeb3c2b09b3e9afd5388948a3b4c6466e6 Author: Mark Mentovai <mark@chromium.org> Date: Sat Jul 02 21:44:33 2016 Restore GTM Foundation/GTMIBArray.m to the build c23cd73367a4 removed this file from the build under the premise that it was unused, but it's actually referenced by chrome/app/nibs/FirstRunDialog.xib. BUG= 624850 TEST=Run an official build with a new --user-data-dir, get first run UI Review-Url: https://codereview.chromium.org/2114123002 Cr-Commit-Position: refs/heads/master@{#403507} (cherry picked from commit 8262005142234430a1879764a9d84bf26b599661) Review URL: https://codereview.chromium.org/2115263002 . Cr-Commit-Position: refs/branch-heads/2785@{#6} Cr-Branched-From: 68623971be0cfc492a2cb0427d7f478e7b214c24-refs/heads/master@{#403382} [modify] https://crrev.com/370f1caeb3c2b09b3e9afd5388948a3b4c6466e6/third_party/google_toolbox_for_mac/BUILD.gn [modify] https://crrev.com/370f1caeb3c2b09b3e9afd5388948a3b4c6466e6/third_party/google_toolbox_for_mac/google_toolbox_for_mac.gyp
,
Jul 2 2016
,
Jul 6 2016
Hi mark@, What can we do to guard against this kind of problem in the future? I guess it's the case that we do not have a test that runs the browser from scratch?
,
Jul 6 2016
Many telemetry tests generally run against a clean version of Chrome. So do many pixel tests. The problem is that we don't run tests on macOS Sierra.
,
Jul 6 2016
In #6, mark@ says that this is not specific to macOS Sierra.
,
Jul 6 2016
This only showed up with Google branding and a clean profile. I don’t know if anything exercises that configuration. The few things that do probably disable the first run UI because they want to get Chrome to do something, but this crash was in the first run code.
,
Jul 6 2016
I'm assuming we had real users experience this crash then? Was this caught by Crashpad?
,
Jul 6 2016
I didn’t hear about this from any real users. I caught it myself in the canary probably at around the same time it would have shipped to Dev. Crashpad proper caught it but never uploaded reports because crash report upload is currently still opt-in, and in a fresh profile, you need to get past the first run UI to actually opt in. So Crashpad really couldn’t ever have caught this, because the crash happened just before the point that uploads could have been enabled.
,
Jul 7 2016
Verified the issue on Macbook Air 10.11.5 using canary 54.0.2790.0 and 53.0.2785.8 and is working fine.
,
Jul 8 2016
Added the respective labels as per the above comment #21.
,
Jul 8 2016
+ananthak Is there a list of manual smoke/acceptance tests that the Test team runs to qualify branded builds before they go on the wire? We should make sure we add this case to the list.
,
Jul 12 2016
At the very least, the tests should involve an installation of Chrome on a virgin system that’s never seen Chrome before. If it won’t run in this configuration, it’s obviously very bad. You should test to make sure that Chrome launches and that the various options in the first run dialog work and do the right thing. People (including developers and testers) don’t normally see the first run dialog, so breakage may not be noticed, but it’s especially important to make sure that it all works because this is the first impression that we make on new users. If you’re testing using VMs, it should be easy to reset to a Chrome-free state. Otherwise, you’ll need to get creative. Something like: rm -rf '/Applications/Google Chrome.app' rm -rf ~/Library/Application Support/Google/Chrome rm -rf ~/Library/Caches/Google/Chrome rm -rf ~/Library/Preferences/com.google.Chrome.plist ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/Resources/ksinstall --nuke That last one will depend on how and where Keystone is installed. If it’s system Keystone, you’ll need to run it out of the root /Library instead of the per-user ~/Library. If it’s system Keystone but there are user tickets, sudo ksinstall --nuke may not remove your user’s tickets, in which case a separate rm -rf ~/Library/Google/GoogleSoftwareUpdate may be necessary. Don’t run this command without a successful ksinstall --nuke first, though.
,
Jul 13 2016
I filed Issue 627657 so that we're tracking the new acceptance tests in an open bug. I'm not sure who the owner should be, though. I also did not assume everyone on this bug wants to be on the new one, so please add yourself to the new bug if desired.
,
Jul 13 2016
Thank you Mark for providing the detailed repro steps. I am able to reproduce this crash consistently on one of the Mac test laptop (Mac OS X 10.11 Beta, Retina, 13-inch, Late 2012) by following the below steps. 1. Clean un-installation of Google 'Chrome' & 'Canary' by "rm -rf ~/Library/Application Support/Google" 2. Restart the system and make sure there is no "~/Library/Application Support/Google" folder 3. Now install new chrome and try to Launch, you will see the crash Attached the crash info for your reference. Per c#23, pinkerton@ i have added this test case to our manual test suite (go/chrome-te/home/backend/mac-chrome-breakpad-and-keystone-testing) and will make sure to test this as part of Mac Installers for each chrome release. Thank you!
,
Jul 13 2016
Continuing c#26: The above consistent reproducible case is for reported version of chrome#53.0.2784.1, however the fix (per c#8) is working as intended on latest trunk as well as M53 Dev#53.0.2785.8. PS: Latest Beta#52.0.2743.60 & Stable#51.0.2704.106 are not having this issue. Thank you! |
|||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||
Comment 1 by rsesek@chromium.org
, Jun 30 2016