Issue metadata
Sign in to add a comment
|
Regression : Chrome crashes on dragging ‘Learn more’ link.
Reported by
yfulgaon...@etouch.net,
Dec 2 2016
|
||||||||||||||||||||||
Issue descriptionChrome Version : 56.0.2924.14 (Official Build) 0dc503a1d29c5c8d206cec080ef65b1950451575-refs/branch-heads/2924@{#277} 64 bit OS : Mac(10.11.6, 10.12.1, 10.12) What steps will reproduce the problem? 1. Launch chrome, type chrome://kill in omnibox and hit Enter key (Tab crashes) 2. Now click and hold ‘Learn more’ link and drag it downwards, observe. Actual : Chrome crashes on dragging ‘Learn more’ link. Expected : Chrome should not crash. Crash ID : 29e04da7-bd3d-415c-93cc-a3b1eed5e28f (Server ID: fc735d8f00000000) This is a regression issue broken in ‘M-56’, below is the Manual Regression range and will soon update other info. Good build : 56.0.29023.0 Bad build : 56.0.2924.0 Note : This is Mac specific issue and the same working fine on Windows & Linux OS.
,
Dec 2 2016
Stack trace for the crash ID generated: Stack Quality78%Show frame trust levels 0x00000001026e77a9 (Google Chrome Framework -render_widget_host_input_event_router.cc:654 ) content::RenderWidgetHostInputEventRouter::GetRenderWidgetHostAtPoint(content::RenderWidgetHostViewBase*, gfx::Point const&, gfx::Point*) 0x00000001027d0612 (Google Chrome Framework -web_drag_dest_mac.mm:292 ) -[WebDragDest GetRenderWidgetHostAtPoint:transformedPt:] 0x00000001027cfbf7 (Google Chrome Framework -web_drag_dest_mac.mm:138 ) -[WebDragDest draggingEntered:view:] 0x00007fff98a50948 (AppKit + 0x005b2948 ) -[NSDragDestination _draggingEntered] 0x00007fff987a2f85 (AppKit + 0x00304f85 ) NSCoreDragTrackingProc 0x00007fff8f3c8274 (HIServices + 0x0000c274 ) DoTrackingMessage 0x00007fff8f3c93a6 (HIServices + 0x0000d3a6 ) SendTrackingMessage 0x00007fff8f3c8701 (HIServices + 0x0000c701 ) DragInApplication 0x00007fff8f3c7624 (HIServices + 0x0000b624 ) CoreDragStartDragging 0x00007fff987a2368 (AppKit + 0x00304368 ) -[NSCoreDragManager _dragUntilMouseUp:accepted:] 0x00007fff9879f556 (AppKit + 0x00301556 ) -[NSCoreDragManager dragImage:fromWindow:at:offset:event:pasteboard:source:slideBack:] 0x00007fff9879f088 (AppKit + 0x00301088 ) -[NSWindow(NSDrag) dragImage:at:offset:event:pasteboard:source:slideBack:] 0x00007fff98c2e1a5 (AppKit + 0x007901a5 ) -[NSTextView(NSDragging) dragSelectionWithEvent:offset:slideBack:] 0x0000000103a32226 (Google Chrome Framework -hyperlink_text_view.mm:124 ) -[HyperlinkTextView dragSelectionWithEvent:offset:slideBack:] 0x00007fff988d41d9 (AppKit + 0x004361d9 ) -[NSTextView mouseDown:] 0x00007fff98cb33c8 (AppKit + 0x008153c8 ) -[NSWindow _handleMouseDownEvent:isDelayedEvent:] 0x00007fff98cb43ac (AppKit + 0x008163ac ) -[NSWindow _reallySendEvent:isDelayedEvent:] 0x00007fff986f3538 (AppKit + 0x00255538 ) -[NSWindow sendEvent:] 0x00000001056dfe1e (Google Chrome Framework -chrome_event_processing_window.mm:72 ) -[ChromeEventProcessingWindow sendEvent:] 0x00007fff98673a37 (AppKit + 0x001d5a37 ) -[NSApplication sendEvent:] 0x0000000102c6081b (Google Chrome Framework -chrome_browser_application_mac.mm:373 ) __34-[BrowserCrApplication sendEvent:]_block_invoke 0x000000010309f299 (Google Chrome Framework + 0x01917299 ) base::mac::CallWithEHFrame(void () block_pointer) 0x0000000102c6071a (Google Chrome Framework -chrome_browser_application_mac.mm:357 ) -[BrowserCrApplication sendEvent:] 0x00007fff984dadf1 (AppKit + 0x0003cdf1 ) -[NSApplication run] 0x00000001030ad95d (Google Chrome Framework -message_pump_mac.mm:637 ) base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) 0x00000001030acfbb (Google Chrome Framework -message_pump_mac.mm:210 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x00000001030cabc2 (Google Chrome Framework -run_loop.cc:35 ) base::RunLoop::Run() 0x0000000102c65904 (Google Chrome Framework -chrome_browser_main.cc:1983 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x000000010247c253 (Google Chrome Framework -browser_main_loop.cc:998 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x000000010247e981 (Google Chrome Framework -browser_main_runner.cc:141 ) content::BrowserMainRunnerImpl::Run() 0x00000001024783ab (Google Chrome Framework -browser_main.cc:46 ) content::BrowserMain(content::MainFunctionParams const&) 0x0000000102c1c9f5 (Google Chrome Framework -content_main_runner.cc:786 ) content::ContentMainRunnerImpl::Run() 0x0000000102c1bc55 (Google Chrome Framework -content_main.cc:20 ) content::ContentMain(content::ContentMainParams const&) 0x000000010178b14b (Google Chrome Framework -chrome_main.cc:108 ) ChromeMain 0x0000000101521d99 (Google Chrome Canary + 0x00000d99 ) 0x00007fff8e4f15ac (libdyld.dylib + 0x000035ac ) start Adding release block label, please undo if not the case.
,
Dec 2 2016
This is a regression in M56, crash rate is single digit as of now. But please have a fix before M56 hits stable in order to avoid spikes in future. Crash Impact with version distribution. ===================================== https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27browser%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27content%3A%3ARenderWidgetHostInputEventRouter%3A%3AGetRenderWidgetHostAtPoint%27%20AND%20product.name%3D%27Chrome_Mac%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:5,productversion:50
,
Dec 2 2016
Issue 670658 has been merged into this issue.
,
Dec 2 2016
Thanks-- paulmeyer is out at the moment, but I think he'll be able to take a look next week. We'll make sure a fix gets merged before M56 stable.
,
Dec 2 2016
Users experienced this crash on the following builds: Mac Canary 57.0.2939.0 - 2.41 CPM, 3 reports, 3 clients (signature content::RenderWidgetHostInputEventRouter::GetRenderWidgetHostAtPoint) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Dec 2 2016
ekaramad@ has a CL in progress: https://codereview.chromium.org/2547213002/ (Thanks!)
,
Dec 3 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5190330169f1e6c1d8418e6bcc0499fdc99ec287 commit 5190330169f1e6c1d8418e6bcc0499fdc99ec287 Author: ekaramad <ekaramad@chromium.org> Date: Sat Dec 03 02:30:42 2016 Cancel drag operation when the tab RenderWidgetHostView does not exist (Mac) When the tab's RenderWidgetHostView is nullptr, we cannot and should not select any RenderWidgetHosts for a drag destination. Therefore, in response to draggingEntered we should return no operation. This CL will fix that issue as well as making RenderWidgetHostInputEventRouter::GetRenderWidgetHostAtPoint() handle nullptr |root_view| by returning nullptr. BUG= 670645 Review-Url: https://codereview.chromium.org/2547213002 Cr-Commit-Position: refs/heads/master@{#436146} [modify] https://crrev.com/5190330169f1e6c1d8418e6bcc0499fdc99ec287/content/browser/renderer_host/render_widget_host_input_event_router.cc [modify] https://crrev.com/5190330169f1e6c1d8418e6bcc0499fdc99ec287/content/browser/renderer_host/render_widget_host_input_event_router.h [modify] https://crrev.com/5190330169f1e6c1d8418e6bcc0499fdc99ec287/content/browser/web_contents/web_drag_dest_mac.mm
,
Dec 3 2016
Fix is landed and the bug should no longer be reproducible. I will revisit this next week and if there are no more crash reports mark it as fixed. We will then need to merge this to M-56 I believe.
,
Dec 7 2016
Marking fixed as this is not occurring in current Canary.
,
Dec 7 2016
,
Dec 7 2016
Your change meets the bar and is auto-approved for M56 (branch: 2924)
,
Dec 7 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/99376a24841343e9280b6916cc0f2c1ab946c452 commit 99376a24841343e9280b6916cc0f2c1ab946c452 Author: ekaramad <ekaramad@chromium.org> Date: Wed Dec 07 05:41:04 2016 Cancel drag operation when the tab RenderWidgetHostView does not exist (Mac) When the tab's RenderWidgetHostView is nullptr, we cannot and should not select any RenderWidgetHosts for a drag destination. Therefore, in response to draggingEntered we should return no operation. This CL will fix that issue as well as making RenderWidgetHostInputEventRouter::GetRenderWidgetHostAtPoint() handle nullptr |root_view| by returning nullptr. BUG= 670645 NOTRY=true NOPRESUBMIT=true Review-Url: https://codereview.chromium.org/2547213002 Cr-Commit-Position: refs/heads/master@{#436146} (cherry picked from commit 5190330169f1e6c1d8418e6bcc0499fdc99ec287) Review-Url: https://codereview.chromium.org/2556653003 Cr-Commit-Position: refs/branch-heads/2924@{#374} Cr-Branched-From: 3a87aecc31cd1ffe751dd72c04e5a96a1fc8108a-refs/heads/master@{#433059} [modify] https://crrev.com/99376a24841343e9280b6916cc0f2c1ab946c452/content/browser/renderer_host/render_widget_host_input_event_router.cc [modify] https://crrev.com/99376a24841343e9280b6916cc0f2c1ab946c452/content/browser/renderer_host/render_widget_host_input_event_router.h [modify] https://crrev.com/99376a24841343e9280b6916cc0f2c1ab946c452/content/browser/web_contents/web_drag_dest_mac.mm
,
Dec 8 2016
Verified on Mac OS 10.11.6 using chrome beta M56 #56.0.2924.21 and issue is not reproduced. No crash is seen on dragging the "learn more" link in chrome://kill page. Attached screencast for reference. Adding TE-verified labels. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by hdodda@chromium.org
, Dec 2 2016Labels: hasbisect-per-revision
Owner: paulmeyer@chromium.org
Status: Assigned (was: Unconfirmed)