Issue metadata
Sign in to add a comment
|
Regression: Browser gets crashed after clicking on 'More option' on translate bubble.
Reported by
db...@etouch.net,
Dec 18 2017
|
||||||||||||||||||||||||
Issue descriptionChrome Version: 65.0.3298.0 Revision 6586a208880a70a00856529493741971ecfea5c2-refs/heads/master@{#524617}(32/64 bit) OS: Mac(10.12.6,10) Pre-condition: Enabled 'Translate 2016Q2 UI' flag from chrome://flags What steps will reproduce the problem? (1) Launch chrome, navigate to https://www.google.com/intl/en/chrome/browser/welcome.html (2) Right click on page and select 'Translate this page' option. (3) Then click on More option on translate bubble and observe. Actual: Browser gets crashed Crash id: Uploaded Crash Report ID 71b008f39e3219e8 (Local Crash ID: a51101a9-327b-4e33-b27e-350f672f0ce8) Expected: Browser should not crash. This is a regression issue, broken in 'M65', below is bisect info: Good Build:65.0.3295.0 Bad Build: 65.0.3296.0 You are probably looking for a change made after 524312(known good), but no later than 524313(first known bad). CHANGELOG URL: The script might not always return single CL as suspect as some perf builds might get missing due to failure. https://chromium.googlesource.com/chromium/src/+log/94a5b9187d708be29c6c59767f4d3640ba3ea7a2..06704df5d7753985252ac7175972aba3fcda0d56 Suspect: https://chromium.googlesource.com/chromium/src/+/06704df5d7753985252ac7175972aba3fcda0d56 Note: Issue is not seen on Windows and Linux OS.
,
Dec 18 2017
Thanks, I'll fix this asap today. I believe this hits our non-Finch users (as the Q2 UI seems enabled by default), including Chromium and first-launch which might not have Finch experiments yet.
,
Dec 18 2017
This feature is not intending to launch as is, I'm looking into server-side disabling it, but it would still be good if we didn't crash because of it. +tapted@ just in case you have time to take a look. This UI from the video looks like the 2016Q2 UI is *disabled* to me, unless there's some Mac-related magic (UI actually implemented partially in .mm files etc.) that I'm not aware of here. I don't see related things in the stack. If not, I'll bring my Mac laptop in tomorrow, I thought I had it here at work.
,
Dec 18 2017
This experiment shouldn't be on for anyone. Looks like the dev/canary/beta rollout was persistent so there are still users who have it on. I've a change out that effectively turns it off and goes back to client defaults. #2 is not correct, chromium/no-finch-yet users shouldn't be affected as the client experiment is DISABLED_BY_DEFAULT.
,
Dec 19 2017
,
Dec 19 2017
,
Dec 19 2017
'Translate 2016Q2 UI' doesn't exist in chrome://flags on Mac. There is only chrome://flags/#enable-translate-new-ux Only two crashes from http://go/focto have this flag. http://go/crash/71b008f39e3219e8 from above and http://go/crash/379755d62a637264 - generated within 5 minutes of each other. So I think this is 99% random heap corruption crashes being bucketed into _nano_malloc_check_clear I can't reproduce this crash in 65.0.3298.0 or in an ASAN build at ToT. This is not spiking in m65, so there's no reason to block there. Also chrome://flags/#enable-translate-new-ux is off by default and not launching in m65. There are 9 crashes in m64 - probably not related to the translate bubble. Can you still reproduce this in the latest canary? If not, there isn't enough information in those crashes to diagnose further. I don't think this needs to be ReleaseBlock.
,
Dec 19 2017
Provided wrong flag in bug description (i.e.'Translate 2016Q2 UI'), sorry for the trouble. Correction in the pre-condition: Enabled 'New Translate UX' flag from chrome://flags Note: To reproduce this issue enable the above flag and then go to the steps mentioned in the bug description. On enabling above flag, we able to reproduce this issue on latest canary build # 65.0.3299.0 on Mac(10.12.6) Attaching screen-cast for your reference.
,
Dec 19 2017
As per comment #7 removing release blocker for this issue. Thank You!
,
Dec 20 2017
I still can't repro. Tested 65.0.3299.0 on 10.12.6. See attached. Can you attach the report generated when that dialog pops up? (i.e. click the "Report..." button and save) Maybe there's something in there :/ Note it's possible r525201 changed things here for the next Canary, but I think that's unlikely to have impacted this crash.
,
Dec 20 2017
With respect to comment 10: Issue is reproducible on latest canary #65.0.3299.0 using Mac(10.12.6) Please find attached screen cast for the same. Thank you.
,
Dec 20 2017
I still can't reproduce (tried a second machine also), but that crash report shows what's happening. There's some infinite recursion happening: And I think r525201 *will* actually fix this \o/. So please try 65.0.3300.0 - I think this will stop occurring. The trick is Issue 795987 - there's a DCHECK failure reported there because the parent window is nil. The bubble needs to observe movement on its parent window, and move itself to compensate. But if the parent window is nil, AppKit will observe *all* windows, which means the bubble will observe itself. The bubble just keeps trying to move itself constantly. 478 com.google.Chrome.framework 0x00000001158334ad ___ZN12_GLOBAL__N_118BubbleAnchorHelper7ObserveEP8NSString_block_invoke + bubble_anchor_helper_views.mm:133 479 com.apple.Foundation 0x00007fff85eea96e -[__NSObserver _doit:] + 304 480 com.apple.CoreFoundation 0x00007fff844c045c __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12 481 com.apple.CoreFoundation 0x00007fff844c035b _CFXRegistrationPost + 427 482 com.apple.CoreFoundation 0x00007fff844c00c2 ___CFXNotificationPost_block_invoke + 50 483 com.apple.CoreFoundation 0x00007fff8447d523 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1827 484 com.apple.CoreFoundation 0x00007fff8447c55c _CFXNotificationPost + 604 485 com.apple.Foundation 0x00007fff85ea1677 -[NSNotificationCenter postNotificationName:object:userInfo:] + 66 486 com.apple.AppKit 0x00007fff8283a6b7 _NSWindowSendWindowDidMove + 63 487 com.apple.AppKit 0x00007fff82070216 -[NSWindow _setFrameCommon:display:stashSize:] + 2680 488 com.apple.AppKit 0x00007fff8206f791 -[NSWindow _setFrame:display:allowImplicitAnimation:stashSize:] + 222 489 com.apple.AppKit 0x00007fff821802bc -[NSWindow setFrame:display:animate:] + 603 490 com.google.Chrome.framework 0x00000001158334ad ___ZN12_GLOBAL__N_118BubbleAnchorHelper7ObserveEP8NSString_block_invoke + bubble_anchor_helper_views.mm:133 491 com.apple.Foundation 0x00007fff85eea96e -[__NSObserver _doit:] + 304 492 com.apple.CoreFoundation 0x00007fff844c045c __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12 493 com.apple.CoreFoundation 0x00007fff844c035b _CFXRegistrationPost + 427 494 com.apple.CoreFoundation 0x00007fff844c00c2 ___CFXNotificationPost_block_invoke + 50 495 com.apple.CoreFoundation 0x00007fff8447d523 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1827 496 com.apple.CoreFoundation 0x00007fff8447c55c _CFXNotificationPost + 604 497 com.apple.Foundation 0x00007fff85ea1677 -[NSNotificationCenter postNotificationName:object:userInfo:] + 66 498 com.apple.AppKit 0x00007fff8283a6b7 _NSWindowSendWindowDidMove + 63 499 com.apple.AppKit 0x00007fff82070216 -[NSWindow _setFrameCommon:display:stashSize:] + 2680 500 com.apple.AppKit 0x00007fff8206f791 -[NSWindow _setFrame:display:allowImplicitAnimation:stashSize:] + 222 501 com.apple.AppKit 0x00007fff821802bc -[NSWindow setFrame:display:animate:] + 603 502 com.google.Chrome.framework 0x00000001158334ad ___ZN12_GLOBAL__N_118BubbleAnchorHelper7ObserveEP8NSString_block_invoke + bubble_anchor_helper_views.mm:133 503 com.apple.Foundation 0x00007fff85eea96e -[__NSObserver _doit:] + 304 504 com.apple.CoreFoundation 0x00007fff844c045c __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ + 12 505 com.apple.CoreFoundation 0x00007fff844c035b _CFXRegistrationPost + 427 506 com.apple.CoreFoundation 0x00007fff844c00c2 ___CFXNotificationPost_block_invoke + 50 507 com.apple.CoreFoundation 0x00007fff8447d523 -[_CFXNotificationRegistrar find:object:observer:enumerator:] + 1827 508 com.apple.CoreFoundation 0x00007fff8447c55c _CFXNotificationPost + 604 509 com.apple.Foundation 0x00007fff85ea1677 -[NSNotificationCenter postNotificationName:object:userInfo:] + 66 510 com.apple.AppKit 0x00007fff8283a6b7 _NSWindowSendWindowDidMove + 63 511 com.apple.AppKit 0x00007fff82070216 -[NSWindow _setFrameCommon:display:stashSize:] + 2680
,
Dec 20 2017
Assigning it to you since you fixed it. Assign it back if it doesn't seem resolved. Thanks! :)
,
Jan 2 2018
dbote@etouch.net: can you repro this any longer? There are still just 3 crashes with chrome://flags/#enable-translate-new-ux: https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27browser%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27_nano_malloc_check_clear%27%20AND%20EXISTS%20(SELECT%201%20FROM%20UNNEST(custom_data.ChromeCrashProto.switches.simplified)%20custom_data_ChromeCrashProto_switches_simplified%20WHERE%20custom_data_ChromeCrashProto_switches_simplified%3D%27--enable-translate-new-ux%27)&sql_dialect=googlesql&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#-property-selector,+productversion last in 65.0.3299.0
,
Jan 5 2018
Issue 799316 has been merged into this issue.
,
Jan 18 2018
PS: Michael just cleaned up the 2016Q2UI code in crbug.com/801447 : hopefully that'll stop the crashiness?
,
Jan 18 2018
Thanks for getting that cleaned up. tapted@ is this bug still relevant?
,
Jan 18 2018
dbote@etouch.net: if you can check too, that would be great! (I was never able to repro this). 2016Q2UI was never on Mac (just enable-translate-new-ux [which is *only* on Mac]). The link in #c15 still just has 3 crashes. I think this is resolved.
,
Jan 19 2018
With respect to comment 19: Issue is seems to be fixed on latest canary build #65.0.3324.0 i.e. browser doesnot get crashed after clicking on 'Options' button on translate bubble. kindly refer the screen-cast for the same. Thank you.
,
Jan 19 2018
Thanks for checking again! |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by rbasuvula@chromium.org
, Dec 18 2017