Chrome_Mac: Crash Report - ProfileAttributesStorage::RemoveObserver |
|||||||
Issue descriptionreporter:bjoyce@google.com Magic Signature: ProfileAttributesStorage::RemoveObserver Crash link: https://crash.corp.google.com/browse?q=product.name%3D'Chrome_Mac'%20AND%20product.version%3D'67.0.3366.0'%20AND%20expanded_custom_data.ChromeCrashProto.channel%3D'canary'%20AND%20expanded_custom_data.ChromeCrashProto.ptype%3D'browser'%20AND%20expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D'ProfileAttributesStorage%3A%3ARemoveObserver'&stbtiq=&reportid=&index=0 ------------------------------------------------------------------------------- Sample Report ------------------------------------------------------------------------------- Product name: Chrome_Mac Magic Signature : ProfileAttributesStorage::RemoveObserver Product Version: 67.0.3366.0 Process type: browser Report ID: c3630d35ac67d52c Report Url: https://crash.corp.google.com/c3630d35ac67d52c Report Time: 2018-03-09T11:42:50-08:00 Upload Time: 2018-03-09T11:42:51.99-08:00 Uptime: 36808000 ms CumulativeProductUptime: 0 ms OS Name: Mac OS X OS Version: 10.13.0 17A365 CPU Architecture: amd64 CPU Info: family 6 model 23 stepping 10 ------------------------------------------------------------------------------- Crashing thread: Thread index: 0. Stack Quality: 84%. Thread id: 1564162. ------------------------------------------------------------------------------- 0x0000000104d1241d (Google Chrome Framework - vector: 1471) ProfileAttributesStorage::RemoveObserver(ProfileInfoCacheObserver*) 0x000000010757ffa6 (Google Chrome Framework - user_manager_screen_handler.cc: 232) UserManagerScreenHandler::ProfileUpdateObserver::~ProfileUpdateObserver() 0x000000010757bfcd (Google Chrome Framework - user_manager_screen_handler.cc: 306) <name omitted> 0x0000000103cfa59a (Google Chrome Framework - memory: 2333) content::WebUIImpl::~WebUIImpl() 0x0000000103cfa60d (Google Chrome Framework - web_ui_impl.cc: 89) content::WebUIImpl::~WebUIImpl() 0x0000000103a48a21 (Google Chrome Framework - render_frame_host_manager.cc: 461) content::RenderFrameHostManager::ClearWebUIInstances() 0x0000000103cc2207 (Google Chrome Framework - web_contents_impl.cc: 612) content::WebContentsImpl::~WebContentsImpl() 0x0000000103cc319d (Google Chrome Framework - web_contents_impl.cc: 583) <name omitted> 0x00007fff56c2a42d (libobjc.A.dylib + 0x0001042d) object_cxxDestructFromClass(objc_object*, objc_class*) 0x00007fff56c232b0 (libobjc.A.dylib + 0x000092b0) objc_destructInstance 0x000000010649f3a8 (Google Chrome Framework - objc_zombie.mm: 110) (anonymous namespace)::ZombieDealloc(objc_object*, objc_selector*) 0x00007fff2d81a59a (AppKit + 0x0003659a) -[NSResponder dealloc] 0x00007fff2dac05fb (AppKit + 0x002dc5fb) -[NSWindowController dealloc] 0x000000010767a6a2 (Google Chrome Framework - user_manager_mac.mm: 353) -[UserManagerWindowController dealloc] 0x00007fff2d834bc7 (AppKit + 0x00050bc7) -[NSWindowController release] 0x00007fff56c24041 (libobjc.A.dylib + 0x0000a041) (anonymous namespace)::AutoreleasePoolPage::pop(void*) 0x00007fff301d44f5 (CoreFoundation + 0x000424f5) _CFAutoreleasePoolPop 0x00007fff322cee74 (Foundation + 0x00015e74) -[NSAutoreleasePool drain] 0x000000010636f7d9 (Google Chrome Framework - memory: 2333) service_manager::Main(service_manager::MainParams const&) 0x0000000104b7d733 (Google Chrome Framework - content_main.cc: 19) content::ContentMain(content::ContentMainParams const&) 0x0000000102efd152 (Google Chrome Framework - chrome_main.cc: 101) ChromeMain 0x0000000102ebbdd3 (Google Chrome Canary + 0x00000dd3) 0x00007fff5781b144 (libdyld.dylib + 0x00001144) start 0x00007fff5781b144 (libdyld.dylib + 0x00001144) start ------------------------------------------------------------------------------- Manual regression range finder link ------------------------------------------------------------------------------- https://crash.corp.google.com/browse?q=expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D'ProfileAttributesStorage%3A%3ARemoveObserver'%20AND%20expanded_custom_data.ChromeCrashProto.ptype%3D'browser'#-property-selector,-samplereports,+productname,+productversion:1000,+directory,-clientid,+operatingsystem,+url,+simplifiedurl,+extensions
,
Mar 15 2018
Users experienced this crash on the following builds: Mac Canary 67.0.3370.0 - 0.18 CPM, 1 reports, 1 clients (signature ProfileAttributesStorage::RemoveObserver) If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates. - Go/Fracas
,
Jul 26
Just to update the latest behavior of this issue in the latest channels: Still seeing 19 crashes from 19 clients so far on latest Stable - 68.0.3440.75 on Mac OS. This crash is ranked as number #3 in 'Browser' Stable crashes. 68.0.3440.68 0.69% 4 - Beta 68.0.3440.75 3.26% 19 - Stable So far no crash instances are observed on latest Canary and Dev. Link to the list of builds: ------------------------- https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Mac%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27browser%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27ProfileAttributesStorage%3A%3ARemoveObserver%27#-productname:1000,productversion:100,-magicsignature:50,+filepath,-magicsignature2:50,-stablesignature:50,-magicsignaturesorted:50 This crash doesn't seems to be observed on the previous stable builds # 67.0.3396.99, 67.0.3396.87, 67.0.3396.79 and looks like it got regressed in the latest #68.0.3440.75. Using code search for the file "user_manager_screen_handler.cc" and observing some recent changes for the below file https://chromium.googlesource.com/chromium/src/+/96a8f1b9b5742647e37f054a1b731ba232960e40 jhawkins@: Could you also please take a look into this issue. Thanks!
,
Jul 26
My change is not related; the change in question only removed dead code that was not running on any platform.
,
Aug 17
Just to update the latest behavior of this issue in the latest channels: Still seeing 744 crashes from 664 clients so far on latest Stable - 68.0.3440.106 on Mac OS. This crash is ranked as number #6 in 'Browser' Stable crashes. 69.0.3497.42 0.06% 1 - Beta 68.0.3440.106 44.34% 744 - Stable Link to the list of builds: ------------------------- https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Mac%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27browser%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27ProfileAttributesStorage%3A%3ARemoveObserver%27#-productname:1000,productversion:100,-magicsignature:50,-magicsignature2:50,-stablesignature:50,-magicsignaturesorted:50 Thanks!
,
Aug 17
,
Sep 17
Diagnosis based on the stack trace: The stack trace shows that we are draining an autorelease pool created by service_manager::Main - i.e., we are exiting the browser. That NSWindowController has held a WebContentsImpl (??) which is trying to destroy a WebUIImpl. This WebUIImpl owns a UserManagerScreenHandler which owns a ProfileUpdateObserver. The ProfileUpdateObserver observes g_browser_process->profile_manager() without holding a reference to it. This gives enough clues for a working repro: 1) Open the user manager 2) Quit Chrome from the app menu However, this crash does *not* reproduce in MacViews - only in the Cocoa browser. I don't immediately see why but I would guess that the MacViews code which affirmatively closes windows during quit is causing the backing data structures here to get deallocated earlier. avi@, can you (briefly) take a look at this code and see if it seems messed up? See also <https://bugs.chromium.org/p/chromium/issues/detail?id=810139#c5>. Given that the crash rate has dropped since we started rolling MacViews I think this is not very urgent.
,
Sep 27
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by bjoyce@chromium.org
, Mar 9 2018Owner: ellyjo...@chromium.org
Status: Assigned (was: Untriaged)