New issue
Advanced search Search tips

Issue 861652 link

Starred by 3 users
Status: Fixed
Owner:
taku...@chromium.org
Closed: Jul 17
Cc:
nyerramilli@chromium.org
rbasuvula@chromium.org
taku...@chromium.org
mfo...@chromium.org
mac-bugs-priority@chromium.org
powerb@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug-Regression

Blocking:
issue 754101



Sign in to add a comment

Regression: Browser crash is seen for Cast options.

Reported by aiman.an...@etouch.net, Jul 9 
Chrome Version : 69.0.3486.0 (Official Build) Revision 472d1caeb99d99a8952e7170bbf435bd92902d73-refs/branch-heads/3486@{#1}. (64 Bit)

OS: Mac OS X (10.12.6,10.13.1,10.13.6).

Steps to reproduce:
1. Launch Chrome, Open Cast Overlay on NTP.
2. Right click on cast icon in Omni-box and select any option.
3. Observe.

Actual:  Browser crash is seen.
Expected:  Browser should not crash.

Uploaded Crash Report ID 56f5b7ed5a390cce (Local Crash ID: afa2c6e0-f5f1-4f05-95a8-578c83443e15)

This is regression issue broken in ‘M-69’ and will soon update other info
Good Build: 69.0.3485.0 
Bad Build:  69.0.3486.0
Actual Result.mov
3.1 MB View Download

Comment 1 by aiman.an...@etouch.net, Jul 9

Labels: hasbisect-per-revision RegressedIn-69 ET-MUM-Repprted
Owner: taku...@chromium.org
Status: Assigned (was: Unconfirmed)
Correction:
This is regression issue broken in ‘M-69’ and below is the per-revision bisect info:
Good Build: 69.0.3483.0 (Revision:572880)
Bad Build:  69.0.3484.0 (Revision:573141)

Update: 

You are probably looking for a change made after 573102 (known good), but no later than 573103 (first known bad).

CHANGE-LOG URL:

The script might not always return single CL as suspect as some perf builds might get missing due to failure.

https://chromium.googlesource.com/chromium/src/+log/7e620043777b98f594a12b924f157b668aae533c..6cf891f99d20238a9365fcde8bb995c4a7ec1cb8

Suspect: https://chromium.googlesource.com/chromium/src/+/6cf891f99d20238a9365fcde8bb995c4a7ec1cb8

takumif: Could you please help to reassign if your change is not the cause for this change. 

Thank You!

Comment 2 by aiman.an...@etouch.net, Jul 9

Expected Result.mov
1.5 MB View Download

Comment 3 by rbasuvula@chromium.org, Jul 9

Labels: ReleaseBlock-Stable
Stack Trace for the crash id:
-----------------------------
Thread 0 (id: 0x8bbc) CRASHED [EXC_BREAKPOINT / EXC_I386_BPT @ 0x000000010adcb920 ] MAGIC SIGNATURE THREAD
Stack Quality84%Show frame trust levels
0x000000010adcb920	(Google Chrome Framework -simple_menu_model.cc:458 )	ui::SimpleMenuModel::GetCommandIdAt(int) const
0x000000010adcbe7c	(Google Chrome Framework -simple_menu_model.cc:404 )	ui::SimpleMenuModel::ActivatedAt(int, int)
0x000000010adbb051	(Google Chrome Framework -menu_controller.mm:292 )	-[MenuControllerCocoa itemSelected:]
0x00007fffbdaf63a6	(libsystem_trace.dylib + 0x000033a6 )	_os_activity_initiate_impl
0x00007fffa5f6f720	(AppKit + 0x007c4720 )	-[NSApplication(NSResponder) sendAction:to:from:]
0x0000000109feb92a	(Google Chrome Framework -chrome_browser_application_mac.mm:291 )	__43-[BrowserCrApplication sendAction:to:from:]_block_invoke
0x000000010a3b4d09	(Google Chrome Framework + 0x022e3d09 )	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000109feb824	(Google Chrome Framework -chrome_browser_application_mac.mm:290 )	-[BrowserCrApplication sendAction:to:from:]
0x00007fffa5a42665	(AppKit + 0x00297665 )	-[NSMenuItem _corePerformAction]
0x00007fffa5a423d1	(AppKit + 0x002973d1 )	-[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:]
0x00007fffbdaf63a6	(libsystem_trace.dylib + 0x000033a6 )	_os_activity_initiate_impl
0x00007fffa5acb954	(AppKit + 0x00320954 )	-[NSMenu performActionForItemAtIndex:]
0x00007fffa5acb8cb	(AppKit + 0x003208cb )	-[NSMenu _internalPerformActionForItemAtIndex:]
0x00007fffa5acb6f8	(AppKit + 0x003206f8 )	-[NSCarbonMenuImpl _carbonCommandProcessEvent:handlerCallRef:]
0x00007fffa598257f	(AppKit + 0x001d757f )	NSSLMMenuEventHandler
0x00007fffa7230d84	(HIToolbox + 0x00008d84 )	DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*)
0x00007fffa722fff5	(HIToolbox + 0x00007ff5 )	SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*)
0x00007fffa7245d13	(HIToolbox + 0x0001dd13 )	SendEventToEventTarget
0x00007fffa72923e5	(HIToolbox + 0x0006a3e5 )	SendHICommandEvent(unsigned int, HICommand const*, unsigned int, unsigned int, unsigned char, void const*, OpaqueEventTargetRef*, OpaqueEventTargetRef*, OpaqueEventRef**)
0x00007fffa72bd9fa	(HIToolbox + 0x000959fa )	SendMenuCommandWithContextAndModifiers
0x00007fffa72bd9a9	(HIToolbox + 0x000959a9 )	SendMenuItemSelectedEvent
0x00007fffa72bd87c	(HIToolbox + 0x0009587c )	FinishMenuSelection(SelectionData*, MenuResult*, MenuResult*)
0x00007fffa729cb6a	(HIToolbox + 0x00074b6a )	PopUpMenuSelectCore(MenuData*, Point, double, Point, unsigned short, unsigned int, Rect const*, unsigned short, unsigned int, Rect const*, Rect const*, __CFDictionary const*, __CFString const*, OpaqueMenuRef**, unsigned short*)
0x00007fffa729bbd2	(HIToolbox + 0x00073bd2 )	_HandlePopUpMenuSelection8(OpaqueMenuRef*, OpaqueEventRef*, unsigned int, Point, unsigned short, unsigned int, Rect const*, unsigned short, Rect const*, Rect const*, __CFDictionary const*, __CFString const*, OpaqueMenuRef**, unsigned short*)
0x00007fffa729b7aa	(HIToolbox + 0x000737aa )	_HandlePopUpMenuSelectionWithDictionary
0x00007fffa5ac25a6	(AppKit + 0x003175a6 )	_NSSLMPopUpCarbonMenu3
0x00007fffa5bd5137	(AppKit + 0x0042a137 )	-[NSCarbonMenuImpl _popUpContextMenu:withEvent:forView:withFont:]
0x00007fffa5bd4f81	(AppKit + 0x00429f81 )	-[NSMenu _popUpContextMenu:withEvent:forView:withFont:]
0x00007fffa6079daf	(AppKit + 0x008cedaf )	-[NSView _showMenuForEvent:]
0x00007fffa5bceeb5	(AppKit + 0x00423eb5 )	-[NSView rightMouseDown:]
0x00007fffa5cebddc	(AppKit + 0x00540ddc )	-[NSControl _rightMouseUpOrDown:]
0x000000010cbf8b70	(Google Chrome Framework -browser_action_button.mm:262 )	-[BrowserActionButton rightMouseDown:]
0x00007fffa60e8c0f	(AppKit + 0x0093dc0f )	-[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:]
0x00007fffa60e6f09	(AppKit + 0x0093bf09 )	-[NSWindow(NSEventRouting) sendEvent:]
0x000000010cbdda3e	(Google Chrome Framework -chrome_event_processing_window.mm:73 )	-[ChromeEventProcessingWindow sendEvent:]
0x00007fffa5f6be7d	(AppKit + 0x007c0e7d )	-[NSApplication(NSEvent) sendEvent:]
0x0000000109fec0bb	(Google Chrome Framework -chrome_browser_application_mac.mm:328 )	__34-[BrowserCrApplication sendEvent:]_block_invoke
0x000000010a3b4d09	(Google Chrome Framework + 0x022e3d09 )	base::mac::CallWithEHFrame(void () block_pointer)
0x0000000109febd66	(Google Chrome Framework -chrome_browser_application_mac.mm:311 )	-[BrowserCrApplication sendEvent:]
0x00007fffa57e6426	(AppKit + 0x0003b426 )	-[NSApplication run]
0x000000010a3c50ab	(Google Chrome Framework -message_pump_mac.mm:808 )	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x000000010a3c3c2d	(Google Chrome Framework -message_pump_mac.mm:184 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x000000010a3e6634	(Google Chrome Framework -run_loop.cc:102 )	<name omitted>
0x0000000109ff1e8a	(Google Chrome Framework -chrome_browser_main.cc:2053 )	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x0000000108bf9c43	(Google Chrome Framework -browser_main_loop.cc:1016 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x0000000108bfc291	(Google Chrome Framework -browser_main_runner_impl.cc:169 )	content::BrowserMainRunnerImpl::Run()
0x0000000108bf66da	(Google Chrome Framework -browser_main.cc:51 )	content::BrowserMain(content::MainFunctionParams const&, std::__1::unique_ptr<content::BrowserProcessSubThread, std::__1::default_delete<content::BrowserProcessSubThread> >)
0x0000000109fa6039	(Google Chrome Framework -content_main_runner_impl.cc:600 )	content::ContentMainRunnerImpl::Run()
0x000000010b8bddc6	(Google Chrome Framework -main.cc:459 )	service_manager::Main(service_manager::MainParams const&)
0x0000000109fa5123	(Google Chrome Framework -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const&)
0x00000001080d4712	(Google Chrome Framework -chrome_main.cc:101 )	ChromeMain
0x000000010197add0	(Google Chrome -chrome_exe_main_mac.cc:101 )	main
0x00007fffbd8c4234	(libdyld.dylib + 0x00005234 )	start
0x00007fffbd8c4234	(libdyld.dylib + 0x00005234 )	start

Adding release blocker label for this issue.Please reduce priority or remove if not the case.

Thank You!

Comment 4 by taku...@chromium.org, Jul 9

Blocking: 754101

Comment 5 by taku...@chromium.org, Jul 12

Cc: taku...@chromium.org
 Issue 863197  has been merged into this issue.

Comment 6 by taku...@chromium.org, Jul 12

Components: -Internals>Cast Internals>Cast>UI
Project Member

Comment 7 by bugdroid1@chromium.org, Jul 16 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/339ab575c8b467d5c34d981891d8e9605c171867

commit 339ab575c8b467d5c34d981891d8e9605c171867
Author: Takumi Fujimoto <takumif@chromium.org>
Date: Mon Jul 16 23:30:05 2018

Fix Media Router context menu crashes

When the context menu is closed, destroy the menu model asynchronously,
so that its command gets executed before the menu model is destroyed.

Bug:  861652 ,  861655 
Change-Id: Id0bf068e600f13ab187c0ad137ca15979363c61f
Reviewed-on: https://chromium-review.googlesource.com/1130657
Commit-Queue: Takumi Fujimoto <takumif@chromium.org>
Reviewed-by: mark a. foltz <mfoltz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575478}
[modify] https://crrev.com/339ab575c8b467d5c34d981891d8e9605c171867/chrome/browser/ui/toolbar/media_router_action.cc
[modify] https://crrev.com/339ab575c8b467d5c34d981891d8e9605c171867/chrome/browser/ui/toolbar/media_router_action.h
[modify] https://crrev.com/339ab575c8b467d5c34d981891d8e9605c171867/chrome/browser/ui/views/media_router/media_router_ui_browsertest.cc

Comment 8 by taku...@chromium.org, Jul 17

Status: Fixed (was: Assigned)

Comment 9 by nyerramilli@chromium.org, Aug 10

Labels: -ET-MUM-Repprted ET-MUM-Reported

Sign in to add a comment