Issue metadata
Sign in to add a comment
|
Chrome_Mac: Crash Report - [Uncaught NSException] NSInternalInconsistencyException reason -[NSCGSFence set] called after -[NSCGSFence invalidate] |
||||||||||||||||||
Issue descriptionreporter:pnangunoori@google.com Magic Signature: [Uncaught NSException] NSInternalInconsistencyException reason -[NSCGSFence set] called after -[NSCGSFence invalidate] Crash link: https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Mac%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27browser%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%5BUncaught+NSException%5D+NSInternalInconsistencyException+reason+-%5BNSCGSFence+set%5D+called+after+-%5BNSCGSFence+invalidate%5D%27&stbtiq=&reportid=&index=0 ------------------------------------------------------------------------------- Sample Report ------------------------------------------------------------------------------- Product name: Chrome_Mac Magic Signature : [Uncaught NSException] NSInternalInconsistencyException reason -[NSCGSFence set] called after -[NSCGSFence invalidate] Product Version: 69.0.3497.100 Process type: browser Report ID: ca6288d8c38398bd Report Url: https://crash.corp.google.com/ca6288d8c38398bd Report Time: 2018-10-03T01:19:53-07:00 Upload Time: 2018-10-03T01:27:51.651-07:00 Uptime: 14869000 ms OS Name: Mac OS X OS Version: 10.14.0 18A391 CPU Architecture: amd64 CPU Info: family 6 model 58 stepping 9 ------------------------------------------------------------------------------- Crashing thread: Thread index: 32. Stack Quality: 84%. Thread id: 71341. ------------------------------------------------------------------------------- 0x00007fff4a74b18f (AppKit + 0x0042818f) -[NSApplication _crashOnException:] 0x00007fff4a74b071 (AppKit + 0x00428071) -[NSApplication reportException:] 0x00007fff4a80ceb6 (AppKit + 0x004e9eb6) uncaughtErrorProc 0x00007fff4cf26d38 (CoreFoundation + 0x0016cd38) __handleUncaughtException 0x00007fff78e63328 (libobjc.A.dylib + 0x00018328) _objc_terminate() 0x00007fff77665dfd (libc++abi.dylib + 0x0000edfd) std::__terminate(void (*)()) 0x00007fff77665e72 (libc++abi.dylib + 0x0000ee72) std::terminate() 0x00007fff78e63133 (libobjc.A.dylib + 0x00018133) objc_terminate 0x00007fff79ed8dde (libdispatch.dylib + 0x00003dde) _dispatch_client_callout 0x00007fff79ee6e73 (libdispatch.dylib + 0x00011e73) _dispatch_root_queue_drain 0x00007fff79ee74b0 (libdispatch.dylib + 0x000124b0) _dispatch_worker_thread2 0x00007fff7a1186ed (libsystem_pthread.dylib + 0x000026ed) _pthread_wqthread 0x00007fff7a118414 (libsystem_pthread.dylib + 0x00002414) start_wqthread 0x00007fff79ee7456 (libdispatch.dylib + 0x00012456) _dispatch_root_queues_init_once ------------------------------------------------------------------------------- Manual regression range finder link ------------------------------------------------------------------------------- https://crash.corp.google.com/browse?q=expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%5BUncaught+NSException%5D+NSInternalInconsistencyException+reason+-%5BNSCGSFence+set%5D+called+after+-%5BNSCGSFence+invalidate%5D%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27browser%27#-property-selector,-samplereports,+productname,+productversion:1000,+directory,-clientid,+operatingsystem,+url,+simplifiedurl,+extensions
,
Oct 3
firstexception_bt is not illuminating: 0x0233238c [Google Chrome Framework - safe_conversions.h:180] base::debug::StackTrace::StackTrace(unsigned long) 0x01f5543d [Google Chrome Framework - exception_processor.mm:124] chrome::ObjcExceptionPreprocessor(objc_object*) 0x00015efb [libobjc.A.dylib + 0x15efb] objc_exception_throw 0x000f53a3 [CoreFoundation + 0xf53a3] +[NSException raise:format:] 0x0030ae43 [AppKit + 0x30ae43] __42-[NSAnimation(NSInternal) _runInNewThread]_block_invoke_2 0x00054172 [AppKit + 0x54172] NSPerformVisuallyAtomicChange 0x0030ae02 [AppKit + 0x30ae02] __42-[NSAnimation(NSInternal) _runInNewThread]_block_invoke 0x00002d4f [libdispatch.dylib + 0x2d4f] _dispatch_call_block_and_release 0x00003dcb [libdispatch.dylib + 0x3dcb] _dispatch_client_callout 0x00011e74 [libdispatch.dylib + 0x11e74] _dispatch_root_queue_drain 0x000124b1 [libdispatch.dylib + 0x124b1] _dispatch_worker_thread2 0x000026ee [libsystem_pthread.dylib + 0x26ee] _pthread_wqthread 0x00002415 [libsystem_pthread.dylib + 0x2415] start_wqthread Assuming this is from an NSAnimation we actually created, potential culprits are: ViewsNSWindowCloseAnimator ConstrainedWindowAnimationBase MCPopupController ConfirmQuitPanelController ConstrainedWindowCustomSheet I *believe* that the latter three are all Cocoa-specific and this crash only shows up on MacViews, so I'd be inclined to look hard at ViewsNSWindowCloseAnimator and ConstrainedWindowAnimationBase. To add to this suspicion, ViewsNSWindowCloseAnimator uses NSAnimationNonBlocking for its blocking mode, which I could believe is triggering a bug within AppKit. Notably, 100% of crashes are from 10.14. Stripping R-V-EI and let's target a fix at M71.
,
Oct 3
Thanks for triaging, removing from stability sheriff queue.
,
Oct 8
I think you're right re: ViewsNSWindowCloseAnimation. The main thread is doing something interesting: Stack Quality84%Show frame trust levels 0x00007fff7a05fc2a (libsystem_kernel.dylib + 0x00000c2a ) mach_msg_trap 0x000000010b38ce5c (Google Chrome Framework -waitable_event_mac.cc:142 ) base::WaitableEvent::TimedWaitUntil(base::TimeTicks const&) 0x000000010b38cd5e (Google Chrome Framework -waitable_event_mac.cc:105 ) base::WaitableEvent::Wait() 0x0000000109838478 (Google Chrome Framework -gpu_channel_host.cc:83 ) gpu::GpuChannelHost::Send(IPC::Message*) 0x0000000109835427 (Google Chrome Framework -command_buffer_proxy_impl.cc:681 ) gpu::CommandBufferProxyImpl::WaitForGetOffsetInRange(unsigned int, int, int) 0x0000000109779ece (Google Chrome Framework -cmd_buffer_helper.cc:166 ) gpu::CommandBufferHelper::Finish() 0x000000010c186f56 (Google Chrome Framework -implementation_base.cc:176 ) gpu::ImplementationBase::WaitForCmd() 0x000000010c15214b (Google Chrome Framework -gles2_implementation.cc:305 ) gpu::gles2::GLES2Implementation::~GLES2Implementation() 0x000000010984694d (Google Chrome Framework -gles2_implementation_with_grcontext_support.cc:33 ) <name omitted> 0x000000010a18b431 (Google Chrome Framework -memory:2321 ) ui::ContextProviderCommandBuffer::~ContextProviderCommandBuffer() 0x000000010a18b52d (Google Chrome Framework -context_provider_command_buffer.cc:76 ) <name omitted> 0x0000000109ffab7d (Google Chrome Framework -gpu_output_surface_mac.cc:32 ) content::GpuOutputSurfaceMac::~GpuOutputSurfaceMac() 0x000000010c6d04bf (Google Chrome Framework -memory:2321 ) viz::Display::~Display() 0x000000010c6d057d (Google Chrome Framework -display.cc:63 ) <name omitted> 0x0000000109ffe186 (Google Chrome Framework -memory:2321 ) std::__1::__tree<std::__1::__value_type<ui::Compositor*, std::__1::unique_ptr<content::GpuProcessTransportFactory::PerCompositorData, std::__1::default_delete<content::GpuProcessTransportFactory::PerCompositorData> > >, std::__1::__map_value_compare<ui::Compositor*, std::__1::__value_type<ui::Compositor*, std::__1::unique_ptr<content::GpuProcessTransportFactory::PerCompositorData, std::__1::default_delete<content::GpuProcessTransportFactory::PerCompositorData> > >, std::__1::less<ui::Compositor*>, true>, std::__1::allocator<std::__1::__value_type<ui::Compositor*, std::__1::unique_ptr<content::GpuProcessTransportFactory::PerCompositorData, std::__1::default_delete<content::GpuProcessTransportFactory::PerCompositorData> > > > >::erase(std::__1::__tree_const_iterator<std::__1::__value_type<ui::Compositor*, std::__1::unique_ptr<content::GpuProcessTransportFactory::PerCompositorData, std::__1::default_delete<content::GpuProcessTransportFactory::PerCompositorData> > >, std::__1::__tree_node<std::__1::__value_type<ui::Compositor*, std::__1::unique_ptr<content::GpuProcessTransportFactory::PerCompositorData, std::__1::default_delete<content::GpuProcessTransportFactory::PerCompositorData> > >, void*>*, long>) 0x0000000109ffce6e (Google Chrome Framework -map:1246 ) content::GpuProcessTransportFactory::RemoveCompositor(ui::Compositor*) 0x000000010cbf0575 (Google Chrome Framework -compositor.cc:245 ) ui::Compositor::~Compositor() 0x000000010cc02a0b (Google Chrome Framework -recyclable_compositor_mac.cc:59 ) ui::RecyclableCompositorMac::~RecyclableCompositorMac() 0x000000010cc02d5a (Google Chrome Framework -memory:2321 ) ui::RecyclableCompositorMacFactory::RecycleCompositor(std::__1::unique_ptr<ui::RecyclableCompositorMac, std::__1::default_delete<ui::RecyclableCompositorMac> >) 0x000000010cb6c19d (Google Chrome Framework -bridged_native_widget.mm:1293 ) views::BridgedNativeWidget::DestroyCompositor() 0x000000010cb6bbda (Google Chrome Framework -bridged_native_widget.mm:260 ) views::BridgedNativeWidget::~BridgedNativeWidget() 0x000000010cb6c25d (Google Chrome Framework -bridged_native_widget.mm:249 ) <name omitted> 0x000000010cbd9e4f (Google Chrome Framework -memory:2321 ) views::NativeWidgetMac::WindowDestroyed() 0x000000010cb71844 (Google Chrome Framework -views_nswindow_delegate.mm:146 ) -[ViewsNSWindowDelegate windowWillClose:] 0x00007fff4ce5a075 (CoreFoundation + 0x000a0075 ) __CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__ 0x00007fff4ce59fef (CoreFoundation + 0x0009ffef ) ___CFXRegistrationPost_block_invoke 0x00007fff4ce59f10 (CoreFoundation + 0x0009ff10 ) _CFXRegistrationPost 0x00007fff4ce6224c (CoreFoundation + 0x000a824c ) ___CFXNotificationPost_block_invoke 0x00007fff4cdc93a3 (CoreFoundation + 0x0000f3a3 ) -[_CFXNotificationRegistrar find:object:observer:enumerator:] 0x00007fff4cdc8648 (CoreFoundation + 0x0000e648 ) _CFXNotificationPost 0x00007fff4f168baa (Foundation + 0x00011baa ) -[NSNotificationCenter postNotificationName:object:userInfo:] 0x00007fff4ac54884 (AppKit + 0x00931884 ) -[NSWindow _finishClosingWindow] 0x00007fff4a6c3c63 (AppKit + 0x003a0c63 ) -[NSWindow _close] 0x000000010cb71b01 (Google Chrome Framework -bind_internal.h:489 ) base::internal::Invoker<base::internal::BindState<base::mac::ScopedBlock<void () block_pointer> >, void ()>::RunOnce(base::internal::BindStateBase*) 0x000000010b332131 (Google Chrome Framework -callback.h:99 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010b35161e (Google Chrome Framework -message_loop.cc:421 ) base::MessageLoop::RunTask(base::PendingTask*) 0x000000010b351ae7 (Google Chrome Framework -message_loop.cc:432 ) base::MessageLoop::DoWork() 0x000000010b353ca9 (Google Chrome Framework -message_pump_mac.mm:455 ) base::MessagePumpCFRunLoopBase::RunWork() 0x000000010b3441e9 (Google Chrome Framework + 0x022971e9 ) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010b3535ce (Google Chrome Framework -message_pump_mac.mm:431 ) base::MessagePumpCFRunLoopBase::RunWorkSource(void*) 0x00007fff4ce12128 (CoreFoundation + 0x00058128 ) __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 0x00007fff4ce120ce (CoreFoundation + 0x000580ce ) __CFRunLoopDoSource0 0x00007fff4cdf5f6f (CoreFoundation + 0x0003bf6f ) __CFRunLoopDoSources0 0x00007fff4cdf5516 (CoreFoundation + 0x0003b516 ) __CFRunLoopRun 0x00007fff4cdf4df9 (CoreFoundation + 0x0003adf9 ) CFRunLoopRunSpecific 0x00007fff4c080894 (HIToolbox + 0x0000a894 ) RunCurrentEventLoopInMode 0x00007fff4c0805ca (HIToolbox + 0x0000a5ca ) ReceiveNextEventCommon 0x00007fff4c080347 (HIToolbox + 0x0000a347 ) _BlockUntilNextEventMatchingListInModeWithFilter 0x00007fff4a33d95a (AppKit + 0x0001a95a ) _DPSNextEvent 0x00007fff4a33c6f9 (AppKit + 0x000196f9 ) -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] 0x000000010af6895f (Google Chrome Framework -chrome_browser_application_mac.mm:233 ) __71-[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:]_block_invoke 0x000000010b3441e9 (Google Chrome Framework + 0x022971e9 ) base::mac::CallWithEHFrame(void () block_pointer) 0x000000010af68893 (Google Chrome Framework -chrome_browser_application_mac.mm:232 ) -[BrowserCrApplication nextEventMatchingMask:untilDate:inMode:dequeue:] 0x00007fff4a33675c (AppKit + 0x0001375c ) -[NSApplication run] 0x000000010b35456b (Google Chrome Framework -message_pump_mac.mm:808 ) base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) 0x000000010b3530ed (Google Chrome Framework -message_pump_mac.mm:184 ) base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) 0x000000010b375c24 (Google Chrome Framework -run_loop.cc:102 ) <name omitted> 0x000000010af6f40a (Google Chrome Framework -chrome_browser_main.cc:2086 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x0000000109b551b3 (Google Chrome Framework -browser_main_loop.cc:1034 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x0000000109b57901 (Google Chrome Framework -browser_main_runner_impl.cc:162 ) content::BrowserMainRunnerImpl::Run() 0x0000000109b51c6a (Google Chrome Framework -browser_main.cc:47 ) content::BrowserMain(content::MainFunctionParams const&) 0x000000010af23097 (Google Chrome Framework -content_main_runner_impl.cc:596 ) content::ContentMainRunnerImpl::Run(bool) 0x000000010c7d312c (Google Chrome Framework -main.cc:472 ) service_manager::Main(service_manager::MainParams const&) 0x000000010af22143 (Google Chrome Framework -content_main.cc:19 ) content::ContentMain(content::ContentMainParams const&) 0x00000001090b11f2 (Google Chrome Framework -chrome_main.cc:101 ) ChromeMain 0x0000000101bacdd0 (Google Chrome -chrome_exe_main_mac.cc:101 ) main 0x00007fff79f27084 (libdyld.dylib + 0x00017084 ) start |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by pnangunoori@chromium.org
, Oct 3Labels: -Type-Bug -Pri-2 RegressedIn-69 Stability-Sheriff-Desktop Target-70 TE-CrashTriage M-69 Proj-MacMojave FoundIn-70 Target-69 FoundIn-69 Pri-1 Type-Bug-Regression