New issue
Advanced search Search tips

Issue 903706 link

Starred by 3 users
Status: Verified
Owner:
lgrey@chromium.org
Closed: Nov 12
Cc:
nyerramilli@chromium.org
rbasuvula@chromium.org
ligim...@chromium.org
mac-bugs-priority@chromium.org
pkasting@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Regression : Chrome crashes after detaching a tab.

Reported by avsha...@etouch.net, Nov 9 
Chrome Version : 72.0.3606.0 (Official Build) bc884309b55f7b1fc3a599dd9482cf228c863c05-refs/branch-heads/3606@{#1} 64 bit
OS : Mac(10.13.6, 10.13.1, 10.14.2)

What steps will reproduce the problem?
1. Launch chrome, open one incognito and one non-incognito window side by side.
2. Now drag/detach one tab from non-incognito window and try to merge it with adjacent incognito window.
3. Observe.

Actual Result : Chrome crashes after detaching a tab.

Expected Result : Chrome should not crash after detaching a tab.

This is a regression issue broken in M-71 and will soon update bisect information:
Good Build : 72.0.3605.0 (Revision : 606282)
Bad Build : 72.0.3606.0 (Revision : 606693)

Crash ID-
ID 44c13791d9694b47 (Local Crash ID: 2a71196d-380f-4fd2-993c-d778e378e9e9)

Review screencast from below drive URL-

https://drive.google.com/drive/folders/1nn376SCHkQT_zPG_WysbwzeWcibE5dpJ?usp=sharing

Comment 1 by avsha...@etouch.net, Nov 9

Labels: RegressedIn-72 Target-72 FoundIn-72 hasbisect
Owner: lgrey@chromium.org
Status: Assigned (was: Unconfirmed)
Correction in milestone typo error-

This is a regression issue broken in M-72 and below is the bisect information:
Good Build : 72.0.3605.0 (Revision : 606282)
Bad Build : 72.0.3606.0 (Revision : 606693)

Chromium bisect URL:
https://chromium.googlesource.com/chromium/src/+log/f090cedb1220fd75864898f936a14f907141b271..86e6511b6b1ee086f50639c9a64346790dea350e

Suspecting : r606619

Leonard@ : Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner.

Note:
1. Issue is not reproducible in today's Stable build #70.0.3538.102
2. Unable to repro issue in Windows (7,8,10) and Linux(14.04 LTS) OS.
3. Unable to provide bisect using per-revision script as it shows "We don't have enough builds error message", hence provided suspect with Chromium bisect.

Thank you..!

Comment 2 by nyerramilli@chromium.org, Nov 9

Cc: ligim...@chromium.org
Labels: ReleaseBlock-Dev
Stack trace:
----------------
Thread 0 (id: 0xeba1) CRASHED [EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x00000378 ] MAGIC SIGNATURE THREAD
Stack Quality68%Show frame trust levels
0x000000011450278f	(Google Chrome Framework -memory:2611 )	TabDragController::GetTargetTabStripForPoint(gfx::Point const&, TabStrip**)
0x0000000114501f87	(Google Chrome Framework -tab_drag_controller.cc:683 )	TabDragController::ContinueDragging(gfx::Point const&)
0x0000000114500949	(Google Chrome Framework -tab_drag_controller.cc:535 )	TabDragController::Drag(gfx::Point const&)
0x00000001145024c9	(Google Chrome Framework -tab_drag_controller.cc:586 )	TabDragController::OnWidgetBoundsChanged(views::Widget*, gfx::Rect const&)
0x0000000113752b95	(Google Chrome Framework -widget.cc:1129 )	views::Widget::OnNativeWidgetMove()
0x0000000113766702	(Google Chrome Framework -bridged_native_widget_host_impl.mm:693 )	views::BridgedNativeWidgetHostImpl::OnWindowGeometryChanged(gfx::Rect const&, gfx::Rect const&)
0x00000001136ce2a7	(Google Chrome Framework -bridged_native_widget_impl.mm:1253 )	views::BridgedNativeWidgetImpl::UpdateWindowGeometry()
0x00007fff48974711	(CoreFoundation + 0x0009f711 )	
0x00007fff4897468b	(CoreFoundation + 0x0009f68b )	
0x00007fff489745ac	(CoreFoundation + 0x0009f5ac )	
0x00007fff4897ca08	(CoreFoundation + 0x000a7a08 )	
0x00007fff488e41a9	(CoreFoundation + 0x0000f1a9 )	
0x00007fff488e356c	(CoreFoundation + 0x0000e56c )	
0x00007fff4ad2ea7a	(Foundation + 0x00011a7a )	
0x00007fff45f44038	(AppKit + 0x000fe038 )	
0x00007fff45f418b4	(AppKit + 0x000fb8b4 )	
0x00007fff45f40c74	(AppKit + 0x000fac74 )	
0x00007fff45f4b6ef	(AppKit + 0x001056ef )	
0x0000000113761c45	(Google Chrome Framework -cocoa_window_move_loop.mm:106 )	___ZN5views19CocoaWindowMoveLoop3RunEv_block_invoke
0x00007fff45e6dc19	(AppKit + 0x00027c19 )	
0x00007fff45e6c68b	(AppKit + 0x0002668b )	
0x00000001116cb023	(Google Chrome Framework -chrome_browser_application_mac.mm:337 )	__34-[BrowserCrApplication sendEvent:]_block_invoke
0x0000000111ad8529	(Google Chrome Framework + 0x02764529 )	base::mac::CallWithEHFrame(void () block_pointer)
0x00000001116caccc	(Google Chrome Framework -chrome_browser_application_mac.mm:318 )	-[BrowserCrApplication sendEvent:]
0x0000000111ae5b08	(Google Chrome Framework -message_pump_mac.mm:819 )	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x0000000111ae46ed	(Google Chrome Framework -message_pump_mac.mm:184 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000111b085e4	(Google Chrome Framework -run_loop.cc:102 )	<name omitted>
0x0000000113761a93	(Google Chrome Framework -cocoa_window_move_loop.mm:119 )	views::CocoaWindowMoveLoop::Run()
0x00000001136cde45	(Google Chrome Framework -bridged_native_widget_impl.mm:702 )	views::BridgedNativeWidgetImpl::RunMoveLoop(gfx::Vector2d const&)
0x000000011374b3c9	(Google Chrome Framework -native_widget_mac.mm:570 )	views::NativeWidgetMac::RunMoveLoop(gfx::Vector2d const&, views::Widget::MoveLoopSource, views::Widget::MoveLoopEscapeBehavior)
0x0000000114501dbc	(Google Chrome Framework -tab_drag_controller.cc:1299 )	TabDragController::RunMoveLoop(gfx::Vector2d const&)
0x0000000114500ce7	(Google Chrome Framework -tab_drag_controller.cc:530 )	TabDragController::Drag(gfx::Point const&)
0x000000011450d443	(Google Chrome Framework -tab_strip.cc:1086 )	non-virtual thunk to TabStrip::ContinueDrag(views::View*, ui::LocatedEvent const&)
0x00000001144fd629	(Google Chrome Framework -tab.cc:457 )	non-virtual thunk to Tab::OnMouseDragged(ui::MouseEvent const&)
0x0000000113743b1e	(Google Chrome Framework -view.cc:2453 )	views::View::ProcessMouseDragged(ui::MouseEvent const&)
0x0000000113743709	(Google Chrome Framework -view.cc:1086 )	views::View::OnMouseEvent(ui::MouseEvent*)
0x000000011246a7bb	(Google Chrome Framework -event_dispatcher.cc:193 )	ui::EventDispatcher::ProcessEvent(ui::EventTarget*, ui::Event*)
0x000000011246a5d3	(Google Chrome Framework -event_dispatcher.cc:86 )	ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget*, ui::Event*)
0x000000011374d5ae	(Google Chrome Framework -root_view.cc:426 )	views::internal::RootView::OnMouseDragged(ui::MouseEvent const&)
0x00000001137531a2	(Google Chrome Framework -widget.cc:1253 )	views::Widget::OnMouseEvent(ui::MouseEvent*)
0x000000011375e952	(Google Chrome Framework -bridged_content_view.mm:695 )	-[BridgedContentView mouseEvent:]
0x00000001137add81	(Google Chrome Framework -cocoa_mouse_capture.mm:91 )	___ZN16views_bridge_mac17CocoaMouseCapture14ActiveEventTap4InitEv_block_invoke
0x00007fff45e6dc19	(AppKit + 0x00027c19 )	
0x00007fff45e6c68b	(AppKit + 0x0002668b )	
0x00000001116cb023	(Google Chrome Framework -chrome_browser_application_mac.mm:337 )	__34-[BrowserCrApplication sendEvent:]_block_invoke
0x0000000111ad8529	(Google Chrome Framework + 0x02764529 )	base::mac::CallWithEHFrame(void () block_pointer)
0x00000001116caccc	(Google Chrome Framework -chrome_browser_application_mac.mm:318 )	-[BrowserCrApplication sendEvent:]
0x00007fff45e59fc0	(AppKit + 0x00013fc0 )	
0x0000000111ae5b3b	(Google Chrome Framework -message_pump_mac.mm:808 )	base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*)
0x0000000111ae46ed	(Google Chrome Framework -message_pump_mac.mm:184 )	base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*)
0x0000000111b085e4	(Google Chrome Framework -run_loop.cc:102 )	<name omitted>
0x00000001116cfedc	(Google Chrome Framework -chrome_browser_main.cc:1908 )	ChromeBrowserMainParts::MainMessageLoopRun(int*)
0x0000000110010b83	(Google Chrome Framework -browser_main_loop.cc:993 )	content::BrowserMainLoop::RunMainMessageLoopParts()
0x00000001100131b1	(Google Chrome Framework -browser_main_runner_impl.cc:165 )	content::BrowserMainRunnerImpl::Run()
0x000000011000d8fa	(Google Chrome Framework -browser_main.cc:47 )	content::BrowserMain(content::MainFunctionParams const&)
0x0000000111685f32	(Google Chrome Framework -content_main_runner_impl.cc:537 )	content::ContentMainRunnerImpl::Run(bool)
0x0000000113c6c4fc	(Google Chrome Framework -main.cc:472 )	service_manager::Main(service_manager::MainParams const&)
0x0000000111685173	(Google Chrome Framework -content_main.cc:19 )	content::ContentMain(content::ContentMainParams const&)
0x000000010f3774ee	(Google Chrome Framework -chrome_main.cc:102 )	ChromeMain
0x000000010f358dcd	(Google Chrome -chrome_exe_main_mac.cc:101 )	main
0x00007fff76075ef8	(libdyld.dylib + 0x00016ef8 )	
0x00007fff76075ef8	(libdyld.dylib + 0x00016ef8 )

marking as RBD, please change accordingly if required.

Comment 3 by lgrey@chromium.org, Nov 9 

Reverted, will try to reland later today.

Comment 4 by ligim...@chromium.org, Nov 9 

Thanks for the revert, we will verify in next canary.

Comment 5 by srinivassista@google.com, Nov 12 

Please help verify and update this issue, this is blocker for 72 dev release slated for tue nov 13

Comment 6 by avsha...@etouch.net, Nov 12

Labels: TE-Verified-M72 TE-Verified-72.0.3608.0
---------
Update :
---------
Verified above issue in latest Canary build #72.0.3608.0 on Mac(10.13.1, 10.13.6, 10.14.2) OS and the crash issue is fixed. 

Reverted CL (https://chromium.googlesource.com/chromium/src/+/899b84ea267b8ce6ce522d2cf3b34453be3ac164) have fixed the crash issue reported in Comment #0. After detaching a tab, Chrome does not crash and it is working as intended, hence adding TE-Verified labels. Kindly review an attached screen-cast for reference.

Thank you..!
Canary_build_observations.mov
10.4 MB View Download

Comment 7 by lgrey@chromium.org, Nov 12

Status: Verified (was: Assigned)

Sign in to add a comment