New issue
Advanced search Search tips

Issue 904466 link

Starred by 1 user
Status: Fixed
Owner:
minch@chromium.org
Closed: Dec 20
Cc:
x...@chromium.org
sammiequon@chromium.org
afakhry@chromium.org
zork@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Meowth crashes when tab is moved by touching

Project Member Reported by andrewxu@chromium.org, Nov 12 
Chrome Version: 71.0.3578.8 dev 11151.4.0
OS: ChromeOS

What steps will reproduce the problem?
(1) Connect Meowth with external display and make external display as primary one
(2) Open a new browser tab in internal display
(3) Touch the tab to move it

What is the expected result?
Tab is able to be moved to external display.

What happens instead?
System crashes.

Additional info: I found this bug when trying to reproduce issue 897976 (https://crbug.com/897976). Now it seems that when window is opened in internal display, it is not at the very left edge now. Not sure whether the two bugs have some connection.

Comment 1 by andrewxu@google.com, Nov 13

Cc: afakhry@chromium.org
Thread 1 "chrome" received signal SIGSEGV, Segmentation fault.
non-virtual thunk to quic::TlsServerHandshaker::crypto_negotiated_params() const () at ../../base/memory/scoped_refptr.h:211
211	../../base/memory/scoped_refptr.h: No such file or directory.
(gdb) backtrace 
#0  non-virtual thunk to quic::TlsServerHandshaker::crypto_negotiated_params() const () at ../../base/memory/scoped_refptr.h:211
#1  0x00005a1d610baaef in ash::WindowSelector::RemoveWindowSelectorItem(ash::WindowSelectorItem*, bool) () at ../../ash/wm/overview/window_selector.cc:587
#2  0x00005a1d611848d5 in ash::WindowGrid::OnWindowDragEnded(aura::Window*, gfx::Point const&, bool) () at ../../ash/wm/overview/window_grid.cc:704
#3  0x00005a1d6118afd3 in ash::TabletModeWindowDragDelegate::EndWindowDrag(ash::wm::WmToplevelWindowEventHandler::DragResult, gfx::Point const&) () at ../../ash/wm/tablet_mode/tablet_mode_window_drag_delegate.cc:188
#4  0x00005a1d6118b472 in ash::TabletModeWindowDragDelegate::FlingOrSwipe(ui::GestureEvent*) () at ../../ash/wm/tablet_mode/tablet_mode_window_drag_delegate.cc:208
#5  0x00005a1d6117ecb3 in ash::DragWindowResizer::FlingOrSwipe(ui::GestureEvent*) () at ../../ash/wm/drag_window_resizer.cc:84
#6  0x00005a1d610e34b9 in ash::wm::WmToplevelWindowEventHandler::OnGestureEvent(ui::GestureEvent*, aura::Window*) () at ../../ash/wm/wm_toplevel_window_event_handler.cc:502
#7  0x00005a1d5fbbab04 in ui::EventDispatcher::DispatchEventToEventHandlers(std::__1::vector<ui::EventHandler*, std::__1::allocator<ui::EventHandler*> >*, ui::Event*) () at ../../ui/events/event_dispatcher.cc:193
#8  0x00005a1d5fbba78b in ui::EventDispatcher::ProcessEvent(ui::EventTarget*, ui::Event*) () at ../../ui/events/event_dispatcher.cc:128
#9  0x00005a1d5fbba64c in ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget*, ui::Event*) () at ../../ui/events/event_dispatcher.cc:86
warning: Could not find DWO CU obj/ui/aura/aura/window_event_dispatcher.dwo(0x7ce0bfb04b09749d) referenced by CU at offset 0xaf42e [in module /usr/local/chrome/chrome]
#10 0x00005a1d602ca7c1 in aura::WindowEventDispatcher::ProcessGestures(aura::Window*, std::__1::vector<std::__1::unique_ptr<ui::GestureEvent, std::__1::default_delete<ui::GestureEvent> >, std::__1::allocator<std::__1::unique_ptr<ui::GestureEvent, std::__1::default_delete<ui::GestureEvent> > > >) () at ../../ui/aura/window_event_dispatcher.cc:353
#11 0x00005a1d602ccb97 in aura::WindowEventDispatcher::PostDispatchEvent(ui::EventTarget*, ui::Event const&) () at ../../ui/aura/window_event_dispatcher.cc:655
#12 0x00005a1d5fbba6de in ui::EventDispatcherDelegate::DispatchEvent(ui::EventTarget*, ui::Event*) () at ../../ui/events/event_dispatcher.cc:62
warning: Could not find DWO CU obj/ui/events/events/event_processor.dwo(0x573d7911cf7d3475) referenced by CU at offset 0x1170fa [in module /usr/local/chrome/chrome]
#13 0x00005a1d62733b5e in ui::EventProcessor::OnEventFromSource(ui::Event*) () at ../../ui/events/event_processor.cc:57
warning: Could not find DWO CU obj/ui/events/events/event_source.dwo(0x4f7d1a480d740133) referenced by CU at offset 0x11715e [in module /usr/local/chrome/chrome]
#14 0x00005a1d62733f17 in ui::EventSource::SendEventToSinkFromRewriter(ui::Event*, ui::EventRewriter const*) () at ../../ui/events/event_source.cc:106
warning: Could not find DWO CU obj/ash/ash/ash_window_tree_host_platform.dwo(0xa6199c4409d221ad) referenced by CU at offset 0xd3d0a [in module /usr/local/chrome/chrome]
#15 0x00005a1d6101ec05 in ash::AshWindowTreeHostPlatform::DispatchEventFromQueue(ui::Event*) () at ../../ash/host/ash_window_tree_host_platform.cc:208
warning: Could not find DWO CU obj/ui/events/events/events_ozone.dwo(0x974b01ea97306ac4) referenced by CU at offset 0xa2f3a [in module /usr/local/chrome/chrome]
#16 0x00005a1d5fbbd37c in ui::DispatchEventFromNativeUiEvent(ui::Event* const&, base::OnceCallback<void (ui::Event*)>) () at ../../base/callback.h:99
warning: Could not find DWO CU obj/ui/ozone/platform/drm/gbm/drm_window_host.dwo(0x7e613f6d338d3c73) referenced by CU at offset 0x20c4b [in module /usr/local/chrome/chrome]
#17 0x00005a1d5cc9eefb in ui::DrmWindowHost::DispatchEvent(ui::Event* const&) () at ../../ui/ozone/platform/drm/host/drm_window_host.cc:200
#18 0x00005a1d5cc9ef8d in non-virtual thunk to ui::DrmWindowHost::DispatchEvent(ui::Event* const&) ()
warning: Could not find DWO CU obj/ui/events/platform/platform/platform_event_source.dwo(0xd1263e5427015244) referenced by CU at offset 0xa2aee [in module /usr/local/chrome/chrome]
#19 0x00005a1d5fbae8df in ui::PlatformEventSource::DispatchEvent(ui::Event*) () at ../../ui/events/platform/platform_event_source.cc:91
warning: Could not find DWO CU obj/ui/events/ozone/events_ozone_evdev/event_factory_evdev.dwo(0x87a346036d6b3773) referenced by CU at offset 0xa62a2 [in module /usr/local/chrome/chrome]
#20 0x00005a1d5fd8af16 in ui::EventFactoryEvdev::DispatchTouchEvent(ui::TouchEventParams const&) () at ../../ui/events/ozone/evdev/event_factory_evdev.cc:363
warning: Could not find DWO CU obj/base/base/task_annotator.dwo(0x7ed9a4d1084ebfd) referenced by CU at offset 0x7de46 [in module /usr/local/chrome/chrome]
#21 0x00005a1d5ee15251 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) () at ../../base/callback.h:99
warning: Could not find DWO CU obj/base/base/message_loop_impl.dwo(0x14b7e399c6c4a295) referenced by CU at offset 0x7b5d6 [in module /usr/local/chrome/chrome]
#22 0x00005a1d5ed87e8f in base::MessageLoopImpl::RunTask(base::PendingTask*) () at ../../base/message_loop/message_loop_impl.cc:404
#23 0x00005a1d5ed883d2 in base::MessageLoopImpl::DoWork() () at ../../base/message_loop/message_loop_impl.cc:415
warning: Could not find DWO CU obj/base/base/message_pump_libevent.dwo(0x89e5c1e36be1f2b4) referenced by CU at offset 0x7dc4a [in module /usr/local/chrome/chrome]
#24 0x00005a1d5ee121c9 in base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) () at ../../base/message_loop/message_pump_libevent.cc:210
warning: Could not find DWO CU obj/base/base/run_loop.dwo(0xf4f104b0f8f69e2f) referenced by CU at offset 0x7be26 [in module /usr/local/chrome/chrome]
#25 0x00005a1d5eda6b85 in base::RunLoop::Run() () at ../../base/run_loop.cc:102
warning: Could not find DWO CU obj/chrome/browser/browser/chrome_browser_main.dwo(0x5c38d59ccfe593ad) referenced by CU at offset 0x6e84a [in module /usr/local/chrome/chrome]
#26 0x00005a1d5e9ea01a in ChromeBrowserMainParts::MainMessageLoopRun(int*) () at ../../chrome/browser/chrome_browser_main.cc:1908
warning: Could not find DWO CU obj/content/browser/browser/browser_main_loop.dwo(0xfdea94049979a426) referenced by CU at offset 0x307cf [in module /usr/local/chrome/chrome]
#27 0x00005a1d5d0df5e4 in content::BrowserMainLoop::RunMainMessageLoopParts() () at ../../content/browser/browser_main_loop.cc:993
warning: Could not find DWO CU obj/content/browser/browser/browser_main_runner_impl.dwo(0xc07c4ceeec26bb22) referenced by CU at offset 0x30803 [in module /usr/local/chrome/chrome]
#28 0x00005a1d5d0e1de2 in content::BrowserMainRunnerImpl::Run() () at ../../content/browser/browser_main_runner_impl.cc:165
warning: Could not find DWO CU obj/content/browser/browser/browser_main.dwo(0x254b4108e99df066) referenced by CU at offset 0x3079b [in module /usr/local/chrome/chrome]
#29 0x00005a1d5d0dbf68 in content::BrowserMain(content::MainFunctionParams const&) () at ../../content/browser/browser_main.cc:47
warning: Could not find DWO CU obj/content/app/content_main_runner_both/content_main_runner_impl.dwo(0xa2ce7c8e0436a239) referenced by CU at offset 0x6e5be [in module /usr/local/chrome/chrome]
#30 0x00005a1d5e9dc838 in content::ContentMainRunnerImpl::Run(bool) () at ../../content/app/content_main_runner_impl.cc:537
warning: Could not find DWO CU obj/services/service_manager/embedder/embedder/main.dwo(0x6e93b01547bb7efa) referenced by CU at offset 0x6e65a [in module /usr/local/chrome/chrome]
#31 0x00005a1d5e9e2c32 in service_manager::Main(service_manager::MainParams const&) () at ../../services/service_manager/embedder/main.cc:472
warning: Could not find DWO CU obj/content/app/both/content_main.dwo(0xdc18887b4000cc39) referenced by CU at offset 0x6e58e [in module /usr/local/chrome/chrome]
#32 0x00005a1d5e9dab11 in content::ContentMain(content::ContentMainParams const&) () at ../../content/app/content_main.cc:19
warning: Could not find DWO CU obj/chrome/chrome_initial/chrome_main.dwo(0xe79e2c937cd02728) referenced by CU at offset 0x30 [in module /usr/local/chrome/chrome]
#33 0x00005a1d5c35e55f in ChromeMain () at ../../chrome/app/chrome_main.cc:102
#34 0x00007ce575463a94 in __libc_start_main (main=0x5a1d5c35e4c0 <main>, argc=33, argv=0x7ffd0edfa548, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffd0edfa538) at ../csu/libc-start.c:308
#35 0x00005a1d5c35e389 in _start ()

Comment 2 by andrewxu@google.com, Nov 13 

Tried on Tot. Also crash.

Comment 3 by afakhry@chromium.org, Nov 13

Cc: sammiequon@chromium.org
Components: UI>Shell>WindowManager>Splitscreen UI>Shell>OverviewMode
Labels: -Pri-2 M-72 M-71 OS-Chrome Pri-1
Owner: x...@chromium.org
Status: Assigned (was: Untriaged)
xdai@ can you take a look?

There are several crashes on the server that seems to be similar, example: https://crash.corp.google.com/browse?q=&stbtiq=ash::WindowSelector::RemoveWindowSelectorItem&reportid=d4395c98dc9e07fd&index=4#0

Please talk to andrewxu@ who can show you how to repro this crash.

Comment 4 by x...@chromium.org, Dec 18

Cc: x...@chromium.org zork@chromium.org
Labels: -M-71
Owner: minch@chromium.org
Talked with Min. Assign to her.
From andreawxu@: on tot (M73), no need to set the external display as the primary display, Chrome will always crash when moving a chrome window (tab dragging or app dragging) from internal display to external display using touch.
Project Member

Comment 5 by bugdroid1@chromium.org, Dec 20 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/251a0089da078885a03dcbd62e66472cb6fbb2f7

commit 251a0089da078885a03dcbd62e66472cb6fbb2f7
Author: Min Chen <minch@google.com>
Date: Thu Dec 20 17:38:19 2018

Fix crash happened if drag tab/app between displays.

The crash in the issue is because
WindowGrid::GetWindowSelectorItemContaining returns nullptr then cause
crashed at WindowSelector::RemoveWindowSelectorItem. It is nullptr
because the drop target and dragged window are in different displays.
This cl fixes the crash only and will see whether we can do further
work for it.

Bug:  904466 
Change-Id: I20a7ca5a0d294d23b28be13ab0c27a5fdfdc5c45
Reviewed-on: https://chromium-review.googlesource.com/c/1383535
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Commit-Queue: Min Chen <minch@chromium.org>
Cr-Commit-Position: refs/heads/master@{#618264}
[modify] https://crrev.com/251a0089da078885a03dcbd62e66472cb6fbb2f7/ash/wm/overview/window_grid.cc

Comment 6 by minch@chromium.org, Dec 20

Labels: -M-72 M-73
Status: Fixed (was: Assigned)

Sign in to add a comment