Issue metadata
Sign in to add a comment
|
Regression : Chrome crashes when trying to close the detached NTP. |
||||||||||||||||||||
Issue descriptionChrome Version : 73.0.3630.0 (Official Build) 4e0c28599deef67a295ba4ecd2e0180a4b5157e0-refs/branch-heads/3630@{#1} 64 bit OS : Mac(10.13.1, 10.14.2) Precondition : Kindly use external USB mouse to reproduce this crash consistently. What steps will reproduce the problem? 1. Launch chrome and open two NTPs. 2. Detach second NTP (do not release 'Left' mouse click) and simultaneously press 'Right' mouse button to open context menu. 3. Select 'Close Tab' option from context menu and then click on 'X' to close the current NTP. 4. Observe. Actual Result : Chrome crashes when trying to close the detached NTP. Expected Result : Chrome should not crash when user closes detached NTP. Crash ID: ID abdc5949ceb38df2 (Local Crash ID: 76ae4656-a805-4b68-a353-559557e9baee) ID 8d400479d291f28f (Local Crash ID: 42f06ad7-6b96-40aa-b47d-e0179f08709d) This is a regression issue broken in M-70 and below is the bisect information: Good Build : 70.0.3503.0 (Revision : 578160) Bad Build : 70.0.3504.0 (Revision : 578510) CHANGE LOG URL: https://chromium.googlesource.com/chromium/src/+log/bcb7db78edc13f57577f0a9562c98918bdcc10ae..67d21d10815fe6d87d1785a65a50fbc386e6605b Suspecting: https://chromium.googlesource.com/chromium/src/+/67d21d10815fe6d87d1785a65a50fbc386e6605b @ellyjones: Could you please check whether this is caused with respect to your change, if not please help us in assigning it to the right owner. Note: 1. Unable to reproduce issue on Mac Touch Bar (10.13.6) 2. Issue is reproducible in Beta #71.0.3578.80, Stable #70.0.3538.110 and Dev build #72.0.3622.0 3. This is Mac OS specific issue and same is not reproducible in Windows(7,8,10) and Linux(14.04 LTS) OS Thank you..!
,
Dec 4
I can reproduce this locally. I think it might be related to issue 876493. Investigating.
,
Dec 4
Kicking this down to Pri-2 and M73.
,
Dec 4
TabDragController::RunMoveLoop does:
views::Widget::MoveLoopResult result =
move_loop_widget_->RunMoveLoop(
drag_offset, move_loop_source, escape_behavior);
while this move loop is running, menus work as normal; if you open a right-click context menu, result will be views::widget::MOVE_LOOP_CANCELED, so TabDragController::RunMoveLoop calls into ::EndDrag and thence into ::EndDragImpl. EndDragImpl is unaware that the tab has been destroyed and tries to call RestoreFocus(), which bursts into flames.
I think that perhaps ::RunMoveLoop (or maybe ::EndDrag) need to deal with the window disappearing while the move loop is running, OR we need to forbid context menus inside the window move loop.
,
Dec 4
As an aside, thank you **VERY MUCH** for filing this bug - the repro steps here gave us the clue we needed to reproduce issue 876493, which we've been struggling with for months now. :D
,
Dec 4
To lgrey@ since the root cause is the same as 876493.
,
Dec 6
,
Dec 11
,
Dec 11
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by rbasuvula@google.com
, Dec 4