| Issue 46289: | Chrome browser crash on closing the tabs | |
| 4 people starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
Platform: Hostname: testings-mac-mini-4.local Mac OS X Version 10.6.3 (Build 10D578) Processor: 2 Intel 2.33 GHz RAM: 2048 MB Chrome: Chrome version: 6.0.431.0 r49370 <<<Release>>> QuickTime Player: 7.6.6 QuickTime PlayerX: 113 Flash Player: 10.0.42 What steps will reproduce the problem? 1. Have 2-3 windows open with 10-12 tabs(with sites) in each. (I use Safari default bookmarks to open many sites) 2. Press cmd+w continuously to close all tabs from all windows. Result: - At some point, Chrome crashes. Note: - We could repro this crash on multiple machines. I have attached the full crash report. Thread 0 (crashed) 0 libobjc.A.dylib 0.227.0.0 0x90993ed7 objc_msgSend + 0x17 1 Google Chrome Framew0.431.0.0 0x001dfe0e CallbackImpl<HistoryMenuBridge, void (HistoryMenuBridge::*)(int, bool, scoped_refptr<RefCountedMemory>, bool, GURL), Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> >::RunWithParams(Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> const&) + 0x2b (tuple.h:447) 2 Google Chrome Framew0.431.0.0 0x00377bfe 3 Google Chrome Framew0.431.0.0 0x0037738a RunnableMethod<CancelableRequest<CallbackRunner<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >, void (CancelableRequest<CallbackRunner<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >::*)(Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> const&), Tuple1<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >::Run() + 0x13 (tuple.h:422) 4 Google Chrome Framew0.431.0.0 0x0074e7bb MessageLoop::RunTask(Task*) + 0xa (message_loop.cc:340) 5 Google Chrome Framew0.431.0.0 0x0074e96d MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) + 0xd (message_loop.cc:349) 6 Google Chrome Framew0.431.0.0 0x0074f89a MessageLoop::DoWork() + 0xb (message_loop.cc:456) 7 Google Chrome Framew0.431.0.0 0x0072c703 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 0xa (message_pump_mac.mm:291) 8 CoreFoundation 0.550.19.0 0x93d93ff0 __CFRunLoopDoSources0 + 0x4b0 9 CoreFoundation 0.550.19.0 0x93d91c1e __CFRunLoopRun + 0x42e 10 CoreFoundation 0.550.19.0 0x93d910f3 CFRunLoopRunSpecific + 0x1c3 11 CoreFoundation 0.550.19.0 0x93d90f20 CFRunLoopRunInMode + 0x60 12 HIToolbox 0.460.0.0 0x9294b0fb RunCurrentEventLoopInMode + 0x187 13 HIToolbox 0.460.0.0 0x9294aeb0 ReceiveNextEventCommon + 0x161 14 HIToolbox 0.460.0.0 0x9294ad35 BlockUntilNextEventMatchingListInMode + 0x50 15 AppKit 0.1038.29.0 0x91e59134 _DPSNextEvent + 0x34e 16 AppKit 0.1038.29.0 0x91e58975 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x9b 17 AppKit 0.1038.29.0 0x91e1abee -[NSApplication run] + 0x334 18 Google Chrome Framew0.431.0.0 0x0072c1ac base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 0x19 (message_pump_mac.mm:677) 19 Google Chrome Framew0.431.0.0 0x0072b935 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 0xb (message_pump_mac.mm:213) 20 Google Chrome Framew0.431.0.0 0x0074f223 MessageLoop::Run() + 0xb (message_loop.cc:214) 21 Google Chrome Framew0.431.0.0 0x00138907 BrowserMain(MainFunctionParams const&) + 0x7 (browser_main.cc:200) 22 Google Chrome Framew0.431.0.0 0x0000b443 ChromeMain + 0xd (chrome_dll_main.cc:841) 23 Google Chrome 0x00001ff7 main + 0x11 (chrome_exe_main.mm:16) 24 Google Chrome 0x00001fb5 25
,
Jun 11, 2010
I see HistoryMenuBridge on the top of the stack, which means this is mine and Mac-only.
Owner: rse...@chromium.org
Cc: pinker...@chromium.org
,
Jun 15, 2010
(No comment was entered for this change.)
Labels: Crash-TopCrasher
,
Jun 16, 2010
I cannot reproduce this locally, but I can imagine a scenario in which this happens. It would be very helpful to have a full stack trace from GDB of a debug build. The trace in the description is from a release build with tail call optimization, which has removed some important frames from the top of the stack.
,
Jun 16, 2010
We don't have a debug build but I copied dSym to into Chrome app and got GDB BT for crash and all other threads. All threads bt info is attached. BT for crash: (gdb) bt #0 DebugUtil::BreakDebugger () at /b/slave/chrome-official-mac/build/src/base/debug_util_posix.cc:259 #1 0x00749714 in logging::LogMessage::~LogMessage (this=0xbfffcdd4) at /b/slave/chrome-official-mac/build/src/base/logging.cc:586 #2 0x001f6984 in (anonymous namespace)::LogAndDie (object=0x1f64fc00, aSelector=0x97854458, viaSelector=0x97953ccc) at /b/slave/chrome-official-mac/build/src/chrome/browser/cocoa/objc_zombie.mm:205 #3 0x001f69c4 in -[CrZombie forwardingTargetForSelector:] (self=0x1f64fc00, _cmd=0x97953ccc, aSelector=0x97854458) at /b/slave/chrome-official-mac/build/src/chrome/browser/cocoa/objc_zombie.mm:247 #4 0x965ce416 in __NSGetForwardingTarget () #5 0x965ce390 in __forwarding_prep_0___ () #6 0x001db971 in HistoryMenuBridge::GotFaviconData (this=0x4207260, handle=619, know_favicon=true, data=@0xbfffcff8, expired=false, url=@0xbfffcfb0) at /b/slave/chrome-official-mac/build/src/chrome/browser/cocoa/history_menu_bridge.mm:433 #7 0x001de5df in ~scoped_refptr [inlined] () at :447 #8 DispatchToMethod<HistoryMenuBridge, void (HistoryMenuBridge::*)(int, bool, scoped_refptr<RefCountedMemory>, bool, GURL), int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> [inlined] () at :447 #9 0x001de5df in CallbackImpl<HistoryMenuBridge, void (HistoryMenuBridge::*)(int, bool, scoped_refptr<RefCountedMemory>, bool, GURL), Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> >::RunWithParams (this=0x1f612e20, params=@0x40399f0) at tuple.h:118 #10 0x0037736f in CancelableRequestBase::NotifyCompleted () at :523 #11 0x0037736f in CancelableRequest<CallbackRunner<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >::ExecuteCallback (this=0x4349660, param=@0x40399f0) at cancelable_request.h:527 #12 0x00376afb in RunnableMethod<CancelableRequest<CallbackRunner<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >, void (CancelableRequest<CallbackRunner<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >::*)(Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> const&), Tuple1<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >::Run (this=0x40399e0) at task.h:296 #13 0x0074c78c in Iterator [inlined] () at :340 #14 0x0074c78c in MessageLoop::RunTask (this=0xbfffe5a8, task=0x40399e0) at /b/slave/chrome-official-mac/build/src/base/message_loop.cc:341 #15 0x0074c93e in MessageLoop::DeferOrRunPendingTask (this=0xbfffe5a8, pending_task=@0xbfffd12c) at /b/slave/chrome-official-mac/build/src/base/message_loop.cc:349 #16 0x0074d86b in MessageLoop::DoWork (this=0xbfffe5a8) at /b/slave/chrome-official-mac/build/src/base/message_loop.cc:456 #17 0x00778b34 in base::MessagePumpCFRunLoopBase::RunWork () at :291 #18 0x00778b34 in base::MessagePumpCFRunLoopBase::RunWorkSource (info=0x4210a40) at /b/slave/chrome-official-mac/build/src/base/message_pump_mac.mm:269 #19 0x96592f91 in __CFRunLoopDoSources0 () #20 0x96590bbf in __CFRunLoopRun () #21 0x96590094 in CFRunLoopRunSpecific () #22 0x9658fec1 in CFRunLoopRunInMode () #23 0x96b3df9c in RunCurrentEventLoopInMode () #24 0x96b3dd51 in ReceiveNextEventCommon () #25 0x96b3dbd6 in BlockUntilNextEventMatchingListInMode () #26 0x970c4a89 in _DPSNextEvent () #27 0x970c42ca in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #28 0x9708655b in -[NSApplication run] () #29 0x007785dd in base::MessagePumpNSApplication::DoRun (this=0x4210a40, delegate=0xbfffe5a8) at /b/slave/chrome-official-mac/build/src/base/message_pump_mac.mm:677 #30 0x00777d66 in base::MessagePumpCFRunLoopBase::Run (this=0x4210a40, delegate=0xbfffe5a8) at /b/slave/chrome-official-mac/build/src/base/message_pump_mac.mm:213 #31 0x0074d1f4 in ~AutoRunState [inlined] () at :214 #32 0x0074d1f4 in MessageLoop::Run (this=0xbfffe5a8) at /b/slave/chrome-official-mac/build/src/base/message_loop.cc:164 #33 0x00136a28 in RunUIMessageLoop [inlined] () at :200 #34 0x00136a28 in BrowserMain (parameters=@0xbffff8c8) at /b/slave/chrome-official-mac/build/src/chrome/browser/browser_main.cc:1329 #35 0x0000b000 in ChromeMain (argc=1, argv=0xbffff9fc) at /b/slave/chrome-official-mac/build/src/chrome/app/chrome_dll_main.cc:861 #36 0x00001ff8 in ?? () #37 0x00001fb6 in ?? () Current language: auto; currently c++
,
Jun 17, 2010
(No comment was entered for this change.)
Status: Started
,
Jun 17, 2010
The following revision refers to this bug:
http://src.chromium.org/viewvc/chrome?view=rev&revision=50134
------------------------------------------------------------------------
r50134 | rsesek@chromium.org | 2010-06-17 13:43:19 -0700 (Thu, 17 Jun 2010) | 6 lines
Changed paths:
M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/cocoa/history_menu_bridge.h?r1=50134&r2=50133
M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/cocoa/history_menu_bridge.mm?r1=50134&r2=50133
M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/cocoa/history_menu_bridge_unittest.mm?r1=50134&r2=50133
Make the HistoryMenuBridge::HistoryItem co-own the NSMenuItem. This hopefully fixes a top-crash.
BUG=46289
TEST=Open 3 windows, with 10-12 tabs in each. Cmd+W rapidly. Chrome doesn't crash. See bug for details.
Review URL: http://codereview.chromium.org/2836008
------------------------------------------------------------------------
,
Jun 17, 2010
(No comment was entered for this change.)
Status: Fixed
,
Jun 22, 2010
Platform: Hostname: testings-mac-mini-3.local Mac OS X Version 10.6.4 (Build 10F569) Processor: 4 Intel 2.66 GHz RAM: 2048 MB Chrome: Chrome version: 6.0.443.0 r50322 <<<Release/Debug>>> QuickTime Player: 7.6.6 QuickTime PlayerX: 114 Flash Player: 10.1.53.64
Status: Verified
,
Jun 22, 2010
(No comment was entered for this change.)
Labels: -Crash-TopCrasher Crash-TopFixed
,
Mar 18, 2011
Platform: Hostname: testings-mac-mini-4.local Mac OS X Version 10.6.3 (Build 10D578) Processor: 2 Intel 2.33 GHz RAM: 2048 MB Chrome: Chrome version: 6.0.431.0 r49370 <<<Release>>> QuickTime Player: 7.6.6 QuickTime PlayerX: 113 Flash Player: 10.0.42 <b>What steps will reproduce the problem?</b> 1. Have 2-3 windows open with 10-12 tabs(with sites) in each. (I use Safari default bookmarks to open many sites) 2. Press cmd+w continuously to close all tabs from all windows. Result: - At some point, Chrome crashes. Note: - We could repro this crash on multiple machines. I have attached the full crash report. Thread 0 (crashed) 0 libobjc.A.dylib 0.227.0.0 0x90993ed7 objc_msgSend + 0x17 1 Google Chrome Framew0.431.0.0 0x001dfe0e CallbackImpl<HistoryMenuBridge, void (HistoryMenuBridge::*)(int, bool, scoped_refptr<RefCountedMemory>, bool, GURL), Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> >::RunWithParams(Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> const&) + 0x2b (tuple.h:447) 2 Google Chrome Framew0.431.0.0 0x00377bfe 3 Google Chrome Framew0.431.0.0 0x0037738a RunnableMethod<CancelableRequest<CallbackRunner<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >, void (CancelableRequest<CallbackRunner<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >::*)(Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> const&), Tuple1<Tuple5<int, bool, scoped_refptr<RefCountedMemory>, bool, GURL> > >::Run() + 0x13 (tuple.h:422) 4 Google Chrome Framew0.431.0.0 0x0074e7bb MessageLoop::RunTask(Task*) + 0xa (message_loop.cc:340) 5 Google Chrome Framew0.431.0.0 0x0074e96d MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) + 0xd (message_loop.cc:349) 6 Google Chrome Framew0.431.0.0 0x0074f89a MessageLoop::DoWork() + 0xb (message_loop.cc:456) 7 Google Chrome Framew0.431.0.0 0x0072c703 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 0xa (message_pump_mac.mm:291) 8 CoreFoundation 0.550.19.0 0x93d93ff0 __CFRunLoopDoSources0 + 0x4b0 9 CoreFoundation 0.550.19.0 0x93d91c1e __CFRunLoopRun + 0x42e 10 CoreFoundation 0.550.19.0 0x93d910f3 CFRunLoopRunSpecific + 0x1c3 11 CoreFoundation 0.550.19.0 0x93d90f20 CFRunLoopRunInMode + 0x60 12 HIToolbox 0.460.0.0 0x9294b0fb RunCurrentEventLoopInMode + 0x187 13 HIToolbox 0.460.0.0 0x9294aeb0 ReceiveNextEventCommon + 0x161 14 HIToolbox 0.460.0.0 0x9294ad35 BlockUntilNextEventMatchingListInMode + 0x50 15 AppKit 0.1038.29.0 0x91e59134 _DPSNextEvent + 0x34e 16 AppKit 0.1038.29.0 0x91e58975 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x9b 17 AppKit 0.1038.29.0 0x91e1abee -[NSApplication run] + 0x334 18 Google Chrome Framew0.431.0.0 0x0072c1ac base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 0x19 (message_pump_mac.mm:677) 19 Google Chrome Framew0.431.0.0 0x0072b935 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 0xb (message_pump_mac.mm:213) 20 Google Chrome Framew0.431.0.0 0x0074f223 MessageLoop::Run() + 0xb (message_loop.cc:214) 21 Google Chrome Framew0.431.0.0 0x00138907 BrowserMain(MainFunctionParams const&) + 0x7 (browser_main.cc:200) 22 Google Chrome Framew0.431.0.0 0x0000b443 ChromeMain + 0xd (chrome_dll_main.cc:841) 23 Google Chrome 0x00001ff7 main + 0x11 (chrome_exe_main.mm:16) 24 Google Chrome 0x00001fb5 25
Labels: -Crash bulkmove Stability-Crash
|
||||||||||
| ► Sign in to add a comment | |||||||||||
Owner: pinker...@chromium.org
Labels: -Pri-2 Pri-1 Mstone-6