search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.73k stars 2.31k forks source link

Crash when closing Brave when Splitview enabled #39442

Closed bsclifton closed 3 months ago

bsclifton commented 3 months ago

Description

When exiting Brave on Windows with splitview enabled, I am seeing a crash.

Employees can view on Backtrace here: https://brave.sp.backtrace.io/p/brave/debug?filters=JTVCJTVCJTIyX3J4aWQlMjIlMkMlMjJlcXVhbCUyMiUyQyUyMjk3ZWQwNjAwLWIzNjItMzIwYy0wMDAwLTAwMDAwMDAwMDAwMCUyMiU1RCU1RA%3D%3D&debug=(%227b9be02%22,0,0)

[ 00 ] ImmediateCrash() ( immediate_crash.h:176 )
[ 01 ] CheckFailure() ( check.h:212 )
[ 02 ] TabStripModel::GetTabHandleAt(int) ( tab_strip_model.cc:271 )
[ 03 ] operator==(absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<const void *,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > >,absl::container_internal::HashEq<const void *,void>::Hash,absl::container_internal::HashEq<const void *,void>::Eq,std::__Cr::allocator<std::__Cr::pair<const void *const,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > > > >::iterator const &,absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<const void *,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > >,absl::container_internal::HashEq<const void *,void>::Hash,absl::container_internal::HashEq<const void *,void>::Eq,std::__Cr::allocator<std::__Cr::pair<const void *const,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > > > >::iterator const &) ( raw_hash_set.h:2476 )
[ 04 ] operator!=(absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<const void *,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > >,absl::container_internal::HashEq<const void *,void>::Hash,absl::container_internal::HashEq<const void *,void>::Eq,std::__Cr::allocator<std::__Cr::pair<const void *const,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > > > >::iterator const &,absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<const void *,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > >,absl::container_internal::HashEq<const void *,void>::Hash,absl::container_internal::HashEq<const void *,void>::Eq,std::__Cr::allocator<std::__Cr::pair<const void *const,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > > > >::iterator const &) ( raw_hash_set.h:2481 )
[ 05 ] base::SupportsUserData::GetUserData(void const *) ( supports_user_data.cc:51 )
[ 06 ] Browser::TabGroupedStateChanged(std::__Cr::optional<tab_groups::TabGroupId>,content::WebContents *,int) ( browser.cc:1478 )
[ 07 ] base::ObserverList<net::MDnsListenerImpl,0,1,base::internal::UncheckedObserverAdapter<0> >::Iter::Iter(base::ObserverList<net::MDnsListenerImpl,0,1,base::internal::UncheckedObserverAdapter<0> > const *) ( observer_list.h:154 )
[ 08 ] TabStripModel::TabGroupStateChanged(int,content::WebContents *,std::__Cr::optional<tab_groups::TabGroupId> const,std::__Cr::optional<tab_groups::TabGroupId> const) ( tab_strip_model.cc:2695 )
[ 09 ] std::__Cr::__tree<std::__Cr::__value_type<gl::GpuPreference,unsigned long long>,std::__Cr::__map_value_compare<gl::GpuPreference,std::__Cr::__value_type<gl::GpuPreference,unsigned long long>,std::__Cr::less<gl::GpuPreference>,1>,std::__Cr::allocator<std::__Cr::__value_type<gl::GpuPreference,unsigned long long> > >::destroy(std::__Cr::__tree_node<std::__Cr::__value_type<gl::GpuPreference,unsigned long long>,void *> *) ( __tree:1545 )
[ 10 ] std::__Cr::__tree<std::__Cr::__value_type<gl::GpuPreference,unsigned long long>,std::__Cr::__map_value_compare<gl::GpuPreference,std::__Cr::__value_type<gl::GpuPreference,unsigned long long>,std::__Cr::less<gl::GpuPreference>,1>,std::__Cr::allocator<std::__Cr::__value_type<gl::GpuPreference,unsigned long long> > >::destroy(std::__Cr::__tree_node<std::__Cr::__value_type<gl::GpuPreference,unsigned long long>,void *> *) ( __tree:1545 )
[ 11 ] TabStripModel::RemoveTabFromIndexImpl(int) ( tab_strip_model.cc:2586 )
[ 12 ] operator==(absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<const void *,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > >,absl::container_internal::HashEq<const void *,void>::Hash,absl::container_internal::HashEq<const void *,void>::Eq,std::__Cr::allocator<std::__Cr::pair<const void *const,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > > > >::iterator const &,absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<const void *,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > >,absl::container_internal::HashEq<const void *,void>::Hash,absl::container_internal::HashEq<const void *,void>::Eq,std::__Cr::allocator<std::__Cr::pair<const void *const,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > > > >::iterator const &) ( raw_hash_set.h:2476 )
[ 13 ] operator!=(absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<const void *,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > >,absl::container_internal::HashEq<const void *,void>::Hash,absl::container_internal::HashEq<const void *,void>::Eq,std::__Cr::allocator<std::__Cr::pair<const void *const,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > > > >::iterator const &,absl::container_internal::raw_hash_set<absl::container_internal::FlatHashMapPolicy<const void *,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > >,absl::container_internal::HashEq<const void *,void>::Hash,absl::container_internal::HashEq<const void *,void>::Eq,std::__Cr::allocator<std::__Cr::pair<const void *const,std::__Cr::unique_ptr<base::SupportsUserData::Data,std::__Cr::default_delete<base::SupportsUserData::Data> > > > >::iterator const &) ( raw_hash_set.h:2481 )
[ 14 ] base::SupportsUserData::GetUserData(void const *) ( supports_user_data.cc:51 )
[ 15 ] ProfileSelections::Builder::Builder() ( profile_selections.cc:28 )
[ 16 ] ProfileSelections::BuildRedirectedInIncognito() ( profile_selections.cc:96 )
[ 17 ] ProfileSelections::Builder::Builder() ( profile_selections.cc:28 )
[ 18 ] ProfileSelections::BuildRedirectedInIncognito() ( profile_selections.cc:96 )
[ 19 ] TabStripModel::DetachWebContentsImpl(int,int,bool,TabStripModelChange::RemoveReason) ( tab_strip_model.cc:427 )
[ 20 ] UnloadController::RunUnloadEventsHelper(content::WebContents *) ( unload_controller.cc:113 )
[ 21 ] TabStripModel::CloseWebContentses(base::span<content::WebContents *const,18446744073709551615,content::WebContents *const *>,unsigned int,TabStripModel::DetachNotifications *) ( tab_strip_model.cc:2109 )
[ 22 ] TabStripModel::CloseTabs(base::span<content::WebContents *const,18446744073709551615,content::WebContents *const *>,unsigned int) ( tab_strip_model.cc:2016 )
[ 23 ] PinnedTabCodec::WritePinnedTabs(Profile *) ( pinned_tab_codec.cc:79 )
[ 24 ] operator new(unsigned __int64) ( new_scalar.cpp:36 )
[ 25 ] TabStripModel::CloseAllTabs() ( tab_strip_model.cc:670 )
[ 26 ] UnloadController::ProcessPendingTabs(bool) ( unload_controller.cc:355 )
[ 27 ] IPC::ChannelAssociatedGroupController::Accept(mojo::Message *) ( ipc_mojo_bootstrap.cc:1159 )
[ 28 ] 0xaaaaaaaaaaaaaaaa
[ 29 ] IPC::ChannelAssociatedGroupController::AcceptOnEndpointThread(mojo::Message,IPC::`anonymous namespace'::ScopedUrgentMessageNotification) ( ipc_mojo_bootstrap.cc:1226 )
[ 30 ] base::internal::DecayedFunctorTraits<void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),IPC::ChannelAssociatedGroupController *&&,mojo::Message &&,IPC::(anonymous namespace)::ScopedUrgentMessageNotification &&>::Invoke((mojo::Message,IPC::`anonymous namespace'::ScopedUrgentMessageNotification),scoped_refptr<IPC::ChannelAssociatedGroupController> &&,mojo::Message &&,IPC::`anonymous namespace'::ScopedUrgentMessageNotification &&) ( bind_internal.h:738 )
[ 31 ] base::internal::InvokeHelper<0,base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::*&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),IPC::ChannelAssociatedGroupController *&&,mojo::Message &&,IPC::(anonymous namespace)::ScopedUrgentMessageNotification &&>,void,0,1,2>::MakeItSo((mojo::Message,IPC::`anonymous namespace'::ScopedUrgentMessageNotification) &&,std::__Cr::tuple<scoped_refptr<IPC::ChannelAssociatedGroupController>,mojo::Message,IPC::(anonymous namespace)::ScopedUrgentMessageNotification> &&) ( bind_internal.h:930 )
[ 32 ] base::internal::Invoker<base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::*&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),IPC::ChannelAssociatedGroupController *&&,mojo::Message &&,IPC::(anonymous namespace)::ScopedUrgentMessageNotification &&>,base::internal::BindState<1,1,0,void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),scoped_refptr<IPC::ChannelAssociatedGroupController>,mojo::Message,IPC::(anonymous namespace)::ScopedUrgentMessageNotification>,void ()>::RunImpl((mojo::Message,IPC::`anonymous namespace'::ScopedUrgentMessageNotification) &&,std::__Cr::tuple<scoped_refptr<IPC::ChannelAssociatedGroupController>,mojo::Message,IPC::(anonymous namespace)::ScopedUrgentMessageNotification> &&,std::__Cr::integer_sequence<unsigned long long,0,1,2>) ( bind_internal.h:1067 )
[ 33 ] base::internal::Invoker<base::internal::FunctorTraits<void (IPC::ChannelAssociatedGroupController::*&&)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),IPC::ChannelAssociatedGroupController *&&,mojo::Message &&,IPC::(anonymous namespace)::ScopedUrgentMessageNotification &&>,base::internal::BindState<1,1,0,void (IPC::ChannelAssociatedGroupController::*)(mojo::Message, IPC::(anonymous namespace)::ScopedUrgentMessageNotification),scoped_refptr<IPC::ChannelAssociatedGroupController>,mojo::Message,IPC::(anonymous namespace)::ScopedUrgentMessageNotification>,void ()>::RunOnce(base::internal::BindStateBase *) ( bind_internal.h:980 )
[ 34 ] base::OnceCallback<void ()>::Run() ( callback.h:156 )
[ 35 ] base::TaskAnnotator::RunTaskImpl(base::PendingTask &) ( task_annotator.cc:203 )
[ 36 ] base::TaskAnnotator::RunTask(perfetto::StaticString,base::PendingTask &,base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl::<lambda_4> &&) ( task_annotator.h:90 )
[ 37 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow *) ( thread_controller_with_message_pump_impl.cc:484 )
[ 38 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ( thread_controller_with_message_pump_impl.cc:346 )
[ 39 ] base::MessagePumpForUI::DoRunLoop() ( message_pump_win.cc:259 )
[ 40 ] RtlUnwind
[ 41 ] base::MessagePumpWin::Run(base::MessagePump::Delegate *) ( message_pump_win.cc:84 )
[ 42 ] base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool,base::TimeDelta) ( thread_controller_with_message_pump_impl.cc:657 )
[ 43 ] base::RunLoop::Run(base::Location const &) ( run_loop.cc:136 )
[ 44 ] content::BrowserMainLoop::RunMainMessageLoop() ( browser_main_loop.cc:1087 )
[ 45 ] RtlUnwind
[ 46 ] RtlUnwind
[ 47 ] content::BrowserMainLoop::RunMainMessageLoop() ( browser_main_loop.cc:1085 )
[ 48 ] content::BrowserMainRunnerImpl::Run() ( browser_main_runner_impl.cc:160 )
[ 49 ] content::BrowserMain(content::MainFunctionParams) ( browser_main.cc:34 )
[ 50 ] RtlUnwind
[ 51 ] content::RunBrowserProcessMain(content::MainFunctionParams,content::ContentMainDelegate *) ( content_main_runner_impl.cc:721 )
[ 52 ] RtlUnwind
[ 53 ] RtlUnwind
[ 54 ] partition_alloc::PartitionRoot::SetSortActiveSlotSpansEnabled(bool) ( partition_root.cc:1889 )
[ 55 ] base::allocator::PartitionAllocSupport::ReconfigureAfterTaskRunnerInit(std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char> > const &) ( partition_alloc_support.cc:1469 )
[ 56 ] content::ContentMainRunnerImpl::RunBrowser(content::MainFunctionParams,bool) ( content_main_runner_impl.cc:1302 )
[ 57 ] 0x7ffde8a05b80
[ 58 ] RtlUnwind
[ 59 ] RtlUnwind
[ 60 ] std::__Cr::__compressed_pair_elem<std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char> >::__rep,0,0>::__compressed_pair_elem(std::__Cr::__value_init_tag) ( compressed_pair.h:49 )
[ 61 ] std::__Cr::__compressed_pair<std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char> >::__rep,std::__Cr::allocator<char> >::__compressed_pair(std::__Cr::__value_init_tag &&,std::__Cr::__default_init_tag &&) ( compressed_pair.h:119 )
[ 62 ] std::__Cr::basic_string<char,std::__Cr::char_traits<char>,std::__Cr::allocator<char> >::basic_string() ( string:898 )
[ 63 ] UTF16ToUTF8(std::__Cr::basic_string_view<char16_t,std::__Cr::char_traits<char16_t> >) ( utf_string_conversions.cc:248 )
[ 64 ] WideToUTF8(std::__Cr::basic_string_view<wchar_t,std::__Cr::char_traits<wchar_t> >) ( utf_string_conversions.cc:330 )
[ 65 ] base::CommandLine::GetSwitchValueASCII(std::__Cr::basic_string_view<char,std::__Cr::char_traits<char> >) ( command_line.cc:361 )
[ 66 ] content::ContentMainRunnerImpl::Run() ( content_main_runner_impl.cc:1154 )
[ 67 ] RunContentProcess(content::ContentMainParams,content::ContentMainRunner *) ( content_main.cc:332 )
[ 68 ] content::ContentMain(content::ContentMainParams) ( content_main.cc:345 )
[ 69 ] ChromeMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,__int64) ( chrome_main.cc:194 )
[ 70 ] MainDllLoader::Launch(HINSTANCE__ *,base::TimeTicks) ( main_dll_loader_win.cc:181 )
[ 71 ] wWinMain(HINSTANCE__ *,HINSTANCE__ *,wchar_t *,int) ( chrome_exe_main_win.cc:350 )
[ 72 ] invoke_main() ( exe_common.inl:118 )
[ 73 ] __scrt_common_main_seh() ( exe_common.inl:288 )
[ 74 ] 0x7ffde8a0257d
[ 75 ] RtlUserThreadStart
[ 76 ] 0x7ffde6e90f10

Steps to reproduce

  1. Be on Windows
  2. Use Nightly
  3. Enable Splitview via brave://flags/#brave-split-view
  4. Restart browser so it takes effect
  5. Open some pages
  6. Close the browser
  7. Re-open the browser

Actual result

NTP shows up with recover dialog

Expected result

It should recover the state and not have crashed

Reproduces how often

Easily reproduced

Brave version (brave://version info)

Brave 1.69.62 Chromium: 127.0.6533.17 (Official Build) nightly (64-bit) Revision 50af8e07a47dfe29f581936e45c07e8ee8b676f5 OS Windows 11 Version 23H2 (Build 22631.3737)

Channel information

Reproducibility

Miscellaneous information

Shared on company Slack here: https://bravesoftware.slack.com/archives/C01826CM3J9/p1719529904073329

bsclifton commented 3 months ago

I think this is a duplicate of https://github.com/brave/brave-browser/issues/39419

jagadeshjai commented 3 months ago

I wasn't able to reproduce the crash by following the steps you mentioned. However, as I saw Browser::TabGroupedStateChanged in your crash report, I created a tab group and found that closing the browser leads to a crash.

@bsclifton Could you please confirm whether you are able to reproduce the crash without having a group?

jagadeshjai commented 3 months ago

Possibly root cause of this issue might be linked to https://github.com/brave/brave-browser/issues/39486