| Issue 48825: | ARMv4: crash in URL completion dropdown menu | |
| 5 people starred this issue and may be notified of changes. | Back to list |
Restricted
Sign in to add a comment
|
Chrome Version (from the about:version page): $ COLUMN=80 dpkg -l | grep chromium-browser ii chromium-browser 5.0.375.99~r51029-3 Chromium browser ii chromium-browser-dbg 5.0.375.99~r51029-3 chromium-browser debug symbols ii chromium-browser-inspector 5.0.375.99~r51029-3 page inspector for the chromium-browser Is this the most recent version: No idea OS + version: Debian GNU/Linux unstable CPU architecture (32-bit / 64-bit): ARM920T rev 0 (v4l) Window manager: icewm What steps will reproduce the problem? 1. chromium-browser about:blank 2. focus location bar 3. hit backspace four times 4. hit backspace once What is the expected result? 3 & 4) chromium-browser does not crash What happens instead? 4) chromium-browser crashes Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x472323c0 (LWP 4861)] tokenizeSegment (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:3744 3744 third_party/sqlite/ext/fts2/fts2.c: No such file or directory. in third_party/sqlite/ext/fts2/fts2.c (gdb) bt #0 tokenizeSegment (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:3744 #1 parseQuery (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:3816 #2 fulltextQuery (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:3872 #3 fulltextFilter (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:4050 #4 0x00650ffc in sqlite3VdbeExec (p=0x1516f38) at third_party/sqlite/src/vdbe.c:5237 #5 0x00623c74 in sqlite3Step (pStmt=0x1516f38) at third_party/sqlite/src/vdbeapi.c:344 #6 sqlite3_step (pStmt=0x1516f38) at third_party/sqlite/src/vdbeapi.c:403 #7 0x005a59b8 in sql::Statement::Step (this=0x47231894) at app/sql/statement.cc:46 #8 0x0037866c in history::TextDatabase::GetTextMatches (this=<value optimized out>, query=..., options=<value optimized out>, results=<value optimized out>, found_urls=0x0, first_time_searched=0x127080) at chrome/browser/history/text_database.cc:325 #9 0x00127080 in history::TextDatabaseManager::GetTextMatches (this=0x13f8a00, query=<value optimized out>, options=..., results=0x47231aac, first_time_searched=0x47231ab8) at chrome/browser/history/text_database_manager.cc:471 #10 0x0011829c in history::HistoryBackend::QueryHistoryFTS (this=0x14056c0, text_query=..., options=..., result=0x1506870) at chrome/browser/history/history_backend.cc:1127 #11 0x00118a34 in history::HistoryBackend::QueryHistory (this=0x14056c0, request=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece. ) at chrome/browser/history/history_backend.cc:1062 #12 0x00104d18 in DispatchToMethod<history::HistoryBackend, void (history::HistoryBackend::*)(scoped_refptr<CancelableRequest1<CallbackRunner<Tuple2<int, history::QueryResults*> >, history::QueryResults> >, std::wstring const&, history::QueryOptions const&), scoped_refptr<CancelableRequest1<CallbackRunner<Tuple2<int, history::QueryResults*> >, history::QueryResults> >, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, history::QueryOptions> (this=0x1505e38) at ./base/tuple.h:435 #13 RunnableMethod<history::HistoryBackend, void (history::HistoryBackend::*)(scoped_refptr<CancelableRequest1<CallbackRunner<Tuple2<int, history::QueryResults*> >, history::QueryResults> >, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, history::QueryOptions const&), Tuple3<scoped_refptr<CancelableRequest1<CallbackRunner<Tuple2<int, history::QueryResults*> >, history::QueryResults> >, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, history::QueryOptions> >::Run (this=0x1505e38) at ./base/task.h:296 #14 0x0056c9e0 in MessageLoop::RunTask (this=0x47231c4c, task=0x1505e38) at base/message_loop.cc:329 #15 0x0056e0b4 in MessageLoop::DeferOrRunPendingTask (this=0x47231c4c, pending_task=<value optimized out>) at base/message_loop.cc:337 #16 0x0056e38c in MessageLoop::DoWork (this=0x47231c4c) at base/message_loop.cc:444 #17 0x0056efe4 in base::MessagePumpDefault::Run (this=0x1401bb0, delegate=0x47231c4c) at base/message_pump_default.cc:23 #18 0x0056d540 in MessageLoop::RunInternal (this=0x47231c4c) at base/message_loop.cc:205 #19 0x0056d668 in MessageLoop::RunHandler (this=0x1515508) at base/message_loop.cc:177 #20 MessageLoop::Run (this=0x1515508) at base/message_loop.cc:155 #21 0x005831c8 in base::Thread::Run (this=<value optimized out>, message_loop=0x472314e0) at base/thread.cc:133 #22 0x00583178 in base::Thread::ThreadMain (this=0x1401b90) at base/thread.cc:156 #23 0x00576934 in ThreadFunc (closure=0x1515508) at base/platform_thread_posix.cc:28 #24 0x41f418cc in start_thread () from /lib/libpthread.so.0 #25 0x42918bec in clone () from /lib/libc.so.6 #26 0x42918bec in clone () from /lib/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) x/5i $pc => 0x6360d8 <fulltextFilter+1048>: ldrb r3, [r0, r11] 0x6360dc <fulltextFilter+1052>: cmp r3, #58 ; 0x3a 0x6360e0 <fulltextFilter+1056>: beq 0x63617c <fulltextFilter+1212> 0x6360e4 <fulltextFilter+1060>: ldr r8, [sp, #220] ; 0xdc 0x6360e8 <fulltextFilter+1064>: mov r10, r8 (gdb) info register r0 0x1515508 22107400 r1 0x472314e0 1193481440 r2 0x1 1 r3 0x0 0 r4 0xfd8b94 16616340 r5 0x15178a8 22116520 r6 0x6 6 r7 0x0 0 r8 0x1519968 22124904 r9 0x50000 327680 r10 0x0 0 r11 0x50000 327680 r12 0x0 0 sp 0x47231410 0x47231410 lr 0x635f74 6512500 pc 0x6360d8 0x6360d8 <fulltextFilter+1048> fps 0x1001000 16781312 cpsr 0x60000010 1610612752 (gdb) shell cat /proc/4861/maps 00008000-01213000 r-xp 00000000 b3:02 67196 /usr/lib/chromium-browser/chromium-browser 0121b000-01227000 rwxp 0120b000 b3:02 67196 /usr/lib/chromium-browser/chromium-browser 01227000-01523000 rwxp 01227000 00:00 0 [heap] 40000000-4001d000 r-xp 00000000 b3:02 200141 /lib/ld-2.11.2.so 4001d000-40024000 rwxp 4001d000 00:00 0 [ removed rest of the map since otherwise I get "comment is too long" error from bug tracker.]
Jul 12, 2010
Does it still crash with a fresh profile? I.e. chromium-browser --user-data-dir=/tmp/test_profile ?
Labels:
Crash FeedbackRequested Mstone-X
Jul 12, 2010
No. However if I copy ~/.config/chromium/Default/History* to /tmp/test_profile/Default then it starts to crash. How can I check if the sqlite database is somehow corrupted? At least sqlite3 opens "History" without complaining.
Jul 12, 2010
PRAGMA integrity_check? http://www.sqlite.org/pragma.html BTW, I think most sqlite corruption errors are likely to be marked WontFix.
Jul 12, 2010
lindi@ginger:~$ sqlite3 /var/tmp/test_profile/Default/Archived\ History 'PRAGMA integrity_check;' ok lindi@ginger:~$ sqlite3 /var/tmp/test_profile/Default/History 'PRAGMA integrity_check;' ok
Jul 12, 2010
(No comment was entered for this change.)
Labels:
-FeedbackRequested Feature-History
Jul 12, 2010
I did a few experiments: lindi@ginger:~$ sqlite3 /var/tmp/test_profile/Default/History .dump | sqlite3 History.new lindi@ginger:~$ mv History.new /var/tmp/test_profile/Default/History lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile Segmentation fault lindi@ginger:~$ rm /var/tmp/test_profile/Default/History; sqlite3 ~/.config/chromium/Default/History ".dump" | sqlite3 /var/tmp/test_profile/Default/History lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile Segmentation fault lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/History /var/tmp/test_profile/Default/ lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile Segmentation fault lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/History /var/tmp/test_profile/Default/ lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/Archived\ History /var/tmp/test_profile/Default/ lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile Segmentation fault lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/History /var/tmp/test_profile/Default/ lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/Archived\ History /var/tmp/test_profile/Default/ lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/History-journal /var/tmp/test_profile/Default/ lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile Segmentation fault lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile.still_working lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/History /var/tmp/test_profile/Default/ lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/History-journal /var/tmp/test_profile/Default/ lindi@ginger:~$ cp /var/tmp/test_profile.still_working/Default/Archived\ History /var/tmp/test_profile/Default/ lindi@ginger:~$ rm /var/tmp/test_profile/Default/History\ Index\ 2010-07 lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile lindi@ginger:~$ cp .config/chromium/Default/History\ Index\ 2010-07 /var/tmp/test_profile/Default/ lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile Segmentation fault lindi@ginger:~$ rm /var/tmp/test_profile/Default/History\ Index\ 2010-07 lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile lindi@ginger:~$ sqlite3 .config/chromium/Default/History\ Index\ 2010-07 ".dump" | sqlite3 /var/tmp/test_profile/Default/History\ Index\ 2010-07 lindi@ginger:~$ chromium-browser --user-data-dir=/var/tmp/test_profile Segmentation fault I think this suggests that 1) The problematic file is "History Index 2010-07" 2) dumping the database as text and restoring it back still triggers the bug. A simple corruption of the binary database can be ruled out.
Jul 17, 2010
Here's another register dump just to show that r0 value is different but r11 stays the same: (gdb) x/5i $pc => 0x636e78 <fulltextFilter+1048>: ldrb r3, [r0, r11] 0x636e7c <fulltextFilter+1052>: cmp r3, #58 ; 0x3a 0x636e80 <fulltextFilter+1056>: beq 0x636f1c <fulltextFilter+1212> 0x636e84 <fulltextFilter+1060>: ldr r8, [sp, #220] ; 0xdc 0x636e88 <fulltextFilter+1064>: mov r10, r8 (gdb) info register r0 0x4727a970 1193781616 r1 0x471344e0 1192445152 r2 0x1 1 r3 0x0 0 r4 0xfda734 16623412 r5 0x4727efc8 1193799624 r6 0x6 6 r7 0x0 0 r8 0x4727c280 1193788032 r9 0x50000 327680 r10 0x0 0 r11 0x50000 327680 r12 0x0 0 sp 0x47134410 0x47134410 lr 0x636d14 6515988 pc 0x636e78 0x636e78 <fulltextFilter+1048> fps 0x1001000 16781312 cpsr 0x60000010 1610612752
Jul 17, 2010
uTest Repro in dev build: yes Repro in stable build: yes Accurate Steps: yes Configuration used: Stable: 5.0.375.99, Dev: 6.0.466.0, Windows 7 x64 reproducible
Mar 18, 2011
Chrome Version (from the about:version page): $ COLUMN=80 dpkg -l | grep chromium-browser ii chromium-browser 5.0.375.99~r51029-3 Chromium browser ii chromium-browser-dbg 5.0.375.99~r51029-3 chromium-browser debug symbols ii chromium-browser-inspector 5.0.375.99~r51029-3 page inspector for the chromium-browser Is this the most recent version: No idea OS + version: Debian GNU/Linux unstable CPU architecture (32-bit / 64-bit): ARM920T rev 0 (v4l) Window manager: icewm <b>What steps will reproduce the problem?</b> 1. chromium-browser about:blank 2. focus location bar 3. hit backspace four times 4. hit backspace once <b>What is the expected result?</b> 3 & 4) chromium-browser does not crash <b>What happens instead?</b> 4) chromium-browser crashes Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x472323c0 (LWP 4861)] tokenizeSegment (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:3744 3744 third_party/sqlite/ext/fts2/fts2.c: No such file or directory. in third_party/sqlite/ext/fts2/fts2.c (gdb) bt #0 tokenizeSegment (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:3744 #1 parseQuery (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:3816 #2 fulltextQuery (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:3872 #3 fulltextFilter (pCursor=<value optimized out>, idxNum=<value optimized out>, idxStr=<value optimized out>, argc=<value optimized out>, argv=0x151a5b8) at third_party/sqlite/ext/fts2/fts2.c:4050 #4 0x00650ffc in sqlite3VdbeExec (p=0x1516f38) at third_party/sqlite/src/vdbe.c:5237 #5 0x00623c74 in sqlite3Step (pStmt=0x1516f38) at third_party/sqlite/src/vdbeapi.c:344 #6 sqlite3_step (pStmt=0x1516f38) at third_party/sqlite/src/vdbeapi.c:403 #7 0x005a59b8 in sql::Statement::Step (this=0x47231894) at app/sql/statement.cc:46 #8 0x0037866c in history::TextDatabase::GetTextMatches (this=<value optimized out>, query=..., options=<value optimized out>, results=<value optimized out>, found_urls=0x0, first_time_searched=0x127080) at chrome/browser/history/text_database.cc:325 #9 0x00127080 in history::TextDatabaseManager::GetTextMatches (this=0x13f8a00, query=<value optimized out>, options=..., results=0x47231aac, first_time_searched=0x47231ab8) at chrome/browser/history/text_database_manager.cc:471 #10 0x0011829c in history::HistoryBackend::QueryHistoryFTS (this=0x14056c0, text_query=..., options=..., result=0x1506870) at chrome/browser/history/history_backend.cc:1127 #11 0x00118a34 in history::HistoryBackend::QueryHistory (this=0x14056c0, request=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece. ) at chrome/browser/history/history_backend.cc:1062 #12 0x00104d18 in DispatchToMethod<history::HistoryBackend, void (history::HistoryBackend::*)(scoped_refptr<CancelableRequest1<CallbackRunner<Tuple2<int, history::QueryResults*> >, history::QueryResults> >, std::wstring const&, history::QueryOptions const&), scoped_refptr<CancelableRequest1<CallbackRunner<Tuple2<int, history::QueryResults*> >, history::QueryResults> >, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, history::QueryOptions> (this=0x1505e38) at ./base/tuple.h:435 #13 RunnableMethod<history::HistoryBackend, void (history::HistoryBackend::*)(scoped_refptr<CancelableRequest1<CallbackRunner<Tuple2<int, history::QueryResults*> >, history::QueryResults> >, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, history::QueryOptions const&), Tuple3<scoped_refptr<CancelableRequest1<CallbackRunner<Tuple2<int, history::QueryResults*> >, history::QueryResults> >, std::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, history::QueryOptions> >::Run (this=0x1505e38) at ./base/task.h:296 #14 0x0056c9e0 in MessageLoop::RunTask (this=0x47231c4c, task=0x1505e38) at base/message_loop.cc:329 #15 0x0056e0b4 in MessageLoop::DeferOrRunPendingTask (this=0x47231c4c, pending_task=<value optimized out>) at base/message_loop.cc:337 #16 0x0056e38c in MessageLoop::DoWork (this=0x47231c4c) at base/message_loop.cc:444 #17 0x0056efe4 in base::MessagePumpDefault::Run (this=0x1401bb0, delegate=0x47231c4c) at base/message_pump_default.cc:23 #18 0x0056d540 in MessageLoop::RunInternal (this=0x47231c4c) at base/message_loop.cc:205 #19 0x0056d668 in MessageLoop::RunHandler (this=0x1515508) at base/message_loop.cc:177 #20 MessageLoop::Run (this=0x1515508) at base/message_loop.cc:155 #21 0x005831c8 in base::Thread::Run (this=<value optimized out>, message_loop=0x472314e0) at base/thread.cc:133 #22 0x00583178 in base::Thread::ThreadMain (this=0x1401b90) at base/thread.cc:156 #23 0x00576934 in ThreadFunc (closure=0x1515508) at base/platform_thread_posix.cc:28 #24 0x41f418cc in start_thread () from /lib/libpthread.so.0 #25 0x42918bec in clone () from /lib/libc.so.6 #26 0x42918bec in clone () from /lib/libc.so.6 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) x/5i $pc => 0x6360d8 <fulltextFilter+1048>: ldrb r3, [r0, r11] 0x6360dc <fulltextFilter+1052>: cmp r3, #58 ; 0x3a 0x6360e0 <fulltextFilter+1056>: beq 0x63617c <fulltextFilter+1212> 0x6360e4 <fulltextFilter+1060>: ldr r8, [sp, #220] ; 0xdc 0x6360e8 <fulltextFilter+1064>: mov r10, r8 (gdb) info register r0 0x1515508 22107400 r1 0x472314e0 1193481440 r2 0x1 1 r3 0x0 0 r4 0xfd8b94 16616340 r5 0x15178a8 22116520 r6 0x6 6 r7 0x0 0 r8 0x1519968 22124904 r9 0x50000 327680 r10 0x0 0 r11 0x50000 327680 r12 0x0 0 sp 0x47231410 0x47231410 lr 0x635f74 6512500 pc 0x6360d8 0x6360d8 <fulltextFilter+1048> fps 0x1001000 16781312 cpsr 0x60000010 1610612752 (gdb) shell cat /proc/4861/maps 00008000-01213000 r-xp 00000000 b3:02 67196 /usr/lib/chromium-browser/chromium-browser 0121b000-01227000 rwxp 0120b000 b3:02 67196 /usr/lib/chromium-browser/chromium-browser 01227000-01523000 rwxp 01227000 00:00 0 [heap] 40000000-4001d000 r-xp 00000000 b3:02 200141 /lib/ld-2.11.2.so 4001d000-40024000 rwxp 4001d000 00:00 0 [ removed rest of the map since otherwise I get "comment is too long" error from bug tracker.]
Labels:
-Crash bulkmove Stability-Crash
Aug 10, 2012
Closing old bug as obsolete. Please file a new bug (with details) if this problem is still occurring for you.
Status:
IceBox
Oct 13, 2012
This issue has been closed for some time. No one will pay attention to new comments. If you are seeing this bug or have new data, please click New Issue to start a new bug.
Labels:
Restrict-AddIssueComment-Commit
Mar 10, 2013
(No comment was entered for this change.)
Labels:
-Area-Undefined -Feature-History Cr-UI-Browser-History
|
||||||||
| ► Sign in to add a comment | |||||||||
24.5 KB View Download