| Issue 203493: | Flaky crash in ProfileImplIOData::Handle::~Handle | |
| 2 people starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
From http://chromeos-botmaster.mtv.corp.google.com:8026/builders/x86-zgb_he%20canary/builds/97 Crash reason: SIGSEGV Crash address: 0x0 Thread 0 (crashed) 0 chrome!ProfileImplIOData::Handle::~Handle [profile_impl_io_data.cc : 49 + 0x0] eip = 0x742e9695 esp = 0x7fe19cf0 ebp = 0x7fe19d48 ebx = 0x778c3ff4 esi = 0x00000000 edi = 0x00000000 eax = 0x78313b40 ecx = 0x783613ac edx = 0x783613ac efl = 0x00010246 Found by: given as instruction pointer in context 1 chrome!ProfileImpl::~ProfileImpl [profile_impl.cc : 831 + 0xd] eip = 0x742e44fe esp = 0x7fe19d50 ebp = 0x7fe19f28 ebx = 0x778c3ff4 esi = 0x78361300 edi = 0x00000000 Found by: call frame info 2 chrome!ProfileImpl::~ProfileImpl [profile_impl.cc : 831 + 0x7] eip = 0x742e4f5e esp = 0x7fe19f30 ebp = 0x7fe19f58 ebx = 0x778c3ff4 esi = 0x78361300 edi = 0x784a89c0 Found by: call frame info 3 chrome!std::_Rb_tree<FilePath, std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> >, std::_Select1st<std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> > >, std::less<FilePath>, std::allocator<std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> > > >::_M_erase [scoped_ptr.h : 75 + 0x7] eip = 0x73dfa79c esp = 0x7fe19f60 ebp = 0x7fe19fa8 ebx = 0x778c3ff4 esi = 0x784a8720 edi = 0x784a89c0 Found by: call frame info 4 chrome!std::_Rb_tree<FilePath, std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> >, std::_Select1st<std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> > >, std::less<FilePath>, std::allocator<std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> > > >::_M_erase [stl_tree.h : 1010 + 0x11] eip = 0x73dfa722 esp = 0x7fe19fb0 ebp = 0x7fe19ff8 ebx = 0x778c3ff4 esi = 0x7808bd60 edi = 0x00000000 Found by: call frame info 5 chrome!ProfileManager::~ProfileManager [stl_tree.h : 654 + 0x11] eip = 0x73dfad28 esp = 0x7fe1a000 ebp = 0x7fe1a068 ebx = 0x778c3ff4 esi = 0x7804eaa0 edi = 0x00000000 Found by: call frame info 6 chrome!ProfileManager::~ProfileManager [profile_manager.cc : 123 + 0x7] eip = 0x73dfae2e esp = 0x7fe1a070 ebp = 0x7fe1a098 ebx = 0x778c3ff4 esi = 0x7804eaa0 edi = 0x780c49c0 Found by: call frame info 7 chrome!BrowserProcessImpl::~BrowserProcessImpl [scoped_ptr.h : 84 + 0x7] eip = 0x74504d72 esp = 0x7fe1a0a0 ebp = 0x7fe1a118 ebx = 0x778c3ff4 esi = 0x77feec40 edi = 0x780c49c0 Found by: call frame info 8 chrome!BrowserProcessImpl::~BrowserProcessImpl [browser_process_impl.cc : 281 + 0x7] eip = 0x745054ee esp = 0x7fe1a120 ebp = 0x7fe1a148 ebx = 0x778c3ff4 esi = 0x77feec40 edi = 0x78038900 Found by: call frame info 9 chrome!browser_shutdown::Shutdown [browser_shutdown.cc : 174 + 0x7] eip = 0x7401944b esp = 0x7fe1a150 ebp = 0x7fe1a288 ebx = 0x778c3ff4 esi = 0x778d7c84 edi = 0x78038900 Found by: call frame info 10 chrome!ChromeBrowserMainParts::PostMainMessageLoopRun [chrome_browser_main.cc : 1983 + 0x4] eip = 0x74037e6e esp = 0x7fe1a290 ebp = 0x7fe1a388 ebx = 0x778c3ff4 esi = 0x77fd3c80 edi = 0x7fe1a3c7 Found by: call frame info 11 chrome!BrowserMain [browser_main.cc : 253 + 0x7] eip = 0x7611dc00 esp = 0x7fe1a390 ebp = 0x7fe1a3f8 ebx = 0x778c3ff4 esi = 0x77fd3c80 edi = 0x7fe1a3c7 Found by: call frame info 12 chrome!content::ContentMain [content_main.cc : 253 + 0x17] eip = 0x747b45cb esp = 0x7fe1a400 ebp = 0x7fe1aa88 ebx = 0x778c3ff4 esi = 0x7fe1a474 edi = 0x7fe1aa28 Found by: call frame info 13 chrome!ChromeMain [chrome_main.cc : 748 + 0xe] eip = 0x73cdb0f6 esp = 0x7fe1aa90 ebp = 0x7fe1aaf8 ebx = 0x778c3ff4 esi = 0x7fe1aac0 edi = 0x7fe1aac4 Found by: call frame info 14 chrome!main [chrome_exe_main_gtk.cc : 18 + 0x11] eip = 0x73cda5c4 esp = 0x7fe1ab00 ebp = 0x7fe1ab38 ebx = 0x778c3ff4 esi = 0x00000000 edi = 0x00000000 Found by: call frame info 15 libc-2.10.1.so + 0x16a95 eip = 0x72953a96 esp = 0x7fe1ab40 ebp = 0x7fe1abb8 ebx = 0x778c3ff4 esi = 0x00000000 edi = 0x00000000 Found by: call frame info 16 chrome + 0x21b480 eip = 0x73cda481 esp = 0x7fe1abc0 ebp = 0x00000000 Found by: previous frame's frame pointer 17 chrome + 0x21b58f eip = 0x73cda590 esp = 0x7fe1abc4 ebp = 0x00000000 Found by: stack scanning 18 ld-2.10.1.so + 0xefff eip = 0x73aaf000 esp = 0x7fe1abd8 ebp = 0x00000000 Found by: stack scanning
Sep 14, 2011
#1
stevenjb@chromium.org
Sep 16, 2011
(No comment was entered for this change.)
Status:
Assigned
Labels: Mstone-R16
Sep 16, 2011
(No comment was entered for this change.)
Cc:
willchan@chromium.org
Sep 20, 2011
David, have you seen this recently? I've seen a couple of CLs go by that may have addressed this and I haven't been able to repro it myself. Downgrading to P1 for now.
Cc:
davidjames@chromium.org
Labels: -Pri-0 Pri-1
Sep 23, 2011
Just happened again in http://chromeos-botmaster.mtv.corp.google.com:8026/builders/x86-zgb_he%20canary/builds/138 Slightly different stack trace but same idea. Since it's a SIGABRT this time, the logs might have something valuable. Thread 0 (crashed) 0 linux-gate.so + 0x416 eip = 0x73bf1416 esp = 0x7f83ab14 ebp = 0x7f83ab20 ebx = 0x00001227 esi = 0x7f83ad44 edi = 0x72bcbe54 eax = 0x00000000 ecx = 0x00001227 edx = 0x00000006 efl = 0x00000206 Found by: given as instruction pointer in context 1 libc-2.11.1.so + 0x2c414 eip = 0x72aa2415 esp = 0x7f83ab28 ebp = 0x7f83ac48 Found by: previous frame's frame pointer 2 chrome!base::debug::BreakDebugger [debugger_posix.cc : 197 + 0x4] eip = 0x749c06a3 esp = 0x7f83ac50 ebp = 0x7f83ac68 Found by: previous frame's frame pointer 3 chrome!logging::LogMessage::~LogMessage [logging.cc : 654 + 0x4] eip = 0x749dda75 esp = 0x7f83ac70 ebp = 0x7f83ad08 ebx = 0x779f9ff4 Found by: call frame info 4 chrome!ProfileImplIOData::Handle::~Handle [profile_impl_io_data.cc : 63 + 0x7] eip = 0x74452c2d esp = 0x7f83ad10 ebp = 0x7f83aee8 ebx = 0x779f9ff4 esi = 0x785c7090 edi = 0x7f83ad44 Found by: call frame info 5 chrome!ProfileImpl::~ProfileImpl [profile_impl.cc : 855 + 0xd] eip = 0x7444d712 esp = 0x7f83aef0 ebp = 0x7f83b0c8 ebx = 0x779f9ff4 esi = 0x78490780 edi = 0x00000000 Found by: call frame info 6 chrome!ProfileImpl::~ProfileImpl [profile_impl.cc : 855 + 0x7] eip = 0x7444e0fe esp = 0x7f83b0d0 ebp = 0x7f83b0f8 ebx = 0x779f9ff4 esi = 0x78490780 edi = 0x785bb640 Found by: call frame info 7 chrome!std::_Rb_tree<FilePath, std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> >, std::_Select1st<std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> > >, std::less<FilePath>, std::allocator<std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> > > >::_M_erase [scoped_ptr.h : 75 + 0x7] eip = 0x73f4da3c esp = 0x7f83b100 ebp = 0x7f83b148 ebx = 0x779f9ff4 esi = 0x785bbbc0 edi = 0x785bb640 Found by: call frame info 8 chrome!std::_Rb_tree<FilePath, std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> >, std::_Select1st<std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> > >, std::less<FilePath>, std::allocator<std::pair<const FilePath, linked_ptr<ProfileManager::ProfileInfo> > > >::_M_erase [stl_tree.h : 1010 + 0x11] eip = 0x73f4d9c2 esp = 0x7f83b150 ebp = 0x7f83b198 ebx = 0x779f9ff4 esi = 0x78148d60 edi = 0x00000000 Found by: call frame info 9 chrome!ProfileManager::~ProfileManager [stl_tree.h : 654 + 0x11] eip = 0x73f4dfc8 esp = 0x7f83b1a0 ebp = 0x7f83b208 ebx = 0x779f9ff4 esi = 0x780f9dc0 edi = 0x00000000 Found by: call frame info 10 chrome!ProfileManager::~ProfileManager [profile_manager.cc : 123 + 0x7] eip = 0x73f4e0ce esp = 0x7f83b210 ebp = 0x7f83b238 ebx = 0x779f9ff4 esi = 0x780f9dc0 edi = 0x7814c450 Found by: call frame info 11 chrome!BrowserProcessImpl::~BrowserProcessImpl [scoped_ptr.h : 84 + 0x7] eip = 0x74675202 esp = 0x7f83b240 ebp = 0x7f83b2b8 ebx = 0x779f9ff4 esi = 0x780a1b00 edi = 0x7814c450 Found by: call frame info 12 chrome!BrowserProcessImpl::~BrowserProcessImpl [browser_process_impl.cc : 292 + 0x7] eip = 0x7467596e esp = 0x7f83b2c0 ebp = 0x7f83b2e8 ebx = 0x779f9ff4 esi = 0x780a1b00 edi = 0x780e57b0 Found by: call frame info 13 chrome!browser_shutdown::Shutdown [browser_shutdown.cc : 174 + 0x7] eip = 0x7417079b esp = 0x7f83b2f0 ebp = 0x7f83b428 ebx = 0x779f9ff4 esi = 0x77a0e044 edi = 0x780e57b0 Found by: call frame info ...
Labels:
-Pri-1 Pri-0
Sep 26, 2011
It looks like this is now triggering: CHECK(io_data_->predictor_.get() != NULL); Added by rlp@. This implies that io_data_->predictor_ is getting reset or never getting set. I don't see anyplace that it is getting reset, however ProfileImpl:io_data_.Init() is not getting called until ProfileImpl::DoFinalInit(). My guess is that this happens when we exit before that gets called. The correct fix would thus be to simply not call io_data_->predictor_->ShutdownOnUIThread() when io_data_->predictor_.get() == NULL. I'll put together a quick CL to fix that.
Cc:
rlp@chromium.org
Sep 26, 2011
CL: http://codereview.chromium.org/8043029/
Sep 26, 2011
The fix for this is tiny and causes test flakiness so I suggest that we merge this into R15.
Labels:
-Mstone-R16 Mstone-R15 Merge-Requested
Sep 26, 2011
Committed @ 102825
Sep 26, 2011
(No comment was entered for this change.)
Status:
Started
Sep 28, 2011
(No comment was entered for this change.)
Labels:
-Merge-Requested Merge-Approved
Sep 28, 2011
Turns out the symptom of the crash is not in the R15 branch (I thought it was), so nevermind.
Status:
Fixed
Labels: -Mstone-R15 -Merge-Approved Mstone-R16
Oct 3, 2011
Closing it considering its fixed.
Status:
Verified
Oct 5, 2011
Claiming work to iteration-39
Labels:
Iteration-39
Mar 6, 2013
(No comment was entered for this change.)
Labels:
OS-Chrome
Mar 9, 2013
(No comment was entered for this change.)
Labels:
-TreeCloser -Mstone-R16 Hotlist-TreeCloser M-16
|
||||||||||||
| ► Sign in to add a comment | |||||||||||||