Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Issue 128652 crash @ content_settings::OriginIdentifierValueMap::size
Starred by 9 users Project Member Reported by jasneet@chromium.org, May 17, 2012 Back to list
Status: Verified
Owner: bauerb@chromium.org
Closed: Oct 2012
Cc: sky@chromium.org
Components:
OS: Chrome
Pri: 1
Type: Bug


Sign in to add a comment
Chrome Version     :  20.0.1132.11 (Official Build 137611)
OS Version         :  2268.16.0


I was able to reproduce crash only once. Following are the steps
1.Open few tabs
2.launch incognito window
3.Go to hulu.com
4.Open new tab

Browser crash seen

Call Stack
Thread 0 *CRASHED* ( SIGSEGV @ 0x00000018 )
0x7fb567d93fdc 	[chrome] 	- chrome/browser/content_settings/content_settings_origin_identifier_value_map.cc:186] 	content_settings::OriginIdentifierValueMap::size
0x7fb5671907cf 	[chrome] 	- ./chrome/browser/content_settings/content_settings_origin_identifier_value_map.h:65] 	ExtensionContentSettingsStore::ClearContentSettingsForExtension
0x7fb5671b93e4 	[chrome] 	- chrome/browser/extensions/extension_prefs.cc:1872] 	ExtensionPrefs::ClearIncognitoSessionOnlyContentSettings
0x7fb565f29957 	[chrome] 	- chrome/browser/profiles/off_the_record_profile_impl.cc:127] 	OffTheRecordProfileImpl::~OffTheRecordProfileImpl
0x7fb565f299e8 	[chrome] 	- chrome/browser/profiles/off_the_record_profile_impl.cc:145] 	OffTheRecordProfileImpl::~OffTheRecordProfileImpl
0x7fb565d55d55 	[chrome] 	- ./base/memory/scoped_ptr.h:185] 	ProfileImpl::DestroyOffTheRecordProfile
0x7fb565d55ab7 	[chrome] 	- chrome/browser/profiles/profile_destroyer.cc:25] 	ProfileDestroyer::DestroyOffTheRecordProfile
0x7fb565a3297f 	[chrome] 	- chrome/browser/ui/browser.cc:520] 	Browser::~Browser
0x7fb565a32ad8 	[chrome] 	- chrome/browser/ui/browser.cc:529] 	Browser::~Browser
0x7fb565a4db65 	[chrome] 	- ./base/memory/scoped_ptr.h:185] 	BrowserView::~BrowserView
0x7fb565a4dd78 	[chrome] 	- chrome/browser/ui/views/frame/browser_view.cc:393] 	BrowserView::~BrowserView
0x7fb56828f3eb 	[chrome] 	- ui/views/view.cc:161] 	views::View::~View
0x7fb568624e56 	[chrome] 	- ui/views/window/non_client_view.cc:38] 	views::NonClientView::~NonClientView
0x7fb568624dd8 	[chrome] 	- ui/views/window/non_client_view.cc:42] 	views::NonClientView::~NonClientView
0x7fb56828ee39 	[chrome] 	- ./base/memory/scoped_ptr.h:162] 	views::View::DoRemoveChildView
0x7fb5683af7b1 	[chrome] 	- ui/views/view.cc:265] 	views::View::RemoveAllChildViews
0x7fb5683af74a 	[chrome] 	- ui/views/widget/root_view.cc:79] 	views::internal::RootView::~RootView
0x7fb565dfb79b 	[chrome] 	- ./chrome/browser/ui/views/frame/browser_root_view.h:23] 	BrowserRootView::~BrowserRootView
0x7fb5683af6ba 	[chrome] 	- ./base/memory/scoped_ptr.h:185] 	views::Widget::DestroyRootView
0x7fb5683af567 	[chrome] 	- ui/views/widget/widget.cc:181] 	views::Widget::~Widget
0x7fb565dfade8 	[chrome] 	- chrome/browser/ui/views/frame/browser_frame.cc:41] 	BrowserFrame::~BrowserFrame
0x7fb5677856d8 	[chrome] 	- ui/views/widget/native_widget_aura.cc:147] 	views::NativeWidgetAura::~NativeWidgetAura
0x7fb565dfb17c 	[chrome] 	- chrome/browser/ui/views/frame/browser_frame_aura.cc:73] 	BrowserFrameAura::~BrowserFrameAura
0x7fb565dfb1f8 	[chrome] 	- chrome/browser/ui/views/frame/browser_frame_aura.cc:74] 	BrowserFrameAura::~BrowserFrameAura
0x7fb56745d6a0 	[chrome] 	- ui/aura/window.cc:112] 	aura::Window::~Window
0x7fb56745de58 	[chrome] 	- ui/aura/window.cc:138] 	aura::Window::~Window
0x7fb567ccdee5 	[chrome] 	- ./base/callback.h:272] 	MessageLoop::RunTask
0x7fb567ccde17 	[chrome] 	- base/message_loop.cc:470] 	MessageLoop::DeferOrRunPendingTask
0x7fb567ccb8f2 	[chrome] 	- base/message_loop.cc:647] 	MessageLoop::DoWork
0x7fb567e56f33 	[chrome] 	- base/message_pump_glib.cc:210] 	base::MessagePumpGlib::RunWithDispatcher
0x7fb567ccb2bf 	[chrome] 	- base/message_loop.cc:390] 	MessageLoop::Run
0x7fb567e56e03 	[chrome] 	- chrome/browser/chrome_browser_main.cc:1894] 	ChromeBrowserMainParts::MainMessageLoopRun
0x7fb56729ffa0 	[chrome] 	- content/browser/browser_main_loop.cc:453] 	content::BrowserMainLoop::RunMainMessageLoopParts
0x7fb5672a007c 	[chrome] 	- content/browser/browser_main_runner.cc:98] 	BrowserMainRunnerImpl::Run
0x7fb567cac5c8 	[chrome] 	- content/browser/browser_main.cc:21] 	BrowserMain
0x7fb566010bc6 	[chrome] 	- content/app/content_main_runner.cc:290] 	ContentMainRunnerImpl::Run
0x7fb567ca35e0 	[chrome] 	- content/app/content_main.cc:35] 	content::ContentMain
0x7fb567ca34d7 	[chrome] 	- chrome/app/chrome_main.cc:32] 	ChromeMain
0x7fb5636b95cc 	[libc-2.11.1.so] 	- libc-start.c:240] 	__libc_start_main
0x7fb5658f1d68 	[chrome] 	+ 0x006e2d68] 

Crash report : http://crash.corp.google.com/reportdetail?reportid=edd3dfce9177e853

 
Comment 1 by ddrew@chromium.org, May 18, 2012
Labels: -Mstone-20 bulkmove Mstone-21
Bulk moving non-blocking issues to Mstone-21
Comment 2 Deleted
Comment 3 by saintlou@chromium.org, May 22, 2012
Owner: sky@chromium.org
Status: Assigned
Comment 4 by sky@chromium.org, May 22, 2012
This crash exists as far back as 18 (I didn't look any earlier).
Comment 5 by sky@chromium.org, May 22, 2012
Cc: sky@chromium.org
Labels: -OS-Chrome OS-All
Owner: bauerb@chromium.org
This crash can also be seen on windows (ef9220870110a65f).

I suspect map in ContentSettingsStore::ClearContentSettingsForExtension is NULL. Other places in this class check for a NULL return value from GetValueMap, but not ClearContentSettingsForExtension. I don't know enough about the class to say if this is intentional or not. I'm passing to Bernard who seems to have done the most with this code.
Comment 6 by bauerb@chromium.org, May 23, 2012
Status: Started
https://chromiumcodereview.appspot.com/10383303 should fix it, but I'm not really sure *why* this is happening, so I don't want to mask another bug. Jasneet, could you attach your Preferences file, so I can check whether there's some weird extension state?
Comment 7 by jasneet@chromium.org, May 23, 2012
Attached is the preferences file.  
Preferences
4.0 KB View Download
Comment 8 Deleted
Comment 9 by saintlou@chromium.org, May 31, 2012
Labels: -Feature-Ash -Iteration-57
Comment 10 by sky@chromium.org, Jun 4, 2012
Issue 130661 has been merged into this issue.
Issue 130478 has been merged into this issue.
Labels: -Mstone-21 Mstone-20 ReleaseBlock-Stable
3rd most frequent crash in M20 beta (CrOS), moving back to M20

http://chromecrash/browse?q=product.name%3D'Chrome_ChromeOS'%20AND%20product.version%3D'20.0.1132.22'%20AND%20custom_data.ChromeCrashProto.ptype%3D'browser'
Project Member Comment 13 by bugdroid1@chromium.org, Jun 11, 2012
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=141415

------------------------------------------------------------------------
r141415 | bauerb@chromium.org | Mon Jun 11 08:38:44 PDT 2012

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/extensions/api/content_settings/content_settings_store.cc?r1=141415&r2=141414&pathrev=141415

Gracefully deal with clearing content settings for unregistered extensions.

This CL is only for merging to the M20 branch; on trunk I'm going to revert it and add additional information to the crash dumps to find out why this is happening.

BUG= 128652 
TEST=no crash


Review URL: https://chromiumcodereview.appspot.com/10383303
------------------------------------------------------------------------
Comment 14 by bauerb@chromium.org, Jun 11, 2012
Labels: Merge-Requested
I'd like to merge http://crrev.com/141415 to the M20 branch.
Comment 15 by dharani@google.com, Jun 11, 2012
Labels: -Merge-Requested Merge-Approved
Project Member Comment 16 by bugdroid1@chromium.org, Jun 12, 2012
Labels: merge-merged-1132
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=141644

------------------------------------------------------------------------
r141644 | bauerb@chromium.org | Tue Jun 12 04:10:26 PDT 2012

Changed paths:
 M http://src.chromium.org/viewvc/chrome/branches/1132/src/chrome/browser/extensions/extension_content_settings_store.cc?r1=141644&r2=141643&pathrev=141644

Merge 141415 - Gracefully deal with clearing content settings for unregistered extensions.

This CL is only for merging to the M20 branch; on trunk I'm going to revert it and add additional information to the crash dumps to find out why this is happening.

BUG= 128652 
TEST=no crash

Original review URL: https://chromiumcodereview.appspot.com/10383303

Review URL: https://chromiumcodereview.appspot.com/10543109
------------------------------------------------------------------------
Comment 17 by bauerb@chromium.org, Jun 12, 2012
Labels: -Mstone-20 -Merge-Approved Mstone-21 Merge-Merged
The crash is fixed for M20, but I'll keep the bug open for M21.
Project Member Comment 18 by bugdroid1@chromium.org, Jun 12, 2012
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=141649

------------------------------------------------------------------------
r141649 | bauerb@chromium.org | Tue Jun 12 05:05:50 PDT 2012

Changed paths:
 M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/extensions/api/content_settings/content_settings_store.cc?r1=141649&r2=141648&pathrev=141649

Add extension ID to crash dump info when trying to clear content settings for an unregistered extension.


BUG= 128652 
TEST=none


Review URL: https://chromiumcodereview.appspot.com/10544094
------------------------------------------------------------------------
Comment 19 by kareng@google.com, Jun 27, 2012
bauer which CL do u need/want to merge to 1180 to make this crash go away? 141415 is already on m21 branch.
Comment 20 by bauerb@chromium.org, Jun 27, 2012
Does the crash still happen on 1180?
Comment 21 by kareng@google.com, Jun 27, 2012
Status: Fixed
nope :) closing this. ok?
Comment 22 by mihaip@chromium.org, Jul 30, 2012
Issue 139614 has been merged into this issue.
Status: Assigned
The crash still happens in M21 (1180) - it's second most frequent crash on ChromeOS side - see stack at http://crbug.com/139614 and crashes from the latest beta at:

https://chromecrash.corp.google.com/browse?q=product.name%3D%27Chrome_ChromeOS%27%20AND%20product.version%3D%2721.0.1180.55%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27browser%27
Comment 24 by kareng@google.com, Aug 1, 2012
Labels: -OS-All OS-Chrome
so, this bug is not on chrome windows or chrome linux anymore ubut it's definitely on Cros. John can u take a look?
Comment 25 by kareng@google.com, Aug 1, 2012
i meant Bernard!!! :)
I have a CL at http://codereview.chromium.org/10830082/ to fail gracefully instead of crashing. I don't know what the actual issue is though, so I'm gonna leave it on trunk.
Labels: -Merge-Merged Merge-Requested
Comment 28 by kareng@google.com, Aug 2, 2012
Labels: -Merge-Requested Merge-Approved
Project Member Comment 29 by bugdroid1@chromium.org, Aug 2, 2012
Labels: -Merge-Approved merge-merged-1180
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=149703

------------------------------------------------------------------------
r149703 | bauerb@chromium.org | 2012-08-02T21:28:35.824613Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1180/src/chrome/browser/extensions/api/content_settings/content_settings_store.cc?r1=149703&r2=149702&pathrev=149703

Deal gracefully with removing content settings for unregistered extensions.

This is a repeat of r141415 for M21. I'll leave it in on trunk to continue to investigate.

BUG= 128652 

Review URL: https://chromiumcodereview.appspot.com/10830082
------------------------------------------------------------------------
Anything pending here? 
Can this be marked as fixed for 21 and ToT (22)?
Labels: -Mstone-21 Mstone-22
This is *not* fixed on trunk (cf. commit message in the previous comment: "I'll leave it in on trunk to continue to investigate").

It's fixed for 21 though, so punting.
Issue 146671 has been merged into this issue.
Labels: ReleaseBlock-Stable
Issue 146671 was a ReleaseBlock-Stable, so I'm carrying that over.
Project Member Comment 35 by bugdroid1@chromium.org, Sep 7, 2012
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=155341

------------------------------------------------------------------------
r155341 | bauerb@chromium.org | 2012-09-07T06:27:25.121365Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/extensions/api/content_settings/content_settings_store.cc?r1=155341&r2=155340&pathrev=155341

Gracefully deal with clearing content settings for unregistered extensions.


BUG= 128652 


Review URL: https://chromiumcodereview.appspot.com/10907093
------------------------------------------------------------------------
Comment 36 by ddrew@chromium.org, Sep 11, 2012
Ping for status update on this bug. Is there a specific CL that should be merge-requested to the M22 branch for this? Is the remaining crash rate worth addressing by merging this?
Comment 37 by bauerb@chromium.org, Sep 14, 2012
155341 is the CL to merge if we decide to. I defer to others whether we need to.
Labels: -Mstone-22 Mstone-23
Status: Fixed
Marking as fixed for M23.
Comment 39 by krisr@chromium.org, Oct 29, 2012
Status: Verified
Project Member Comment 40 by bugdroid1@chromium.org, Mar 10, 2013
Labels: -Area-UI -Mstone-23 M-23 Cr-UI
Sign in to add a comment