New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 25558 link

Starred by 4 users

Issue metadata

Status: Verified
Owner:
Last visit > 30 days ago
Closed: Nov 2009
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug
M-4

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment

Crash in JSONWriter::WriteWithOptionalEscape on shutdown

Project Member Reported by thestig@chromium.org, Oct 22 2009

Issue description

Product Name: 	Chrome_Linux
Product Version: 	4.0.223.5
CPU Architecture: 	x86
ptype: 	browser
lsb-release: 	Ubuntu 9.10 

0xb6a8012c 	[libc-2.10.1.so 	+ 0x0006b12c] 	
0xb6a824b1 	[libc-2.10.1.so 	+ 0x0006d4b1] 	
0xb6a84867 	[libc-2.10.1.so 	+ 0x0006f867] 	
0xb6c31bb6 	[libstdc++.so.6.0.13 	+ 0x000babb6] 	
0xb6c0d435 	[libstdc++.so.6.0.13 	+ 0x00096435] 	
0xb6c0e0a7 	[libstdc++.so.6.0.13 	+ 0x000970a7] 	
0xb6c0eedc 	[libstdc++.so.6.0.13 	+ 0x00097edc] 	
0x084c7e73 	[chrome 	- json_writer.cc:33] 
JSONWriter::WriteWithOptionalEscape(Value const*, bool, bool, std::string*)
0x084c7ef7 	[chrome 	- json_writer.cc:23] 	JSONWriter::Write(Value const*,
bool, std::string*)
0x082ca0bd 	[chrome 	- extension_browser_event_router.cc:103] 
DispatchSimpleBrowserEvent(Profile*, int, char const*)
0x082830f3 	[chrome 	- browser_list.cc:124] 
BrowserList::RemoveBrowser(Browser*)
0x08271a48 	[chrome 	- browser.cc:162] 	Browser::~Browser()
0x080ccba7 	[chrome 	- scoped_ptr.h:72] 	BrowserWindowGtk::~BrowserWindowGtk()
0x084cd3a0 	[chrome 	- message_loop.cc:314] 	MessageLoop::RunTask(Task*)
0x084ce115 	[chrome 	- message_loop.cc:322] 
MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&)
0x084ce339 	[chrome 	- message_loop.cc:429] 	MessageLoop::DoWork()
0x084d0dda 	[chrome 	- message_pump_glib.cc:196] 
base::MessagePumpForUI::RunWithDispatcher(base::MessagePump::Delegate*,
base::MessagePumpForUI::Dispatcher*)
0x084d0a1f 	[chrome 	- message_pump_glib.h:56] 
base::MessagePumpForUI::Run(base::MessagePump::Delegate*)
0x084ce513 	[chrome 	- message_loop.cc:199] 	MessageLoop::RunInternal()
0x084ce581 	[chrome 	- message_loop.cc:599] 
MessageLoopForUI::Run(base::MessagePumpForUI::Dispatcher*)
0x0806690a 	[chrome 	- browser_main.cc:151] 	(anonymous
namespace)::RunUIMessageLoop(BrowserProcess*)
0x08069a4a 	[chrome 	- browser_main.cc:885] 	BrowserMain(MainFunctionParams
const&)
0x08063bec 	[chrome 	- chrome_dll_main.cc:600] 	ChromeMain
0x080626ce 	[chrome 	- chrome_exe_main_gtk.cc:33] 	main 
 

Comment 1 by evan@chromium.org, Oct 23 2009

Labels: ReleaseBlock-Beta Mstone-4
Status: Available

Comment 2 by evan@chromium.org, Oct 23 2009

Status: Assigned
FYI this first appeared in 4.0.213.1.

Comment 5 by evan@chromium.org, Oct 26 2009

All instances of this crash have
 extension_browser_event_router.cc:103]	 DispatchSimpleBrowserEvent(Profile*, int, 
char const*)

in the call stack.
Labels: -Pri-2 Pri-1
FYI, this is one of the top crashers.

Comment 7 by tony@chromium.org, Oct 27 2009

Status: Started
Investigating...

Comment 8 by tony@chromium.org, Oct 28 2009

Older stacks:
4.0.213.1: http://crash/reportdetail?reportid=f3d12c4b65b150bf
3.0.198.1: http://crash/reportdetail?reportid=af4a90bdb8168efd

Also seen with a different code path leading up to the crash in 4.0.220.1 (during 
browser shutdown), but the crash is in the same location:
http://crash/reportdetail?reportid=d60995767ab3ae46
http://crash/reportdetail?reportid=11290ed0c3719e2f

The stacks for 4.0.223.5 might also be during shutdown, all we can really tell is 
that it's while closing a window.

It's crashing on some string functions (std::string::clear or maybe 
std::string::reserve) which makes me think it might be OOM?

Comment 9 by tony@chromium.org, Oct 28 2009

Status: Available
Status: Assigned

Comment 12 by evan@chromium.org, Nov 3 2009

Status: Available
I was running into this crash several times a day in 4.0.223.11 until I figured out
that it was a known issue. If someone wants to look at this crash in a debugger, let
me know. I'm going to work with r30554 to verify the fix.

Comment 14 by tony@chromium.org, Nov 4 2009

@vandebo: If you could get a core file from a debug build, that would be awesome.
Status: Assigned
 Issue 26623  has been merged into this issue.
Similar stack trace is at from 4.0.236.0 
http://crash/reportdetail?reportid=c7b9328b4ab8191b

To reproduce
1. Start Chrome
2. Do a CTRL+N to start new window
3. Do a CTRL+SHIFT+N to start new incognito window
4. Do a CTRL+SHIFT+B to start bookmark manager
5. Close the bookmark manager by doing a CTRL+W
6. Close the incognito window by doing a CTRL+W
7. Close the new window by doing a CTRL+W

Comment 19 by aa@chromium.org, Nov 9 2009

Labels: Area-Extensions
+area-extensions. I think that we exacerbate this bug. Tony cannot repro with given 
steps. If anyone can, they should take the bug.
Labels: TopCrasher
Labels: Crash-TopCrasher
Labels: -TopCrasher

Comment 23 Deleted

Can you try installing or enabling the following extensions and follow the
instructions on comment 17?

Chromium buildbot monitor
gmail checker
last pass

I am still seeing the crash occasionally on 4.0.241.0 (31417) 

Comment 25 by tony@chromium.org, Nov 10 2009

fix is pending
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=31534 

------------------------------------------------------------------------
r31534 | tony@chromium.org | 2009-11-09 17:55:57 -0800 (Mon, 09 Nov 2009) | 10 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/gtk/browser_actions_toolbar_gtk.cc?r1=31534&r2=31533

Fix memory stomping by ImageLoadingTracker in BrowserActionButton.

In the views code, tracker_ is set to null in this case.  Without
this, I get lots of random crashes when I have 2 page actions
installed (buildbot extension and google tasks extension) and I open
close lots of windows.

BUG= 26751 , 25558 

Review URL: http://codereview.chromium.org/379020
------------------------------------------------------------------------

Comment 27 by tony@chromium.org, Nov 10 2009

Status: Fixed

Comment 28 by tony@chromium.org, Nov 16 2009

 Issue 27203  has been merged into this issue.
Status: Verified
I don't see this in the 4.0.245.1 crash reports. Horray!
Labels: -Crash-TopCrasher Crash-TopFixed
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=31534 

------------------------------------------------------------------------
r31534 | tony@chromium.org | 2009-11-09 17:55:57 -0800 (Mon, 09 Nov 2009) | 10 lines
Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/gtk/browser_actions_toolbar_gtk.cc?r1=31534&r2=31533

Fix memory stomping by ImageLoadingTracker in BrowserActionButton.

In the views code, tracker_ is set to null in this case.  Without
this, I get lots of random crashes when I have 2 page actions
installed (buildbot extension and google tasks extension) and I open
close lots of windows.

BUG= 26751 , 25558 

Review URL: http://codereview.chromium.org/379020
------------------------------------------------------------------------

Labels: -Area-BrowserBackend Area-Internals
Labels: Feature-Extensions
Labels: -Crash bulkmove Stability-Crash
Product Name: 	Chrome_Linux
Product Version: 	4.0.223.5
CPU Architecture: 	x86
ptype: 	browser
lsb-release: 	Ubuntu 9.10 

0xb6a8012c 	[libc-2.10.1.so 	+ 0x0006b12c] 	
0xb6a824b1 	[libc-2.10.1.so 	+ 0x0006d4b1] 	
0xb6a84867 	[libc-2.10.1.so 	+ 0x0006f867] 	
0xb6c31bb6 	[libstdc++.so.6.0.13 	+ 0x000babb6] 	
0xb6c0d435 	[libstdc++.so.6.0.13 	+ 0x00096435] 	
0xb6c0e0a7 	[libstdc++.so.6.0.13 	+ 0x000970a7] 	
0xb6c0eedc 	[libstdc++.so.6.0.13 	+ 0x00097edc] 	
0x084c7e73 	[chrome 	- json_writer.cc:33] 
JSONWriter::WriteWithOptionalEscape(Value const*, bool, bool, std::string*)
0x084c7ef7 	[chrome 	- json_writer.cc:23] 	JSONWriter::Write(Value const*,
bool, std::string*)
0x082ca0bd 	[chrome 	- extension_browser_event_router.cc:103] 
DispatchSimpleBrowserEvent(Profile*, int, char const*)
0x082830f3 	[chrome 	- browser_list.cc:124] 
BrowserList::RemoveBrowser(Browser*)
0x08271a48 	[chrome 	- browser.cc:162] 	Browser::~Browser()
0x080ccba7 	[chrome 	- scoped_ptr.h:72] 	BrowserWindowGtk::~BrowserWindowGtk()
0x084cd3a0 	[chrome 	- message_loop.cc:314] 	MessageLoop::RunTask(Task*)
0x084ce115 	[chrome 	- message_loop.cc:322] 
MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&)
0x084ce339 	[chrome 	- message_loop.cc:429] 	MessageLoop::DoWork()
0x084d0dda 	[chrome 	- message_pump_glib.cc:196] 
base::MessagePumpForUI::RunWithDispatcher(base::MessagePump::Delegate*,
base::MessagePumpForUI::Dispatcher*)
0x084d0a1f 	[chrome 	- message_pump_glib.h:56] 
base::MessagePumpForUI::Run(base::MessagePump::Delegate*)
0x084ce513 	[chrome 	- message_loop.cc:199] 	MessageLoop::RunInternal()
0x084ce581 	[chrome 	- message_loop.cc:599] 
MessageLoopForUI::Run(base::MessagePumpForUI::Dispatcher*)
0x0806690a 	[chrome 	- browser_main.cc:151] 	(anonymous
namespace)::RunUIMessageLoop(BrowserProcess*)
0x08069a4a 	[chrome 	- browser_main.cc:885] 	BrowserMain(MainFunctionParams
const&)
0x08063bec 	[chrome 	- chrome_dll_main.cc:600] 	ChromeMain
0x080626ce 	[chrome 	- chrome_exe_main_gtk.cc:33] 	main
Project Member

Comment 35 by bugdroid1@chromium.org, Oct 13 2012

Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member

Comment 36 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Mstone-4 -Area-Internals -Feature-Extensions Cr-Platform-Extensions M-4 Cr-Internals
Project Member

Comment 37 by bugdroid1@chromium.org, Mar 13 2013

Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Labels: hasTestcase

Sign in to add a comment