NotificationRemover destructor causes segfault on chrome restart |
|||||
Issue descriptionRepro: 0) Open Chrome and attach to chrome with GDB 1) Open chrome://flags 2) Change a flag -- preferably change the Instant Tethering to disabled (this crash prevents this change from persisting) 3) Follow the prompt to "Restart Now" at the bottom left 4) Chrome crashes. You can't tell until when it opens again and says "Chrome didn't shut down correctly". However, GDB will catch the segfault. See below: GDB can only catch this (can't get a backtrace): Thread 1 "chrome" received signal SIGSEGV, Segmentation fault. 0x391695d4 in chromeos::tether::NotificationRemover::~NotificationRemover() () at ../../chromeos/components/tether/notification_remover.cc:37 Here's the issue: TetherService destroys NotificationPresenter before NotificationRemover has the chance to run its destructor: https://cs.chromium.org/chromium/src/chrome/browser/chromeos/tether/tether_service.cc?dr=C&q=tether_ser&sq=package:chromium&l=146
,
Aug 1 2017
The same thing happens on login.
,
Aug 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/bb97d00675863d3567e43093f64e58bb0ee6f277 commit bb97d00675863d3567e43093f64e58bb0ee6f277 Author: Leslie Watkins <lesliewatkins@chromium.org> Date: Wed Aug 02 17:44:58 2017 Change order that objects are destroyed in Tether shutdown. Previously, the NotificationPresenter was being explicitly destroyed before the NotificationRemover, causing a segfault. This CL corrects that bug. Bug: 751192 Change-Id: I397c1a7d96ddf9a8721ae96716952055ee4e0c75 Reviewed-on: https://chromium-review.googlesource.com/596502 Commit-Queue: Leslie Watkins <lesliewatkins@chromium.org> Reviewed-by: Kyle Horimoto <khorimoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#491428} [modify] https://crrev.com/bb97d00675863d3567e43093f64e58bb0ee6f277/chrome/browser/chromeos/tether/tether_service.cc
,
Aug 2 2017
,
Aug 2 2017
Approving merge to M61 Chrome OS.
,
Aug 2 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/eef19582ea176452896eb4b8d77a1971400fdaea commit eef19582ea176452896eb4b8d77a1971400fdaea Author: Kyle Horimoto <khorimoto@google.com> Date: Wed Aug 02 23:34:07 2017 Change order that objects are destroyed in Tether shutdown. Previously, the NotificationPresenter was being explicitly destroyed before the NotificationRemover, causing a segfault. This CL corrects that bug. TBR=lesliewatkins@chromium.org (cherry picked from commit bb97d00675863d3567e43093f64e58bb0ee6f277) Bug: 751192 Change-Id: I397c1a7d96ddf9a8721ae96716952055ee4e0c75 Reviewed-on: https://chromium-review.googlesource.com/596502 Commit-Queue: Leslie Watkins <lesliewatkins@chromium.org> Reviewed-by: Kyle Horimoto <khorimoto@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#491428} Reviewed-on: https://chromium-review.googlesource.com/598701 Cr-Commit-Position: refs/branch-heads/3163@{#252} Cr-Branched-From: ff259bab28b35d242e10186cd63af7ed404fae0d-refs/heads/master@{#488528} [modify] https://crrev.com/eef19582ea176452896eb4b8d77a1971400fdaea/chrome/browser/chromeos/tether/tether_service.cc
,
Jan 22 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by khorimoto@chromium.org
, Aug 1 2017Status: Started (was: Assigned)