New issue
Advanced search Search tips

Issue 756459 link

Starred by 1 user
Status: Fixed
Owner:
dtrainor@chromium.org
Closed: Oct 2017
Cc:
peter@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

DownloadService crashes chrome on shutdown

Project Member Reported by delph...@chromium.org, Aug 17 2017 
If I get a DownloadService but otherwise do nothing with it (
https://chromium-review.googlesource.com/c/619186) and then quit chrome, it crashes:

Received signal 11 <unknown> 000000000000
#0 0x7fe17cf0516d base::debug::StackTrace::StackTrace()
#1 0x7fe17cf0353c base::debug::StackTrace::StackTrace()
#2 0x7fe17cf04b25 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7fe17d55c330 <unknown>
#4 0x558d431531d5 download::AllDownloadItemNotifier::ManagerGoingDown()
#5 0x7fe176a21f39 content::DownloadManagerImpl::Shutdown()
#6 0x558d43f06736 DownloadCoreServiceImpl::Shutdown()
#7 0x7fe172597bc8 KeyedServiceFactory::ContextShutdown()
#8 0x7fe170de7808 BrowserContextKeyedServiceFactory::BrowserContextShutdown()
#9 0x7fe170de7982 BrowserContextKeyedServiceFactory::ContextShutdown()
#10 0x7fe17259224f DependencyManager::DestroyContextServices()
#11 0x7fe170de3fa8 BrowserContextDependencyManager::DestroyBrowserContextServices()
#12 0x558d4407b6f8 ProfileImpl::~ProfileImpl()
#13 0x558d4407c049 ProfileImpl::~ProfileImpl()
#14 0x558d4406d880 ProfileDestroyer::DestroyProfileWhenAppropriate()
#15 0x558d43b9335e ProfileManager::ProfileInfo::~ProfileInfo()
#16 0x558d43b97684 std::__1::pair<>::~pair()
#17 0x558d43b97985 std::__1::__tree<>::destroy()
#18 0x558d43b978a7 std::__1::__tree<>::~__tree()
#19 0x558d43b970a5 std::__1::map<>::~map()
#20 0x558d43b81116 ProfileManager::~ProfileManager()
#21 0x558d43b812c9 ProfileManager::~ProfileManager()
#22 0x558d44486b32 BrowserProcessImpl::StartTearDown()
#23 0x558d442a6441 ChromeBrowserMainParts::PostMainMessageLoopRun()
#24 0x7fe17670c67f content::BrowserMainLoop::ShutdownThreadsAndCleanUp()
#25 0x7fe176715470 content::BrowserMainRunnerImpl::Shutdown()
#26 0x7fe1766ffea7 content::BrowserMain()
#27 0x7fe178343d14 content::RunNamedProcessTypeMain()
#28 0x7fe17834690e content::ContentMainRunnerImpl::Run()
#29 0x7fe1783417cd content::ContentServiceManagerMainDelegate::RunEmbedderProcess()
#30 0x7fe17d7fe8a5 service_manager::Main()
#31 0x7fe178342b8f content::ContentMain()
#32 0x558d424ee22e ChromeMain
#33 0x558d424ee142 main
#34 0x7fe16425bf45 __libc_start_main
#35 0x558d424ee024 <unknown>
  r8: fffffffffffffed8  r9: fffffffffffffec8 r10: fffffffffffffeb8 r11: 00007fe1643c4110
 r12: 0000558d424edffb r13: 00007ffdb4a92410 r14: 0000000000000000 r15: 0000000000000000
  di: 00000079f02600e0  si: 00000000000012b7  bp: 00007ffdb4a8e2f0  bx: 0000000000000000
  dx: 46b345b9ec000600  ax: 00000079f1541950  cx: cdcdcdcdcdcdcdcd  sp: 00007ffdb4a8e190
  ip: 0000558d431531d5 efl: 0000000000010202 cgf: 0000000000000033 erf: 0000000000000000
 trp: 000000000000000d msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

It seems to be related to the DownloadDriverImpl (https://cs.chromium.org/chromium/src/components/download/content/internal/download_driver_impl.cc?l=271&rcl=68ade5482719ec2436f648b28e17ebb7c6472774), which deletes an AllDownloadItemNotifier before it has been notified of a shutdown.

Obviously this isn't blocking a release but I can't land my work to use the DownloadService until it's fixed.

Comment 1 by peter@chromium.org, Aug 17 2017

Cc: -bever...@google.com peter@chromium.org
-me +me

Comment 2 by delph...@chromium.org, Aug 17 2017 

For chrome at least this only appears to happen for Debug builds.

There are test failures on mac at least with release builds: https://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_ng/builds/526410

Comment 3 by dtrainor@chromium.org, Aug 17 2017

Status: Started (was: Untriaged)
Thanks for investigating.  Starting.
Project Member

Comment 4 by bugdroid1@chromium.org, Aug 21 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/594443225a05f70c4420be0bd0e5a6709c938474

commit 594443225a05f70c4420be0bd0e5a6709c938474
Author: Dan Elphick <delphick@chromium.org>
Date: Mon Aug 21 18:22:11 2017

Don't delete notifier in OnManagerGoingDown

Remove the DownloadDriverImpl notifier as an observer but don't delete it in
OnManagerGoingDown as it could already be on the call stack.

Bug:  756459 
Change-Id: I4f59b0f93e363e2a2b7ab23b7cc3a3b2c3952e03
Reviewed-on: https://chromium-review.googlesource.com/619186
Reviewed-by: David Trainor <dtrainor@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#495993}
[modify] https://crrev.com/594443225a05f70c4420be0bd0e5a6709c938474/components/download/content/internal/download_driver_impl.cc

Comment 5 by dtrainor@chromium.org, Oct 9 2017

Status: Fixed (was: Started)

Sign in to add a comment