New issue
Advanced search Search tips

Issue 760767 link

Starred by 2 users
Status: Fixed
Owner:
ccameron@chromium.org
Closed: Jun 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Content shell crashes on startup

Project Member Reported by reillyg@chromium.org, Aug 30 2017 
Chrome Version: ToT
OS: Linux

What steps will reproduce the problem?
(1) Build content_shell
(2) Run content_shell

What is the expected result?
content_shell launches

What happens instead?
content_shell dies with a SIGSEGV.

Received signal 11 <unknown> 000000000000
#0 0x7f7dcde6355d base::debug::StackTrace::StackTrace()
#1 0x7f7dcde6192c base::debug::StackTrace::StackTrace()
#2 0x7f7dcde62f15 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#3 0x7f7dd34010c0 <unknown>
#4 0x7f7dd365673c std::__1::__tree<>::__count_unique<>()
#5 0x7f7dd364ff6b gfx::ICCProfileCache::GetAndSetNeedsHistogram()
#6 0x7f7dd364ecea gfx::ICCProfile::HistogramDisplay()
#7 0x7f7dc05ea448 views::DesktopScreenX11::BuildDisplaysFromXRandRInfo()
#8 0x7f7dc05e970d views::DesktopScreenX11::DesktopScreenX11()
#9 0x7f7dc05ec1f0 views::CreateDesktopScreen()
#10 0x000000d69bf7 content::Shell::PlatformInitialize()
#11 0x000000d338ca content::Shell::Initialize()
#12 0x000000d9d259 content::ShellBrowserMainParts::PreMainMessageLoopRun()
#13 0x7f7dcfae83e4 content::BrowserMainLoop::PreMainMessageLoopRun()
#14 0x7f7dcea5838d _ZN4base8internal13FunctorTraitsIMN7content14NetworkContextEFvvEvE6InvokeIPS3_JEEEvS5_OT_DpOT0_
#15 0x7f7dcea582d4 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIMN7content14NetworkContextEFvvEJPS5_EEEvOT_DpOT0_
#16 0x7f7dcfaef0a5 _ZN4base8internal7InvokerINS0_9BindStateIMN7content15BrowserMainLoopEFivEJNS0_17UnretainedWrapperIS4_EEEEEFivEE7RunImplIRKS6_RKNSt3__15tupleIJS8_EEEJLm0EEEEiOT_OT0_NSF_16integer_sequenceImJXspT1_EEEE
#17 0x7f7dcfaeefec _ZN4base8internal7InvokerINS0_9BindStateIMN7content15BrowserMainLoopEFivEJNS0_17UnretainedWrapperIS4_EEEEEFivEE3RunEPNS0_13BindStateBaseE
#18 0x7f7dcea2055d _ZNKR4base17RepeatingCallbackIFvvEE3RunEv
#19 0x7f7dd08e7b8d content::StartupTaskRunner::RunAllTasksNow()
#20 0x7f7dcfae443f content::BrowserMainLoop::CreateStartupTasks()
#21 0x7f7dcfaf1414 content::BrowserMainRunnerImpl::Initialize()
#22 0x000000d38016 ShellBrowserMain()
#23 0x000000d1446e content::ShellMainDelegate::RunProcess()
#24 0x7f7dd1789549 content::RunNamedProcessTypeMain()
#25 0x7f7dd178c29e content::ContentMainRunnerImpl::Run()
#26 0x7f7dd1786d6d content::ContentServiceManagerMainDelegate::RunEmbedderProcess()
#27 0x7f7dc912a9d5 service_manager::Main()
#28 0x7f7dd178840f content::ContentMain()
#29 0x000000491b91 main
#30 0x7f7dbf5f92b1 __libc_start_main
#31 0x000000491a64 <unknown>
  r8: 00000000000000fe  r9: 00007ffea7f7e200 r10: 00007ffea7f7e5fe r11: 00007f7dbf742ee0
 r12: 0000000000491a3b r13: 00007ffea7f80ed0 r14: 0000000000000000 r15: 0000000000000000
  di: 695f5f0072747320  si: 00007f7dd3663120  bp: 00007ffea7f7e4a0  bx: 0000000000000000
  dx: 0022f03cd16d4701  ax: 0022f03cd16d4701  cx: 695f5f0072747320  sp: 00007ffea7f7e400
  ip: 00007f7dd365673c efl: 0000000000010202 cgf: 002b000000000033 erf: 0000000000000000
 trp: 000000000000000d msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]
Calling _exit(1). Core file will not be generated.

This crash was introduced by https://chromium-review.googlesource.com/c/chromium/src/+/612252.

Comment 1 by reillyg@chromium.org, Aug 30 2017 

I verified that reverting the CL locally resolved the issue and have submitted a CL reverting the suspect patch: https://chromium-review.googlesource.com/c/chromium/src/+/644153

Detailed stack trace from GDB:

Thread 1 "content_shell" received signal SIGSEGV, Segmentation fault.
0x00007ffff7e1e73c in (anonymous namespace)::(anonymous namespace)::less<long>::operator() (this=0x7ffff7e2b130, __x=@0x7fffffffb470: 9834293210466049, 
    __y=<error reading variable>)
    at ../../buildtools/third_party/libc++/trunk/include/__functional_base:55
55	        {return __x < __y;}
(gdb) up
#1  (anonymous namespace)::(anonymous namespace)::__tree<long, std::__1::less<long>, std::__1::allocator<long> >::__count_unique<long> (this=0x7ffff7e2b120, __k=@0x7fffffffb470: 9834293210466049)
    at ../../buildtools/third_party/libc++/trunk/include/__tree:2435
2435	        if (value_comp()(__k, __rt->__value_))
(gdb) 
#2  0x00007ffff7e17f6b in (anonymous namespace)::(anonymous namespace)::set<long, std::__1::less<long>, std::__1::allocator<long> >::count (this=0x7ffff7e2b120, __k=@0x7fffffffb470: 9834293210466049)
    at ../../buildtools/third_party/libc++/trunk/include/set:666
666	        {return __tree_.__count_unique(__k);}
(gdb) 
#3  (anonymous namespace)::ICCProfileCache::GetAndSetNeedsHistogram (this=0x7ffff7e2b018 <gfx::(anonymous namespace)::g_cache+8>, display_id=9834293210466049, icc_profile=...) at ../../ui/gfx/icc_profile.cc:82
82	    if (histogrammed_display_ids.count(display_id))
(gdb) 
#4  0x00007ffff7e16cea in (anonymous namespace)::ICCProfile::HistogramDisplay (this=0x7fffffffbd10, display_id=9834293210466049) at ../../ui/gfx/icc_profile.cc:404
404	  if (g_cache.Get().GetAndSetNeedsHistogram(display_id, *this))
(gdb) 
#5  0x00007fffe4db2448 in (anonymous namespace)::DesktopScreenX11::BuildDisplaysFromXRandRInfo (this=0x2729cf6fed40) at ../../ui/views/widget/desktop_aura/desktop_screen_x11.cc:381
381	        icc_profile.HistogramDisplay(display.id());
(gdb) 
#6  0x00007fffe4db170d in (anonymous namespace)::DesktopScreenX11::DesktopScreenX11 (this=0x2729cf6fed40) at ../../ui/views/widget/desktop_aura/desktop_screen_x11.cc:116
116	    SetDisplaysInternal(BuildDisplaysFromXRandRInfo());
(gdb) 
#7  0x00007fffe4db41f0 in (anonymous namespace)::CreateDesktopScreen () at ../../ui/views/widget/desktop_aura/desktop_screen_x11.cc:418
418	  return new DesktopScreenX11;
(gdb) 
#8  0x0000000000d69bf7 in (anonymous namespace)::Shell::PlatformInitialize (default_window_size=...) at ../../content/shell/browser/shell_views.cc:341
341	  display::Screen::SetScreenInstance(views::CreateDesktopScreen());
(gdb) 
#9  0x0000000000d338ca in (anonymous namespace)::Shell::Initialize () at ../../content/shell/browser/shell.cc:171
171	  PlatformInitialize(GetShellDefaultSize());
(gdb) 
#10 0x0000000000d9d259 in (anonymous namespace)::ShellBrowserMainParts::PreMainMessageLoopRun (this=0x2729cf88eda0) at ../../content/shell/browser/shell_browser_main_parts.cc:190
190	  Shell::Initialize();
(gdb) 
#11 0x00007ffff42b43e4 in (anonymous namespace)::BrowserMainLoop::PreMainMessageLoopRun (this=0x2729cf3e8260) at ../../content/browser/browser_main_loop.cc:1179
1179	    parts_->PreMainMessageLoopRun();
(gdb) 
#12 0x00007ffff322438d in (anonymous namespace)::(anonymous namespace)::FunctorTraits<void (content::NetworkContext::*)(), void>::Invoke<content::NetworkContext*>(void ((anonymous namespace)::NetworkContext::*)((anonymous namespace)::NetworkContext * const), <unknown type in /src/chromium/src/out/Debug/./libcontent.so, CU 0x0, DIE 0x4697f>) (
    method=(void ((anonymous namespace)::NetworkContext::*)((anonymous namespace)::NetworkContext * const)) 0x7ffff42b42a0 <(anonymous namespace)::BrowserMainLoop::PreMainMessageLoopRun()>, 
    receiver_ptr=<unknown type in /src/chromium/src/out/Debug/./libcontent.so, CU 0x0, DIE 0x4697f>) at ../../base/bind_internal.h:194
194	    return ((*receiver_ptr).*method)(std::forward<RunArgs>(args)...);
(gdb) 
#13 0x00007ffff32242d4 in (anonymous namespace)::(anonymous namespace)::InvokeHelper<false, void>::MakeItSo<void (content::NetworkContext::*)(), content::NetworkContext*>(<unknown type in /src/chromium/src/out/Debug/./libcontent.so, CU 0x0, DIE 0x4690c>, <unknown type in /src/chromium/src/out/Debug/./libcontent.so, CU 0x0, DIE 0x46919>) (functor=<unknown type in /src/chromium/src/out/Debug/./libcontent.so, CU 0x0, DIE 0x4690c>, 
    args=<unknown type in /src/chromium/src/out/Debug/./libcontent.so, CU 0x0, DIE 0x46919>) at ../../base/bind_internal.h:277
277	    return Traits::Invoke(std::forward<Functor>(functor),
(gdb) 
#14 0x00007ffff42bb0a5 in (anonymous namespace)::(anonymous namespace)::Invoker<base::internal::BindState<int (content::BrowserMainLoop::*)(), base::internal::UnretainedWrapper<content::BrowserMainLoop> >, int ()>::RunImpl<int (content::BrowserMainLoop::* const&)(), std::__1::tuple<base::internal::UnretainedWrapper<content::BrowserMainLoop> > const&, 0>(int ((anonymous namespace)::BrowserMainLoop::*&)((anonymous namespace)::BrowserMainLoop * const), const (anonymous namespace)::(anonymous namespace)::tuple<base::internal::UnretainedWrapper<content::BrowserMainLoop> > &, (anonymous namespace)::(anonymous namespace)::index_sequence<0ul>) (
    functor=@0x2729cf5357b0: (int ((anonymous namespace)::BrowserMainLoop::*)((anonymous namespace)::BrowserMainLoop * const)) 0x7ffff42b42a0 <(anonymous namespace)::BrowserMainLoop::PreMainMessageLoopRun()>, bound=...)
    at ../../base/bind_internal.h:349
349	    return InvokeHelper<is_weak_call, R>::MakeItSo(
(gdb) 
#15 0x00007ffff42bafec in (anonymous namespace)::(anonymous namespace)::Invoker<base::internal::BindState<int (content::BrowserMainLoop::*)(), base::internal::UnretainedWrapper<content::BrowserMainLoop> >, int ()>::Run((anonymous namespace)::(anonymous namespace)::BindStateBase *) (base=0x2729cf535790) at ../../base/bind_internal.h:331
331	    return RunImpl(storage->functor_, storage->bound_args_,
(gdb) 
#16 0x00007ffff31ec55d in (anonymous namespace)::RepeatingCallback<void ()>::Run(void) const (this=0x2729cf501800) at ../../base/callback.h:92
92	    return f(this->bind_state_.get(), std::forward<Args>(args)...);
(gdb) 
#17 0x00007ffff50b3b8d in (anonymous namespace)::StartupTaskRunner::RunAllTasksNow (this=0x2729cf509bc0) at ../../content/browser/startup_task_runner.cc:45
45	    result = it->Run();
(gdb) 
#18 0x00007ffff42b043f in (anonymous namespace)::BrowserMainLoop::CreateStartupTasks (this=0x2729cf3e8260) at ../../content/browser/browser_main_loop.cc:963
963	  startup_task_runner_->RunAllTasksNow();
(gdb) 
#19 0x00007ffff42bd414 in (anonymous namespace)::BrowserMainRunnerImpl::Initialize (this=0x2729cf4bd680, parameters=...) at ../../content/browser/browser_main_runner.cc:131
131	    main_loop_->CreateStartupTasks();
(gdb) 
#20 0x0000000000d38016 in ShellBrowserMain (parameters=..., main_runner=...) at ../../content/shell/browser/shell_browser_main.cc:23
23	  int exit_code = main_runner->Initialize(parameters);
(gdb) 
#21 0x0000000000d1446e in (anonymous namespace)::ShellMainDelegate::RunProcess (this=0x7fffffffdd20, process_type=..., main_function_params=...) at ../../content/shell/app/shell_main_delegate.cc:313
313	             : ShellBrowserMain(main_function_params, browser_runner_);
(gdb) 
#22 0x00007ffff5f55549 in (anonymous namespace)::RunNamedProcessTypeMain (process_type=..., main_function_params=..., delegate=0x7fffffffdd20) at ../../content/app/content_main_runner.cc:413
413	        int exit_code = delegate->RunProcess(process_type,
(gdb) 
#23 0x00007ffff5f5829e in (anonymous namespace)::ContentMainRunnerImpl::Run (this=0x2729cf48f800) at ../../content/app/content_main_runner.cc:709
709	    return RunNamedProcessTypeMain(process_type, main_params, delegate_);
(gdb) 
#24 0x00007ffff5f52d6d in (anonymous namespace)::ContentServiceManagerMainDelegate::RunEmbedderProcess (this=0x7fffffffdcb0) at ../../content/app/content_service_manager_main_delegate.cc:51
51	  return content_main_runner_->Run();
(gdb) 
#25 0x00007fffed8f29d5 in (anonymous namespace)::Main (params=...) at ../../services/service_manager/embedder/main.cc:469
469	      exit_code = delegate->RunEmbedderProcess();
(gdb) 
#26 0x00007ffff5f5440f in (anonymous namespace)::ContentMain (params=...) at ../../content/app/content_main.cc:19
19	  return service_manager::Main(main_params);
(gdb) 
#27 0x0000000000491b91 in main (argc=1, argv=0x7fffffffde78) at ../../content/shell/app/shell_main.cc:48
48	  return content::ContentMain(params);

Comment 2 by ccameron@chromium.org, Jun 6 2018

Status: Fixed (was: Assigned)
I assume that this is fixed now.

Sign in to add a comment