Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 337585 - Chromium cant show some pages. libfreetype crashed
Summary: Chromium cant show some pages. libfreetype crashed
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: AMD64 Linux
: High normal (vote)
Assignee: Chromium Project
URL: http://code.google.com/p/chromium/iss...
Whiteboard: ht-wanted
Keywords:
Depends on:
Blocks:
 
Reported: 2010-09-16 07:10 UTC by smalcom
Modified: 2010-10-19 19:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
webpage which crash the browser (chrrrr.tar.bz2,180.33 KB, application/octet-stream)
2010-09-29 08:32 UTC, smalcom
Details

Note You need to log in before you can comment on or make changes to this bug.
Description smalcom 2010-09-16 07:10:08 UTC
At browsing of some pages, e.g. linux.org.ru or rutracker.org chromium falls.

Reproducible: Always

Steps to Reproduce:
1. Goto linux.org.ru
2. Using scrollbar or mouse wheel scroll down


Actual Results:  
Chromium show special page - Crash

Expected Results:  
Happiness

Stacktrace:


*** glibc detected *** /usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813: free(): invalid pointer: 0x00007f79dc2c18b0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x72d36)[0x7f7a0a3e2d36]
/lib/libc.so.6(cfree+0x6c)[0x7f7a0a3e7acc]
/usr/lib/libfreetype.so.6(ft_glyphslot_free_bitmap+0x3f)[0x7f7a0e2ebfff]
/usr/lib/libfreetype.so.6(FT_Load_Glyph+0x61)[0x7f7a0e2ee961]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0xcc6555]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0xcbba37]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0xcac6cf]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0xca82bb]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0xca4a5c]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0x18154ae]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0x15786de]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0x1579630]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0x157b79e]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0x15c6508]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0x15c9960]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=29098.0x4140070.1645103813[0x15c388d]
Comment 1 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-09-16 17:00:35 UTC
Please post emerge --info, and which version of chromium package are you using. Additionally, could you rebuild glibc, freetype and chromium with FEATURES=splitdebug enabled?
Comment 2 smalcom 2010-09-16 17:55:36 UTC
(In reply to comment #1)
> Please post emerge --info, and which version of chromium package are you using.

Portage 2.1.9.5 (default/linux/amd64/10.0, gcc-4.4.4, glibc-2.12.1-r1, 2.6.35-gentoo-r5.sm1 x86_64)
=================================================================
System uname: Linux-2.6.35-gentoo-r5.sm1-x86_64-AMD_Athlon-tm-_64_X2_Dual_Core_Processor_3600+-with-gentoo-2.0.1
Timestamp of tree: Tue, 14 Sep 2010 10:15:03 +0000
distcc 3.1 x86_64-pc-linux-gnu [enabled]
app-shells/bash:     4.1_p7
dev-java/java-config: 2.1.11
dev-lang/python:     2.6.5-r2, 3.1.2-r3
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.2
sys-apps/sandbox:    2.3-r1
sys-devel/autoconf:  2.13, 2.67
sys-devel/automake:  1.4_p6-r1, 1.6.3-r1, 1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.35 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -O2 -pipe -mfpmath=sse,387"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=k8 -O2 -pipe -mfpmath=sse,387"
DISTDIR="/tmp/portage/distfiles"
FEATURES="assume-digests distcc distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://gentoo.kiev.ua/ftp/"
LANG="uk_UA.utf8"
LC_ALL="uk_UA.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="ru ua"
MAKEOPTS="-j6"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage /var/lib/layman/pro-audio /var/lib/layman/kde-sunset"
SYNC="rsync://rsync1.ua.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X X509 aac aalib acl acpi addressbook aften alsa amd64 amr amrr animgif ao ares artworkextra asf asn aspell ass async audio audiofile audioscrobbler auth automap automount bzip2 caps ccache cdb cdda cddax cddb cdio cdparanoia cdr cdrom chm cli cmake colordiff cracklib crypt css cue cups curl curlwrappers cursors cxx cyrillic dbus debugger designer dnotify dri dvd dvdnav exceptions extras faac faad fam ffmpeg fftw flac fortran fuse gcrypt gdbm gif git gnutls gpm iconv icq id3 id3tag imagemagick inotify irc jabber joystick jpeg jpeg2k kde kdm keyboard libnotify lm_sensors lzma mad matroska midi mikmod mmx mng modules mouse mp3 mp4 mpd mpeg mplayer mpu401 mudflap multilib mysql ncurses networking nfs nfsv3 nfsv4 nls nptl nptlonly ntp objc ogg opencore-amr opengl openmp openssl pam pcre pdf perl pkcs11 pl2303 png pppd qt3 qt4 rdesktop rdp readline reflection resolvconf samba sdl sdl-sound sdlaudio session sse sse2 ssh ssl subversion svg swat sysfs tcpd tga themes theora threads tiff udev unicode vorbis wavpack x264 xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru ua" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="radeon radeonhd vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS


Chromium:
"Installed versions:  6.0.472.55(12:16:57 16.09.10)(cups sse2 -gnome-keyring)"

> Additionally, could you rebuild glibc, freetype and chromium with
> FEATURES=splitdebug enabled?
in progress


Comment 3 smalcom 2010-09-16 21:10:34 UTC
> FEATURES=splitdebug enabled?

After rebuilding glibc, freetype, chromium

chromium
*** glibc detected *** /usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982: free(): invalid pointer: 0x00007fab582c46f0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x72d36)[0x7fab626e9d36]
/lib/libc.so.6(cfree+0x6c)[0x7fab626eeacc]
/usr/lib/libfreetype.so.6(ft_glyphslot_free_bitmap+0x3f)[0x7fab665eefff]
/usr/lib/libfreetype.so.6(FT_Load_Glyph+0x61)[0x7fab665f1961]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0xcc6535]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0xcbba17]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0xcac6af]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0xca829b]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0xca4a3c]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0x1815dfe]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0x157902e]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0x1579f80]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0x157c0ee]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0x15c6e58]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0x15ca2b0]
/usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x38bccc0.1910370982[0x15c41dd]
======= Memory map: ========

Comment 4 smalcom 2010-09-16 21:14:49 UTC
And one more page. Redmine(task manager) "Projects" page. With that page crash look


chrome --type=renderer --lang=uk --force-fieldtest=CacheSize/CacheSizeGroup_3/ConnCountImpact/_conn_count_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IdleSktToImpact/_idle_timeout_10/SpdyImpact/_npn_with_spdy/ --channel=3507.0x404ca20.297960605: malloc.c:4631: _int_malloc: Assertion `(unsigned long)(size) >= (unsigned long)(nb)' failed.
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-09-16 21:20:21 UTC
Do you get some useful stack traces when running under gdb?
Comment 6 smalcom 2010-09-18 00:31:34 UTC
> Do you get some useful stack traces when running under gdb?
No((
I think we can close this task - i will use firefox again.

Thank you
Comment 7 Mike Gilbert gentoo-dev 2010-09-20 01:54:39 UTC
I can't reproduce this using a recent SVN build.
Comment 8 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-09-20 08:42:10 UTC
smalcom, note that it's probably a renderer crash. Here are some instructions how to debug renderers using gdb: <http://code.google.com/p/chromium/wiki/LinuxDebugging#Getting_renderer_subprocesses_into_gdb>.

You can also try running chrome with --single-process flag inside gdb. The crash may or may not reproduce then.

Oh, and I can't reproduce the crash either.
Comment 9 smalcom 2010-09-20 20:36:43 UTC
(In reply to comment #8)
> smalcom, note that it's probably a renderer crash. Here are some instructions
> how to debug renderers using gdb:
> <http://code.google.com/p/chromium/wiki/LinuxDebugging#Getting_renderer_subprocesses_into_gdb>.
> 
> You can also try running chrome with --single-process flag inside gdb. The
> crash may or may not reproduce then.
> 
> Oh, and I can't reproduce the crash either.
> 

I'l try to debug. Thx
Comment 10 smalcom 2010-09-24 07:51:55 UTC
my tries to use gdb is disaster. may be help for this page
http://pornolab.net/forum/viewtopic.php?t=1132108
just opening this page and no need to use scrol.
Comment 11 smalcom 2010-09-24 08:03:43 UTC
On ubuntu 10.10 post link opened normally. Chromium have the same version.
I think trouble in my environment not in chromium.
Comment 12 smalcom 2010-09-29 08:32:02 UTC
Created attachment 248949 [details]
webpage which crash the browser
Comment 13 smalcom 2010-09-29 08:32:27 UTC
Im research things. In attach full webpage at that browser crashing.
File: combined.cs
String
body{font-family:Trebuchet MS,sans-serif;
If we change "Trebuchet MS" to other, for example - Comic Sans MS the all work properly.
Comment 14 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-08 12:29:49 UTC
(In reply to comment #13)
> Im research things. In attach full webpage at that browser crashing.
> File: combined.cs
> String
> body{font-family:Trebuchet MS,sans-serif;
> If we change "Trebuchet MS" to other, for example - Comic Sans MS the all work
> properly.

I cannot reproduce the crash here. Are you able to capture a stack trace?

Here is a hint: run chrome this way to automatically get stack traces for all renderer processes: chrome --renderer-cmd-prefix='xterm -e gdb --eval-command=run --args'

After you reproduce the crash, just attach the contents of all xterm windows to this bug.
Comment 15 smalcom 2010-10-11 18:20:52 UTC
feature splitdebug enabled. freetype built with debug use.

./chrome --renderer-cmd-prefix='xterm -e gdb --eval-command=run --args'

and xterm output
------------
GNU gdb (Gentoo 7.2 p1) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>...
Reading symbols from /usr/lib64/chromium-browser/chrome...Reading symbols from /usr/lib64/debug/usr/lib64/chromium-browser/chrome.debug...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Starting program: /usr/lib64/chromium-browser/chrome --type=renderer --lang=uk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/ --channel=26502.0x2c24380.608561080
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffeb154710 (LWP 26539)]
*** glibc detected *** /usr/lib64/chromium-browser/chrome: free(): invalid pointer: 0x0000000002c09fb0 ***
======= Backtrace: =========
/lib/libc.so.6(+0x72906)[0x7ffff0d7a906]
/lib/libc.so.6(cfree+0x6c)[0x7ffff0d7f7bc]
/usr/lib/libfreetype.so.6(+0xe443)[0x7ffff5b42443]
/usr/lib/libfreetype.so.6(ft_mem_free+0x2f)[0x7ffff5b51f69]
/usr/lib/libfreetype.so.6(ft_glyphslot_free_bitmap+0x5e)[0x7ffff5b46347]
/usr/lib/libfreetype.so.6(+0x124ca)[0x7ffff5b464ca]
/usr/lib/libfreetype.so.6(FT_Load_Glyph+0x7b)[0x7ffff5b46c97]
/usr/lib64/chromium-browser/chrome[0xc61175]
/usr/lib64/chromium-browser/chrome[0xc55dfc]
/usr/lib64/chromium-browser/chrome[0xc467ff]
/usr/lib64/chromium-browser/chrome[0xc41f13]
/usr/lib64/chromium-browser/chrome[0xc3d31f]
/usr/lib64/chromium-browser/chrome[0x17cebd7]
/usr/lib64/chromium-browser/chrome[0x15a4c01]
/usr/lib64/chromium-browser/chrome[0x15a4d6e]
/usr/lib64/chromium-browser/chrome[0x15a7b9e]
/usr/lib64/chromium-browser/chrome[0x1602816]
/usr/lib64/chromium-browser/chrome[0x1605e5b]
/usr/lib64/chromium-browser/chrome[0x1601a22]
======= Memory map: ========
00400000-02585000 r-xp 00000000 08:03 27276 /usr/lib64/chromium-browser/chrome
02785000-02786000 r--p 02185000 08:03 27276 /usr/lib64/chromium-browser/chrome
02786000-027fa000 rw-p 02186000 08:03 27276 /usr/lib64/chromium-browser/chrome
027fa000-02c83000 rw-p 00000000 00:00 0                                  [heap]
7fffc0000000-7fffc00b8000 rw-p 00000000 00:00 0 
7fffc00b8000-7fffc4000000 ---p 00000000 00:00 0 
7fffc5c31000-7fffc5c54000 r--s 00000000 08:03 153425 /usr/share/fonts/corefonts/trebucit.ttf
7fffc5c54000-7fffc5c73000 r--s 00000000 08:03 153422 /usr/share/fonts/corefonts/trebucbd.ttf
7fffc5c73000-7fffc5c92000 r--s 00000000 08:03 153426 /usr/share/fonts/corefonts/trebuc.ttf
7fffc5c92000-7fffc5cd6000 r--s 00000000 08:03 153328 /usr/share/fonts/corefonts/arial.ttf
7fffc5cd6000-7fffc5cdf000 r--s 00000000 08:03 138351 /var/cache/fontconfig/87f5e051180a7a75f16eb6fe7dbd3749-le64.cache-3
7fffc5cdf000-7fffc5ce8000 r--s 00000000 08:03 138372 /var/cache/fontconfig/acc285bc1956c3c4bc7afb41d537a85a-le64.cache-3
7fffc5ce8000-7fffc5cf0000 r--s 00000000 08:03 138371 /var/cache/fontconfig/4460665c0f3e88acdd4c85aa2f409b99-le64.cache-3
7fffc5cf0000-7fffc5d02000 r--s 00000000 08:03 138370 /var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-le64.cache-3
7fffc5d02000-7fffc5d06000 r--s 00000000 08:03 138368 /var/cache/fontconfig/a595ca43be94766bbfe429f07fba82d0-le64.cache-3
7fffc5d06000-7fffc5d1b000 r--s 00000000 08:03 138364 /var/cache/fontconfig/25e0aa14c68cecf4ab53db3a88a7a060-le64.cache-3
7fffc5d1b000-7fffc5d32000 r--s 00000000 08:03 138361 /var/cache/fontconfig/ca6eb598bc8b0a6c66f53b9753bda408-le64.cache-3
7fffc5d32000-7fffc5ebb000 rw-p 00000000 00:00 0 
7fffc5ebb000-7fffc5faf000 rwxp 00000000 00:00 0 
7fffc5faf000-7fffe6000000 ---p 00000000 00:00 0 
7fffe6000000-7fffe6100000 rw-p 00000000 00:00 0 
7fffe6100000-7fffe7000000 ---p 00000000 00:00 0 
7fffe7000000-7fffe7100000 rw-p 00000000 00:00 0 
7fffe7100000-7fffe9ebb000 ---p 00000000 00:00 0 
7fffe9ebb000-7fffea5fd000 rw-s 00000000 00:04 5373963 /SYSV00000000 (deleted)
7fffea5fd000-7fffea6fe000 r-xp 00000000 08:03 27212 /usr/lib64/chromium-browser/libffmpegsumo.so
7fffea6fe000-7fffea8fd000 ---p 00101000 08:03 27212 /usr/lib64/chromium-browser/libffmpegsumo.so
7fffea8fd000-7fffea907000 r--p 00100000 08:03 27212 /usr/lib64/chromium-browser/libffmpegsumo.so
7fffea907000-7fffea909000 rw-p 0010a000 08:03 27212 /usr/lib64/chromium-browser/libffmpegsumo.so
7fffea909000-7fffea954000 rw-p 00000000 00:00 0 
7fffea954000-7fffea955000 ---p 00000000 00:00 0 
7fffea955000-7fffeb155000 rw-p 00000000 00:00 0 
7fffeb155000-7fffeb31d000 r--s 00000000 08:03 26960 /usr/lib64/chromium-browser/chrome.pak
7fffeb31d000-7fffeb70b000 r--p 00000000 08:03 1063494 /usr/lib64/locale/locale-archive
7fffeb70b000-7fffeb70f000 r-xp 00000000 08:03 131632 /lib64/libuuid.so.1.3.0
7fffeb70f000-7fffeb90e000 ---p 00004000 08:03 131632 /lib64/libuuid.so.1.3.0
7fffeb90e000-7fffeb90f000 r--p 00003000 08:03 131632 /lib64/libuuid.so.1.3.0
7fffeb90f000-7fffeb910000 rw-p 00004000 08:03 131632 /lib64/libuuid.so.1.3.0
7fffeb910000-7fffeb91b000 r-xp 00000000 08:03 1080647 /usr/lib64/libdrm.so.2.4.0
7fffeb91b000-7fffebb1a000 ---p 0000b000 08:03 1080647 /usr/lib64/libdrm.so.2.4.0
7fffebb1a000-7fffebb1b000 r--p 0000a000 08:03 1080647 /usr/lib64/libdrm.so.2.4.0
7fffebb1b000-7fffebb1c000 rw-p 0000b000 08:03 1080647 /usr/lib64/libdrm.so.2.4.0
7fffebb1c000-7fffebb30000 r-xp 00000000 08:03 1079112 /usr/lib64/libxcb-glx.so.0.0.0
7fffebb30000-7fffebd30000 ---p 00014000 08:03 1079112 /usr/lib64/libxcb-glx.so.0.0.0
7fffebd30000-7fffebd32000 r--p 00014000 08:03 1079112 /usr/lib64/libxcb-glx.so.0.0.0
7fffebd32000-7fffebd33000 rw-p 00016000 08:03 1079112 /usr/lib64/libxcb-glx.so.0.0.0
7fffebd33000-7fffebd34000 r-xp 00000000 08:03 1079189 /usr/lib64/libX11-xcb.so.1.0.0
7fffebd34000-7fffebf33000 ---p 00001000 08:03 1079189 /usr/lib64/libX11-xcb.so.1.0.0
7fffebf33000-7fffebf34000 r--p 00000000 08:03 1079189 /usr/lib64/libX11-xcb.so.1.0.0
7fffebf34000-7fffebf35000 rw-p 00001000 08:03 1079189 /usr/lib64/libX11-xcb.so.1.0.0
7fffebf35000-7fffebf3a000 r-xp 00000000 08:03 1080924 /usr/lib64/libXxf86vm.so.1.0.0
7fffebf3a000-7fffec139000 ---p 00005000 08:03 1080924 /usr/lib64/libXxf86vm.so.1.0.0
7fffec139000-7fffec13a000 r--p 00004000 08:03 1080924 /usr/lib64/libXxf86vm.so.1.0.0
7fffec13a000-7fffec13b000 rw-p 00005000 08:03 1080924 /usr/lib64/libXxf86vm.so.1.0.0
Program received signal SIGABRT, Aborted.
0x00007ffff0d3a7c5 in raise () from /lib/libc.so.6
(gdb) 
Comment 16 smalcom 2010-10-11 18:23:49 UTC
smalcom@smalcom /usr/lib64/debug/usr/lib64/chromium-browser $ ls -la
total 11956
drwxr-xr-x 2 root root     4096 2010-10-11 07:59 .
drwxr-xr-x 5 root root     4096 2010-10-11 07:59 ..
-rw-r--r-- 1 root root 12080286 2010-10-11 07:59 chrome.debug
-rw------- 1 root root     6711 2010-10-11 07:59 chrome_sandbox.debug
-rw-r--r-- 1 root root     3803 2010-10-11 07:59 ffmpegsumo_nolink.debug
-rw-r--r-- 1 root root   136485 2010-10-11 07:59 libffmpegsumo.so.debug
Comment 17 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-11 19:45:24 UTC
(In reply to comment #15)
> [Thread debugging using libthread_db enabled]
> [New Thread 0x7fffeb154710 (LWP 26539)]
> *** glibc detected *** /usr/lib64/chromium-browser/chrome: free(): invalid
> pointer: 0x0000000002c09fb0 ***
> ======= Backtrace: =========
> /lib/libc.so.6(+0x72906)[0x7ffff0d7a906]
> /lib/libc.so.6(cfree+0x6c)[0x7ffff0d7f7bc]
> /usr/lib/libfreetype.so.6(+0xe443)[0x7ffff5b42443]
> /usr/lib/libfreetype.so.6(ft_mem_free+0x2f)[0x7ffff5b51f69]
> /usr/lib/libfreetype.so.6(ft_glyphslot_free_bitmap+0x5e)[0x7ffff5b46347]
> /usr/lib/libfreetype.so.6(+0x124ca)[0x7ffff5b464ca]
> /usr/lib/libfreetype.so.6(FT_Load_Glyph+0x7b)[0x7ffff5b46c97]
> /usr/lib64/chromium-browser/chrome[0xc61175]

Okay. We know something more. Could you also try whether typing "bt<enter>" (no quotes, and hit enter for <enter>) would give a more detailed backtrace? I think the one above is generated by glibc, and gdb could be a bit smarter with debugging symbols present.

If the above fails, please file an upstream bug report with the above info (at http://new.crbug.com) and post the link here.
Comment 18 smalcom 2010-10-11 20:06:00 UTC
(gdb) bt
#0  0x00007ffff0d3a7c5 in raise () from /lib/libc.so.6
#1  0x00007ffff0d3bc46 in abort () from /lib/libc.so.6
#2  0x00007ffff0d75473 in ?? () from /lib/libc.so.6
#3  0x00007ffff0d7a906 in ?? () from /lib/libc.so.6
#4  0x00007ffff0d7f7bc in free () from /lib/libc.so.6
#5  0x00007ffff5b42443 in ft_free () from /usr/lib/libfreetype.so.6
#6  0x00007ffff5b51f69 in ft_mem_free () from /usr/lib/libfreetype.so.6
#7  0x00007ffff5b46347 in ft_glyphslot_free_bitmap ()
   from /usr/lib/libfreetype.so.6
#8  0x00007ffff5b464ca in ft_glyphslot_clear () from /usr/lib/libfreetype.so.6
#9  0x00007ffff5b46c97 in FT_Load_Glyph () from /usr/lib/libfreetype.so.6
#10 0x0000000000c61175 in SkScalerContext_FreeType::generateMetrics(SkGlyph*)
    ()
#11 0x0000000000c55dfc in SkScalerContext::getMetrics(SkGlyph*) ()
#12 0x0000000000c467ff in SkGlyphCache::getGlyphIDMetrics(unsigned short) ()
#13 0x0000000000c41f13 in SkDraw::drawPosText(char const*, unsigned long, float const*, float, int, SkPaint const&) const ()
#14 0x0000000000c3d31f in SkCanvas::drawPosText(void const*, unsigned long, SkPoint const*, SkPaint const&) ()
#15 0x00000000017cebd7 in WebCore::Font::drawGlyphs(WebCore::GraphicsContext*, WebCore::SimpleFontData const*, WebCore::GlyphBuffer const&, int, int, WebCore::FloatPoint const&) const ()
#16 0x00000000015a4c01 in WebCore::Font::drawGlyphBuffer(WebCore::GraphicsContex---Type <return> to continue, or q <return> to quit---
t*, WebCore::GlyphBuffer const&, WebCore::TextRun const&, WebCore::FloatPoint const&) const ()
#17 0x00000000015a4d6e in WebCore::Font::drawSimpleText(WebCore::GraphicsContext*, WebCore::TextRun const&, WebCore::FloatPoint const&, int, int) const ()
#18 0x00000000015a7b9e in WebCore::GraphicsContext::drawText(WebCore::Font const&, WebCore::TextRun const&, WebCore::IntPoint const&, int, int) ()
#19 0x0000000001602816 in WebCore::paintTextWithShadows(WebCore::GraphicsContext*, WebCore::Font const&, WebCore::TextRun const&, int, int, int, WebCore::IntPoint const&, int, int, int, int, WebCore::ShadowData const*, bool) ()
#20 0x0000000001605e5b in WebCore::InlineTextBox::paint(WebCore::PaintInfo&, int, int) ()
#21 0x0000000001601a22 in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, int, int) ()
#22 0x0000000001601a22 in WebCore::InlineFlowBox::paint(WebCore::PaintInfo&, int, int) ()
#23 0x00000000016b17e9 in WebCore::RootInlineBox::paint(WebCore::PaintInfo&, int, int) ()
#24 0x000000000166a78c in WebCore::RenderLineBoxList::paint(WebCore::RenderBoxModelObject*, WebCore::PaintInfo&, int, int) const ()
#25 0x0000000001619fb2 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, int, int) ()
#26 0x0000000001609446 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, int, int) ()
---Type <return> to continue, or q <return> to quit---
#27 0x000000000160b483 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, int, int) ()
#28 0x0000000001619fb2 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, int, int) ()
#29 0x0000000001609446 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, int, int) ()
#30 0x000000000160b483 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, int, int) ()
#31 0x0000000001619fb2 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, int, int) ()
#32 0x0000000001609446 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, int, int) ()
#33 0x000000000160b483 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, int, int) ()
#34 0x0000000001619fb2 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, int, int) ()
#35 0x0000000001609446 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, int, int) ()
#36 0x000000000160b7be in WebCore::RenderBlock::paintFloats(WebCore::PaintInfo&, int, int, bool) ()
#37 0x0000000001619fd8 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, int, int) ()
#38 0x0000000001609446 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, int, ---Type <return> to continue, or q <return> to quit---
int) ()
#39 0x000000000160b483 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, int, int) ()
#40 0x0000000001619fb2 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, int, int) ()
#41 0x0000000001609446 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, int, int) ()
#42 0x000000000160b483 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, int, int) ()
#43 0x0000000001619fb2 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, int, int) ()
#44 0x0000000001609446 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, int, int) ()
#45 0x000000000160b483 in WebCore::RenderBlock::paintChildren(WebCore::PaintInfo&, int, int) ()
#46 0x0000000001619fb2 in WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, int, int) ()
#47 0x0000000001609446 in WebCore::RenderBlock::paint(WebCore::PaintInfo&, int, int) ()
#48 0x0000000001660568 in WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::Overla---Type <return> to continue, or q <return> to quit---
pTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) ()
#49 0x0000000001660ef6 in WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul>*, WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) ()
#50 0x000000000165fde7 in WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*, WTF::HashMap<WebCore::OverlapTestRequestClient*, WebCore::IntRect, WTF::PtrHash<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::OverlapTestRequestClient*>, WTF::HashTraits<WebCore::IntRect> >*, unsigned int) ()
#51 0x0000000001660fb4 in WebCore::RenderLayer::paint(WebCore::GraphicsContext*, WebCore::IntRect const&, unsigned int, WebCore::RenderObject*) ()
#52 0x000000000155da01 in WebCore::FrameView::paintContents(WebCore::GraphicsContext*, WebCore::IntRect const&) ()
#53 0x00000000015e8f6b in WebCore::ScrollView::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) ()
#54 0x00000000012ee0d5 in WebKit::WebFrameImpl::paintWithContext(WebCore::GraphicsContext&, WebKit::WebRect const&) ()
#55 0x00000000012ee19c in WebKit::WebFrameImpl::paint(skia::PlatformCanvas*, WebKit::WebRect const&) ()
#56 0x0000000001311c69 in WebKit::WebViewImpl::paint(skia::PlatformCanvas*, WebK---Type <return> to continue, or q <return> to quit---
it::WebRect const&) ()
#57 0x0000000000b0bdf1 in RenderWidget::PaintRect(gfx::Rect const&, gfx::Point const&, skia::PlatformCanvas*) ()
#58 0x0000000000b0dcc3 in RenderWidget::DoDeferredUpdate() ()
#59 0x0000000000b0e359 in RenderWidget::CallDoDeferredUpdate() ()
#60 0x0000000000bbba80 in MessageLoop::RunTask(Task*) ()
#61 0x0000000000bbe390 in MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const&) ()
#62 0x0000000000bbe593 in MessageLoop::DoWork() ()
#63 0x0000000000bbee29 in base::MessagePumpDefault::Run(base::MessagePump::Delegate*) ()
#64 0x0000000000bbbe9b in MessageLoop::RunInternal() ()
#65 0x0000000000bbc02b in MessageLoop::Run() ()
#66 0x0000000000b1101d in RendererMain(MainFunctionParams const&) ()
#67 0x0000000000437abd in ChromeMain ()
#68 0x0000000000439183 in main ()
(gdb)
Comment 19 Mike Gilbert gentoo-dev 2010-10-19 03:53:27 UTC
This looks very similar to http://crbug.com/41597. No solution there either.
Comment 20 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-10-19 19:41:58 UTC
(In reply to comment #19)
> This looks very similar to http://crbug.com/41597. No solution there either.

Yup! Thanks for finding that.