Issue 598132 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	jbudorick@chromium.org
Closed:	Apr 2016
Cc:	█ cjhopman@chromium.org dpranke@chromium.org █ wnwen@chromium.org wolenetz@chromium.org jbudorick@chromium.org
Components:	Blink>Infra
EstimatedDays:	----
NextAction:	----
OS:	Android
Pri:	2
Type:	Bug

Nexus 4 Webkit tests - crash_dump_manager_android race?

Project Member Reported by chcunningham@chromium.org, Mar 26 2016

Issue description

I regularly see my local runs of android layout tests fail because of this check:

18:17:32.614 15643   03-26 01:16:18.497  4899  4930 F chromium: [4899:4930:0326/011618:206540309:FATAL:crash_dump_manager_android.cc(35)] Check failed: instance_.

I've also seen this on the bots, but somehow they still pass:
https://build.chromium.org/p/chromium.webkit/builders/WebKit%20Android%20%28Nexus4%29/builds/44920/steps/steps/logs/stdio
(log attached in case that link breaks)

Who owns the crash manager? This code seems really prone to racing. It wants to be a singleton, but the pattern is really strange and there's no atomic state AFAIK. 

The call stack at the time of the crash is:
  00439349  logging::LogMessage::~LogMessage()
  0282eb0b  breakpad::CrashDumpManager::GetInstance()
  0033ea27  content::ShellContentBrowserClient::GetAdditionalMappedFilesForChildProcess(...) 
  01fa05b9  LaunchOnLauncherThread
  ... CLIPPED BIND STUFF ...
  0043de89  base::MessageLoop::RunTask(base::PendingTask const&)
  0043e49d  base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&)
  0043e579  base::MessageLoop::DoWork()
  0043fc51  base::MessagePumpDefault::Run(base::MessagePump::Delegate*)
  0043f5f7  base::MessageLoop::RunHandler()
  0045286f  base::RunLoop::Run()
  0043dbff  base::MessageLoop::Run()
  01f897b1  content::BrowserThreadImpl::ProcessLauncherThreadRun(base::MessageLoop*)                                                                                                                         01f899b7  content::BrowserThreadImpl::Run(base::MessageLoop*)

webkit_nexus_4_build_44920.log
4.1 MB View Download

Comment 1 by jbudorick@chromium.org, Apr 1 2016

Owner: jbudorick@chromium.org
Status: Started (was: Untriaged)

Yeah, this is definitely racy. In BrowserMainLoop::CreateStartupTasks, we create the launcher thread (and the other browser threads) before creating the crash dump manager, and the launcher thread can subsequently wind up attempting to access the crash dump manager before we ever get to creating it.

Comment 2 by jbudorick@chromium.org, Apr 1 2016

(as for the ownership question: I have no idea if anyone owns the crash manager)

Project Member

Comment 3 by bugdroid1@chromium.org, Apr 2 2016

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e834612b9e99125f7e49523559f856953cdf01ea

commit e834612b9e99125f7e49523559f856953cdf01ea
Author: jbudorick <jbudorick@chromium.org>
Date: Sat Apr 02 22:36:41 2016

[Android] Initialize CrashDumpManager earlier in ContentShell.

BUG= 598132 

Review URL: https://codereview.chromium.org/1854933002

Cr-Commit-Position: refs/heads/master@{#384815}

[modify] https://crrev.com/e834612b9e99125f7e49523559f856953cdf01ea/content/shell/browser/shell_browser_main_parts.cc
[modify] https://crrev.com/e834612b9e99125f7e49523559f856953cdf01ea/content/shell/browser/shell_browser_main_parts.h

Comment 4 by jbudorick@chromium.org, Apr 4 2016

Status: Fixed (was: Started)

Comment 5 by sshru...@google.com, Apr 18 2016

Components: -Blink>ToolsTest Blink>Infra

Blink>ToolsTest renamed to Blink>Infra

►

Issue 598132 link

Issue metadata

Nexus 4 Webkit tests - crash_dump_manager_android race?

Issue description

Comment 1 by jbudorick@chromium.org, Apr 1 2016

Comment 1 Deleted

Comment 2 by jbudorick@chromium.org, Apr 1 2016

Comment 2 Deleted

Comment 3 by bugdroid1@chromium.org, Apr 2 2016

Comment 3 Deleted

Comment 4 by jbudorick@chromium.org, Apr 4 2016

Comment 4 Deleted

Comment 5 by sshru...@google.com, Apr 18 2016

Comment 5 Deleted

Sign in to add a comment