Debug chromium crashes when QUIC connection migration enabled |
||
Issue descriptionVersion: ToT OS: Android What steps will reproduce the problem? (1) Build debug version of Chromium with QUIC connection migration forced on and early QUIC connection migration turned on (2) Launch Chromium and wait a few seconds What is the expected output? No crash What do you see instead? Crash This is due to my loading of the netd client library into Chromium on the IO thread. This library is guaranteed to already be loaded into Chromium so there won't be any actual file IO. This library is guaranteed to be loaded into Chromium at this point because this library is used for all libc calls to socket(), and for execution to get to net::UDPSocketPosix::BindToNetwork() we need to have already created a socket (i.e. via socket() ) to bind. Anyhow, this appears to only happen with a debug build so I'm setting the priority low. F/libc (10903): Fatal signal 6 (SIGABRT), code -6 in tid 10966 (Thread-5206) I/DEBUG (25962): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** I/DEBUG (25962): Build fingerprint: 'google/shamu/shamu:5.1.1/LMY49M/2916557:userdebug/dev-keys' I/DEBUG (25962): Revision: '33696' I/DEBUG (25962): ABI: 'arm' I/DEBUG (25962): pid: 10903, tid: 10966, name: Thread-5206 >>> org.chromium.chrome <<< I/DEBUG (25962): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- I/DEBUG (25962): Abort message: '[FATAL:thread_restrictions.cc(38)] Function marked as IO-only was called from a thread that disallows IO! If this thread really should be allowed to make IO calls, adjust the call to base::ThreadRestrictions::SetIOAllowed() in this thread's startup. I/DEBUG (25962): #00 0xa1676313 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x00082313 I/DEBUG (25962): #01 0xa16b1107 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x000bd107 I/DEBUG (25962): #02 0xa168c3d9 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x000983d9 I/DEBUG (25962): #03 I/DEBUG (25962): r0 00000000 r1 00002ad6 r2 00000006 r3 00000000 I/DEBUG (25962): r4 94905db8 r5 00000006 r6 00000000 r7 0000010c I/DEBUG (25962): r8 948ff0b0 r9 aedd9a80 sl aecb8248 fp aedd9930 I/DEBUG (25962): ip 00002ad6 sp 948fec08 lr b6d893c5 pc b6dabf98 cpsr 60070010 I/DEBUG (25962): I/DEBUG (25962): backtrace: I/DEBUG (25962): #00 pc 00039f98 /system/lib/libc.so (tgkill+12) I/DEBUG (25962): #01 pc 000173c1 /system/lib/libc.so (pthread_kill+52) I/DEBUG (25962): #02 pc 00017fd3 /system/lib/libc.so (raise+10) I/DEBUG (25962): #03 pc 00014795 /system/lib/libc.so (__libc_android_abort+36) I/DEBUG (25962): #04 pc 00012f44 /system/lib/libc.so (abort+4) I/DEBUG (25962): #05 pc 00071f1d /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base5debug13BreakDebuggerEv+20) I/DEBUG (25962): #06 pc 00082519 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN7logging10LogMessageD1Ev+560) I/DEBUG (25962): #07 pc 000bd105 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base18ThreadRestrictions15AssertIOAllowedEv+64) I/DEBUG (25962): #08 pc 000983d7 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base17LoadNativeLibraryERKNS_8FilePathEPNS_22NativeLibraryLoadErrorE+6) I/DEBUG (25962): #09 pc 002be07b /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net14UDPSocketPosix13BindToNetworkEi+242) I/DEBUG (25962): #10 pc 002bc8c3 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net15UDPClientSocket26ConnectUsingDefaultNetworkERKNS_10IPEndPointE+62) I/DEBUG (25962): #11 pc 002718ef /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17QuicStreamFactory15ConfigureSocketEPNS_20DatagramClientSocketENS_10IPEndPointEi+54) I/DEBUG (25962): #12 pc 0026d74d /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17QuicStreamFactory13CreateSessionERKNS0_14QuicSessionKeyEiNSt3__110unique_ptrINS_14QuicServerInfoENS4_14default_deleteIS6_EEEERKNS_11AddressListEN4base9TimeTicksERKNS_11BoundNetLogEPPNS_25QuicChromiumClientSessionE+280) I/DEBUG (25962): #13 pc 0026cdc1 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17QuicStreamFactory3Job9DoConnectEv+56) I/DEBUG (25962): #14 pc 0026c8a1 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17QuicStreamFactory3Job6DoLoopEi+300) I/DEBUG (25962): #15 pc 0026c755 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17QuicStreamFactory3Job3RunERKN4base8CallbackIFviELNS2_8internal8CopyModeE1EEE+8) I/DEBUG (25962): #16 pc 0026e21b /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17QuicStreamFactory6CreateERKNS_12QuicServerIdERKNS_12HostPortPairEiRK4GURLN4base16BasicStringPieceINSt3__112basic_stringIcNSC_11char_traitsIcEENSC_9allocatorIcEEEEEERKNS_11BoundNetLogEPNS_17QuicStreamRequestE+618) I/DEBUG (25962): #17 pc 0026df31 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17QuicStreamRequest7RequestERKNS_12HostPortPairENS_11PrivacyModeEiRK4GURLN4base16BasicStringPieceINSt3__112basic_stringIcNSA_11char_traitsIcEENSA_9allocatorIcEEEEEERKNS_11BoundNetLogERKNS8_8CallbackIFviELNS8_8internal8CopyModeE1EEE+188) I/DEBUG (25962): #18 pc 00204487 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net21HttpStreamFactoryImpl3Job16DoInitConnectionEv+1062) I/DEBUG (25962): #19 pc 002039bf /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net21HttpStreamFactoryImpl3Job6DoLoopEi+458) I/DEBUG (25962): #20 pc 002021a1 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net21HttpStreamFactoryImpl3Job7RunLoopEi+52) I/DEBUG (25962): #21 pc 0020203d /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net21HttpStreamFactoryImpl3Job13StartInternalEv+64) I/DEBUG (25962): #22 pc 00206977 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net21HttpStreamFactoryImpl13JobController10CreateJobsERKNS_15HttpRequestInfoENS_15RequestPriorityERKNS_9SSLConfigES8_PNS_17HttpStreamRequest8DelegateENS9_10StreamTypeERKNS_11BoundNetLogE+806) I/DEBUG (25962): #23 pc 00206635 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net21HttpStreamFactoryImpl13JobController5StartERKNS_15HttpRequestInfoEPNS_17HttpStreamRequest8DelegateEPNS_28WebSocketHandshakeStreamBase12CreateHelperERKNS_11BoundNetLogENS5_10StreamTypeENS_15RequestPriorityERKNS_9SSLConfigESI_+152) I/DEBUG (25962): #24 pc 00201191 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net21HttpStreamFactoryImpl21RequestStreamInternalERKNS_15HttpRequestInfoENS_15RequestPriorityERKNS_9SSLConfigES7_PNS_17HttpStreamRequest8DelegateEPNS_28WebSocketHandshakeStreamBase12CreateHelperENS8_10StreamTypeERKNS_11BoundNetLogE+96) I/DEBUG (25962): #25 pc 0020111f /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net21HttpStreamFactoryImpl13RequestStreamERKNS_15HttpRequestInfoENS_15RequestPriorityERKNS_9SSLConfigES7_PNS_17HttpStreamRequest8DelegateERKNS_11BoundNetLogE+86) I/DEBUG (25962): #26 pc 001f1803 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net22HttpNetworkTransaction14DoCreateStreamEv+158) I/DEBUG (25962): #27 pc 001f01dd /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net22HttpNetworkTransaction6DoLoopEi+1280) I/DEBUG (25962): #28 pc 001efcc1 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net22HttpNetworkTransaction5StartEPKNS_15HttpRequestInfoERKN4base8CallbackIFviELNS4_8internal8CopyModeE1EEERKNS_11BoundNetLogE+80) I/DEBUG (25962): #29 pc 0093ddf1 /data/app/org.chromium.chrome-1/lib/arm/libchrome.cr.so I/DEBUG (25962): #30 pc 001e86c7 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net9HttpCache11Transaction13DoSendRequestEv+250) I/DEBUG (25962): #31 pc 001e6309 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net9HttpCache11Transaction6DoLoopEi+1272) I/DEBUG (25962): #32 pc 001e6959 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net9HttpCache11Transaction5StartEPKNS_15HttpRequestInfoERKN4base8CallbackIFviELNS5_8internal8CopyModeE1EEERKNS_11BoundNetLogE+344) I/DEBUG (25962): #33 pc 002ccda9 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17URLRequestHttpJob24StartTransactionInternalEv+584) I/DEBUG (25962): #34 pc 002ccb3f /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17URLRequestHttpJob29MaybeStartTransactionInternalEi+142) I/DEBUG (25962): #35 pc 002cca91 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17URLRequestHttpJob16StartTransactionEv+80) I/DEBUG (25962): #36 pc 002ccfd3 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17URLRequestHttpJob18DoStartTransactionEv+26) I/DEBUG (25962): #37 pc 002ccfab /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17URLRequestHttpJob23SetCookieHeaderAndStartERKNSt3__16vectorINS_15CanonicalCookieENS1_9allocatorIS3_EEEE+114) I/DEBUG (25962): #38 pc 00186501 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net13CookieMonster28GetCookieListWithOptionsTask3RunEv+36) I/DEBUG (25962): #39 pc 0018723d /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net13CookieMonster18DoCookieTaskForURLERK13scoped_refptrINS0_17CookieMonsterTaskEERK4GURL+192) I/DEBUG (25962): #40 pc 001877a1 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net13CookieMonster29GetCookieListWithOptionsAsyncERK4GURLRKNS_13CookieOptionsERKN4base8CallbackIFvRKNSt3__16vectorINS_15CanonicalCookieENS9_9allocatorISB_EEEEELNS7_8internal8CopyModeE1EEE+104) I/DEBUG (25962): #41 pc 002cc00d /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17URLRequestHttpJob23AddCookieHeaderAndStartEv+272) I/DEBUG (25962): #42 pc 002cbc09 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net17URLRequestHttpJob5StartEv+412) I/DEBUG (25962): #43 pc 002c5cdf /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net10URLRequest8StartJobEPNS_13URLRequestJobE+506) I/DEBUG (25962): #44 pc 002c5ab5 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net10URLRequest21BeforeRequestCompleteEi+384) I/DEBUG (25962): #45 pc 002c5821 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so (_ZN3net10URLRequest5StartEv+320) I/DEBUG (25962): #46 pc 002c269b /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so I/DEBUG (25962): #47 pc 002c2ad7 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so I/DEBUG (25962): #48 pc 002c0775 /data/app/org.chromium.chrome-1/lib/arm/libnet.cr.so I/DEBUG (25962): #49 pc 0007267d /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base5debug13TaskAnnotator7RunTaskEPKcRKNS_11PendingTaskE+104) I/DEBUG (25962): #50 pc 00088151 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop7RunTaskERKNS_11PendingTaskE+196) I/DEBUG (25962): #51 pc 000882eb /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop21DeferOrRunPendingTaskERKNS_11PendingTaskE+18) I/DEBUG (25962): #52 pc 00088441 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop6DoWorkEv+138) I/DEBUG (25962): #53 pc 0008a545 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base19MessagePumpLibevent3RunEPNS_11MessagePump8DelegateE+284) I/DEBUG (25962): #54 pc 00087f57 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop10RunHandlerEv+82) I/DEBUG (25962): #55 pc 0009ef73 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base7RunLoop3RunEv+28) I/DEBUG (25962): #56 pc 000878fd /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop3RunEv+52) I/DEBUG (25962): #57 pc 00618411 /data/app/org.chromium.chrome-1/lib/arm/libcontent.cr.so (_ZN7content17BrowserThreadImpl11IOThreadRunEPN4base11MessageLoopE+8) I/DEBUG (25962): #58 pc 00618533 /data/app/org.chromium.chrome-1/lib/arm/libcontent.cr.so (_ZN7content17BrowserThreadImpl3RunEPN4base11MessageLoopE+230) I/DEBUG (25962): #59 pc 000bc42f /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base6Thread10ThreadMainEv+266) I/DEBUG (25962): #60 pc 000b8859 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so I/DEBUG (25962): #61 pc 00016baf /system/lib/libc.so (_ZL15__pthread_startPv+30) I/DEBUG (25962): #62 pc 00014af3 /system/lib/libc.so (__start_thread+6) I/DEBUG (25962): I/DEBUG (25962): Tombstone written to: /data/tombstones/tombstone_02 I/BootReceiver( 815): Copying /data/tombstones/tombstone_02 to DropBox (SYSTEM_TOMBSTONE)
,
Jun 29 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/25ea5bc3b93a92ced13ac18936a34053521c4bca commit 25ea5bc3b93a92ced13ac18936a34053521c4bca Author: pauljensen <pauljensen@chromium.org> Date: Wed Jun 29 15:28:08 2016 Ensure native library isn't actually loaded, and no IO on net thread LoadNativeLibrary asserts because IO is possible, so call dlopen() directly with flag ensuring no IO actually happens. We need to access libnetd_client.so, which is guaranteed to be loaded by the point where it's needed as socket() is guaranteed to be called which libnetd_client.so handles. BUG= 623555 R=xunjieli Review-Url: https://codereview.chromium.org/2104533002 Cr-Commit-Position: refs/heads/master@{#402817} [modify] https://crrev.com/25ea5bc3b93a92ced13ac18936a34053521c4bca/net/udp/udp_socket_posix.cc
,
Jun 29 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by pauljensen@chromium.org
, Jun 27 2016My proposed fix is to ignore the IO assertion in LoadNativeLibrary() because it doesn't actually perform any disk loads because the library is already loaded. I proved this is true with a tiny test program: $ cat hello.c #include <dlfcn.h> #include <sys/types.h> #include <sys/socket.h> #include <stdio.h> int main() { write(1, "1\n", 2); socket(AF_INET, SOCK_STREAM, 0); write(1, "2\n", 2); dlopen("libnetd_client.so", 0); write(1, "3\n", 2); } $ ~/chrome/src/third_party/android_tools/ndk/toolchains/arm-linux-androideabi-*/prebuilt/linux-x86_64/bin/arm-linux-androideabi-gcc --sysroot=/usr/local/google/home/pauljensen/chrome/src/third_party/android_tools/ndk/platforms/android-9/arch-arm hello.c -pie $ adb push a.out /data/local/tmp $ adb shell strace /data/local/tmp/a.out This also works when RTLD_LAZY is passed to dlopen() like LoadNativeLibrary does.