Heap profiler crashes at AllocationRegister::GetAllocation on Android |
|||||||
Issue descriptionBackground context: go/memory-infra Only renderer seems to crash. It is either PartitionAlloc of BlinkGC. FILE:LINE 0084e100 <unknown> /data/app/org.chromium.chrome-1/lib/arm/libv8.cr.so 0010613c base::trace_event::AllocationRegister::GetAllocation(unsigned int) const+72 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 00106158 base::trace_event::AllocationRegister::ConstIterator::operator*() const+16 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 000f25f0 blink::PartitionAllocMemoryDumpProvider::OnMemoryDump(base::trace_event::MemoryDumpArgs const&, base::trace_event::ProcessMemoryDump*)+208 /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so 0010e49c base::trace_event::MemoryDumpManager::InvokeOnMemoryDump(base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState*)+936 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 0010e844 base::trace_event::MemoryDumpManager::SetupNextMemoryDump(std::__ndk1::unique_ptr<base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState, std::__ndk1::default_delete<base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState> >)+820 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 0010e23c base::trace_event::MemoryDumpManager::InvokeOnMemoryDump(base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState*)+328 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 0010e844 base::trace_event::MemoryDumpManager::SetupNextMemoryDump(std::__ndk1::unique_ptr<base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState, std::__ndk1::default_delete<base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState> >)+820 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 0010e23c base::trace_event::MemoryDumpManager::InvokeOnMemoryDump(base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState*)+328 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 0010e844 base::trace_event::MemoryDumpManager::SetupNextMemoryDump(std::__ndk1::unique_ptr<base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState, std::__ndk1::default_delete<base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState> >)+820 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 0010e23c base::trace_event::MemoryDumpManager::InvokeOnMemoryDump(base::trace_event::MemoryDumpManager::ProcessMemoryDumpAsyncState*)+328 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 00091f7c base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+220 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 001e69e8 blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, bool, blink::scheduler::LazyNow, base::TimeTicks*)+1320 /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so 001e72c0 blink::scheduler::TaskQueueManager::DoWork(bool)+752 /data/app/org.chromium.chrome-1/lib/arm/libblink_platform.cr.so 00091f7c base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+220 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 000b1d18 base::MessageLoop::RunTask(base::PendingTask*)+268 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 000b26a8 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)+192 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 000b2a7c base::MessageLoop::DoWork()+332 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 000b3fb4 base::MessagePumpDefault::Run(base::MessagePump::Delegate*)+32 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 000b1858 base::MessageLoop::RunHandler()+116 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 000d4330 base::RunLoop::Run()+60 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so 00aa0a50 <unknown> /data/app/org.chromium.chrome-1/lib/arm/libcontent.cr.so 00b13df0 <unknown> /data/app/org.chromium.chrome-1/lib/arm/libcontent.cr.so 00b12a80 Java_org_chromium_content_app_ContentMain_nativeStart+392 /data/app/org.chromium.chrome-1/lib/arm/libcontent.cr.so
,
Feb 6 2017
+kraynov who was looking into the test to prevent things like this to happen
,
Feb 6 2017
,
Feb 6 2017
Could you please provide more context? gn args, etc. Couldn't reproduce on system_health.memory_mobile.
,
Feb 6 2017
,
Feb 6 2017
Seems to be related to V8 sampling profiler:
#0 HandleProfilerSignal () at ../../v8/src/libsampler/sampler.cc:410
#1 <signal handler called>
#2 0xb6cf06c0 in __memcpy_base () from /tmp/dskiba-adb-gdb-libs/system/lib/libc.so
#3 0xaf004cf0 in base::trace_event::AllocationContext::AllocationContext(base::trace_event::Backtrace const&, char const*) ()
at ../../base/trace_event/heap_profiler_allocation_context.cc:42
#4 0xaf0056e8 in GetAllocation () at ../../base/trace_event/heap_profiler_allocation_register.cc:173
#5 operator* () at ../../base/trace_event/heap_profiler_allocation_register.cc:30
#6 0x9ee33db8 in OnMemoryDump () at ../../third_party/WebKit/Source/platform/heap/BlinkGCMemoryDumpProvider.cpp:75
#7 0xaf00dad8 in InvokeOnMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:675
#8 0xaf00cec0 in SetupNextMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:586
#9 0xaf00dbb0 in InvokeOnMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:681
#10 0xaf00cec0 in SetupNextMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:586
#11 0xaf00dbb0 in InvokeOnMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:681
#12 0xaf00cec0 in SetupNextMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:586
#13 0xaf00dbb0 in InvokeOnMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:681
#14 0xaf00cec0 in SetupNextMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:586
#15 0xaf00dbb0 in InvokeOnMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:681
#16 0xaf00cec0 in SetupNextMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:586
#17 0xaf00dbb0 in InvokeOnMemoryDump () at ../../base/trace_event/memory_dump_manager.cc:681
#18 0xaef87a7c in Run () at ../../base/callback.h:68
#19 RunTask () at ../../base/debug/task_annotator.cc:52
#20 0x9edc11f4 in ProcessTaskFromWorkQueue () at ../../third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:519
#21 0x9edbfc54 in DoWork () at ../../third_party/WebKit/Source/platform/scheduler/base/task_queue_manager.cc:316
#22 0xaef87a7c in Run () at ../../base/callback.h:68
#23 RunTask () at ../../base/debug/task_annotator.cc:52
#24 0xaefa8de8 in RunTask () at ../../base/message_loop/message_loop.cc:421
#25 0xaefa9174 in DeferOrRunPendingTask () at ../../base/message_loop/message_loop.cc:430
#26 0xaefa9594 in DoWork () at ../../base/message_loop/message_loop.cc:523
#27 0xaefaaf0c in Run () at ../../base/message_loop/message_pump_default.cc:33
#28 0xaefa8a94 in RunHandler () at ../../base/message_loop/message_loop.cc:386
#29 0xaefcc9f4 in Run () at ../../base/run_loop.cc:37
#30 0x9cc30ecc in RendererMain () at ../../content/renderer/renderer_main.cc:200
#31 0x9cca8598 in Run () at ../../content/app/content_main_runner.cc:813
#32 0x9cca75b4 in Start () at ../../content/app/android/content_main.cc:46
#33 Java_org_chromium_content_app_ContentMain_nativeStart () at gen/content/public/android/content_jni_headers/content/jni/ContentMain_jni.h:39
We crashed on SIGILL while returning from HandleProfilerSignal.
,
Feb 6 2017
The issue doesn't reproduce on Nexus 5X @ MTC19X, but reliably reproduces on Nexus 7 @ M4B30Y.
,
Feb 6 2017
The sampling profiler shouldn't be on by default.. Unless we end up accidentally turning it on by using filtering mode. Can somebody check?
,
Feb 6 2017
The issue itself might be due to the sampling profiler calling malloc in the signal handler. The shim is definitely not reentrant safe (%initialization when we expect reentrancy to allocate the tls). But at the same time malloc itself is not reentrant safe, so if the sampling profiler is using that it's a bug there. But let's first check what the root cause is.
,
Feb 6 2017
Apparently tracing CPU profiler is enabled by this check:
if (!PROFILER_TRACE_CATEGORY_ENABLED("v8.cpu_profiler")) return;
,
Feb 6 2017
,
Feb 6 2017
Sorry for not including context in the bug. Yeah it seems to crash only on Nexus 7. I imagined it's going to crash always since it was reliably crashing. The issue is the sampling profiler is turned on because of filtering mode enabling categories. I'm fixing this in https://codereview.chromium.org/2676403002/
,
Feb 7 2017
,
Feb 14 2017
V8 cls do not update in the bug I guess: [tracing] The CPU profiler should only be enabled for specific modes of tracing We have different modes of tracing: recording, event callback and filtering. The cpu profiler should not be enabled when tracing is enabled with filtering mode. BUG= 688651 Review-Url: https://codereview.chromium.org/2676403002 Cr-Commit-Position: refs/heads/master@{#43119} Committed: https://chromium.googlesource.com/v8/v8/+/21523c7832cdbd74fceacddf4660977eef02cd4c |
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by dskiba@chromium.org
, Feb 5 2017