New issue
Advanced search Search tips

Issue 736058 link

Starred by 3 users
Status: Fixed
Owner:
wittman@chromium.org
Closed: Dec 10
Cc:
a...@chromium.org
lgrey@chromium.org
mark@chromium.org
wittman@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 3
Type: Bug



Sign in to add a comment

Stack sampler crash

Project Member Reported by a...@chromium.org, Jun 22 2017 
Mike wrote in email:

Here's the first reported user crash: https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Mac%27%20AND%20product.Version%20%3E%3D%20%2760.0.3095.0%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27browser%27%20OMIT%20RECORD%20IF%20SUM(CrashedStackTrace.StackFrame.FunctionName%20like%20%27%25StackSamplingProfiler%25%27)%20%3D%200&ignore_case=false&enable_rewrite=false&omit_field_name=&omit_field_value=&omit_field_opt=&stbtiq=&reportid=&index=0

This time, going wrong in a DWARF unwind:
0x00007fffb5e23b79	(libunwind.dylib + 0x00003b79 )	libunwind::DwarfInstructions<libunwind::LocalAddressSpace, libunwind::Registers_x86_64>::evaluateExpression(unsigned long long, libunwind::LocalAddressSpace&, libunwind::Registers_x86_64 const&, unsigned long long)
0x00007fffb5e22061	(libunwind.dylib + 0x00002061 )	libunwind::DwarfInstructions<libunwind::LocalAddressSpace, libunwind::Registers_x86_64>::stepWithDwarf(libunwind::LocalAddressSpace&, unsigned long long, unsigned long long, libunwind::Registers_x86_64&)
0x00007fffb5e210b1	(libunwind.dylib + 0x000010b1 )	libunwind::UnwindCursor<libunwind::LocalAddressSpace, libunwind::Registers_x86_64>::step()
0x0000000113eb3eea	(Google Chrome Framework -native_stack_sampler_mac.cc:129 )	bool base::(anonymous namespace)::WalkStackFromContext<base::(anonymous namespace)::NativeStackSamplerMac::SuspendThreadAndRecordStack(base::NativeStackSampler::StackBuffer*, base::StackSamplingProfiler::Sample*)::$_0>(unw_context_t*, unsigned long*, base::(anonymous namespace)::NativeStackSamplerMac::SuspendThreadAndRecordStack(base::NativeStackSampler::StackBuffer*, base::StackSamplingProfiler::Sample*)::$_0 const&)
0x0000000113eb3a64	(Google Chrome Framework -native_stack_sampler_mac.cc:175 )	base::(anonymous namespace)::NativeStackSamplerMac::RecordStackSample(base::NativeStackSampler::StackBuffer*, base::StackSamplingProfiler::Sample*)

Looking at the crashing function and the fact that it's crashing dereferencing an address close to 0 (and also that the address, 0x48, is 5 8-byte offsets away from 0x100), I can believe that this could be the DWARF-equivalent of the EBP deference. Seems like it might be harder to work around unless we can make some assumptions about the DWARF unwind output that clang generates on Mac.

Comment 1 by wittman@chromium.org, Jun 23 2017

Cc: -wittman@chromium.org a...@chromium.org
Owner: wittman@chromium.org
Status: Assigned (was: Untriaged)
I have some ideas about how to work around this issue so I'll take this for now.

Comment 2 by lgrey@chromium.org, Jul 27 2017 

Fun fact: this was High Sierra! Specifically, walking off the end of the address space at the end of libxpc like all of the other 10.13 DWARF crashes

avi@ theorizes a bug in 10.13's libunwind

Comment 3 by lgrey@chromium.org, Jul 27 2017

Cc: wittman@chromium.org lgrey@chromium.org
 Issue 748254  has been merged into this issue.

Comment 4 by rsesek@chromium.org, Jul 27 2017 

If we can get a consistent repro on 10.13, we should file and escalate a radar to try and get this fixed before release.
Project Member

Comment 6 by sheriffbot@chromium.org, Jan 31 2018

Labels: FoundIn-M-65 Fracas OS-Mac
Users experienced this crash on the following builds:

Mac Dev 65.0.3325.31 -  0.97 CPM, 1 reports, 1 clients (signature base::`anonymous namespace'::NativeStackSamplerMac::RecordStackSample)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Project Member

Comment 7 by sheriffbot@chromium.org, Feb 5 2018

Labels: FoundIn-M-66
Users experienced this crash on the following builds:

Mac Canary 66.0.3339.0 -  0.35 CPM, 2 reports, 2 clients (signature base::`anonymous namespace'::NativeStackSamplerMac::RecordStackSample)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Project Member

Comment 8 by sheriffbot@chromium.org, Mar 8 2018

Labels: FoundIn-M-67
Users experienced this crash on the following builds:

Mac Canary 67.0.3364.0 -  1.84 CPM, 4 reports, 4 clients (signature base::`anonymous namespace'::NativeStackSamplerMac::RecordStackSample)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Project Member

Comment 9 by sheriffbot@chromium.org, Mar 13 2018

Labels: FoundIn-67
Users experienced this crash on the following builds:

Mac Canary 67.0.3368.1 -  2.17 CPM, 4 reports, 4 clients (signature base::`anonymous namespace'::NativeStackSamplerMac::RecordStackSample)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas
Project Member

Comment 10 by sheriffbot@chromium.org, Mar 13 2018

Labels: FoundIn-66
Users experienced this crash on the following builds:

Mac Dev 66.0.3359.26 -  3.76 CPM, 4 reports, 4 clients (signature base::`anonymous namespace'::NativeStackSamplerMac::RecordStackSample)
Mac Canary 67.0.3368.1 -  1.48 CPM, 4 reports, 4 clients (signature base::`anonymous namespace'::NativeStackSamplerMac::RecordStackSample)

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Comment 11 by wittman@chromium.org, Dec 10

Status: Fixed (was: Assigned)
All known crashes on Mac were fixed by 91193e7344c08c145f1a649469b6c5b4e848846b and d408e982d8ea7cdcc89f5c7cab7d1639106e616e.

Sign in to add a comment