New issue
Advanced search Search tips

Issue 845380 link

Starred by 1 user
Status: Fixed
Owner:
mlippautz@chromium.org
Closed: May 2018
Cc:
haraken@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug



Sign in to add a comment

Chrome crashes while loading pages after r560434

Project Member Reported by horo@chromium.org, May 22 2018 
Chrome Version: TOT after r560434
OS: Linux (dcheck_always_on = true)

After r560434(20b65d00ca3d8696430e22efad7485366f8c3a21) Chrome crashes while loading pages.

Received signal 11 <unknown> 000000000000
#0 0x7f2e2a59acfc base::debug::StackTrace::StackTrace()
#1 0x7f2e2a59a7d1 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7f2e1f4c10c0 <unknown>
#3 0x7f2e210c603c blink::HeapObjectHeader::Finalize()
#4 0x7f2e210c9326 blink::NormalPageArena::PromptlyFreeObject()
#5 0x7f2e210c201f blink::HeapAllocator::BackingFree()
#6 0x7f2e20650ab0 WTF::HashTable<>::ExpandBuffer()
#7 0x7f2e206506d7 WTF::HashTable<>::Rehash()
#8 0x7f2e2065066a WTF::HashTable<>::Expand()
#9 0x7f2e2065050d WTF::HashTable<>::insert<>()
#10 0x7f2e2084ebcf blink::Supplementable<>::ProvideSupplement<>()
#11 0x7f2e202ad089 blink::ModulesInitializer::ProvideModulesToPage()
#12 0x7f2e2274b047 blink::WebViewImpl::WebViewImpl()
#13 0x7f2e2274a5ed blink::WebViewImpl::Create()
#14 0x7f2e2829f0ba content::RenderViewImpl::Initialize()
#15 0x7f2e282a1d7b content::RenderViewImpl::Create()
#16 0x7f2e28299457 content::RenderThreadImpl::CreateView()
#17 0x7f2e275a2ef5 content::mojom::RendererStubDispatch::Accept()
#18 0x7f2e296b1262 mojo::InterfaceEndpointClient::HandleValidatedMessage()
#19 0x7f2e296b0b46 mojo::FilterChain::Accept()
#20 0x7f2e296b2772 mojo::InterfaceEndpointClient::HandleIncomingMessage()
#21 0x7f2e295aebef IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnProxyThread()
#22 0x7f2e295ac441 _ZN4base8internal7InvokerINS0_9BindStateIMN3IPC12_GLOBAL__N_132ChannelAssociatedGroupControllerEFvN4mojo7MessageEEJ13scoped_refptrIS5_ENS0_13PassedWrapperIS7_EEEEEFvvEE3RunEPNS0_13BindStateBaseE
#23 0x7f2e2a4bbf40 base::debug::TaskAnnotator::RunTask()
#24 0x7f2e2115d85d base::sequence_manager::internal::ThreadControllerImpl::DoWork()
#25 0x7f2e2115f8e8 _ZN4base8internal7InvokerINS0_9BindStateIMNS_16sequence_manager8internal20ThreadControllerImplEFvNS4_19SequencedTaskSource8WorkTypeEEJNS_7WeakPtrIS5_EES7_EEEFvvEE3RunEPNS0_13BindStateBaseE
#26 0x7f2e2a4bbf40 base::debug::TaskAnnotator::RunTask()
#27 0x7f2e2a4e7d76 base::internal::IncomingTaskQueue::RunTask()
#28 0x7f2e2a4eb817 base::MessageLoop::RunTask()
#29 0x7f2e2a4ebc2a base::MessageLoop::DeferOrRunPendingTask()
#30 0x7f2e2a4ebebe base::MessageLoop::DoWork()
#31 0x7f2e2a4ee196 base::MessagePumpDefault::Run()
#32 0x7f2e2a4eb141 base::MessageLoop::Run()
#33 0x7f2e2a51ec26 base::RunLoop::Run()
#34 0x7f2e282c0d79 content::RendererMain()
#35 0x7f2e2839c055 content::RunZygote()
#36 0x7f2e2839c924 content::RunNamedProcessTypeMain()
#37 0x7f2e2839dcf2 content::ContentMainRunnerImpl::Run()
#38 0x7f2e2a80d54b service_manager::Main()
#39 0x7f2e2839b4e4 content::ContentMain()
#40 0x5624901bf1b3 ChromeMain
#41 0x7f2e1d3422b1 __libc_start_main
#42 0x5624901bf02a _start
  r8: 0000000000000000  r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000246
 r12: 000010a7cf021ad0 r13: 00007f2e2147ff40 r14: 000010a7cf021ad8 r15: 00001fdcc2920140
  di: 00001fdcc2920140  si: 0000000000000002  bp: 00007ffd471ffda0  bx: 000010a7cf021ad0
  dx: 00007f2e2a7f6e70  ax: 3333333333333333  cx: 0000000000000002  sp: 00007ffd471ffd80
  ip: 00007f2e210c603c efl: 0000000000010206 cgf: 002b000000000033 erf: 0000000000000000
 trp: 000000000000000d msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]

Comment 1 by horo@chromium.org, May 22 2018

Cc: haraken@chromium.org
Owner: mlippautz@chromium.org

Comment 2 by horo@chromium.org, May 22 2018

Components: Blink>MemoryAllocator>GarbageCollection
Labels: -Pri-3 Pri-1
Project Member

Comment 3 by bugdroid1@chromium.org, May 22 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4e481c2a6ff1d20fe135155559301c489316de4f

commit 4e481c2a6ff1d20fe135155559301c489316de4f
Author: Michael Lippautz <mlippautz@chromium.org>
Date: Tue May 22 03:46:19 2018

Revert "[oilpan] Fix GCInfoTable for multiple threads"

This reverts commit 20b65d00ca3d8696430e22efad7485366f8c3a21.

Reason for revert: Crashers, e.g., https://ci.chromium.org/buildbot/chromium.webkit/WebKit%20Mac10.11%20%28dbg%29/16072

Bug:  chromium:845380 

Original change's description:
> [oilpan] Fix GCInfoTable for multiple threads
> 
> Previously, grow and access from different threads could lead to a race
> on the table backing; see bug.
> 
> - Rework the table to work on an existing reservation.
> - Commit upon growing, avoiding any copies.
> 
> Drive-by: Fix over-allocation of table.
> 
> Bug:  chromium:841280 
> Change-Id: I329cb6f40091e14e8c05334ba1104a9440c31d43
> Reviewed-on: https://chromium-review.googlesource.com/1061525
> Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
> Reviewed-by: Kentaro Hara <haraken@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#560434}

TBR=ajwong@chromium.org,haraken@chromium.org,hpayer@chromium.org,mlippautz@chromium.org

Change-Id: Idb8b40c02d35810c00ed5a5a9064884b9c154f83
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug:  chromium:841280 
Reviewed-on: https://chromium-review.googlesource.com/1068568
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#560476}
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/BUILD.gn
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/gc_info.cc
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/gc_info.h
[delete] https://crrev.com/f10d746929edc6c5afb0d513f5340bf50e1cce4f/third_party/blink/renderer/platform/heap/gc_info_test.cc
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/heap.cc
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/heap.h
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/heap_page.cc
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/incremental_marking_test.cc
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/marking_verifier.h
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/marking_visitor.cc
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/marking_visitor.h
[modify] https://crrev.com/4e481c2a6ff1d20fe135155559301c489316de4f/third_party/blink/renderer/platform/heap/process_heap.cc

Comment 4 by mlippautz@chromium.org, May 22 2018

Status: Fixed (was: Untriaged)
Thanks, will investigate and fix before relanding.

Sign in to add a comment