Chrome_Mac: Crash Report - base::SamplingHeapProfiler::RecordFree |
||||
Issue descriptionreporter:manoranjanr@google.com Magic Signature: base::SamplingHeapProfiler::RecordFree Crash link: https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Mac%27+AND+product.version%3D%2768.0.3440.25%27+AND+expanded_custom_data.ChromeCrashProto.channel%3D%27beta%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27renderer%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27base%3A%3ASamplingHeapProfiler%3A%3ARecordFree%27&stbtiq=&reportid=&index=0 ------------------------------------------------------------------------------- Sample Report ------------------------------------------------------------------------------- Product name: Chrome_Mac Magic Signature : base::SamplingHeapProfiler::RecordFree Product Version: 68.0.3440.25 Process type: renderer Report ID: 00e7fa50bc2f0e56 Report Url: https://crash.corp.google.com/00e7fa50bc2f0e56 Report Time: 2018-06-19T04:24:57-07:00 Upload Time: 2018-06-19T04:24:58.659-07:00 Uptime: 552000 ms OS Name: Mac OS X OS Version: 10.13.5 17F70a CPU Architecture: amd64 CPU Info: family 6 model 158 stepping 9 ------------------------------------------------------------------------------- Crashing thread: Thread index: 8. Stack Quality: 84%. Thread id: 7437360. ------------------------------------------------------------------------------- 0x00000001058a43d8 (Google Chrome Framework - __hash_table: 102) base::SamplingHeapProfiler::RecordFree(void*) 0x00000001058a4a1e (Google Chrome Framework - sampling_heap_profiler.cc: 129) base::(anonymous namespace)::FreeDefiniteSizeFn(base::allocator::AllocatorDispatch const*, void*, unsigned long, void*) 0x00000001059569c1 (Google Chrome Framework - ref_counted.h: 398) mojo::ScopedInterfaceEndpointHandle::~ScopedInterfaceEndpointHandle() 0x000000010594a14d (Google Chrome Framework - interface_endpoint_client.cc: 169) mojo::InterfaceEndpointClient::~InterfaceEndpointClient() 0x0000000105946e5a (Google Chrome Framework - memory: 2321) <name omitted> 0x00000001098ee00d (Google Chrome Framework - binding.h: 147) content::FrameInputHandlerImpl::Release() 0x000000010594a7d2 (Google Chrome Framework - callback.h: 96) mojo::InterfaceEndpointClient::NotifyError(base::Optional<mojo::DisconnectReason> const&) 0x000000010594e6fb (Google Chrome Framework - multiplex_router.cc: 785) mojo::internal::MultiplexRouter::ProcessNotifyErrorTask(mojo::internal::MultiplexRouter::Task*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) 0x000000010594cc0e (Google Chrome Framework - multiplex_router.cc: 698) mojo::internal::MultiplexRouter::ProcessTasks(mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) 0x000000010594b9fc (Google Chrome Framework - multiplex_router.cc: 667) mojo::internal::MultiplexRouter::OnPipeConnectionError() 0x0000000105947b33 (Google Chrome Framework - callback.h: 96) mojo::Connector::HandleError(bool, bool) 0x000000010595b4b7 (Google Chrome Framework - callback.h: 125) mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) 0x000000010585d5a6 (Google Chrome Framework - callback.h: 96) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x00000001052d2df8 (Google Chrome Framework - thread_controller_impl.cc: 166) base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) 0x000000010585d5a6 (Google Chrome Framework - callback.h: 96) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000000010587d5c3 (Google Chrome Framework - message_loop.cc: 319) base::MessageLoop::RunTask(base::PendingTask*) 0x000000010587da97 (Google Chrome Framework - message_loop.cc: 329) base::MessageLoop::DoWork() 0x000000010587ea78 (Google Chrome Framework - message_pump_default.cc: 37) base::MessagePumpDefault::Run(base::MessagePump::Delegate*) 0x00000001058a1f54 (Google Chrome Framework - run_loop.cc: 102) <name omitted> 0x00000001058d51ec (Google Chrome Framework - thread.cc: 337) base::Thread::ThreadMain() 0x0000000105907446 (Google Chrome Framework - platform_thread_posix.cc: 76) base::(anonymous namespace)::ThreadFunc(void*) 0x00007fff5b588660 (libsystem_pthread.dylib + 0x00003660) _pthread_body 0x00007fff5b58850c (libsystem_pthread.dylib + 0x0000350c) _pthread_start 0x00007fff5b587bf8 (libsystem_pthread.dylib + 0x00002bf8) thread_start 0x00000001059073ef (Google Chrome Framework + 0x021d83ef) ------------------------------------------------------------------------------- Manual regression range finder link ------------------------------------------------------------------------------- https://crash.corp.google.com/browse?q=expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27base%3A%3ASamplingHeapProfiler%3A%3ARecordFree%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27renderer%27#-property-selector,-samplereports,+productname,+productversion:1000,+directory,-clientid,+operatingsystem,+url,+simplifiedurl,+extensions
,
Jun 20 2018
manoranjanr@, that CL changes heap snapshot, this crash happens in sampling heap profiler. They are not related. Assigning to alph@ for triaging.
,
Jun 20 2018
Thanks for letting me know. I'm actually aware of this problem, but it's not urgent as the profiler is currently under development and off by default for everyone.
,
Jun 25 2018
Issue 846598 has been merged into this issue.
,
Jul 4
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0bed5b240673b8836812e5feaa713df706dbe5ec commit 0bed5b240673b8836812e5feaa713df706dbe5ec Author: Alexei Filippov <alph@chromium.org> Date: Wed Jul 04 02:08:38 2018 [sampling heap profiler] Implement lock-free hash set. It turned out the std::unordered_set does not support concurrent access even to distinct items in the container. Here's the custom implementation of a hash set with keys of void* type. It supports lock-free concurrent access to Insert, Remove, and Contains operations. The latter made as fast as possible since it is on the hot path of the memory allocation hooks. BUG= 854399 Change-Id: Ia53eeff08bafc363df2aef8ac5cdd5212f124452 Reviewed-on: https://chromium-review.googlesource.com/1121101 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Andrey Kosyakov <caseq@chromium.org> Commit-Queue: Alexei Filippov <alph@chromium.org> Cr-Commit-Position: refs/heads/master@{#572446} [modify] https://crrev.com/0bed5b240673b8836812e5feaa713df706dbe5ec/base/BUILD.gn [modify] https://crrev.com/0bed5b240673b8836812e5feaa713df706dbe5ec/base/sampling_heap_profiler/benchmark-octane.js [add] https://crrev.com/0bed5b240673b8836812e5feaa713df706dbe5ec/base/sampling_heap_profiler/lock_free_address_hash_set.cc [add] https://crrev.com/0bed5b240673b8836812e5feaa713df706dbe5ec/base/sampling_heap_profiler/lock_free_address_hash_set.h [add] https://crrev.com/0bed5b240673b8836812e5feaa713df706dbe5ec/base/sampling_heap_profiler/lock_free_address_hash_set_unittest.cc [modify] https://crrev.com/0bed5b240673b8836812e5feaa713df706dbe5ec/base/sampling_heap_profiler/sampling_heap_profiler.cc [modify] https://crrev.com/0bed5b240673b8836812e5feaa713df706dbe5ec/base/sampling_heap_profiler/sampling_heap_profiler.h
,
Jul 6
Fixed in 69.0.3482.0 |
||||
►
Sign in to add a comment |
||||
Comment 1 by manoranj...@chromium.org
, Jun 19 2018Labels: RegressedIn-66 FoundIn-66 M-68 Target-68
Owner: u...@chromium.org
Status: Assigned (was: Untriaged)