empty mutex causing crash in Heap::Scavenge
Reported by
michael....@emerson.com,
Sep 17
|
|||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 Steps to reproduce the problem: 1. no easy way to replicate - we are running multi day soak tests which load different pages over and over again. 2. 3. What is the expected behavior? No crash. What went wrong? Inside of the OneshotBarrier::Wait, the waiting_ is 2 and the tasks_ is 82448016, this causes the condition_.Wait(&mutex_) to be called. The mutex_ has a null native_handle_, which I believe ic causing the unhandled exception. # ChildEBP RetAddr Args to Child 00 0075d870 771625d4 0075daa0 00000000 0075daa0 ntdll!NtWaitForAlertByThreadId+0xc 01 0075d8b0 75854bd3 0075da9c 0075daa0 00000000 ntdll!RtlSleepConditionVariableSRW+0xf4 02 0075d8d4 62a155e1 0075da9c 0075daa0 ffffffff KERNELBASE!SleepConditionVariableSRW+0x23 03 0075d8ec 60f03bb8 0075daa0 10440ac8 1052b2bc libcef!v8::base::ConditionVariable::Wait+0x11 [Y:\work\CEF3_git\chromium\src\v8\src\base\platform\condition-variable.cc @ 140] 04 (Inline) -------- -------- -------- -------- libcef!v8::internal::OneshotBarrier::Wait+0x3a [Y:\work\CEF3_git\chromium\src\v8\src\heap\barrier.h @ 57] 05 0075d998 60f0396b 1052b280 0075d9d8 60ef98a4 libcef!v8::internal::ScavengingTask::RunInParallel+0x238 [Y:\work\CEF3_git\chromium\src\v8\src\heap\heap.cc @ 1906] 06 0075d9a4 60ef98a4 00000078 0000001e 6490d240 libcef!v8::internal::ItemParallelJob::Task::RunInternal+0xb [Y:\work\CEF3_git\chromium\src\v8\src\heap\item-parallel-job.h @ 98] 07 (Inline) -------- -------- -------- -------- libcef!v8::internal::CancelableTask::Run+0x17 [Y:\work\CEF3_git\chromium\src\v8\src\cancelable-task.h @ 148] 08 0075d9d8 60ef85e6 2f689131 04ed51e0 04f04b24 libcef!v8::internal::ItemParallelJob::Run+0x114 [Y:\work\CEF3_git\chromium\src\v8\src\heap\item-parallel-job.h @ 144] 09 0075e008 60ef5d11 a5abaddb 00000000 04ed51e0 libcef!v8::internal::Heap::Scavenge+0xc76 [Y:\work\CEF3_git\chromium\src\v8\src\heap\heap.cc @ 2018] 0a 0075e100 60ef51cf 00000000 00000000 00000000 libcef!v8::internal::Heap::PerformGarbageCollection+0x561 [Y:\work\CEF3_git\chromium\src\v8\src\heap\heap.cc @ 1608] 0b 0075e174 60ec469d 00000000 00000001 00000000 libcef!v8::internal::Heap::CollectGarbage+0x27f [Y:\work\CEF3_git\chromium\src\v8\src\heap\heap.cc @ 1257] 0c 0075e1a8 610c7bf0 0075e1c4 00000040 00000000 libcef!v8::internal::Factory::NewFillerObject+0x4d [Y:\work\CEF3_git\chromium\src\v8\src\factory.cc @ 91] 0d (Inline) -------- -------- -------- -------- libcef!v8::internal::__RT_impl_Runtime_AllocateInNewSpace+0x4a [Y:\work\CEF3_git\chromium\src\v8\src\runtime\runtime-internal.cc @ 323] 0e 0075e1d8 2d18625e 00000001 0075e204 04ed51d0 libcef!v8::internal::Runtime_AllocateInNewSpace+0x70 [Y:\work\CEF3_git\chromium\src\v8\src\runtime\runtime-internal.cc @ 316] Did this work before? N/A Chrome version: 65.0.3325 Channel: n/a OS Version: 10.0 Flash Version: n/a Is other data needed to help figure out how to fix/diagnose this issue?
,
Sep 18
,
Sep 19
,
Sep 19
We are using: cef_binary_3.3325.1758.g9aea513
,
Sep 19
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 19
,
Sep 20
michael.tajmajer@ Please follow below steps to provide crash id from chrome://crashes. 1. Reproduce the issue until it become crash 2. Goto Chrome://crashes & check for 'uploaded crash report id'. If it is not genearted as in C#3 3. Click on 'Send Now' button (as attached) 4. Wait for few minutes(5 to 10 mins) until it generates 16 digit (uploaded crash report id) crash id as in C#3. 5. Copy & paste that in this bug Thanks..!
,
Sep 20
We're not using chrome, we are using libcef. I can send you a crash dump if you want?
,
Sep 20
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 26
Re#8, Please attach crash dump file. Also it looks like you are using old version of chrome(65.0.3325.0) as mentioned in c#0.So, please upgrade chrome to latest version #69.0.3497.0 and check if issue is still reproducible. Thanks!
,
Sep 26
The dump file is 500MB, is there a way to attach a file that large here? Or, is there another way you want me to send it to you?
,
Sep 26
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 22
I don't think we officially support cef.
,
Oct 22
See comment #13. Please reach out to the cef developers.
,
Oct 22
This issue is in the chromium code. I guess we can keep digging and send a pull request if we find the root cause. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by phanindra.mandapaka@chromium.org
, Sep 18