crash in perfetto protozero::Message::Finalize on health-plan-clankium-low-end-phone |
|||||||
Issue descriptionStarted happening on this perf bot recently: https://ci.chromium.org/buildbot/internal.client.clank/health-plan-clankium-low-end-phone/ Example error message: ----------------------------------------------------- signal 11 (SIGSEGV), code 1, fault addr 0x12 in tid 8877 (ServiceWorker t) pid: 8803, tid: 8877, name: ServiceWorker t >>> com.google.android.apps.chrome:sandboxed_process0 <<< signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x12 r0 00000002 r1 00000000 r2 00000000 r3 00000002 r4 00000002 r5 b8acab88 r6 b8c831ec r7 b8c831f0 r8 9fffe47c r9 00000000 sl 00000000 fp 9959e151 ip b6d0d5dc sp 9fffe458 lr 98b1e607 pc 98b1e62c Stack Trace: RELADDR FUNCTION FILE:LINE 0097962c protozero::Message::Finalize() /b/build/slave/arm-builder-rel/build/src/third_party/perfetto/src/protozero/message.cc:90:7 Logs: https://logs.chromium.org/logs/chrome/bb/internal.client.clank/health-plan-clankium-low-end-phone/7881/+/recipes/steps/system_health.memory_mobile/0/stdout https://logs.chromium.org/logs/chrome/bb/internal.client.clank/health-plan-clankium-low-end-phone/7880/+/recipes/steps/system_health.memory_mobile/0/stdout https://logs.chromium.org/logs/chrome/bb/internal.client.clank/health-plan-clankium-low-end-phone/7879/+/recipes/steps/system_health.memory_mobile/0/stdout https://logs.chromium.org/logs/chrome/bb/internal.client.clank/health-plan-clankium-low-end-phone/7878/+/recipes/steps/system_health.memory_mobile/0/stdout
,
Sep 19
,
Sep 19
,
Sep 19
Ah thanks for filing the bug Egor, this will help debugging the issue for sure. Clearly this is due to re-enabling the perfetto backend in telemetry. That looks like a UAF in some message. Oysteine: possibly some code in memory-infra doesn't respect the stacked assumption? See if you can symbolize the microdump in the logs (w/ clank/bin/symbolize_microdump). If somebody gives me a stack trace I can probably make an educated guess on what's going on.
,
Sep 19
#4: Could this be the same as https://bugs.chromium.org/p/chromium/issues/detail?id=886528 ? If so I have a fix up at https://chromium-review.googlesource.com/c/chromium/src/+/1232414
,
Sep 19
pasko: Any pointers on how to repro this locally to see if the fix addressed the crash?
,
Sep 20
,
Sep 20
for repro there is a command in the logs. With all non-essential cruft removed it's something like: CHROMIUM_OUTPUT_DIR=out/SomeReleaseFlavor tools/perf/run_benchmark -v --browser=android-chrome system_health.memory_mobile --output-dir=/tmp/scratch these failures are on a sprout device. From yesterday's sheriffing I don't remember whether they surfaced on other device types :/
,
Oct 4
,
Nov 1
Removing from sheriff's queue. Haven't seen this error again recently.
,
Nov 1
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by pasko@chromium.org
, Sep 19