Crash when using BigBuffer

[Chu-Hsuan Yang]

Hi chromium-mojo,

Recently, we (ChromeOS Camera App) got a bug that the app will crash when using BigBuffer. The same crash also happens in PDF Viewer and Personalization app. It's likely that something went wrong in the underlying mojo operation.

Some observations:

1. Seems to only happen on recovery image but not test image.

2. Seems to only happen on arm64.

3. If the crash happens, it happens very easily. It may not crash at all after logging in again, and vice versa.

4. The crash shows a large spike starting from 127.0.6509.0.

Any thoughts about this issue? Not that once http://crrev.com/c/5662240 is landed, the error will be bubbled up to JS side.

Thanks,

Chu-Hsuan

[Ken Rockot]

Not a Mojo issue per se. The crash stack implies that ArrayBufferContents is failing to map the provided region, which is why there's no backing store.

Yet the region is apparently valid, or we wouldn't have constructed the ArrayBufferContents.

I can think of two possibilities for mmap to fail:

• OOM
• An invalid FD (e.g. a bug is stomping FDs and this "valid" looking region is just a valid-looking FD which has been closed, or a valid FD which references some other kind of object)
  

It could be useful to instrument the mapping code to see what errno is when this fails. Maybe we can just log that temporarily and the log will show up in these crahes?