Issue 9034 in v8: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones

[dumgan… via monorail]

Status: Untriaged
Owner: ----
Type: Bug

New issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034

Version: 7.1.302.32
OS: Android
Architecture: ARM (armeabi-v7a)

What steps will reproduce the problem?
1. Collect the crash information from Crash System by our users, we could not reproduce this issue.


What is the expected output?

Don't crash on Redmi Note 5/6 Android 8.1.0 phones.

What do you see instead?

Some crashes on Redmi Note 5/6 Android 8.1.0 phones.


Please use labels and text to provide additional information.

I’m James, a game engine developer in China. A product in my company use v8 as JavaScript Engine.
Everything goes fine and it works really great powered by V8.
But the only problem is that we get a crash online that’s really hard for us to fix it and we can’t reproduce it.
It only happens on RedMi Note Phone, Android 8.1.0. I have no idea what is going on.

The crash stack is :

Operating system: Android
0.0.0 Linux 4.4.78-perf+ #1 SMP PREEMPT Mon Dec 24 16:28:07 WIB 2018 armv8l
CPU: arm
ARMv1 Qualcomm part(0x51008010) features: half,thumb,fastmult,vfpv2,edsp,neon,vfpv3,tls,vfpv4,idiva,idivt
8 CPUs

GPU: UNKNOWN

Crash reason: SIGSEGV
Crash address: 0xa5db6000
Process uptime: not available

Thread 121 (crashed)
crashed thread info start
frame_count = 23
0 libgameruntime.so!v8::internal::Scavenger::ScavengeObject(v8::internal::HeapObjectReference**, v8::internal::HeapObject*) + 0x1bd
r0 = 0xa5db5ffc r1 = 0x54c38018 r2 = 0x00000000 r3 = 0xa5db600c
r4 = 0x00000000 r5 = 0x00000008 r6 = 0xaff84fb1 r7 = 0x54c38018
r8 = 0x54c37ff5 r9 = 0xa5db5fe8 r10 = 0x54c37ff4 r12 = 0x00000008
fp = 0x592fbcf4 sp = 0xab1b26e8 lr = 0x00000024 pc = 0xc44663d6
Found by: given as instruction pointer in context
1 libgameruntime.so!v8::internal::IterateAndScavengePromotedObjectsVisitor::HandleSlot(v8::internal::HeapObject*, unsigned int, v8::internal::HeapObject*) + 0x52
sp = 0xab1b2738 pc = 0xc446779b
Found by: stack scanning
2 libgameruntime.so!void v8::internal::BodyDescriptorApply<v8::internal::CallIterateBody, void, v8::internal::Map*, v8::internal::HeapObject*, int, v8::internal::IterateAndScavengePromotedObjectsVisitor*>(v8::internal::InstanceType, v8::internal::Map*, v8::internal::HeapObject*, int, v8::internal::IterateAndScavengePromotedObjectsVisitor*) + 0x808
sp = 0xab1b2748 pc = 0xc446ba8b
Found by: stack scanning
3 libc.so + 0x6c259 (ctime64+0x00017140)
sp = 0xab1b2750 pc = 0xece0e25b
Found by: stack scanning
4 libgameruntime.so!v8::internal::Scavenger::Process(v8::internal::OneshotBarrier*) + 0xc5c
sp = 0xab1b2790 pc = 0xc44656a3
Found by: stack scanning
5 libc.so + 0x7672b (ctime64+0x00021612)
sp = 0xab1b27b8 pc = 0xece1872d
Found by: stack scanning
6 libgameruntime.so!v8::base::Thread::Start() + 0x56
sp = 0xab1b2840 pc = 0xc45f8c15
Found by: stack scanning
7 libgameruntime.so!v8::internal::ScavengingTask::RunInParallel() + 0x180
sp = 0xab1b2848 pc = 0xc446752b
Found by: stack scanning
8 libgameruntime.so!v8::internal::CancelableLambdaTask<v8::internal::ArrayBufferCollector::FreeAllocations()::$_0>::RunInternal() + 0xe6
sp = 0xab1b2870 pc = 0xc496c9d5
Found by: stack scanning
9 dalvik-main space (region space) (deleted) + 0x2efee8db
sp = 0xab1b28a8 pc = 0x41bee8dd
Found by: stack scanning
10 libc.so + 0x2064d (sem_wait+0x00000044)
sp = 0xab1b28e0 pc = 0xecdc264f
Found by: stack scanning
11 libpdfium.so + 0x19c852 (_ZN13CAgg_PathData9BuildPathEPK12CFX_PathDataPK10CFX_Matrix+0x000002ce)
sp = 0xab1b28e8 pc = 0xed820854
Found by: stack scanning
12 libgameruntime.so!v8::internal::ItemParallelJob::Task::RunInternal() + 0x56
sp = 0xab1b2918 pc = 0xc4513ea1
Found by: stack scanning
13 libgameruntime.so!v8::platform::WorkerThread::Run() + 0x1a
sp = 0xab1b2928 pc = 0xc45fe235
Found by: stack scanning
14 libgameruntime.so!v8::base::ThreadEntry(void*) + 0x38
sp = 0xab1b2940 pc = 0xc45f8c4f
Found by: stack scanning
15 libpdfium.so + 0x19c852
sp = 0xab1b2948 pc = 0xed820854
Found by: stack scanning
16 libc.so + 0x47a1f
sp = 0xab1b2958 pc = 0xecde9a21
Found by: stack scanning
17 libc.so + 0x47a07
sp = 0xab1b295c pc = 0xecde9a09
Found by: stack scanning
18 libc.so + 0x1b31d
sp = 0xab1b2960 pc = 0xecdbd31f
Found by: stack scanning
19 libc.so + 0x47a07
sp = 0xab1b2968 pc = 0xecde9a09
Found by: stack scanning
20 libgameruntime.so!v8::base::Thread::Start() + 0x56
sp = 0xab1b29a4 pc = 0xc45f8c15
Found by: stack scanning
21 0xdadbbffe
sp = 0xab1b29b0 pc = 0xdadbc000
Found by: stack scanning
22 libpdfium.so + 0x19c852
sp = 0xab1b29d8 pc = 0xed820854
Found by: stack scanning
crashed thread info end


This crash appears about 0.07% percentage.Yes, it’s low percentage at some perspective, but our user number is so huge that this crash happen a lot every day in our crash system.
I don’t know whether this is an issue of Red Mi Note Mobile Phone or it’s a potential problem in V8 7.1 version.
By the way, v8 6.7 also trigger this issue.

Please help me, thanks in advance!

Best Wishes
- James

--
You received this message because:
1. The project was configured to send all issue notifications to this address

You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings

[dumgan… via monorail]

Comment #1 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c1

My libgameruntime.so is compiled as armeabi-v7a arch and Redmi Note 5/6 phones are 64bit system.

Attachments:
Screen Shot 2019-03-23 at 07.48.46.png 118 KB

[n… via monorail]

Comment #2 on issue 9034 by ne...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c2

This sounds like the problem in https://bugs.chromium.org/p/chromium/issues/detail?id=889460

[dumgan… via monorail]

Comment #3 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c3

@neis

Sorry, I could not visit the issue URL you pasted.

So is there any workaround for this issue?

Attachments:
Screen Shot 2019-03-28 at 10.30.53.png 70.0 KB

[n… via monorail]

Updates:
Cc: ne...@chromium.org

Comment #4 on issue 9034 by ne...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c4

Sorry, I missed that the link is not public. The summary is that this seems to be a bug in the device OS and we are in contact with the manufacturer. I'm not aware of a workaround.

[dumgan… via monorail]

Comment #5 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c5

@neis,
Thanks for looking into this issue.
I also want to connect to XiaoMi but I don't get a contact. :(
If you got any reply from XiaoMi, please update this thread. Thank you.

[dumgan… via monorail]

Comment #6 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c6

@neis,
Thanks for looking into this issue.
I also want to connect to XiaoMi but I don't get a contact. :(

If you get any reply from XiaoMi, please update this thread. Thank you.

[habl… via monorail]

Comment #8 on issue 9034 by hab...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c8

test message 2, please ignore

[habl… via monorail]

Updates:
Mergedinto: chromium:889460
Status: Duplicate

Comment #9 on issue 9034 by hab...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c9

(No comment was entered for this change.)

[dumgan… via monorail]

Comment #10 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c10

@neis, this issue was merged into chromium:889460 which is in internal issue system.
How could I track the status of the issue?

[n… via monorail]

Updates:
Owner: hab...@chromium.org

Comment #11 on issue 9034 by ne...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c11

hablich, please see if the reporter can be added to that issue or not.

[habl… via monorail]

Comment #12 on issue 9034 by hab...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c12

This is an Chromium-internal tracking issue, so adding you is ATM not an option. Sorry!

[dumgan… via monorail]

Comment #13 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c13

OK, do you mind to update this thread if there is update in the internal issue system? Thank you.

[habl… via monorail]

Comment #14 on issue 9034 by hab...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c14

Will do.

[dumgan… via monorail]

Comment #15 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c15

@hablich， Thank you. :)

[dumgan… via monorail]

Comment #16 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c16

@hablich, do you get any update of this issue?

[habl… via monorail]

Comment #17 on issue 9034 by hab...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c17

Nope.

[dumgan… via monorail]

Comment #18 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c18

Is it possible to resolve this issue by using JIT-less mode for redmi devices?

[dumgan… via monorail]

Comment #19 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c19

@neis, any update of this issue?

Do you mind share the issue content in the internal bug system https://bugs.chromium.org/p/chromium/issues/detail?id=889460 ?

[dumgan… via monorail]

Comment #20 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c20

I found that this crash has increased a lot when using arm64-v8a so instead of armeabi-v7a.
Since Google Play asked for arm64-v8a so from 2019/8/1, we could not continue armeabi-v7a so any more.

Any help ? Thanks

[dumgan… via monorail]

Comment #21 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c21

he~~~l~~~~~l~~~~~~o, is anyone there?

[dumgan… via monorail]

Comment #22 on issue 9034 by dumgan...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c22

Hello Google？

[habl… via monorail]

Comment #23 on issue 9034 by hab...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c23

Unfortunately we did not receive a response from the hardware vendor.

[peter.ca… via monorail]

Comment #24 on issue 9034 by peter.ca...@gmail.com: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c24

so，any response from the hardware vendor here?

[habl… via monorail]

Comment #25 on issue 9034 by hab...@chromium.org: V8 Crashes on Redmi Note 5/6 Android 8.1.0 Phones
https://bugs.chromium.org/p/v8/issues/detail?id=9034#c25

Sadly there are no news.