如何找到Chrome的Crash原因?
发表于 2024-03-28
更新于 2024-05-03
分类于 技术专栏
阅读量 3828
字数统计 20547
某天,现场的远程驾驶司机吐槽说我们的远程驾驶页面崩溃了,而且频率还不低,一天发生个两三次,有的时候是直接整个浏览器直接闪退,有的时候是:
这个时候司机师傅就一脸懵圈。
于是我就踏上了漫漫长路,找到浏览器崩溃的原因。
1、排查问题原因
首先最先想到的思路就是,驾仓的代码页面是不是有内存泄露?于是在本地进行模拟驾仓的接入和退出,果然,立马找到了,确实页面长期开启,加上接管车辆频繁的话,内存在缓慢增长,有内存泄露!!
于是一通操作,找到泄露的代码,一通修改并上线,这下想着这么点问题难不住我的~
好的,代码发布线上了,可以喝杯茶了。
2、问题仍未解决
隔天,群里又有人@我了,还是反馈仍然存在崩溃现象,(ÒωÓױ)!
于是我迅速振作起来,看来内存泄露不一定会导致浏览器闪退,应该是别的原因。那还有啥办法呢?这个时候我就想到,Chrome Crash的时候会dump出一份闪退的文件,可以看看具体闪退的原因,找到原因不就好查原因了吗?这个时候禁不住为自己自豪~
于是开始走上了分析Chrome的Crash dump文件的心酸之旅。
3、反解Crash的dump文件
本来以为应该很容易就可以找到dump的堆栈信息,没想到我还是太年轻了。
来到Chrome的官网:# Decoding Crash Dumps
🤩,步骤写的蛮详细的嘛,于是我开始按照文档说的开整。
3.1、获取dump文件
我用的是Ubuntu系统,dump文件放在~/.config/google-chrome/Crash Reports/completed下面,一般是这样的:
好,拿到dmp文件了,那我们就可以反解了;官网推荐用breakpad。在搜索过程中,才发现这个breakpad使用还贼广泛,好多地方都会借鉴Chrome这套Crash系统收集机制呢~
3.2、breakpad
breakpad是一个跨平台的崩溃转储和分析框架和工具集合。
Breakpad由三个主要组件:
-
client 是一个库,以library的形式内置在你的应用中,以配置客户端发生了崩溃时写入一个minidump文件
-
symbol dumper 是一个程序,读取由编译器产生的调试信息(debugging information),并生成一个使用Breakpad格式的符号文件( symbol file)
-
processor 是一个程序,读取 minidump文件 和 symbol file,生成可读的c/c++ 堆栈跟踪(Stack trace.)
默认情况下,当崩溃时breakpad会生成一个minidump文件, 在不同平台上的实现机制不一样:
- 在windows平台上,使用微软提供的 SetUnhandledExceptionFilter() 方法来实现。
- 在OS X平台上,通过创建一个线程来监听 Mach Exception port 来实现。
- 在Linux平台上,通过设置一个信号处理器来监听 SIGILL SIGSEGV 等异常信号。
当minidump被生成后,在不同平台上也使用不同的机制来上传crash dump文件。
如果出现下载失败,请参考解决chromium.googlesource在国内无法通过git下载的问题
1$ git clone https://chromium.googlesource.com/breakpad/breakpad $ cd breakpad 2$ ./configure 3$ make 4$ make install
又是熟悉的C++编译流程,并且果然不出我所料,编译这种库没有那么容易一次性编译通过,果然问题来了:
1In file included from ./src/client/linux/dump_writer_common/thread_info.h:36, 2 from ./src/client/linux/minidump_writer/linux_dumper.h:53, 3 from ./src/client/linux/minidump_writer/minidump_writer.h:41, 4 from src/tools/linux/core2md/core2md.cc:37: 5./src/common/memory_allocator.h:49:10: fatal error: third_party/lss/linux_syscall_support.h: No such file or directory 6 49 | #include "third_party/lss/linux_syscall_support.h" 7 | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 8compilation terminated. 9make: *** [Makefile:5667: src/tools/linux/core2md/core2md.o] Error 1
哦,报了某个头文件不存在,于是网上找了下解决方案:
先把头文件下载下来
1git clone https://chromium.googlesource.com/linux-syscall-support src/third_party/lss
也可以用github镜像:https://github.com/getsentry/linux-syscall-support
放到src/third_party/lss目录下即可。
重新编译,又报错了:
看了下,是语法错误,还好我略懂些C++语法,在dump_syms.cc文件中对于指针的使用有问题,应该使用get语法来获取指针的,这个错误在三天后的版本中被更正过来了,我真的是好巧不巧,下载到了有问题的代码 🤦🏻♀️。
编译通过之后,就可以在/usr/local/bin中找到minidump_stackwalk这个工具了。
我们可以执行刚才示意图上的dmp文件:minidump_stackwalk xxxxx.dmp > xxxx.txt
得到的文件大概如下所示:
1 2GPU: UNKNOWN 3 4Crash reason: SIGTRAP 5Crash address: 0x0 6Process uptime: 11175 seconds 7 8// ??CompositorTileWorker 9Thread 10 (crashed) 10 0 chrome + 0x96ef0e8 11 rax = 0x00007fcf05a10f98 rdx = 0x0000000000000000 12 rcx = 0x0000000000000000 rbx = 0x0000000000012000 13 rsi = 0x0000000000012000 rdi = 0x00007fcf05a10f98 14 rbp = 0x00007fcf05a10fa0 rsp = 0x00007fcf05a10f90 15 r8 = 0x0000000000000000 r9 = 0x657a69736e617073 16 r10 = 0x0000000000010383 r11 = 0x0000000000000293 17 r12 = 0x0000560944711440 r13 = 0x0000000000000000 18 r14 = 0x00002a4cc22d0000 r15 = 0x0000000000000003 19 rip = 0x000056094bdff0e8 20 Found by: given as instruction pointer in context
很明显,这样的文件除了看出是一堆寄存器之外,是看不到任何有用信息的,就知道是收到SIGTRAP信号,只在 SIGTRAP Browser Crash找到Chrome是发生了共享内存段不够分配导致的。
于是我们还得结合Chrome版本的符号文件进行映射的,类似于soucemap。
那Chrome版本的符号文件到哪里获取呢?难道我自己手动编译Chrome源码?
一开始我确实尝试的,后来放弃了,Chrome源码太恐怖了,编译费时费力不说,还不一定能够找到你当时浏览器的版本对应的代码。
于是我开始在网上搜索。官网提供的# Crash Reports里面提到了[crsym](https://goto.google.com/crsym/)可惜不是给外部开发用的,登录需要时谷歌员工。
于是我经过层层搜索,终于找到了Chrome符号文件的下载地址。
3.3、下载Symbol文件
在这么一份不起眼的文档里面,终于找到了Google的symbol文件的下载地址:
所以按照文档要求的格式:https://edgedl.me.gvt1.com/chrome/linux/symbols/google-chrome-debug-info-linux64-${VERSION}.zip,里面的版本号可以在这里找到:
ok,终于可以下载符号文件了。
3.4、开始反解带有堆栈的dmp
我们首先得把刚才下载的符号文件进行一波处理。
下载下来的文件里面都是一堆*.debug文件的,我们这里还得继续借用刚才breakpad的另一个工具:dump_syms,如果该工具没有,需要你自己编译一下:
-
Mac系统的编译参考:# How To Add Breakpad To Your Mac Client Application
- 但其实按照官方说的我是没编译成功,最后用了这个命令:
xcodebuild -project dump_syms.xcodeproj -configuration Release
- 但其实按照官方说的我是没编译成功,最后用了这个命令:
-
Linux在上面编译的时候好像就自动生成了的,没有的话到
src/tools/linux/dump_syms/下执行一下常规编译;
接着利用dump_syms开始生成符号文件:
1$ ./breakpadNew/src/tools/linux/dump_syms/dump_syms ./debug-info/chrome.debug > chrome.sym 2$ head -n1 chrome.sym
- 第一个命令是利用下载的zip包中的
*.debug文件转为symbol文件 - 第二个命令
head得到的一个哈希值,这个值应该会和dmp文件提示的这个一致:(不加symbol文件的时候,会提示找不到symbol文件),比如下面:
结果如下:
可以看到我们创建了一个symbols文件夹,里面按照symbol的名字,比如想利用chrome的符号文件,就创建了chrome文件夹,再创建一个和刚才使用head命令得到的哈希值的文件夹,把刚才的chrome.sym文件copy过去;如下图:
请记住上面的文件夹目录都是按照名称严格命名的,否则待会在dmp反解的时候还是不会出来对应的堆栈
接下来到最后关键的一个环节了,得到完整的堆栈文件:
1/usr/local/bin/minidump_stackwalk 04299da9-7ca8-4c8d-af9e-1b80a49ca1c6.dmp ~/debug-info/symbols/ > crash02221620.txt
最后得到的堆栈文件类似这样的:
1Operating system: Linux 2 5.15.0 -46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 3CPU: amd64 4 family 6 model 167 stepping 1 5 16 CPUs 6 7GPU: UNKNOWN 8 9Crash reason: SIGTRAP 10Crash address: 0x0 11Process uptime: 6217 seconds 12 13Thread 10 (crashed) 14 0 chrome!partition_alloc::internal::OnNoMemoryInternal(unsigned long) [oom.cc : 58 + 0x1] 15 rax = 0x00007fa29f160f98 rdx = 0x0000000000000000 16 rcx = 0x0000000000000000 rbx = 0x0000000000009000 17 rsi = 0x0000000000009000 rdi = 0x00007fa29f160f98 18 rbp = 0x00007fa29f160fa0 rsp = 0x00007fa29f160f90 19 r8 = 0x0000000000000000 r9 = 0x657a69736e617073 20 r10 = 0x00000000000087e6 r11 = 0x0000000000000293 21 r12 = 0x0000555a364d4440 r13 = 0x0000000000000000 22 r14 = 0x00000d0c7ce98000 r15 = 0x0000000000000003 23 rip = 0x0000555a3dbc20e8 24 Found by: given as instruction pointer in context 25 1 chrome!partition_alloc::TerminateBecauseOutOfMemory(unsigned long) [oom.cc : 65 + 0x5] 26 rbx = 0x0000000000009000 rbp = 0x00007fa29f160fb0 27 rsp = 0x00007fa29f160fb0 r12 = 0x0000555a364d4440 28 r13 = 0x0000000000000000 r14 = 0x00000d0c7ce98000 29 r15 = 0x0000000000000003 rip = 0x0000555a3dbc20f9 30 Found by: call frame info 31 2 chrome!partition_alloc::internal::OnNoMemory(unsigned long) [oom.cc : 75 + 0x8] 32 rbx = 0x0000000000009000 rbp = 0x00007fa29f160fd0 33 rsp = 0x00007fa29f160fc0 r12 = 0x0000555a364d4440 34 r13 = 0x0000000000000000 r14 = 0x00000d0c7ce98000 35 r15 = 0x0000000000000003 rip = 0x0000555a3dbc2116 36 Found by: call frame info 37 3 chrome!partition_alloc::internal::SetSystemPagesAccessInternal(unsigned long, unsigned long, partition_alloc::PageAccessibilityConfiguration) [page_allocator_internals_posix.h : 262 + 0x8] 38 rbx = 0x0000000000009000 rbp = 0x00007fa29f161020 39 rsp = 0x00007fa29f160fe0 r12 = 0x0000555a364d4440 40 r13 = 0x0000000000000000 r14 = 0x00000d0c7ce98000 41 r15 = 0x0000000000000003 rip = 0x0000555a37159730 42 Found by: call frame info 43 4 chrome!partition_alloc::internal::PartitionBucket::SlowPathAlloc(partition_alloc::PartitionRoot*, partition_alloc::internal::AllocFlags, unsigned long, unsigned long, bool*) [page_allocator.cc : 287 + 0x18] 44 rbx = 0x0000555a426bf8c8 rbp = 0x00007fa29f161110 45 rsp = 0x00007fa29f161030 r12 = 0x00007fa29f16116f 46 r13 = 0x00000d0c7ce014c0 r14 = 0x0000000000000000 47 r15 = 0x0000555a426bed40 rip = 0x0000555a371592c6 48 Found by: call frame info 49 5 chrome!allocator_shim::internal::PartitionMalloc(allocator_shim::AllocatorDispatch const*, unsigned long, void*) [partition_root.h : 1263 + 0x1d] 50 rbx = 0x0000555a426bed80 rbp = 0x00007fa29f1611d0 51 rsp = 0x00007fa29f161120 r12 = 0x00000000000087e6 52 r13 = 0x0000555a426bed40 r14 = 0x00000d0c00090b00 53 r15 = 0x0000000000000000 rip = 0x0000555a37157552 54 Found by: call frame info 55 6 chrome!base::allocator::dispatcher::internal::DispatcherImpl<base::PoissonAllocationSampler>::AllocFn(allocator_shim::AllocatorDispatch const*, unsigned long, void*) [dispatcher_internal.h : 113 + 0x20] 56 rbp = 0x00007fa29f161270 rsp = 0x00007fa29f1611e0 57 rip = 0x0000555a395a7f8e 58 Found by: previous frame's frame pointer 59 7 chrome!operator new(unsigned long) [allocator_shim.cc : 189 + 0xa] 60 rbp = 0x00007fa29f1612b0 rsp = 0x00007fa29f161280 61 rip = 0x0000555a36d2b502 62 Found by: previous frame's frame pointer 63 8 chrome!void std::__Cr::vector<unsigned char, std::__Cr::allocator<unsigned char> >::__assign_with_size<base::CheckedContiguousIterator<unsigned char const>, base::CheckedContiguousIterator<unsigned char const> >(base::CheckedContiguousIterator<unsigned char const>, base::CheckedContiguousIterator<unsigned char const>, long) [new : 269 + 0x8] 64 rbx = 0x00000d0c7ccdd7e0 rbp = 0x00007fa29f161300 65 rsp = 0x00007fa29f1612c0 r12 = 0x00000000000087e2 66 r13 = 0x00007fa29f161328 r14 = 0x0000000000000000 67 r15 = 0x00000000000087e2 rip = 0x0000555a39a83180 68 Found by: call frame info 69 9 chrome!storage::BlobDataItem::CreateBytes(base::span<unsigned char const, 18446744073709551615ul, unsigned char const*>) [vector : 1443 + 0x27] 70 rbx = 0x00000000000087e2 rbp = 0x00007fa29f161390 71 rsp = 0x00007fa29f161310 r12 = 0x00000d0c0335db18 72 r13 = 0x0000555a41d98a60 r14 = 0x00000d0c7ccdd7c0 73 r15 = 0x00000d0c5ee18000 rip = 0x0000555a39a830c5 74 Found by: call frame info 7510 chrome!storage::BlobDataBuilder::AppendData(base::span<unsigned char const, 18446744073709551615ul, unsigned char const*>) [blob_data_builder.cc : 100 + 0xb] 76 rbx = 0x00000d0c0054be00 rbp = 0x00007fa29f1613c0 77 rsp = 0x00007fa29f1613a0 r12 = 0x00000d0c0335db18 78 r13 = 0x0000555a41d98a60 r14 = 0x00000000000087e2 79 r15 = 0x00000d0c0335dab0 rip = 0x0000555a39a82bb4 80 Found by: call frame info 8111 chrome!storage::BlobRegistryImpl::BlobUnderConstruction::ResolvedAllBlobDependencies() [blob_registry_impl.cc : 382 + 0x1e] 82 rbx = 0x00000d0c7c647200 rbp = 0x00007fa29f161420 83 rsp = 0x00007fa29f1613d0 r12 = 0x00000d0c0335db18 84 r13 = 0x0000555a41d98a60 r14 = 0x0000000000000000 85 r15 = 0x00000d0c0335dab0 rip = 0x0000555a3a3ca3e6 86 Found by: call frame info 8712 chrome!storage::BlobRegistryImpl::Register(mojo::PendingReceiver<blink::mojom::Blob>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > const&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > const&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char> > const&, std::__Cr::vector<mojo::StructPtr<blink::mojom::DataElement>, std::__Cr::allocator<mojo::StructPtr<blink::mojom::DataElement> > >, base::OnceCallback<void ()>) [blob_registry_impl.cc : 295 + 0x8] 88 rbx = 0x0000000000000001 rbp = 0x00007fa29f161570 89 rsp = 0x00007fa29f161430 r12 = 0x00000d0c0054be00 90 r13 = 0x00000d0c7cd98c40 r14 = 0x00000d0c7ce0ec00 91 r15 = 0x00000d0c001488d8 rip = 0x0000555a3a3cc74f 92 Found by: call frame info 9313 chrome!blink::mojom::BlobRegistryStubDispatch::AcceptWithResponder(blink::mojom::BlobRegistry*, mojo::Message*, std::__Cr::unique_ptr<mojo::MessageReceiverWithStatus, std::__Cr::default_delete<mojo::MessageReceiverWithStatus> >) [blob_registry.mojom.cc : 1385 + 0x25] 94 rbx = 0x00007fa29f1615f0 rbp = 0x00007fa29f1616d0 95 rsp = 0x00007fa29f161580 r12 = 0x00000d0c5ed880a8 96 r13 = 0x00000d0c7ce0e080 r14 = 0x00000d0c7ce482c0 97 r15 = 0x00000d0c7bf97f90 rip = 0x0000555a3a3b35f4 98 Found by: call frame info 9914 chrome!mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message*) [interface_endpoint_client.cc : 970 + 0x6] 100 rbx = 0x00000d0c00b27ed0 rbp = 0x00007fa29f161750 101 rsp = 0x00007fa29f1616e0 r12 = 0x00000d0c02231e80 102 r13 = 0x0000000000000005 r14 = 0x00000d0c02231e80 103 r15 = 0x00000d0c7ce0e080 rip = 0x0000555a373a9c86 104 Found by: call frame info 10515 chrome!mojo::internal::MultiplexRouter::Accept(mojo::Message*) [message_dispatcher.cc : 48 + 0x3] 106 rbp = 0x00007fa29f161af0 rsp = 0x00007fa29f161760 107 rip = 0x0000555a37e0fd1f 108 Found by: previous frame's frame pointer 10916 chrome!mojo::MessageDispatcher::Accept(mojo::Message*) [message_dispatcher.cc : 43 + 0x38] 110 rbp = 0x00007fa29f161bb0 rsp = 0x00007fa29f161b00 111 rip = 0x0000555a376b8450 112 Found by: previous frame's frame pointer 11317 chrome!base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(char const*, unsigned int), base::internal::UnretainedWrapper<mojo::Connector, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0>, base::internal::UnretainedWrapper<char const, base::unretained_traits::MayNotDangle, (partition_alloc::internal::RawPtrTraits)0> >, void (unsigned int)>::Run(base::internal::BindStateBase*, unsigned int) [connector.cc : 561 + 0x68] 114 rbp = 0x00007fa29f161d60 rsp = 0x00007fa29f161bc0 115 rip = 0x0000555a376ba3bf 116 Found by: previous frame's frame pointer 11718 chrome!base::internal::Invoker<base::internal::BindState<void (*)(base::RepeatingCallback<void (unsigned int)> const&, unsigned int, mojo::HandleSignalsState const&), base::RepeatingCallback<void (unsigned int)> >, void (unsigned int, mojo::HandleSignalsState const&)>::Run(base::internal::BindStateBase*, unsigned int, mojo::HandleSignalsState const&) [callback.h : 344 + 0x1c] 118 rbp = 0x00007fa29f161d80 rsp = 0x00007fa29f161d70 119 rip = 0x0000555a3bcbd669 120 Found by: previous frame's frame pointer 12119 chrome!mojo::SimpleWatcher::Context::CallNotify(MojoTrapEvent const*) [callback.h : 344 + 0x5] 122 rbp = 0x00007fa29f161e20 rsp = 0x00007fa29f161d90 123 rip = 0x0000555a3700e85b 124 Found by: previous frame's frame pointer 12520 chrome!mojo::core::ipcz_driver::MojoTrap::TrapEventHandler(IpczTrapEvent const*) [mojo_trap.cc : 599 + 0x2] 126 rbp = 0x00007fa29f161f00 rsp = 0x00007fa29f161e30 127 rip = 0x0000555a370f1e1d 128 Found by: previous frame's frame pointer 12921 chrome!ipcz::Router::AcceptInboundParcel(ipcz::OperationContext const&, std::__Cr::unique_ptr<ipcz::Parcel, std::__Cr::default_delete<ipcz::Parcel> >) [trap_event_dispatcher.cc : 30 + 0x2d] 130 rbp = 0x00007fa29f162360 rsp = 0x00007fa29f161f10 131 rip = 0x0000555a37586dfa 132 Found by: previous frame's frame pointer 13322 chrome!ipcz::NodeLink::OnAcceptParcel(ipcz::msg::AcceptParcel&) [node_link.cc : 1036 + 0xb] 134 rbx = 0x0000000000000001 rbp = 0x00007fa29f162480 135 rsp = 0x00007fa29f162370 r12 = 0x00000d0c02281680 136 r13 = 0x00000d0c00550738 r14 = 0x00000d0c005506e0 137 r15 = 0x00000d0c006635d0 rip = 0x0000555a37584ef0 138 Found by: call frame info 13923 chrome!ipcz::msg::NodeMessageListener::OnTransportMessage(ipcz::DriverTransport::RawMessage const&, ipcz::DriverTransport const&) [node_messages_generator.h : 0 + 0x12] 140 rbx = 0x0000000000000000 rbp = 0x00007fa29f1625c0 141 rsp = 0x00007fa29f162490 r12 = 0x00000d0c01036dc0 142 r13 = 0x0000000000000000 r14 = 0x00000d0c005506e0 143 r15 = 0x00007fa29f1625d0 rip = 0x0000555a37243e21 144 Found by: call frame info 14524 chrome!ipcz::(anonymous namespace)::NotifyTransport(unsigned long, void const*, unsigned long, unsigned long const*, unsigned long, unsigned int, void const*) [driver_transport.cc : 126 + 0xb] 146 rbx = 0x00000d0c005506e0 rbp = 0x00007fa29f162610 147 rsp = 0x00007fa29f1625d0 r12 = 0x00000d0c00629490 148 r13 = 0x0000000000000000 r14 = 0x00000d0c01036dc0 149 r15 = 0x0000000000000000 rip = 0x0000555a39c81416 150 Found by: call frame info 15125 chrome!mojo::core::Channel::OnReadComplete(unsigned long, unsigned long*) [transport.cc : 662 + 0x14] 152 rbx = 0x00000d0c5ec94008 rbp = 0x00007fa29f162820 153 rsp = 0x00007fa29f162620 r12 = 0x00000d0c00629490 154 r13 = 0x0000000000000000 r14 = 0x0000000000000000 155 r15 = 0x0000000000000000 rip = 0x0000555a374578b4 156 Found by: call frame info 15726 chrome!base::MessagePumpLibevent::FdWatchController::OnFdReadable() [channel_posix.cc : 298 + 0xf] 158 rbx = 0x00000d0c00089bf0 rbp = 0x00007fa29f162b60 159 rsp = 0x00007fa29f162830 r12 = 0x0000000000007a00 160 r13 = 0x0000000000000000 r14 = 0x0000000000007a00 161 r15 = 0x0000000000000000 rip = 0x0000555a3745646f 162 Found by: call frame info 16327 chrome!base::MessagePumpEpoll::Run(base::MessagePump::Delegate*) [message_pump_epoll.cc : 346 + 0x8] 164 rbx = 0x00ffffffffffffff rbp = 0x00007fa29f163090 165 rsp = 0x00007fa29f162b70 r12 = 0x0000000000000001 166 r13 = 0x0000093c002e2150 r14 = 0x0000093c002e2150 167 r15 = 0x0000555a35b8b316 rip = 0x0000555a37459e73 168 Found by: call frame info 16928 chrome!base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) [thread_controller_with_message_pump_impl.cc : 640 + 0x3] 170 rbp = 0x00007fa29f163120 rsp = 0x00007fa29f1630a0 171 rip = 0x0000555a38b70c74 172 Found by: previous frame's frame pointer 17329 chrome!base::RunLoop::Run(base::Location const&) [thread_controller_with_message_pump_impl.cc : 0 + 0x16] 174 rbp = 0x00007fa29f1631d0 rsp = 0x00007fa29f163130 175 rip = 0x0000555a38b7019b 176 Found by: previous frame's frame pointer 17730 chrome!content::BrowserProcessIOThread::Run(base::RunLoop*) [thread.cc : 337 + 0x2a] 178 rbp = 0x00007fa29f163220 rsp = 0x00007fa29f1631e0 179 rip = 0x0000555a38b6fbaa 180 Found by: previous frame's frame pointer 18131 chrome!base::Thread::ThreadMain() [thread.cc : 409 + 0x6] 182 rbx = 0x0000093c002c9500 rbp = 0x00007fa29f1632b0 183 rsp = 0x00007fa29f163230 r14 = 0x0000000000000003 184 rip = 0x0000555a3982c3e7 185 Found by: call frame info 18632 chrome!base::(anonymous namespace)::ThreadFunc(void*) [platform_thread_posix.cc : 101 + 0x37] 187 rbx = 0x00007fa29f164700 rbp = 0x00007fa29f1632f0 188 rsp = 0x00007fa29f1632c0 r12 = 0x0000093c00253a20 189 r13 = 0x00007fa29f164060 r14 = 0x0000093c002c9500 190 r15 = 0x00007fa29f164700 rip = 0x0000555a3715daad 191 Found by: call frame info 19233 libpthread.so.0 + 0x8609 193 rsp = 0x00007fa29f163300 rip = 0x00007fa2a80d3609 194 Found by: stack scanning 19534 libc.so.6 + 0x11f133 196 rsp = 0x00007fa29f1633c0 rip = 0x00007fa2a7305133 197 Found by: stack scanning
4、分析
好了,最后知道Chrome崩溃的原因了:OOM;在分配某些内存的时候,发现内存不够用了,我们尝试去读取Chrome的一些源码,了解Chrome的一些基本概念:
- Mojo:作为进程间通信的一个服务
- Blob 存储:存储渲染进程和浏览器进程一些不可变原始二进制数据
- Blink:浏览器的布局引擎
最后定位以及结合现象还是发现了GPU内存不够导致的;这块分析后面再出个文章;
参考
公众号关注一波~
网站源码:linxiaowu66 · 豆米的博客
Follow:linxiaowu66 · Github
关于评论和留言
如果对本文 如何找到Chrome的Crash原因? 的内容有疑问,请在下面的评论系统中留言,谢谢。