Teardown crash in ash devtools |
||||
Issue descriptionIn a chromeos build, start chrome with --enable-ui-devtools flag. When the session is terminated (e.g. by pressing ctrl+q twice), it crashes with the following trace: [28667:28667:0303/112934.991266:FATAL:weak_ptr.cc(20)] Check failed: sequence_checker_.CalledOnValidSequence() || HasOneRef(). WeakPtrs must be invalidated on the same sequenced thread. #0 0x7feb8e2aa1a1 __interceptor_backtrace #1 0x7feb8bf021ac base::debug::StackTrace::StackTrace() #2 0x7feb8bf7b37e logging::LogMessage::~LogMessage() #3 0x7feb8bfa0a04 base::internal::WeakReference::Flag::Invalidate() #4 0x7feb8bfa1192 base::internal::WeakReferenceOwner::~WeakReferenceOwner() #5 0x7feb78132e42 net::HttpServer::~HttpServer() #6 0x7feb77d6558b ui::devtools::UiDevToolsServer::~UiDevToolsServer() #7 0x7feb77d6576e ui::devtools::UiDevToolsServer::~UiDevToolsServer() #8 0x7feb77bc17c8 ash::WmShell::~WmShell() #9 0x7feb7782e877 ash::WmShellAura::~WmShellAura() #10 0x7feb77c9babd ash::Shell::~Shell() #11 0x7feb77c9e87e ash::Shell::~Shell() #12 0x7feb95606bf2 chrome::CloseAsh() #13 0x7feb90a3981d ChromeBrowserMainParts::PostMainMessageLoopRun() #14 0x7feb8f2c9539 chromeos::ChromeBrowserMainPartsChromeos::PostMainMessageLoopRun() #15 0x7feb8299bb84 content::BrowserMainLoop::ShutdownThreadsAndCleanUp() #16 0x7feb829a878e content::BrowserMainRunnerImpl::Shutdown() #17 0x7feb8298c5c7 content::BrowserMain() #18 0x7feb8492ebaf content::RunNamedProcessTypeMain() #19 0x7feb849308f8 content::ContentMainRunnerImpl::Run() #20 0x7feb8492c34b content::ContentMain() #21 0x7feb8e333879 ChromeMain #22 0x7feb6b418f45 __libc_start_main #23 0x7feb8e25af39 <unknown> The reason for the crash is that |UiDevToolsServer::server_| [1] is created on the IO thread [2], but it's destroyed on the UI thread. The fix would be to make sure ~UiDevToolsServer() makes sure |server_| is destroyed on the IO thread instead. [1] https://cs.chromium.org/chromium/src/components/ui_devtools/devtools_server.h?type=cs&sq=package:chromium&l=60 [2] https://cs.chromium.org/chromium/src/components/ui_devtools/devtools_server.cc?type=cs&sq=package:chromium&l=113
,
May 24 2017
Not sure if this is the same bug, I am getting this call stack when I leave chromeos session (close simulation window): Received signal 11 <unknown> 000000000000 #0 0x7fbfc26478cc base::debug::StackTrace::StackTrace() #1 0x7fbfc2647431 base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7fbfc2788330 <unknown> #3 0x7fbfbde65ff1 ash::devtools::AshDevToolsDOMAgent::~AshDevToolsDOMAgent() #4 0x7fbfbde6622e ash::devtools::AshDevToolsDOMAgent::~AshDevToolsDOMAgent() #5 0x7fbfbdf90dae ui::devtools::UiDevToolsClient::~UiDevToolsClient() #6 0x7fbfbdf913ee ui::devtools::UiDevToolsServer::~UiDevToolsServer() #7 0x7fbfbdf9143e ui::devtools::UiDevToolsServer::~UiDevToolsServer() #8 0x7fbfbdec5451 ash::Shell::~Shell() #9 0x7fbfbdec5bae ash::Shell::~Shell() #10 0x56331c2c460f AshInit::~AshInit() #11 0x56331c126b93 ChromeBrowserMainExtraPartsAsh::PostMainMessageLoopRun() #12 0x56331b031a4a ChromeBrowserMainParts::PostMainMessageLoopRun() #13 0x56331ac1d8b9 chromeos::ChromeBrowserMainPartsChromeos::PostMainMessageLoopRun() #14 0x7fbfc024e45c content::BrowserMainLoop::ShutdownThreadsAndCleanUp() #15 0x7fbfc0250a9c content::BrowserMainRunnerImpl::Shutdown() #16 0x7fbfc0249b4b content::BrowserMain() #17 0x7fbfc0874af7 content::ContentMainRunnerImpl::Run() #18 0x7fbfc2b551a4 service_manager::Main() #19 0x7fbfc0873ab4 content::ContentMain() #20 0x56331a87974f ChromeMain #21 0x7fbfb7eaef45 __libc_start_m
,
May 24 2017
thanhph@, since it reproduces for me, once you have a reasonable suggestion that you would want to try, just upload the patch and I can try it.
,
May 25 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f2fa35501fc24beeec974e3e4638c17ad27de44c commit f2fa35501fc24beeec974e3e4638c17ad27de44c Author: thanhph <thanhph@chromium.org> Date: Thu May 25 19:53:27 2017 Closing simulation window in chromeos sessions causes crash. This happens because pointer window_element_root_ wasn't initialized before being used but later got cleaned up in Reset(). BUG= 698276 Review-Url: https://codereview.chromium.org/2903173002 Cr-Commit-Position: refs/heads/master@{#474763} [modify] https://crrev.com/f2fa35501fc24beeec974e3e4638c17ad27de44c/ash/devtools/ash_devtools_dom_agent.cc [modify] https://crrev.com/f2fa35501fc24beeec974e3e4638c17ad27de44c/ash/devtools/ash_devtools_dom_agent.h
,
May 25 2017
varkha@, thanks for feedback and testing that the above patch fixed leaving chromeos session crash.
,
Jun 28 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a73ef52cdb9f89e2fbb4c2076dfc788bb502fb2d commit a73ef52cdb9f89e2fbb4c2076dfc788bb502fb2d Author: thanhph <thanhph@chromium.org> Date: Wed Jun 28 16:45:54 2017 Create and remove |UiDevToolsServer::server_| in the same thread. |UiDevToolsServer::server_| is created in an IO thread and gets cleaned up in a UI thread. This causes the crash when shutting down DevTools. BUG= 698276 Review-Url: https://codereview.chromium.org/2928603002 Cr-Commit-Position: refs/heads/master@{#483016} [modify] https://crrev.com/a73ef52cdb9f89e2fbb4c2076dfc788bb502fb2d/components/ui_devtools/devtools_server.cc
,
Jul 6 2017
Crash is fixed (for now, at least)
,
Jul 6 2017
,
Jan 22 2018
|
||||
►
Sign in to add a comment |
||||
Comment 1 by sadrul@chromium.org
, Mar 21 2017