mash: Occasional crash in content::GpuProcessHost::Init() after login or on installing Camera app |
|||||||||||||
Issue descriptionToT chrome r458159 on latest link canary test image. * Log in, load a web page in a tab (so session restart will try to restore it), log out * touch /var/run/disable_chrome_restart * Add --mash and --no-sandbox to /etc/chrome_dev.conf * Login It starts to load a web page then the browser process crashes. /var/log/messages shows: 2017-03-20T14:12:16.612145-07:00 WARNING crash_reporter[3869]: Received crash notification for chrome[1362] user 1000 (called directly) 2017-03-20T14:12:16.694515-07:00 INFO kernel: [ 65.945462] chrome[1362]: segfault at 0 ip 00007f16756c831a sp 00007ffed738ec40 error 4 in chrome[7f1674266000+8ad9000] 2017-03-20T14:12:16.789643-07:00 WARNING crash_reporter[3891]: Received crash notification for chrome[1362] user 1000 (called directly) 2017-03-20T14:12:16.805255-07:00 ERR crash_reporter[3891]: Failed to gzip /home/user/200807c067f17750b15098b7b4d4a98164880827/crash/chrome.20170320.141216.1362.chrome.txt 2017-03-20T14:12:16.815172-07:00 ERR crash_reporter[3891]: Unable to write /home/user/200807c067f17750b15098b7b4d4a98164880827/crash/chrome.20170320.141216.1362.meta 2017-03-20T14:12:16.819545-07:00 INFO kernel: [ 66.070534] Chrome_IOThread[1404]: segfault at 0 ip 00007f16756c4f94 sp 00007f16673dc5e0 error 4 in chrome[7f1674266000+8ad9000] (I've never seen the "Chrome_UIThread" piece before.) The core file isn't written, so this is from minidump-2-core on a dmp file. #0 0x00007f16756c4f94 in content::GpuProcessHost::Init() () [Current thread is 1 (LWP 1404)] (gdb) where #0 0x00007f16756c4f94 in content::GpuProcessHost::Init() () #1 0x00007f16756c61f1 in content::GpuProcessHost::Get(content::GpuProcessHost::GpuProcessKind, bool) () #2 0x00007f16756c6245 in content::(anonymous namespace)::SendGpuProcessMessage(content::GpuProcessHost::GpuProcessKind, bool, IPC::Message*) () #3 0x00007f16673dcbf0 in ?? () #4 0x00007f16673dc920 in ?? () #5 0x00007f16770e6273 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) () Backtrace stopped: previous frame inner to this frame (corrupt stack?) I attempted to repro this with gdb -p <browser-process> but could not. After that it stopped reproducing. :-( Unassigned because no repro.
,
Mar 21 2017
This was my test account, jamescooktest1@gmail.com. I don't know if the web page matters -- at the time it was xkcd.com I had AdBlock installed.
,
Mar 22 2017
This is reproducible with ToT chrome (r458750) on a ToT chromeos test image. I don't have a stack, for some reason it isn't leaving dmp files. One of the crashing processes is "content_packaged_services". /var/log/messages shows: 2017-03-22T10:23:29.559637-07:00 INFO kernel: [ 22.945092] chrome[1371]: segfault at 0 ip 00007f976388057a sp 00007ffdb94e8cc0 error 4 in chrome[7f9762410000+8ad8000] 2017-03-22T10:23:29.666732-07:00 INFO session_manager[1167]: [INFO:child_exit_handler.cc(73)] 3476 is not a managed job. 2017-03-22T10:23:29.667634-07:00 INFO kernel: [ 23.052956] Chrome_IOThread[1511]: segfault at 0 ip 00007f976387d1f4 sp 00007f9754d885e0 error 4 in chrome[7f9762410000+8ad8000] /var/log/ui shows: [1296:1368:0322/102310.012956:4013101:INFO:service_process_launcher.cc(193)] Launched child process pid=1371, instance=, name=content_packaged_services, user_id=e984d4b1-7072-494b-9765-3bf2583734df I don't know what "content_packaged_services" is -- browser? renderer? Logs attached.
,
Mar 22 2017
Ken says 'content_packaged_services' is effectively chrome.
,
Mar 22 2017
And by chrome I mean the browser process.
,
Mar 22 2017
I deployed a chrome binary built at ToT this morning. When I navigate to www.xkcd.com I get a crash and the following stack trace: Received signal 11 SEGV_ACCERR 7fa7e4fe8ef8 #0 0x7fa7de37023d base::debug::StackTrace::StackTrace() #1 0x7fa7de370680 base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7fa7db19e530 <unknown> #3 0x7fa7de36b2a8 base::internal::CallbackBase<>::~CallbackBase() #4 0x7fa7df571dd6 aura::InputMethodMus::ProcessKeyEventCallback() #5 0x7fa7dc3321c1 chrome::mojom::ZipFileCreator_CreateZipFile_ForwardToCallback::Accept() #6 0x7fa7de43398e mojo::InterfaceEndpointClient::HandleValidatedMessage() #7 0x7fa7de438c6c mojo::internal::MultiplexRouter::ProcessIncomingMessage() #8 0x7fa7de43a96a mojo::internal::MultiplexRouter::Accept() #9 0x7fa7de4314d6 mojo::Connector::ReadSingleMessage() #10 0x7fa7de4317a2 mojo::Connector::ReadAllAvailableMessages() #11 0x7fa7de44712e mojo::SimpleWatcher::OnHandleReady() #12 0x7fa7de410413 base::debug::TaskAnnotator::RunTask() #13 0x7fa7de39171f base::MessageLoop::RunTask() #14 0x7fa7de391bce base::MessageLoop::DeferOrRunPendingTask() #15 0x7fa7de393ee0 base::MessageLoop::DoWork() #16 0x7fa7de394469 base::MessagePumpLibevent::Run() #17 0x7fa7de39148a base::MessageLoop::RunHandler() #18 0x7fa7de3b8c8d base::RunLoop::Run() #19 0x7fa7ddf8c743 ChromeBrowserMainParts::MainMessageLoopRun() #20 0x7fa7dc8ee150 content::BrowserMainLoop::RunMainMessageLoopParts() #21 0x7fa7dc8f27e5 content::BrowserMainRunnerImpl::Run() #22 0x7fa7dc8ea519 content::BrowserMain() #23 0x7fa7ddf1b446 content::ContentMainRunnerImpl::Run() #24 0x7fa7df53b19a service_manager::Main() #25 0x7fa7ddf19ec4 content::ContentMain() #26 0x7fa7dc323a9b ChromeMain #27 0x7fa7d9e0c796 __libc_start_main #28 0x7fa7dc3238b9 _start r8: 000038edbefb7800 r9: fffffffc02c11e5e r10: ffffc711be0a625e r11: 000000000002b47f r12: 000038edbcf958d0 r13: 0000000000000000 r14: 0000000000000000 r15: 00007fff341b6380 di: 00007fa7e4fe8ef0 si: 00007fff341b6320 bp: 00007fff341b6350 bx: 000038edbeb56780 dx: 000038edbeaeab20 ax: 00007fa7e4fe8ef0 cx: 0000000000000007 sp: 00007fff341b6318 ip: 00007fa7de36b2a8 efl: 0000000000010206 cgf: 0000000000000033 erf: 0000000000000007 trp: 000000000000000e msk: 0000000000000000 cr2: 00007fa7e4fe8ef8 [end of stack trace]
,
Mar 22 2017
That was on a Pixel. I get the same crash off too hitting a DCHECK. [137277:137277:0322/151218.724118:FATAL:input_method_mus.cc(210)] Check failed: !pending_callbacks_.empty(). #0 0x7fcf47365f07 base::debug::StackTrace::StackTrace() #1 0x7fcf47387cba logging::LogMessage::~LogMessage() #2 0x7fcf427fd621 aura::InputMethodMus::ProcessKeyEventCallback() #3 0x7fcf4282ce2d _ZNO4base8CallbackIFvbELNS_8internal8CopyModeE1ELNS2_10RepeatModeE1EE3RunEb #4 0x7fcf4282cd92 ui::mojom::WindowManagerClient_AddAccelerators_ForwardToCallback::Accept() #5 0x7fcf478cd201 mojo::InterfaceEndpointClient::HandleValidatedMessage() #6 0x7fcf478cc9a6 mojo::FilterChain::Accept() #7 0x7fcf478ce35b mojo::InterfaceEndpointClient::HandleIncomingMessage() #8 0x7fcf478d5ea9 mojo::internal::MultiplexRouter::ProcessIncomingMessage() #9 0x7fcf478d57a4 mojo::internal::MultiplexRouter::Accept() #10 0x7fcf478cc9a6 mojo::FilterChain::Accept() #11 0x7fcf478c8a0b mojo::Connector::ReadSingleMessage() #12 0x7fcf478c9172 mojo::Connector::ReadAllAvailableMessages() #13 0x7fcf478c903b mojo::Connector::OnHandleReadyInternal() #14 0x7fcf478a7b99 mojo::SimpleWatcher::OnHandleReady() #15 0x7fcf478a811a _ZN4base8internal13FunctorTraitsIMN4mojo13SimpleWatcherEFvijEvE6InvokeIRKNS_7WeakPtrIS3_EEJRKiRKjEEEvS5_OT_DpOT0_ #16 0x7fcf47366b83 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #17 0x7fcf473669ba base::debug::TaskAnnotator::RunTask() #18 0x7fcf47394a2d base::MessageLoop::RunTask() #19 0x7fcf473950f5 base::MessageLoop::DoWork() #20 0x7fcf47397739 base::MessagePumpLibevent::Run() #21 0x7fcf473947aa base::MessageLoop::RunHandler() #22 0x7fcf473c73df base::RunLoop::Run() #23 0x7fcf488f2de9 ChromeBrowserMainParts::MainMessageLoopRun() #24 0x7fcf44b6fd59 content::BrowserMainLoop::RunMainMessageLoopParts() #25 0x7fcf44b7322e content::BrowserMainRunnerImpl::Run() #26 0x7fcf44b6b0be content::BrowserMain() #27 0x7fcf4532e25c content::ContentMainRunnerImpl::Run() #28 0x7fcf3e185e65 service_manager::Main() #29 0x7fcf4532cf52 content::ContentMain() #30 0x7fcf47f87750 ChromeMain #31 0x7fcf3e2aff45 __libc_start_main #32 0x7fcf47f875ad <unknown>
,
Mar 22 2017
6/7 are likely me. Will investigate.
,
Mar 22 2017
Fix for InputMethod issue is here: https://codereview.chromium.org/2767103004/
,
Mar 23 2017
I can repro the crash in the original report on my dev box. Looks like related to the user profile now. I have two test users: one with clean profile (I remove all data in chrome sync dashboard) and one with some sync data. And the crash consistently happens after signing in with the one that has sync data. Not sure what caused the it though. I have removed all extensions from that account but crash still happens.
,
Mar 27 2017
It looks like my test account causes crash when sync attempts to install "Vine" arc app. I tried to manually install that app to repro. But CWS runs poorly. The tab hangs before I could search for that app.
,
Mar 31 2017
Xiyuan, did you say you have a profile that always trigger the crash?
,
Mar 31 2017
It is from my test account: testc23@gmail.com. The sync data has changed and login directly no longer repro the crash. However, I captured a profile snapshot that can still get the crash happen once (first time run after putting the tarred profile in place). To repro on dev box: 1. Login as an account that has sync enabled, (or if want to use testc23, ping me for password). 2. Exit; 3. Untar the the profile to replace the user profile created in 1 ($USER_DATA_DIR/u-<account_email>/, e.g. $USER_DATA_DIR/u-testc23@gmail.com-has); 4. Run mash again and sign in as an existing user (i.e. using the password under user avatar); After step 4, wait a little bit and a crash would happen in less than 30 seconds. And there would be Temp dir created under Extensions and some code seems trying to install the "Vine" app when the crash happens.
,
Apr 28 2017
This happened with "Camera" (hfhhnacclhffhdffklopdkcgdhifgngh) on device when I add testc23 user to the device first time (after wiping). It also seems to happen when trying to add this app manually from CWS (comment out the DCHECK in issue 706553 ) and visit https://chrome.google.com/webstore/detail/camera/hfhhnacclhffhdffklopdkcgdhifgngh Stack on device: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16096] Init () at ../../content/browser/gpu/gpu_process_host.cc:653 653 ->GetGpuPlatformSupportHost() (gdb) bt #0 Init () at ../../content/browser/gpu/gpu_process_host.cc:653 #1 0x00005b7983e05bfb in content::GpuProcessHost::Get(content::GpuProcessHost::GpuProcessKind, bool) () at ../../content/browser/gpu/gpu_process_host.cc:425 #2 0x00005b7983e06682 in RunCallbackOnIO () at ../../content/browser/gpu/gpu_process_host.cc:195 #3 0x00005b7985424ea6 in Run () at ../../base/callback.h:91 #4 RunTask () at ../../base/debug/task_annotator.cc:59 #5 0x00005b79853b7142 in RunTask () at ../../base/message_loop/message_loop.cc:423 #6 0x00005b79853b73fb in DeferOrRunPendingTask () at ../../base/message_loop/message_loop.cc:434 #7 0x00005b79853b77dd in DoWork () at ../../base/message_loop/message_loop.cc:527 #8 0x00005b79853b8ff9 in Run () at ../../base/message_loop/message_pump_libevent.cc:219 #9 0x00005b79853d68c0 in Run () at ../../base/run_loop.cc:37 #10 0x00005b7983cf8441 in content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) () at ../../content/browser/browser_thread_impl.cc:278 #11 0x00005b7983cf8529 in content::BrowserThreadImpl::Run(base::RunLoop*) () at ../../content/browser/browser_thread_impl.cc:313 #12 0x00005b79853f8c88 in ThreadMain () at ../../base/threading/thread.cc:333 #13 0x00005b79853f41cd in ThreadFunc () at ../../base/threading/platform_thread_posix.cc:71 Stack on dev box when manually adding "Camera" app: [30871:30936:0428/095825.024350:FATAL:gpu_process_host.cc(401)] Check failed: !service_manager::ServiceManagerIsRemote(). #0 0x7f355fab196b base::debug::StackTrace::StackTrace() #1 0x7f355fab06ac base::debug::StackTrace::StackTrace() #2 0x7f355fb1c207 logging::LogMessage::~LogMessage() #3 0x7f35597580c1 content::GpuProcessHost::Get() #4 0x7f3559759147 content::(anonymous namespace)::RunCallbackOnIO() #5 0x7f3559761122 _ZN4base8internal13FunctorTraitsIPFvN7content14GpuProcessHost14GpuProcessKindEbRKNS_8CallbackIFvPS3_ELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEEEvE6InvokeIJRKS4_RKbSC_EEEvSE_DpOT_ #6 0x7f3559761052 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKPFvN7content14GpuProcessHost14GpuProcessKindEbRKNS_8CallbackIFvPS5_ELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEEEJRKS6_RKbSE_EEEvOT_DpOT0_ #7 0x7f3559760fe4 _ZN4base8internal7InvokerINS0_9BindStateIPFvN7content14GpuProcessHost14GpuProcessKindEbRKNS_8CallbackIFvPS4_ELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEEEJS5_bSB_EEEFvvEE7RunImplIRKSF_RKSt5tupleIJS5_bSB_EEJLm0ELm1ELm2EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #8 0x7f3559760ebc _ZN4base8internal7InvokerINS0_9BindStateIPFvN7content14GpuProcessHost14GpuProcessKindEbRKNS_8CallbackIFvPS4_ELNS0_8CopyModeE1ELNS0_10RepeatModeE1EEEEJS5_bSB_EEEFvvEE3RunEPNS0_13BindStateBaseE #9 0x7f355fa70dce _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #10 0x7f355fab6e61 base::debug::TaskAnnotator::RunTask()
,
May 2 2017
sadrul@ for additional triage if it's a gpu_process_host issue
,
May 2 2017
There is a good chance the same fix will take care of both this and issue 669965.
,
Oct 20 2017
This shouldn't really be a P1 I think.
,
Apr 24 2018
|
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by sadrul@chromium.org
, Mar 20 2017