GpuMain::CreateFrameSinkManagerInternal Crash |
|||||
Issue descriptionA startup crash was seen when running mash_browser_tests. This crash lead to all tests timing out. Received signal 11 SEGV_MAPERR 0000000000f0 #0 0x00000356f147 base::debug::StackTrace::StackTrace() #1 0x00000356ecbf base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7fc57ffab330 <unknown> #3 0x00000346c10f ui::GpuMain::CreateFrameSinkManagerInternal() #4 0x00000346bfc3 ui::GpuMain::CreateFrameSinkManager() #5 0x0000025e4b26 ui::mojom::GpuMainStubDispatch::Accept() #6 0x0000047444dc mojo::InterfaceEndpointClient::HandleValidatedMessage() #7 0x000004756416 mojo::FilterChain::Accept() #8 0x00000474556b mojo::InterfaceEndpointClient::HandleIncomingMessage() #9 0x00000474bc2d mojo::internal::MultiplexRouter::ProcessIncomingMessage() #10 0x00000474b484 mojo::internal::MultiplexRouter::Accept() #11 0x000004756416 mojo::FilterChain::Accept() #12 0x000004742b3b mojo::Connector::ReadSingleMessage() #13 0x0000047431b2 mojo::Connector::ReadAllAvailableMessages() #14 0x00000474307b mojo::Connector::OnHandleReadyInternal() #15 0x000004757d1c mojo::SimpleWatcher::OnHandleReady() #16 0x0000024a3535 _ZN4base8internal7InvokerINS0_9BindStateIMN7content25ServiceWorkerProviderHostEFviN5blink21WebServiceWorkerStateEEJNS_7WeakPtrIS4_EEiS6_EEEFvvEE7RunImplIRKS8_RKSt5tupleIJSA_iS6_EEJLm0ELm1ELm2EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #17 0x0000006c64f4 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE1ELNS2_10RepeatModeE1EE3RunEv #18 0x000003619913 base::debug::TaskAnnotator::RunTask() #19 0x00000358db4d base::MessageLoop::RunTask() #20 0x00000358ddd8 base::MessageLoop::DeferOrRunPendingTask() #21 0x00000358e266 base::MessageLoop::DoWork() #22 0x000003590809 base::MessagePumpLibevent::Run() #23 0x00000358d8da base::MessageLoop::RunHandler() #24 0x0000035b3a4f base::RunLoop::Run() #25 0x000003561993 (anonymous namespace)::StartChildApp() #26 0x000002276294 _ZN4base8internal7InvokerINS0_9BindStateIPFvN4mojo16InterfaceRequestIN5blink5mojom20InstalledAppProviderEEEEJEEES9_E3RunEPNS0_13BindStateBaseEOS8_ #27 0x000001fb46d3 service_manager::RunStandaloneService() #28 0x000003561686 RunMashBrowserTests() #29 0x000003561513 main #30 0x7fc57c626f45 __libc_start_main #31 0x00000061a95d <unknown> Run: https://build.chromium.org/p/chromium.fyi/builders/Mojo%20ChromiumOS/builds/16448 Log of failure: https://luci-logdog.appspot.com/v/?s=chromium%2Fbb%2Fchromium.fyi%2FMojo_ChromiumOS%2F16448%2F%2B%2Frecipes%2Fsteps%2Fmash_browser_tests%2F0%2Fstdout
,
Apr 26 2017
Bumping to a 1 and randomly assigning to Sadrul as this is leading to flake on the bots. I was able to repro locally after 11 tries of a release build (with DCHECKs enabled) by running: ./out/Release/browser_tests --run-in-mus --gtest_filter=BrowserTest.NoTitle --override-use-software-gl-for-tests Here's the DCHECK I hit: ../../build/linux/debian_jessie_amd64-sysroot/usr/lib/gcc/x86_64-linux-gnu/4.8/../../../../include/c++/4.8/bits/unique_ptr.h:228: std::unique_ptr::pointer std::uni\ que_ptr<gpu::GpuChannelManager, std::default_delete<gpu::GpuChannelManager> >::operator->() const [_Tp = gpu::GpuChannelManager, _Dp = std::default_delete<gpu::Gpu\ ChannelManager>]: Assertion 'get() != pointer()' failed. Received signal 6 #0 0x7f21c0ac6f7b base::debug::StackTrace::StackTrace() #1 0x7f21c0ac5cbc base::debug::StackTrace::StackTrace() #2 0x7f21c0ac6a8f base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7f21c0f21330 <unknown> #4 0x7f21a66cfc37 gsignal #5 0x7f21a66d3028 abort #6 0x00000085167f std::__replacement_assert() #7 0x000003a2dfb6 std::unique_ptr<>::operator->() #8 0x000003a2d05c ui::GpuService::mailbox_manager() #9 0x000003a2bbfe ui::GpuMain::CreateFrameSinkManagerInternal() #10 0x000003a2ba16 ui::GpuMain::CreateFrameSinkManager() #11 0x0000039fe63b ui::mojom::GpuMainStubDispatch::Accept() #12 0x000003a2e5e3 ui::mojom::GpuMainStub<>::Accept() #13 0x7f21c11d0c02 mojo::InterfaceEndpointClient::HandleValidatedMessage() #14 0x7f21c11d05c1 mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept() #15 0x7f21c11ce4c0 mojo::FilterChain::Accept() #16 0x7f21c11d243f mojo::InterfaceEndpointClient::HandleIncomingMessage() #17 0x7f21c11e6c9c mojo::internal::MultiplexRouter::ProcessIncomingMessage() #18 0x7f21c11e6524 mojo::internal::MultiplexRouter::Accept() #19 0x7f21c11ce4c0 mojo::FilterChain::Accept() #20 0x7f21c11c33fb mojo::Connector::ReadSingleMessage() #21 0x7f21c11c3f4e mojo::Connector::ReadAllAvailableMessages() #22 0x7f21c11c3d9e mojo::Connector::OnHandleReadyInternal() #23 0x7f21c11c3c9b mojo::Connector::OnWatcherHandleReady() #24 0x7f21c11c67fc _ZN4base8internal13FunctorTraitsIMN4mojo9ConnectorEFvjEvE6InvokeIPS3_JjEEEvS5_OT_DpOT0_ #25 0x7f21c11c6706 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKMN4mojo9ConnectorEFvjEJPS5_jEEEvOT_DpOT0_ #26 0x7f21c11c6697 _ZN4base8internal7InvokerINS0_9BindStateIMN4mojo9ConnectorEFvjEJNS0_17UnretainedWrapperIS4_EEEEEFvjEE7RunImplIRKS6_RKSt5tupleIJS8_EEJLm0EEEEvOT_\ OT0_NS_13IndexSequenceIJXspT1_EEEEOj #27 0x7f21c11c659c _ZN4base8internal7InvokerINS0_9BindStateIMN4mojo9ConnectorEFvjEJNS0_17UnretainedWrapperIS4_EEEEEFvjEE3RunEPNS0_13BindStateBaseEOj #28 0x7f21c116a921 _ZNKR4base8CallbackIFvjELNS_8internal8CopyModeE1ELNS2_10RepeatModeE1EE3RunEj #29 0x7f21c1169d61 mojo::SimpleWatcher::OnHandleReady() #30 0x7f21c116b313 _ZN4base8internal13FunctorTraitsIMN4mojo13SimpleWatcherEFvijEvE6InvokeIRKNS_7WeakPtrIS3_EEJRKiRKjEEEvS5_OT_DpOT0_ #31 0x7f21c116b164 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN4mojo13SimpleWatcherEFvijERKNS_7WeakPtrIS5_EEJRKiRKjEEEvOT_OT0_DpOT1_ #32 0x7f21c116b0c4 _ZN4base8internal7InvokerINS0_9BindStateIMN4mojo13SimpleWatcherEFvijEJNS_7WeakPtrIS4_EEijEEEFvvEE7RunImplIRKS6_RKSt5tupleIJS8_ijEEJLm0ELm1ELm2EE\ EEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE #33 0x7f21c116af6c _ZN4base8internal7InvokerINS0_9BindStateIMN4mojo13SimpleWatcherEFvijEJNS_7WeakPtrIS4_EEijEEEFvvEE3RunEPNS0_13BindStateBaseE #34 0x7f21c0accc7e _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv #35 0x7f21c0acc471 base::debug::TaskAnnotator::RunTask() #36 0x7f21c0b56c2e base::MessageLoop::RunTask() #37 0x7f21c0b56e94 base::MessageLoop::DeferOrRunPendingTask() #38 0x7f21c0b57184 base::MessageLoop::DoWork() #39 0x7f21c0b6deec base::MessagePumpLibevent::Run() #40 0x7f21c0b56812 base::MessageLoop::RunHandler() #41 0x7f21c0bf49e4 base::RunLoop::Run() #42 0x000003c794db (anonymous namespace)::StartEmbeddedService() #43 0x00000293e057 _ZN4base8internal13FunctorTraitsIPFvN4mojo16InterfaceRequestIN3arc5mojom23VideoAcceleratorServiceEEEEvE6InvokeIJS7_EEEvS9_DpOT_ #44 0x000003885b08 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIRKPFvN4mojo16InterfaceRequestIN10extensions5mojom14ManifestParserEEEEJS9_EEEvOT_DpOT0_ #45 0x000003c7b3d6 _ZN4base8internal7InvokerINS0_9BindStateIPFvN4mojo16InterfaceRequestIN15service_manager5mojom7ServiceEEEEJEEES9_E7RunImplIRKSA_RKSt5tupleIJEEJEE\ EvOT_OT0_NS_13IndexSequenceIJXspT1_EEEEOS8_ #46 0x000003c7b33c _ZN4base8internal7InvokerINS0_9BindStateIPFvN4mojo16InterfaceRequestIN15service_manager5mojom7ServiceEEEEJEEES9_E3RunEPNS0_13BindStateBaseEOS8_ #47 0x000000a27b55 _ZNKR4base8CallbackIFv13scoped_refptrINS_16RefCountedMemoryEEELNS_8internal8CopyModeE1ELNS5_10RepeatModeE1EE3RunES3_ #48 0x0000039a5928 service_manager::RunStandaloneService() #49 0x000003c79212 RunMashBrowserTests() #50 0x000003c7902d main #51 0x7f21a66baf45 __libc_start_main #52 0x000000831a64 <unknown> r8: 29287265746e696f r9: 6574656c65645f74 r10: 0000000000000008 r11: 0000000000000206 r12: 0000000000831a3b r13: 00007ffc96501f20 r14: 0000000000000000 r15: 00007f21c0dcb2a3 di: 000000000002f4ed si: 000000000002f4ed bp: 00007ffc964fd4e0 bx: 00007ffc96500878 dx: 0000000000000006 ax: 0000000000000000 cx: 00007f21a66cfc37 sp: 00007ffc964fd378 ip: 00007f21a66cfc37 efl: 0000000000000206 cgf: 0000000000000033 erf: 0000000000000000 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000 [end of stack trace] So, the gpu_service_ is valid, but not gpu_service_->mailbox_manager().
,
Apr 27 2017
I see what happened. We're creating a GpuService on one call stack but initializing it on another. If we request a FrameSinkManager in the intervening time, then, we try to access an uninitialized GpuService. GpuMain::InitOnGpuThread looks refactored since I last looked at it. It has dead code. compositor_runner for example is unused. Maybe we shouldn't create a GpuService until we call CreateGpuService? I'm not sure.
,
May 8 2017
,
May 8 2017
I have put up https://codereview.chromium.org/2866983003/ for this (although I was unable to reproduce the failure locally)
,
May 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4d291540aef78d9f0631e752fd1f8bcae970ede2 commit 4d291540aef78d9f0631e752fd1f8bcae970ede2 Author: sadrul <sadrul@chromium.org> Date: Tue May 09 05:15:43 2017 mus-gpu: Bind GpuMain on the gpu thread. Service the mojom::GpuMain requests on the gpu thread, since the implementations of these requests need to look at the state(s) maintained on the gpu thread (e.g. |gpu_service_|). Also, make sure frame-sink creation requests are processed after GpuService has been initialized properly. BUG= 712669 Review-Url: https://codereview.chromium.org/2866983003 Cr-Commit-Position: refs/heads/master@{#470234} [modify] https://crrev.com/4d291540aef78d9f0631e752fd1f8bcae970ede2/services/ui/gpu/gpu_main.cc [modify] https://crrev.com/4d291540aef78d9f0631e752fd1f8bcae970ede2/services/ui/gpu/gpu_main.h [modify] https://crrev.com/4d291540aef78d9f0631e752fd1f8bcae970ede2/services/ui/gpu/gpu_service.h [modify] https://crrev.com/4d291540aef78d9f0631e752fd1f8bcae970ede2/services/ui/ws/gpu_host.cc
,
May 9 2017
This should now be fixed.
,
Feb 26 2018
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by bugdroid1@chromium.org
, Apr 20 2017