Reproducible crash in GpuImageDecodeCache |
|||
Issue descriptionmacOS version: 10.12.4. ToT Chromium. ad7c666c1519b9d48dea5dd224d4d6f30bced38b gn args: """ 5 is_component_build = true 6 is_debug = true 7 symbol_level = 0 8 use_goma = true """ 1) With a clean profile, navigate to https://itch.io/b/149/a-good-bundle 2) Scroll all the way to the bottom, then all the way to the top. 3) Open the console and run """ Array.prototype.map.call(document.querySelectorAll('div[data-gif]'), (el) => el.parentNode.style.backgroundImage = `url(${el.dataset.gif}`) """ 4) scroll quickly to the bottom and to the top. 5) Repeat (4). Takes less than 1 minute to crash. [13398:21763:0421/125806.325916:FATAL:ref_counted.h(95)] Check failed: CalledOnValidSequence(). 0 libbase.dylib 0x000000011783019e base::debug::StackTrace::StackTrace(unsigned long) + 174 1 libbase.dylib 0x000000011783023d base::debug::StackTrace::StackTrace(unsigned long) + 29 2 libbase.dylib 0x000000011782e6cc base::debug::StackTrace::StackTrace() + 28 3 libbase.dylib 0x00000001178cd13f logging::LogMessage::~LogMessage() + 479 4 libbase.dylib 0x00000001178caab5 logging::LogMessage::~LogMessage() + 21 5 libcc.dylib 0x0000000124f5dd82 base::subtle::RefCountedBase::Release() const + 402 6 libcc.dylib 0x000000012520a96f base::RefCounted<cc::GpuImageDecodeCache::ImageData>::Release() const + 31 7 libcc.dylib 0x000000012520a945 scoped_refptr<cc::GpuImageDecodeCache::ImageData>::Release(cc::GpuImageDecodeCache::ImageData*) + 21 8 libcc.dylib 0x000000012520a92a scoped_refptr<cc::GpuImageDecodeCache::ImageData>::~scoped_refptr() + 42 9 libcc.dylib 0x00000001251f5ef5 scoped_refptr<cc::GpuImageDecodeCache::ImageData>::~scoped_refptr() + 21 10 libcc.dylib 0x00000001251f5ed9 cc::GpuImageDecodeCache::InUseCacheEntry::~InUseCacheEntry() + 25 11 libcc.dylib 0x00000001251f5f15 cc::GpuImageDecodeCache::InUseCacheEntry::~InUseCacheEntry() + 21 12 libcc.dylib 0x0000000125209b43 std::__1::pair<cc::GpuImageDecodeCache::InUseCacheKey const, cc::GpuImageDecodeCache::InUseCacheEntry>::~pair() + 35 13 libcc.dylib 0x0000000125204d05 std::__1::pair<cc::GpuImageDecodeCache::InUseCacheKey const, cc::GpuImageDecodeCache::InUseCacheEntry>::~pair() + 21 14 libcc.dylib 0x000000012520f928 std::__1::__hash_table<std::__1::__hash_value_type<cc::GpuImageDecodeCache::InUseCacheKey, cc::GpuImageDecodeCache::InUseCacheEntry>, std::__1::__unordered_map_hasher<cc::GpuImageDecodeCache::InUseCacheKey, std::__1::__hash_value_type<cc::GpuImageDecodeCache::InUseCacheKey, cc::GpuImageDecodeCache::InUseCacheEntry>, cc::GpuImageDecodeCache::InUseCacheKeyHash, true>, std::__1::__unordered_map_equal<cc::GpuImageDecodeCache::InUseCacheKey, std::__1::__hash_value_type<cc::GpuImageDecodeCache::InUseCacheKey, cc::GpuImageDecodeCache::InUseCacheEntry>, std::__1::equal_to<cc::GpuImageDecodeCache::InUseCacheKey>, true>, std::__1::allocator<std::__1::__hash_value_type<cc::GpuImageDecodeCache::InUseCacheKey, cc::GpuImageDecodeCache::InUseCacheEntry> > >::erase(std::__1::__hash_const_iterator<std::__1::__hash_node<std::__1::__hash_value_type<cc::GpuImageDecodeCache::InUseCacheKey, cc::GpuImageDecodeCache::InUseCacheEntry>, void*>*>) + 488 15 libcc.dylib 0x00000001251fdd41 cc::GpuImageDecodeCache::UnrefImageInternal(cc::DrawImage const&) + 2129 16 libcc.dylib 0x0000000125200fbd cc::GpuImageDecodeCache::DrawWithImageFinished(cc::DrawImage const&, cc::DecodedDrawImage const&) + 349 17 libcc.dylib 0x00000001250f0186 cc::(anonymous namespace)::ScopedDecodedImageLock::~ScopedDecodedImageLock() + 86 18 libcc.dylib 0x00000001250ed4f5 cc::(anonymous namespace)::ScopedDecodedImageLock::~ScopedDecodedImageLock() + 21 19 libcc.dylib 0x00000001250edaf9 cc::ImageHijackCanvas::onDrawImageRect(SkImage const*, SkRect const*, SkRect const&, SkPaint const*, SkCanvas::SrcRectConstraint) + 1529 20 libskia.dylib 0x0000000119e045b7 SkCanvas::drawImageRect(SkImage const*, SkRect const&, SkRect const&, SkPaint const*, SkCanvas::SrcRectConstraint) + 167 21 libskia.dylib 0x0000000119e0516e SkCanvas::legacy_drawImageRect(SkImage const*, SkRect const*, SkRect const&, SkPaint const*, SkCanvas::SrcRectConstraint) + 94 22 libskia.dylib 0x000000011a250c69 void SkRecords::Draw::draw<SkRecords::DrawImageRect>(SkRecords::DrawImageRect const&) + 121 23 libskia.dylib 0x000000011a2528ad void SkRecords::Draw::operator()<SkRecords::DrawImageRect>(SkRecords::DrawImageRect const&) + 29 24 libskia.dylib 0x000000011a2520c9 decltype(fp((SkRecords::NoOp)())) SkRecord::Record::visit<SkRecords::Draw&>(SkRecords::Draw&&&) const + 761 25 libskia.dylib 0x000000011a250432 decltype(fp0((SkRecords::NoOp)())) SkRecord::visit<SkRecords::Draw&>(int, SkRecords::Draw&&&) const + 50 26 libskia.dylib 0x000000011a25038b SkRecordDraw(SkRecord const&, SkCanvas*, SkPicture const* const*, SkDrawable* const*, int, SkBBoxHierarchy const*, SkPicture::AbortCallback*) + 651 27 libskia.dylib 0x0000000119d88f2a SkBigPicture::playback(SkCanvas*, SkPicture::AbortCallback*) const + 410 28 libcc_paint.dylib 0x00000001276d650b cc::(anonymous namespace)::RasterItem(cc::DisplayItem const&, SkCanvas*, SkPicture::AbortCallback*) + 1451 29 libcc_paint.dylib 0x00000001276d5e1d cc::DisplayItemList::Raster(SkCanvas*, SkPicture::AbortCallback*) const + 765 30 libcc.dylib 0x00000001250fa386 cc::RasterSource::RasterCommon(SkCanvas*, SkPicture::AbortCallback*) const + 470 31 libcc.dylib 0x00000001250f9d32 cc::RasterSource::PlaybackToCanvas(SkCanvas*, gfx::ColorSpace const&, cc::RasterSource::PlaybackSettings const&) const + 1538 32 libcc.dylib 0x00000001250f9638 cc::RasterSource::PlaybackToCanvas(SkCanvas*, gfx::ColorSpace const&, gfx::Rect const&, gfx::Rect const&, gfx::AxisTransform2d const&, cc::RasterSource::PlaybackSettings const&) const + 584 33 libcc.dylib 0x00000001250e9ef6 cc::(anonymous namespace)::RasterizeSource(cc::RasterSource const*, bool, gfx::Size const&, gfx::Rect const&, gfx::Rect const&, gfx::AxisTransform2d const&, cc::RasterSource::PlaybackSettings const&, cc::ContextProvider*, cc::ResourceProvider::ScopedWriteLockGL*, bool, bool, int) + 1366 34 libcc.dylib 0x00000001250e81ec cc::GpuRasterBufferProvider::PlaybackOnWorkerThread(cc::ResourceProvider::ScopedWriteLockGL*, gpu::SyncToken const&, bool, cc::RasterSource const*, gfx::Rect const&, gfx::Rect const&, unsigned long long, gfx::AxisTransform2d const&, cc::RasterSource::PlaybackSettings const&) + 636 35 libcc.dylib 0x00000001250e7e5d cc::GpuRasterBufferProvider::RasterBufferImpl::Playback(cc::RasterSource const*, gfx::Rect const&, gfx::Rect const&, unsigned long long, gfx::AxisTransform2d const&, cc::RasterSource::PlaybackSettings const&) + 429 36 libcc.dylib 0x000000012528f3e2 cc::(anonymous namespace)::RasterTaskImpl::RunOnWorkerThread() + 1218 37 libcontent.dylib 0x000000011e54ce38 content::CategorizedWorkerPool::RunTaskInCategoryWithLockAcquired(cc::TaskCategory) + 392 38 libcontent.dylib 0x000000011e54b431 content::CategorizedWorkerPool::RunTaskWithLockAcquired(std::__1::vector<cc::TaskCategory, std::__1::allocator<cc::TaskCategory> > const&) + 465 39 libcontent.dylib 0x000000011e54b1f2 content::CategorizedWorkerPool::Run(std::__1::vector<cc::TaskCategory, std::__1::allocator<cc::TaskCategory> > const&, base::ConditionVariable*) + 82 40 libcontent.dylib 0x000000011e54dabd content::(anonymous namespace)::CategorizedWorkerPoolThread::Run() + 45 41 libbase.dylib 0x0000000117afed90 base::SimpleThread::ThreadMain() + 640 42 libbase.dylib 0x0000000117ae25b8 base::(anonymous namespace)::ThreadFunc(void*) + 632 43 libsystem_pthread.dylib 0x00007fffad0319af _pthread_body + 180 44 libsystem_pthread.dylib 0x00007fffad0318fb _pthread_body + 0 45 libsystem_pthread.dylib 0x00007fffad031101 thread_start + 13
,
Apr 21 2017
In this case, we're hitting an assert because we're using base::RefCounted (instead of RefCountedThreadSafe) from multiple threads. Checks for this were added in march. In this case, it happens to be safe, as we hold an external lock while making these modifications. However, the RefCounted object doesn't know this. We need to either move to RefCountedThreadSafe (and double lock), or use ScopedAllowCrossThreadRefCountAccess to let it know.
,
Apr 27 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/90567cc4853a3df94213a410c76ee9f981b75ecc commit 90567cc4853a3df94213a410c76ee9f981b75ecc Author: ericrk <ericrk@chromium.org> Date: Thu Apr 27 21:25:51 2017 Use RefCountedThreadSafe in GPU IDC Currently GPU Image Decode Controller uses a base::RefCounted object. This object isn't thread safe, which is fine, as GPUIDC holds a lock during access. However, the RefCounted object can't detect that the usage is safe and raises a DCHECK. This change just makes the object a RefCountedThreadSafe. Ref/Unref should be rare enough that this won't have a big impact. And is easier than working around the DCHECK in another way. R=vmpstr@chromium.org BUG= 714245 CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel Review-Url: https://codereview.chromium.org/2836703003 Cr-Commit-Position: refs/heads/master@{#467793} [modify] https://crrev.com/90567cc4853a3df94213a410c76ee9f981b75ecc/cc/tiles/gpu_image_decode_cache.h
,
May 12 2017
|
|||
►
Sign in to add a comment |
|||
Comment 1 by erikc...@chromium.org
, Apr 21 2017