mash: Crash in ui::DrmOverlayManager::~DrmOverlayManager on device |
|||||||||
Issue descriptionOn linux, ToT Chrome OS (Platform 9491), ToT Chrome r466195 Run with --mash. Log in. Click "Sign out" in system tray. Crash: Received signal 11 SEGV_MAPERR ffffe1a04fb1ca1c #0 0x7fbac5b42c57 base::debug::StackTrace::StackTrace() #1 0x7fbac5b427d2 base::debug::(anonymous namespace)::StackDumpSignalHandler() #2 0x7fbac2e3c530 <unknown> #3 0x7fbac4232885 ui::DrmOverlayManager::~DrmOverlayManager() #4 0x7fbac4236d14 ui::(anonymous namespace)::OzonePlatformGbm::~OzonePlatformGbm() #5 0x7fbac4236ea9 ui::(anonymous namespace)::OzonePlatformGbm::~OzonePlatformGbm() #6 0x7fbac57d0dc2 ui::Service::~Service() #7 0x7fbac57d0fd9 ui::Service::~Service() #8 0x7fbac66a5d1b service_manager::ServiceContext::~ServiceContext() #9 0x7fbac66a5d49 service_manager::ServiceContext::~ServiceContext() #10 0x7fbac57c8fc8 mash::MashPackagedService::~MashPackagedService() #11 0x7fbac57c9009 mash::MashPackagedService::~MashPackagedService() #12 0x7fbac66a5d1b service_manager::ServiceContext::~ServiceContext() #13 0x7fbac3ffff8c MashRunner::StartChildApp() #14 0x7fbac40011a3 _ZN4base8internal7InvokerINS0_9BindStateIM10MashRunnerFvN4mojo16InterfaceRequestIN15service_manager5mojom7ServiceEEEEJNS0_17UnretainedWrapperIS3_EEEEEFvS9_EE3RunEPNS0_13BindStateBaseEOS9_ #15 0x7fbac4376880 service_manager::RunStandaloneService() #16 0x7fbac3fff1e8 MashRunner::RunChild() #17 0x7fbac3fff0ea MashRunner::Run() #18 0x7fbac4000118 MashMain() #19 0x7fbac3ffd922 ChromeMain #20 0x7fbac1a9e796 __libc_start_main #21 0x7fbac3ffd729 _start r8: 0000000000000000 r9: 10a57eaccd2d7381 r10: 00000000000000c7 r11: 0000000000000058 r12: 00007fbac9ce1800 r13: 00007ffdb4f514b0 r14: 00001e5c4cece8f0 r15: 00007ffdb4f509b8 di: 00001e5c4cedc960 si: 00001e5c4cedc960 bp: 00001e5c4cec6b90 bx: 00001e5c4cf2ea10 dx: 0000000000000edc ax: ffffe1a04fb1c9b4 cx: 0000000000000011 sp: 00007ffdb4f50870 ip: 00007fbac4232885 efl: 0000000000010202 cgf: 0000000000000033 erf: 0000000000000005 trp: 000000000000000e msk: 0000000000000000 cr2: ffffe1a04fb1ca1c [end of stack trace] Calling _exit(1). Core file will not be generated. Sadrul, any ideas?
,
Apr 24 2017
Rob says this might be his code.
,
Apr 24 2017
Yes. It's definitely mine.
,
Apr 25 2017
|proxy_| might be gone before DrmOverlayManager ?
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00005bc427125cc5 in ~DrmOverlayManager () at ../../ui/ozone/platform/drm/host/drm_overlay_manager.cc:36
36 proxy_->UnRegisterHandlerForDrmOverlayManager();
(gdb) bt
#0 0x00005bc427125cc5 in ~DrmOverlayManager () at ../../ui/ozone/platform/drm/host/drm_overlay_manager.cc:36
#1 ~DrmOverlayManager () at ../../ui/ozone/platform/drm/host/drm_overlay_manager.cc:35
#2 0x00005bc42712a0f4 in operator() ()
at /usr/local/google/home/xiyuan/src/cros/.cache/chrome-sdk/tarballs/samus-cheets+9477.0.0+target_toolchain/usr/bin/../lib/gcc/x86_64-cros-linux-gnu/4.9.x/include/g++-v4/bits/unique_ptr.h:76
#3 ~unique_ptr ()
at /usr/local/google/home/xiyuan/src/cros/.cache/chrome-sdk/tarballs/samus-cheets+9477.0.0+target_toolchain/usr/bin/../lib/gcc/x86_64-cros-linux-gnu/4.9.x/include/g++-v4/bits/unique_ptr.h:236
#4 ~OzonePlatformGbm () at ../../ui/ozone/platform/drm/ozone_platform_gbm.cc:87
#5 0x00005bc42712a289 in ui::(anonymous namespace)::OzonePlatformGbm::~OzonePlatformGbm() () at ../../ui/ozone/platform/drm/ozone_platform_gbm.cc:87
#6 0x00005bc428712432 in ~Service () at ../../services/ui/service.cc:99
...
,
Apr 26 2017
Any updates? I can't turn our autotest back on until this is fixed.
,
Apr 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/28a190c328089bf845181da368f16013108381b5 commit 28a190c328089bf845181da368f16013108381b5 Author: kylechar <kylechar@chromium.org> Date: Wed Apr 26 20:16:18 2017 Ozone DRM: Destroy MusThreadProxy last. A raw pointer MusThreadProxy is held by DrmOverlayManager and DrmDisplayHostManager but MusThreadProxy was being destroyed first. This caused crashes on log out when either of classes tried to access MusThreadProxy in their destructors. Make sure MusThreadProxy is destroyed last. Also fix an issue where DrmDisplayHostManager doesn't unregister itself as a GpuThreadObserver. BUG= 714722 Review-Url: https://codereview.chromium.org/2844023002 Cr-Commit-Position: refs/heads/master@{#467430} [modify] https://crrev.com/28a190c328089bf845181da368f16013108381b5/ui/ozone/platform/drm/host/drm_display_host_manager.cc [modify] https://crrev.com/28a190c328089bf845181da368f16013108381b5/ui/ozone/platform/drm/ozone_platform_gbm.cc
,
Apr 27 2017
,
Aug 1 2017
,
Sep 8 2017
Something similar seems to have returned. See crbug.com/762306#c10 - cychiang was hitting this on chell with OS 9914 (recent). It's probably in the context of some other startup crash, but the UI service shouldn't crash just because something else went down. I have not seen this myself, but that's probably because I'm not seeing startup crashes.
,
Sep 8 2017
,
Feb 26 2018
,
Apr 16 2018
obsolete. Please re-open if you see it again. |
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by jamescook@chromium.org
, Apr 24 2017