Check failed: CalledOnValidSequence() on gfx::internal::ImageStorage |
||||||
Issue descriptionSaw this a couple of times on a debug build of Chrome for Android: [FATAL:ref_counted.h(95)] Check failed: CalledOnValidSequence(). Stack Trace: RELADDR FUNCTION FILE:LINE 0009556f base::debug::StackTrace::StackTrace() /usr/local/google/workspace/clank/src/base/debug/stack_trace.cc:199 000ab4cd logging::LogMessage::~LogMessage() /usr/local/google/workspace/clank/src/base/logging.cc:552 00036ad9 base::subtle::RefCountedBase::Release() const /usr/local/google/workspace/clank/src/base/memory/ref_counted.h:95 v------> base::RefCounted<gfx::internal::ImageStorage>::Release() const /usr/local/google/workspace/clank/src/base/memory/ref_counted.h:252 v------> scoped_refptr<gfx::internal::ImageStorage>::Release(gfx::internal::ImageStorage*) /usr/local/google/workspace/clank/src/base/memory/ref_counted.h:572 v------> scoped_refptr<gfx::internal::ImageStorage>::~scoped_refptr() /usr/local/google/workspace/clank/src/base/memory/ref_counted.h:473 000398b9 gfx::Image::~Image() /usr/local/google/workspace/clank/src/ui/gfx/image/image.cc:454 v------> std::__ndk1::__tuple_leaf<0u, gfx::Image, false>::~__tuple_leaf() /usr/local/google/workspace/clank/src/third_party/android_tools/ndk/sources/cxx-stl/llvm-libc++/libcxx/include/tuple:180 v------> std::__ndk1::__tuple_impl<std::__ndk1::__tuple_indices<0u, 1u, 2u>, gfx::Image, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >, int>::~__tuple_impl() /usr/local/google/workspace/clank/src/third_party/android_tools/ndk/sources/cxx-stl/llvm-libc++/libcxx/include/tuple:383 v------> std::__ndk1::tuple<gfx::Image, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >, int>::~tuple() /usr/local/google/workspace/clank/src/third_party/android_tools/ndk/sources/cxx-stl/llvm-libc++/libcxx/include/tuple:486 v------> base::internal::BindState<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > (*)(gfx::Image const&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&, int), gfx::Image, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >, int>::~BindState() /usr/local/google/workspace/clank/src/base/bind_internal.h:482 00817df7 base::internal::BindState<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > (*)(gfx::Image const&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&, int), gfx::Image, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >, int>::Destroy(base::internal::BindStateBase const*) /usr/local/google/workspace/clank/src/base/bind_internal.h:485 v------> scoped_refptr<base::internal::BindStateBase>::Release(base::internal::BindStateBase*) /usr/local/google/workspace/clank/src/base/memory/ref_counted.h:572 v------> scoped_refptr<base::internal::BindStateBase>::~scoped_refptr() /usr/local/google/workspace/clank/src/base/memory/ref_counted.h:473 0008aa0d base::internal::CallbackBase<(base::internal::CopyMode)0>::~CallbackBase() /usr/local/google/workspace/clank/src/base/callback_internal.cc:82 v------> base::Callback<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::~Callback() /usr/local/google/workspace/clank/src/base/callback.h:37 v------> base::Callback<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::Run() && /usr/local/google/workspace/clank/src/base/callback.h:91 007ea36d void base::internal::ReturnAsParamAdapter<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > >(base::Callback<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >*) /usr/local/google/workspace/clank/src/base/post_task_and_reply_with_result_internal.h:20 v------> void base::internal::FunctorTraits<void (*)(base::Callback<std::__ndk1::unique_ptr<media::VideoEncodeAccelerator, std::__ndk1::default_delete<media::VideoEncodeAccelerator> > (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>, std::__ndk1::unique_ptr<media::VideoEncodeAccelerator, std::__ndk1::default_delete<media::VideoEncodeAccelerator> >*), ...
,
May 24 2017
Over to tzik@ who has been looking at thread-safety of gfx::ImageStorage.
,
May 24 2017
The stack trace saying the thread restriction was violated by a function. And its signature is `string(const gfx::Image&, const std::string&, int)`, and it's passed to PostTaskAndReplyWithResult. xhwang: Do you have any additional clue to find such a function? E.g. minidump or core with the chrome binary, or FROM_HERE value in TaskAnnotator local variable?
,
May 24 2017
Hm, it's likely EncodeImage in //content/browser/devtools/protocol/page_handler.cc. https://cs.chromium.org/chromium/src/content/browser/devtools/protocol/page_handler.cc?type=cs&q=pcre:yes+const%5C+gfx::Image%26%5C+%5B%5E,)%5D*,%5Cs*const%5C+std::string%26%5C+%5B%5E,)%5D*,%5Cs*int&l=62
,
May 24 2017
,
May 24 2017
What's the easiest way to work around this? I hit this crash so many times that it's very annoying :(
,
May 25 2017
Here is an attempt to fix it: https://chromium-review.googlesource.com/c/513665/ For the meantime until it lands, could you patch it locally?
,
May 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/69dabee977f04d3166b0a42bdc335818567a762e commit 69dabee977f04d3166b0a42bdc335818567a762e Author: Taiju Tsuiki <tzik@google.com> Date: Fri May 26 07:14:02 2017 Avoid touching gfx::Image from multiple thread in devtools page_handler PageHandler::ScreencastFrameCaptured creates a gfx::Image and uses it on another sequence. However, the usage causes a data race as gfx::Image has a non-threadsafe ref count internally, and its copies can't cross sequences. Bug: 600237 , 725706 Change-Id: I645d529db1b8887b3c67f81a7916cdab0940b1d0 Reviewed-on: https://chromium-review.googlesource.com/513665 Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Taiju Tsuiki (tzik) <tzik@google.com> Cr-Commit-Position: refs/heads/master@{#474952} [modify] https://crrev.com/69dabee977f04d3166b0a42bdc335818567a762e/content/browser/devtools/protocol/page_handler.cc
,
May 26 2017
|
||||||
►
Sign in to add a comment |
||||||
Comment 1 by xhw...@chromium.org
, May 23 2017Owner: mgiuca@chromium.org