Renderer crash on DCHECK
Reported by
apisa...@yandex-team.ru,
Jul 26 2017
|
||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 YaBrowser/17.7.1.550 (beta) Yowser/2.5 Safari/537.36 Steps to reproduce the problem: 1. Open https://music.yandex.ru in browser with DCHECK What is the expected behavior? All work, no crash What went wrong? Renderer crash with next stack: [30707:16387:0725/122843.584532:FATAL:proxy_impl.cc(534)] Check failed: layer_tree_host_impl_->CanDraw(). 0 libbase.dylib 0x000000010507b39e base::debug::StackTrace::StackTrace(unsigned long) + 174 1 libbase.dylib 0x000000010507b46d base::debug::StackTrace::StackTrace(unsigned long) + 29 2 libbase.dylib 0x000000010507970c base::debug::StackTrace::StackTrace() + 28 3 libbase.dylib 0x000000010511845f logging::LogMessage::~LogMessage() + 479 4 libbase.dylib 0x0000000105115dd5 logging::LogMessage::~LogMessage() + 21 5 libcc.dylib 0x000000010c796d01 cc::ProxyImpl::ScheduledActionDrawIfPossible() + 657 6 libcc.dylib 0x000000010c54b3c2 cc::Scheduler::DrawIfPossible() + 210 7 libcc.dylib 0x000000010c544feb cc::Scheduler::ProcessScheduledActions() + 1387 8 libcc.dylib 0x000000010c5448e8 cc::Scheduler::OnBeginImplFrameDeadline() + 360 9 libcc.dylib 0x000000010c5488b1 cc::Scheduler::BeginImplFrameWithDeadline(viz::BeginFrameArgs const&) + 257 10 libcc.dylib 0x000000010c54822e cc::Scheduler::OnBeginFrameDerivedImpl(viz::BeginFrameArgs const&) + 1998 11 libcc.dylib 0x000000010c526d2c cc::BeginFrameObserverBase::OnBeginFrame(viz::BeginFrameArgs const&) + 1532 12 libcc.dylib 0x000000010c5321a0 cc::ExternalBeginFrameSource::OnBeginFrame(viz::BeginFrameArgs const&) + 1952 13 libcontent.dylib 0x0000000128af50fa viz::ClientLayerTreeFrameSink::OnBeginFrame(viz::BeginFrameArgs const&) + 106 14 libcontent.dylib 0x0000000125b7d2e1 cc::mojom::CompositorFrameSinkClientStubDispatch::Accept(cc::mojom::CompositorFrameSinkClient*, mojo::Message*) + 1297 15 libcontent.dylib 0x0000000128af56d3 cc::mojom::CompositorFrameSinkClientStub<mojo::RawPtrImplRefTraits<cc::mojom::CompositorFrameSinkClient> >::Accept(mojo::Message*) + 83 16 libbindings.dylib 0x00000001098d6e45 mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) + 5733 17 libbindings.dylib 0x00000001098d57d1 mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message*) + 33 18 libbindings.dylib 0x00000001098d3815 mojo::FilterChain::Accept(mojo::Message*) + 821 19 libbindings.dylib 0x00000001098dab32 mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message*) + 242 20 libbindings.dylib 0x00000001098fbd6b mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::Message*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) + 1483 21 libbindings.dylib 0x00000001098fb402 mojo::internal::MultiplexRouter::Accept(mojo::Message*) + 642 22 libbindings.dylib 0x00000001098d3815 mojo::FilterChain::Accept(mojo::Message*) + 821 23 libbindings.dylib 0x00000001098c3a75 mojo::Connector::ReadSingleMessage(unsigned int*) + 949 24 libbindings.dylib 0x00000001098c4e4b mojo::Connector::ReadAllAvailableMessages() + 123 25 libbindings.dylib 0x00000001098c4baf mojo::Connector::OnHandleReadyInternal(unsigned int) + 271 26 libbindings.dylib 0x00000001098c4a8b mojo::Connector::OnWatcherHandleReady(unsigned int) + 27 27 libbindings.dylib 0x00000001098c8b6f void base::internal::FunctorTraits<void (mojo::Connector::*)(unsigned int), void>::Invoke<mojo::Connector*, unsigned int>(void (mojo::Connector::*)(unsigned int), mojo::Connector*&&, unsigned int&&) + 143 28 libbindings.dylib 0x00000001098c8a9f void base::internal::InvokeHelper<false, void>::MakeItSo<void (mojo::Connector::* const&)(unsigned int), mojo::Connector*, unsigned int>(void (mojo::Connector::* const&&&)(unsigned int), mojo::Connector*&&, unsigned int&&) + 95 29 libbindings.dylib 0x00000001098c8a13 void base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int), base::internal::UnretainedWrapper<mojo::Connector> >, void (unsigned int)>::RunImpl<void (mojo::Connector::* const&)(unsigned int), std::__1::tuple<base::internal::UnretainedWrapper<mojo::Connector> > const&, 0ul>(void (mojo::Connector::* const&&&)(unsigned int), std::__1::tuple<base::internal::UnretainedWrapper<mojo::Connector> > const&&&, base::IndexSequence<0ul>, unsigned int&&) + 115 30 libbindings.dylib 0x00000001098c8944 base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int), base::internal::UnretainedWrapper<mojo::Connector> >, void (unsigned int)>::Run(base::internal::BindStateBase*, unsigned int&&) + 68 31 libbindings.dylib 0x00000001098bc787 base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>::Run(unsigned int) const + 87 32 libbindings.dylib 0x00000001098c730f mojo::SimpleWatcher::DiscardReadyState(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&) + 31 33 libbindings.dylib 0x00000001098c75d4 void base::internal::FunctorTraits<void (*)(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&), void>::Invoke<base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&>(void (*)(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&), base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&&&, unsigned int&&, mojo::HandleSignalsState const&&&) + 68 34 libbindings.dylib 0x00000001098c7580 void base::internal::InvokeHelper<false, void>::MakeItSo<void (* const&)(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&), base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&>(void (* const&&&)(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&), base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&&&, unsigned int&&, mojo::HandleSignalsState const&&&) + 80 35 libbindings.dylib 0x00000001098c7520 void base::internal::Invoker<base::internal::BindState<void (*)(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&), base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> >, void (unsigned int, mojo::HandleSignalsState const&)>::RunImpl<void (* const&)(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&), std::__1::tuple<base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> > const&, 0ul>(void (* const&&&)(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&), std::__1::tuple<base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> > const&&&, base::IndexSequence<0ul>, unsigned int&&, mojo::HandleSignalsState const&) + 112 36 libbindings.dylib 0x00000001098c7424 base::internal::Invoker<base::internal::BindState<void (*)(base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, unsigned int, mojo::HandleSignalsState const&), base::Callback<void (unsigned int), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> >, void (unsigned int, mojo::HandleSignalsState const&)>::Run(base::internal::BindStateBase*, unsigned int&&, mojo::HandleSignalsState const&) + 84 37 libmojo_public_system_cpp.dylib 0x0000000109a469ed base::Callback<void (unsigned int, mojo::HandleSignalsState const&), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>::Run(unsigned int, mojo::HandleSignalsState const&) const + 109 38 libmojo_public_system_cpp.dylib 0x0000000109a4672b mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) + 459 39 libmojo_public_system_cpp.dylib 0x0000000109a478f3 void base::internal::FunctorTraits<void (mojo::SimpleWatcher::*)(int, unsigned int, mojo::HandleSignalsState const&), void>::Invoke<base::WeakPtr<mojo::SimpleWatcher> const&, int const&, unsigned int const&, mojo::HandleSignalsState const&>(void (mojo::SimpleWatcher::*)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher> const&&&, int const&&&, unsigned int const&&&, mojo::HandleSignalsState const&&&) + 179 40 libmojo_public_system_cpp.dylib 0x0000000109a47775 void base::internal::InvokeHelper<true, void>::MakeItSo<void (mojo::SimpleWatcher::* const&)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher> const&, int const&, unsigned int const&, mojo::HandleSignalsState const&>(void (mojo::SimpleWatcher::* const&&&)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher> const&&&, int const&&&, unsigned int const&&&, mojo::HandleSignalsState const&&&) + 149 41 libmojo_public_system_cpp.dylib 0x0000000109a476d2 void base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState>, void ()>::RunImpl<void (mojo::SimpleWatcher::* const&)(int, unsigned int, mojo::HandleSignalsState const&), std::__1::tuple<base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState> const&, 0ul, 1ul, 2ul, 3ul>(void (mojo::SimpleWatcher::* const&&&)(int, unsigned int, mojo::HandleSignalsState const&), std::__1::tuple<base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState> const&&&, base::IndexSequence<0ul, 1ul, 2ul, 3ul>) + 242 42 libmojo_public_system_cpp.dylib 0x0000000109a4751c base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, mojo::HandleSignalsState const&), base::WeakPtr<mojo::SimpleWatcher>, int, unsigned int, mojo::HandleSignalsState>, void ()>::Run(base::internal::BindStateBase*) + 44 43 libbase.dylib 0x0000000105018b1f base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::Run() + 95 44 libbase.dylib 0x000000010507d940 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 1040 45 libblink_platform.dylib 0x000000013efd5568 blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, bool, blink::scheduler::LazyNow, base::TimeTicks*) + 2152 46 libblink_platform.dylib 0x000000013efcf955 blink::scheduler::TaskQueueManager::DoWork(bool) + 2085 47 libblink_platform.dylib 0x000000013efdec87 void base::internal::FunctorTraits<void (blink::scheduler::TaskQueueManager::*)(bool), void>::Invoke<base::WeakPtr<blink::scheduler::TaskQueueManager> const&, bool const&>(void (blink::scheduler::TaskQueueManager::*)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&&&, bool const&&&) + 151 48 libblink_platform.dylib 0x000000013efdeb85 void base::internal::InvokeHelper<true, void>::MakeItSo<void (blink::scheduler::TaskQueueManager::* const&)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&, bool const&>(void (blink::scheduler::TaskQueueManager::* const&&&)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager> const&&&, bool const&&&) + 117 49 libblink_platform.dylib 0x000000013efdeafd void base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, bool>, void ()>::RunImpl<void (blink::scheduler::TaskQueueManager::* const&)(bool), std::__1::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, bool> const&, 0ul, 1ul>(void (blink::scheduler::TaskQueueManager::* const&&&)(bool), std::__1::tuple<base::WeakPtr<blink::scheduler::TaskQueueManager>, bool> const&&&, base::IndexSequence<0ul, 1ul>) + 125 50 libblink_platform.dylib 0x000000013efdea0c base::internal::Invoker<base::internal::BindState<void (blink::scheduler::TaskQueueManager::*)(bool), base::WeakPtr<blink::scheduler::TaskQueueManager>, bool>, void ()>::Run(base::internal::BindStateBase*) + 44 51 libbase.dylib 0x0000000105018b1f base::Callback<void (), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>::Run() + 95 52 libbase.dylib 0x000000010507d940 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 1040 53 libbase.dylib 0x00000001051743be base::MessageLoop::RunTask(base::PendingTask*) + 894 54 libbase.dylib 0x0000000105174917 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) + 71 55 libbase.dylib 0x00000001051757fb base::MessageLoop::DoWork() + 715 56 libbase.dylib 0x00000001051859df base::MessagePumpCFRunLoopBase::RunWork() + 95 57 libbase.dylib 0x000000010518596c ___ZN4base24MessagePumpCFRunLoopBase13RunWorkSourceEPv_block_invoke + 28 58 libbase.dylib 0x000000010512081a base::mac::CallWithEHFrame(void () block_pointer) + 10 59 libbase.dylib 0x0000000105184e75 base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 101 60 CoreFoundation 0x00007fff8117a321 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 61 CoreFoundation 0x00007fff8115b21d __CFRunLoopDoSources0 + 557 Did this work before? N/A Chrome version: 62.0.3166.0 Channel: dev OS Version: OS X 10.12.5 Flash Version: Shockwave Flash 26.0 r0
,
Jul 26 2017
(I tried on Linux. If someone has a mac they could try repro there)
,
Jul 26 2017
I file this issue from another browser. The problem appears on self-build debug chromium master (day or two old) on MacOS 10.12.5.
,
Jul 26 2017
sunny can you try to repro?
,
Oct 16 2017
Here's a repro of a crash with the same DCHECK failing. Please see crash1.html I believe this happens in condition where GPU rasterization is switched to GPU rasterization with MSAA, and the frame deadline is forced before the resource eviction list has been marked as empty. I think andreyf@nvidia.com has a (POC) fix. If you have an idea where and how you'd like the fix to be unittested, that would be appreciated. Of course, if it's easy for you fix this yourself that'd be appriciated too.
,
Oct 16 2017
Here is the fix https://chromium-review.googlesource.com/c/chromium/src/+/720962. Could you please suggest a way how to unittest the crash because I cannot reduce crash scenario (posted by Kimmo) further. The crash scenario is: - cc::SchedulerStateMachine::WillActivate (FrameDealine will happen due to this) - cc::LayerTreeHostImpl::CreateUIResource (for ex. by using painted scrollbar) - switch from GpuRasterizationStatus::ON to GpuRasterizationStatus::MSAA_CONTENT - cc::Scheduler::OnBeginImplFrameDeadline - viz::ClientLayerTreeFrameSink::OnBeginFrame - crash
,
Oct 26 2017
Issue 775929 has been merged into this issue.
,
Oct 26 2017
775929 has 2 more repros: 1. badssl.com on mac 2. navigate to http://hforsten.com/heartbeat-detection-with-radar.html play the video under "Breathing and heartbeat detection" Seems just about any interaction with either of the videos will aw-snap this page with dcheck_always_enabled, or running an Albatross build with chrome://flags/#dcheck-is-fatal enabled. See go/asan-optin for how to get these builds daily. There's a proposed fix in #6. Sunny this has been assigned for a bit, did you have any thots or need to reassign?
,
Nov 7 2017
sunnyps@: Will you be able to take a look at this? This is preventing me from building with DCHECKs on my local build, which prevents me from catching other issues.
,
Nov 15 2017
Issue 737466 has been merged into this issue.
,
Nov 15 2017
Duped bug's repro steps were: (1) load http://www.crocs.com.sg/p/womens-crocs-isabella-sandal/202465.html?cgid=footwear&cid=62E#start=3 (2) DCHECK is hit
,
Nov 15 2017
*ping* sunnyps@: If you can't work on this, could you find someone else? It's really annoying when my tab is constantly crashing during development.
,
Nov 16 2017
I wasn't able to repro on a non-dcheck build but with the above DCHECK changed to a CHECK with any of the above URLs. But I can see why the bug may be happening. #6: Your CL looks ok but the way it works is by deleting all UI resources, setting can draw to false, and asking for a new commit. A better solution would be to simply not evict or delete UI resources when switching from software raster to gpu raster. UI resources are just bitmaps that we upload to GL textures using ResourceProvider. We clear tiles because we want no artifacts at the seams. UI resources have the same upload path regardless of gpu raster and they aren't tiled so we needn't worry about seams. danakj@ vmpstr@ WDYT?
,
Nov 16 2017
I had no luck reproducing this on Mac, Linux, or Windows, debug or release, with or without --enable-gpu-rasterization. However, I have a fix (described above) here: https://chromium-review.googlesource.com/#/c/chromium/src/+/773785 If you can reproduce, please try that patch and let me know if it fixes the bug. enne@: vmiura@ suggested you might have thoughts about what option to pick in #13
,
Nov 16 2017
I tried my repro from #11 with a ToT Debug build, but it did not repro.
,
Nov 16 2017
#13 sgtm
,
Nov 16 2017
#15 you mean you tried a repro without my CL, right?
,
Nov 16 2017
re #17, yes, it was a ToT build with no patches added.
,
Nov 22 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8595b0c2de57f2f42c4056d3a33ee81dfe99bd84 commit 8595b0c2de57f2f42c4056d3a33ee81dfe99bd84 Author: Sunny Sachanandani <sunnyps@chromium.org> Date: Wed Nov 22 21:51:17 2017 cc: Do not evict UI resources when switching gpu rasterization mode. We were marking UI resources as evicted when gpu rasterization mode changed during commit. However, we don't update the scheduler's CanDraw state or ask for a new commit to recreate the resources. We don't need to evict UI resources for gpu rasterization because these are just uploaded from bitmaps to a texture and have nothing to do with tile manager or resource pool. The reasons for recreating tiles e.g. artifacts at the seams don't apply to UI resources. R=danakj,enne BUG= 748991 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel Change-Id: I59cd377719a27335e239459bf00ab6d9dabc70ef Reviewed-on: https://chromium-review.googlesource.com/773785 Commit-Queue: Sunny Sachanandani <sunnyps@chromium.org> Reviewed-by: danakj <danakj@chromium.org> Cr-Commit-Position: refs/heads/master@{#518761} [modify] https://crrev.com/8595b0c2de57f2f42c4056d3a33ee81dfe99bd84/cc/trees/layer_tree_host_impl.cc [modify] https://crrev.com/8595b0c2de57f2f42c4056d3a33ee81dfe99bd84/cc/trees/layer_tree_host_impl.h [modify] https://crrev.com/8595b0c2de57f2f42c4056d3a33ee81dfe99bd84/cc/trees/layer_tree_host_impl_unittest.cc
,
Jan 17 2018
Should be fixed. |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by danakj@chromium.org
, Jul 26 2017Labels: Needs-Feedback
Scheduler is drawing when CanDraw is false: DrawResult ProxyImpl::ScheduledActionDrawIfPossible() { TRACE_EVENT0("cc", "ProxyImpl::ScheduledActionDraw"); DCHECK(IsImplThread()); // The scheduler should never generate this call when it can't draw. DCHECK(layer_tree_host_impl_->CanDraw()); <--------------- fails The user agent says "YaBrowser/17.7.1.550". Is this a modified chromium build? Does this reproduce with upstream chromium? I can't reproduce myself with ToTish chromium build.