Issue 751000 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	█ holte@chromium.org Last visit > 30 days ago
Closed:	Aug 2017
Cc:	isherman@chromium.org r...@chromium.org asvitk...@chromium.org █ holte@chromium.org █ rkaplow@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Chrome
Pri:	1
Type:	Bug
M-62

Chrome crash (sequence_checker_).CalledOnValidSequence() in ChromeOSMetricsProvider

Project Member Reported by alemate@chromium.org, Aug 1 2017

Issue description

This happens on signin screen after a few seconds after boot:

[3670:3690:0731/211820.681268:FATAL:weak_ptr.h(117)] Check failed: (sequence_checker_).CalledOnValidSequence(). 
#0 0x59603c94ec6d base::debug::StackTrace::StackTrace()
#1 0x59603c94d6dc base::debug::StackTrace::StackTrace()
#2 0x59603c99c413 logging::LogMessage::~LogMessage()
#3 0x59603633557f base::internal::WeakReference::Flag::IsValid()
#4 0x59603633538d base::internal::WeakReference::is_valid()
#5 0x59603633535f base::WeakPtr<>::get()
#6 0x596036335015 base::WeakPtr<>::operator bool()
#7 0x59603c01e1d9 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIM23ChromeOSMetricsProviderFvvENS_7WeakPtrIS4_EEJEEEvOT_OT0_DpOT1_
#8 0x59603c01e1b2 _ZN4base8internal7InvokerINS0_9BindStateIM23ChromeOSMetricsProviderFvvEJNS_7WeakPtrIS3_EEEEEFvvEE7RunImplIS5_St5tupleIJS7_EEJLm0EEEEvOT_OT0_NS_13IndexSequenceIJXspT1_EEEE
#9 0x59603c01e0fe _ZN4base8internal7InvokerINS0_9BindStateIM23ChromeOSMetricsProviderFvvEJNS_7WeakPtrIS3_EEEEEFvvEE7RunOnceEPNS0_13BindStateBaseE
#10 0x596036457e09 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv
#11 0x59603cac8465 base::(anonymous namespace)::PostTaskAndReplyRelay::RunTaskAndPostReply()
#12 0x59603cac8c0d _ZN4base8internal13FunctorTraitsIMNS_12_GLOBAL__N_121PostTaskAndReplyRelayEFvvEvE6InvokeIPS3_JEEEvS5_OT_DpOT0_
#13 0x59603cac8b11 _ZN4base8internal12InvokeHelperILb0EvE8MakeItSoIMNS_12_GLOBAL__N_121PostTaskAndReplyRelayEFvvEJPS5_EEEvOT_DpOT0_
#14 0x59603cac8a74 _ZN4base8internal7InvokerINS0_9BindStateIMNS_12_GLOBAL__N_121PostTaskAndReplyRelayEFvvEJNS0_17UnretainedWrapperIS4_EEEEEFvvEE7RunImplIS6_St5tupleIJS8_EEJLm0EEEEvOT_OT0_NS_13IndexSeq
#15 0x59603cac898e _ZN4base8internal7InvokerINS0_9BindStateIMNS_12_GLOBAL__N_121PostTaskAndReplyRelayEFvvEJNS0_17UnretainedWrapperIS4_EEEEEFvvEE7RunOnceEPNS0_13BindStateBaseE
#16 0x596036457e09 _ZNO4base8CallbackIFvvELNS_8internal8CopyModeE0ELNS2_10RepeatModeE0EE3RunEv
#17 0x59603c952482 base::debug::TaskAnnotator::RunTask()
#18 0x59603cabd0e6 base::internal::TaskTracker::PerformRunTask()
#19 0x59603cabf863 base::internal::TaskTrackerPosix::PerformRunTask()
#20 0x59603cabc27d base::internal::TaskTracker::RunNextTask()
#21 0x59603cbb9a21 base::internal::SchedulerWorker::Thread::ThreadMain()
#22 0x59603cac7a2c base::(anonymous namespace)::ThreadFunc()
#23 0x78dc8d6262b8 <unknown>
#24 0x78dc8c35cfad clone

Comment 1 by mpear...@chromium.org, Aug 1 2017

Cc: -mpear...@chromium.org

Comment 2 by holte@chromium.org, Aug 2 2017

Taking a look at the how ChromeOSMetricsProvider, I notice that it appears to be passing a WeakPtr to Background task, while it is owned on the UI thread, which might be the cause of this bug?

I changed some code around how that gets called recently related to crbug/739895, but I didn't change which threads the WeakPtr got used on, or ownership of the object.

It seems like the right way to fix this is to use PostTaskWithTraitsAndReplyWithResult instead, and only modify the object on the UI thread.

Comment 3 by holte@chromium.org, Aug 2 2017

Owner: holte@chromium.org
Status: Started (was: Untriaged)

Comment 4 by holte@chromium.org, Aug 2 2017

Made a potential fix, but I don't have an easy way to test right now: https://chromium-review.googlesource.com/c/597049

Project Member

Comment 5 by bugdroid1@chromium.org, Aug 8 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/b7f8139b647f5f116a587f30cb3a64fe7d336245

commit b7f8139b647f5f116a587f30cb3a64fe7d336245
Author: Steven Holte <holte@google.com>
Date: Tue Aug 08 20:00:21 2017

Modify ChromeOSMetricsProvider from correct thread.

Instead of using the weak ptr on the background thread, write the
result in the reply.

Bug:  751000 
Change-Id: I4521873de6655edbe61958ee65895f4e12c33b31
Reviewed-on: https://chromium-review.googlesource.com/597049
Reviewed-by: Brian White <bcwhite@chromium.org>
Commit-Queue: Steven Holte <holte@chromium.org>
Cr-Commit-Position: refs/heads/master@{#492737}
[modify] https://crrev.com/b7f8139b647f5f116a587f30cb3a64fe7d336245/chrome/browser/metrics/chromeos_metrics_provider.cc
[modify] https://crrev.com/b7f8139b647f5f116a587f30cb3a64fe7d336245/chrome/browser/metrics/chromeos_metrics_provider.h

Comment 6 by holte@chromium.org, Aug 11 2017

Status: Fixed (was: Started)

Probably fixed.

Comment 7 by isherman@chromium.org, Aug 14 2017

Cc: r...@chromium.org

 Issue 751337  has been merged into this issue.

►

Issue 751000 link

Issue metadata

Chrome crash (sequence_checker_).CalledOnValidSequence() in ChromeOSMetricsProvider

Issue description

Comment 1 by mpear...@chromium.org, Aug 1 2017

Comment 1 Deleted

Comment 2 by holte@chromium.org, Aug 2 2017

Comment 2 Deleted

Comment 3 by holte@chromium.org, Aug 2 2017

Comment 3 Deleted

Comment 4 by holte@chromium.org, Aug 2 2017

Comment 4 Deleted

Comment 5 by bugdroid1@chromium.org, Aug 8 2017

Comment 5 Deleted

Comment 6 by holte@chromium.org, Aug 11 2017

Comment 6 Deleted

Comment 7 by isherman@chromium.org, Aug 14 2017

Comment 7 Deleted

Sign in to add a comment