New issue
Advanced search Search tips

Issue 769596 link

Starred by 1 user
Status: Duplicate
Merged: issue 771156
Owner:
khushals...@chromium.org
Closed: Oct 2017
Cc:
vmp...@chromium.org
enne@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 3
Type: Bug



Sign in to add a comment

../../third_party/skia/include/core/SkRefCnt.h:98: fatal error: "assert(0 == getRefCnt())"

Project Member Reported by erikc...@chromium.org, Sep 28 2017 
Crash in MSE_ExternalClearKey/EncryptedMediaTest.Playback_Multiple_VideoAudio_WebM/0 on an otherwise unrelated CL.

https://luci-logdog.appspot.com/v/?s=chromium%2Fbb%2Ftryserver.chromium.linux%2Flinux_chromium_rel_ng%2F553933%2F%2B%2Frecipes%2Fsteps%2Fbrowser_tests__with_patch_%2F0%2Flogs%2FMSE_ExternalClearKey__x2f_EncryptedMediaTest.Playback_Multiple_VideoAudio_WebM__x2f_0%2F0

[1:12:0927/211036.659232:INFO:SkRefCnt.h(72)] ../../third_party/skia/include/core/SkRefCnt.h:72: fatal error: "assert(getRefCnt() > 0)"
Received signal 6
#0 0x000003163987 base::debug::StackTrace::StackTrace()
#1 0x00000316345f base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7fc897764330 <unknown>
#3 0x7fc8916abc37 gsignal
#4 0x7fc8916af028 abort
#5 0x000003afbe56 sk_abort_no_print()
#6 0x0000043e9f1c cc::PaintShader::GetSkShader()
#7 0x0000043e4abb cc::PaintFlags::ToSkPaint()
#8 0x0000043f0f21 cc::Rasterizer<>::Raster()
#9 0x0000043ef5d9 cc::PaintOpBuffer::Playback()
#10 0x0000043ef5d9 cc::PaintOpBuffer::Playback()
#11 0x00000799f0ba cc::DisplayItemList::Raster()
#12 0x00000457f813 cc::RasterSource::RasterCommon()
#13 0x00000457f411 cc::RasterSource::PlaybackToCanvas()
#14 0x00000457f347 cc::RasterSource::PlaybackToCanvas()
#15 0x00000457e74a cc::RasterBufferProvider::PlaybackToMemory()
#16 0x00000457df19 cc::OneCopyRasterBufferProvider::PlaybackToStagingBuffer()
#17 0x00000457d267 cc::OneCopyRasterBufferProvider::PlaybackAndCopyOnWorkerThread()
#18 0x00000457d0c6 cc::OneCopyRasterBufferProvider::RasterBufferImpl::Playback()
#19 0x0000045bc0ae cc::(anonymous namespace)::RasterTaskImpl::RunOnWorkerThread()
#20 0x0000073d3d51 content::CategorizedWorkerPool::RunTaskInCategoryWithLockAcquired()
#21 0x0000073d2dbc content::CategorizedWorkerPool::Run()
#22 0x0000031d9340 base::SimpleThread::ThreadMain()
#23 0x0000031d303c base::(anonymous namespace)::ThreadFunc()
#24 0x7fc89775c184 start_thread
#25 0x7fc891772ffd clone
  r8: 00007fc88482f700  r9: 00002523f2d72360 r10: 0000000000000008 r11: 0000000000000202
 r12: 00002523f2cf6900 r13: 00007fc88482db80 r14: 00007fc88482d8f8 r15: 0000000000000000
  di: 0000000000000001  si: 000000000000000c  bp: 00002523f2e64000  bx: 0000000000000000
  dx: 0000000000000006  ax: 0000000000000000  cx: ffffffffffffffff  sp: 00007fc88482d5b8
  ip: 00007fc8916abc37 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
 trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]

Comment 1 by ericrk@chromium.org, Oct 12 2017

Cc: vmp...@chromium.org enne@chromium.org
Owner: khushals...@chromium.org
Status: Assigned (was: Untriaged)
Khushalsagar@, you said this may already be fixed?


This appears to be a crash we see in the wild across all OSes:
https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%27cc%3A%3APaintShader%3A%3AGetSkShader%27&sql_dialect=googlesql&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports

The logic in cc::PaintShader looks OK, but I wonder if something external is double-freeing the shader in a racy codepath?

Comment 2 by khushals...@chromium.org, Oct 12 2017

Mergedinto: 771156
Status: Duplicate (was: Assigned)
Yup. Duping into the fixed bug.

Sign in to add a comment