Issue metadata
Sign in to add a comment
|
Flaky segfault in VrShellGl |
||||||||||||||||||||||
Issue description
I've started seeing occasional crashes caused by a segfault somewhere in VrShellGl on the locally attached Pixel device on the FYI bot. This is likely the same as the flaky crash I've seen on the swarmed devices, although I was never able to confirm the cause since I couldn't get logcat output.
I'm not sure of a reliable way to reproduce this, although it only appears to be happening on tests in VrShellNavigationTest with Daydream View paired, so repeatedly running only those tests locally will probably make it repro.
Sample stack trace:
signal 11 (SIGSEGV), code 1, fault addr 0x104620f8 in tid 25887 (VrShellGL)
pid: 25657, tid: 25887, name: VrShellGL >>> org.chromium.chrome <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x104620f8
r0 c7b96538 r1 00000000 r2 c357fdf4 r3 c37ffc3c
r4 c37ffc3c r5 f2807008 r6 c7b96538 r7 104620fa
r8 00000000 r9 c357fdf0 sl bbc254db fp 3f7c9deb
ip 00000000 sp c37ffc28 lr c79b715d pc 104620f8
Stack Trace:
RELADDR FUNCTION FILE:LINE
104620f8 <unknown>
001d515b <unknown> /data/app/com.google.vr.vrcore-1/lib/arm/libvrcore_native.so
001d51e5 gvr_frame_submit+72 /data/app/com.google.vr.vrcore-1/lib/arm/libvrcore_native.so
0388326d gvr_frame_submit+58 /data/app/org.chromium.chrome-1/lib/arm/libchrome.so
02c0114d gvr::Frame::Submit(gvr::BufferViewportList const&, gvr_mat4f const&)+90 /mnt/data/b/c/builder/Android_Builder__dbg_/src/third_party/gvr-android-sdk/src/libraries/headers/vr/gvr/capi/include/gvr.h:1281
02c00e11 vr_shell::VrShellGl::DrawFrameSubmitWhenReady(short, gvr_frame_*, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >)+108 /mnt/data/b/c/builder/Android_Builder__dbg_/src/chrome/browser/android/vr_shell/vr_shell_gl.cc:1000
02c02675 void base::internal::FunctorTraits<void (vr_shell::VrShellGl::*)(short, gvr_frame_*, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >), void>::Invoke<base::WeakPtr<vr_shell::VrShellGl> const&, short const&, gvr_frame_* const&, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> > >(void (vr_shell::VrShellGl::*)(short, gvr_frame_*, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >), base::WeakPtr<vr_shell::VrShellGl> const&, short const&, gvr_frame_* const&, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >&&)+58 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/bind_internal.h:194
02c02635 void base::internal::InvokeHelper<true, void>::MakeItSo<void (vr_shell::VrShellGl::* const&)(short, gvr_frame_*, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >), base::WeakPtr<vr_shell::VrShellGl> const&, short const&, gvr_frame_* const&, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> > >(void (vr_shell::VrShellGl::* const&)(short, gvr_frame_*, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >), base::WeakPtr<vr_shell::VrShellGl> const&, short const&, gvr_frame_* const&, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >&&)+36 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/bind_internal.h:297
02c025fd void base::internal::Invoker<base::internal::BindState<void (vr_shell::VrShellGl::*)(short, gvr_frame_*, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >), base::WeakPtr<vr_shell::VrShellGl>, short, gvr_frame_*, gfx::Transform, base::internal::PassedWrapper<std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> > > >, void ()>::RunImpl<void (vr_shell::VrShellGl::* const&)(short, gvr_frame_*, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >), std::__ndk1::tuple<base::WeakPtr<vr_shell::VrShellGl>, short, gvr_frame_*, gfx::Transform, base::internal::PassedWrapper<std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> > > > const&, 0u, 1u, 2u, 3u, 4u>(void (vr_shell::VrShellGl::* const&)(short, gvr_frame_*, gfx::Transform const&, std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> >), std::__ndk1::tuple<base::WeakPtr<vr_shell::VrShellGl>, short, gvr_frame_*, gfx::Transform, base::internal::PassedWrapper<std::__ndk1::unique_ptr<gl::GLFenceEGL, std::__ndk1::default_delete<gl::GLFenceEGL> > > > const&, std::__ndk1::integer_sequence<unsigned int, 0u, 1u, 2u, 3u, 4u>)+38 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/bind_internal.h:349
00369c99 base::OnceCallback<void ()>::Run() &&+20 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/callback.h:64
00372deb base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)+78 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/debug/task_annotator.cc:57
00389229 base::internal::IncomingTaskQueue::RunTask(base::PendingTask*)+60 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/message_loop/incoming_task_queue.cc:147
0038a43f base::MessageLoop::RunTask(base::PendingTask*)+174 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/message_loop/message_loop.cc:406
0038a695 base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)+40 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/message_loop/message_loop.cc:417
0038a7f9 base::MessageLoop::DoWork()+148 /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/message_loop/message_loop.cc:524
v------> DoRunLoopOnce(_JNIEnv*, base::android::JavaParamRef<_jobject*> const&, long long, long long, long long) /mnt/data/b/c/builder/Android_Builder__dbg_/src/base/message_loop/message_pump_android.cc:52
0038b89f Java_org_chromium_base_SystemMessageHandler_nativeDoRunLoopOnce+94 /mnt/data/b/c/builder/Android_Builder__dbg_/src/out/Debug/gen/base/base_jni_headers/base/jni/SystemMessageHandler_jni.h:49
00dcb01d offset 0xd93000
,
Oct 4 2017
Also note that this is still with VrCore 1.8 - 1.10 looks like it's in the process of being rolled out, but we haven't switched the tests over to that yet.
,
Oct 5 2017
Does this crash happen recently or is it there from the beginning of VrCore 1.8?
,
Oct 5 2017
It's hard to say since other failures have been coming and going. However, the bot has been failing more frequently and started failing on the local device (before it was only the swarming devices) in the past ~3 days. So, I would have to guess that this is a recent issue.
,
Oct 5 2017
Above the stack, there was a relevant log statement: "Destroying a display surface that still has an acquired frame." This could mean that we are destroying the swap_chain_ while there are outstanding frames we are going to attempt to render to it. The stack above is just a victim of an errant swap chain destruction.
,
Oct 5 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b6b4aa4c9ce79b177baa20d4be61da06506dfc05 commit b6b4aa4c9ce79b177baa20d4be61da06506dfc05 Author: Ian Vollick <vollick@chromium.org> Date: Thu Oct 05 19:01:07 2017 Revert "[vr] Enable 2x MSAA" This reverts commit 9f6b20914b84010601dd5c72c2d7882627d29d3d. Reason for revert: The timing of the swap_chain_ destruction appears to be wrong. Reverting this until I can sort it out. Original change's description: > [vr] Enable 2x MSAA > > This increases the number of samples used in the primary framebuffer. > > Bug: 752085 > Change-Id: I869ae41943db925aff845b3d1da15e8130b14e45 > Reviewed-on: https://chromium-review.googlesource.com/680374 > Reviewed-by: Michael Thiessen <mthiesse@chromium.org> > Reviewed-by: Tibor Goldschwendt <tiborg@chromium.org> > Commit-Queue: Ian Vollick <vollick@chromium.org> > Cr-Commit-Position: refs/heads/master@{#505811} TBR=vollick@chromium.org,mthiesse@chromium.org,tiborg@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 752085 , 771663 Change-Id: I6150abf5840fa81cc9ce135c0746d3fd4f8bca7a Reviewed-on: https://chromium-review.googlesource.com/702517 Commit-Queue: Ian Vollick <vollick@chromium.org> Reviewed-by: Tibor Goldschwendt <tiborg@chromium.org> Reviewed-by: Ian Vollick <vollick@chromium.org> Cr-Commit-Position: refs/heads/master@{#506807} [modify] https://crrev.com/b6b4aa4c9ce79b177baa20d4be61da06506dfc05/chrome/browser/android/vr_shell/vr_shell_gl.cc [modify] https://crrev.com/b6b4aa4c9ce79b177baa20d4be61da06506dfc05/chrome/browser/android/vr_shell/vr_shell_gl.h [modify] https://crrev.com/b6b4aa4c9ce79b177baa20d4be61da06506dfc05/chrome/browser/vr/ui_renderer.cc [modify] https://crrev.com/b6b4aa4c9ce79b177baa20d4be61da06506dfc05/chrome/browser/vr/vr_shell_renderer.cc [modify] https://crrev.com/b6b4aa4c9ce79b177baa20d4be61da06506dfc05/chrome/browser/vr/vr_shell_renderer.h
,
Oct 5 2017
Hopefully this addresses the issue. Please let me know if it persists.
,
Mar 1 2018
,
Mar 1 2018
,
Jul 4
,
Aug 29
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by bsheedy@chromium.org
, Oct 4 2017