Occasional crash at arc::ArcAuthService::RequestAccountInfo(bool) while running CTS tests. |
||||
Issue descriptionChrome Version: 65.0.3316.0 OS: ChromeOS R65-10298.0.0 I saw a few instance of this failure last week. Probably a NULL arc_bridge_service_->auth() instance from this line: https://chromium.googlesource.com/chromium/src/+/ba8ed088e5fa4de22642f240974929dffcbde018/chrome/browser/chromeos/arc/auth/arc_auth_service.cc#207 @hidehiko, @khmel, do you happen to know anything? https://pantheon.corp.google.com/storage/browser/chromeos-autotest-results/169314047-chromeos-test/chromeos4-row8-rack3-host2/debug/ https://pantheon.corp.google.com/storage/browser/chromeos-autotest-results/167685451-chromeos-test/chromeos4-row8-rack4-host2/debug/ Crash reason: SIGSEGV Crash address: 0x0 Process uptime: not available Thread 0 (crashed) 0 chrome!arc::ArcAuthService::RequestAccountInfo(bool) [arc_auth_service.cc : 207 + 0x0] rax = 0x0000000000000000 rdx = 0x0000000000000000 rcx = 0x000062226fa17660 rbx = 0x0000000000000001 rsi = 0x0000000000000000 rdi = 0x0000000000000000 rbp = 0x00007ffd07efa8e0 rsp = 0x00007ffd07efa840 r8 = 0x0000000000000000 r9 = 0x00007dbbc9e2a780 r10 = 0x74736e4968747541 r11 = 0x0000000000000000 r12 = 0x00003af0f2328fc0 r13 = 0x00003af0ef4908c0 r14 = 0x00003af0f2328fc8 r15 = 0x00003af0ef88c528 rip = 0x000062226a23c43c Found by: given as instruction pointer in context 1 chrome!arc::mojom::AuthHostStubDispatch::Accept(arc::mojom::AuthHost*, mojo::Message*) [auth.mojom.cc : 383 + 0xc] rbx = 0x00007ffd07efa9f0 rbp = 0x00007ffd07efa960 rsp = 0x00007ffd07efa8f0 r12 = 0x00007ffd07efa8f0 r13 = 0x00003af0ef4908c0 r14 = 0x00003af0f2328fc8 r15 = 0x00003af0ef88c528 rip = 0x000062226a1776f0 Found by: call frame info 2 chrome!mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) [interface_endpoint_client.cc : 419 + 0x9] rbx = 0x0000000000000000 rbp = 0x00007ffd07efa9d0 rsp = 0x00007ffd07efa970 r12 = 0x00007ffd07efa9f0 r13 = 0x00003af0ef4908c0 r14 = 0x00007ffd07efa9f0 r15 = 0x00003af0ef772300 rip = 0x000062226fc05204 Found by: call frame info 3 chrome!mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) [multiplex_router.cc : 880 + 0xb] rbx = 0x0000000000000000 rbp = 0x00007ffd07efaa80 rsp = 0x00007ffd07efa9e0 r12 = 0x00007ffd07efa9f0 r13 = 0x00007ffd07efab68 r14 = 0x00003af0ef4908c0 r15 = 0x00003af0ef772300 rip = 0x000062226fa19805 Found by: call frame info 4 chrome!mojo::internal::MultiplexRouter::Accept(mojo::Message*) [multiplex_router.cc : 604 + 0xb] rbx = 0x00007ffd07efab70 rbp = 0x00007ffd07efac00 rsp = 0x00007ffd07efaa90 r12 = 0x00007ffd07efab08 r13 = 0x00007ffd07efad18 r14 = 0x00003af0ef772300 r15 = 0x0000000000000002 rip = 0x000062226b1b328a Found by: call frame info 5 chrome!mojo::Connector::ReadSingleMessage(unsigned int*) [connector.cc : 445 + 0xd] rbx = 0x00006222710654b0 rbp = 0x00007ffd07efad00 rsp = 0x00007ffd07efac10 r12 = 0x00003af0ef772360 r13 = 0x00007ffd07efad18 r14 = 0x00007ffd07efad01 r15 = 0x00007ffd07efad20 rip = 0x000062226fa190bc Found by: call frame info 6 chrome!mojo::Connector::ReadAllAvailableMessages() [connector.cc : 474 + 0xb] rbx = 0x00003af0ef772360 rbp = 0x00007ffd07efad60 rsp = 0x00007ffd07efad10 r12 = 0x00007ffd07efad1c r13 = 0x00007ffd07efad18 r14 = 0x00003af0ef7724e8 r15 = 0x00007ffd07efad20 rip = 0x000062226fa192d2 Found by: call frame info 7 chrome!mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) [callback.h : 94 + 0x9] rbx = 0x00003af0eef75c30 rbp = 0x00007ffd07efadd0 rsp = 0x00007ffd07efad70 r12 = 0x00003af0f11c8d18 r13 = 0x00007ffd07efad98 r14 = 0x00007ffd07efad80 r15 = 0x0000000000000000 rip = 0x000062226fa19db6 Found by: call frame info 8 chrome!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) [callback.h : 65 + 0x3] rbx = 0x00007ffd07efaf70 rbp = 0x00007ffd07efae80 rsp = 0x00007ffd07efade0 r12 = 0x0000622271065440 r13 = 0x000062227111b2b8 r14 = 0x00007ffd07efae18 r15 = 0x00003af0eeb468cc rip = 0x000062226fa0c185 Found by: call frame info
,
Jun 29 2018
Looks like we have potential race condition here. From crash report we have few crashes: https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_ChromeOS%27+%0AAND%0AEXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29%0A++WHERE+FunctionName%3D%27arc%3A%3AArcAuthService%3A%3ARequestAccountInfo%28bool%29%27%29%0AAND%0ANOT+EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29%0A++WHERE+FunctionName%3D%27arc%3A%3AArcRobotAuthCodeFetcher%3A%3AFetch%28base%3A%3ARepeatingCallback%3Cvoid+%28bool%2C+std%3A%3A__1%3A%3Abasic_string%3Cchar%2C+std%3A%3A__1%3A%3Achar_traits%3Cchar%3E%2C+std%3A%3A__1%3A%3Aallocator%3Cchar%3E+%3E+const%26%29%3E+const%26%29%27%29&stbtiq=&reportid=e7fdd0ed0cf3f8e9&index=6#0
,
Jun 29 2018
,
Jun 29 2018
,
Jul 2
Assume it is fixed.
,
Jul 2
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/16ebf6e36af39f3c4df4e8aa2e729f9d0778bdff commit 16ebf6e36af39f3c4df4e8aa2e729f9d0778bdff Author: khmel@google.com <khmel@google.com> Date: Mon Jul 02 16:25:11 2018 arc: Handle possible auth instance deletion. RequestAccountInfo -> OnAccountInfoReady is implmented as truly async calls. It seems that it is possible the case when instance is removed after making a request and this leads to crash (however it is pretty rare case). TEST=N/A BUG= 801947 Change-Id: I0ae3f7a250e0796d2174ea5252e33db84f949592 Reviewed-on: https://chromium-review.googlesource.com/1120777 Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org> Commit-Queue: Yury Khmel <khmel@google.com> Cr-Commit-Position: refs/heads/master@{#571915} [modify] https://crrev.com/16ebf6e36af39f3c4df4e8aa2e729f9d0778bdff/chrome/browser/chromeos/arc/auth/arc_auth_service.cc |
||||
►
Sign in to add a comment |
||||
Comment 1 by zork@chromium.org
, Jun 29 2018