New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 820449 link

Starred by 1 user
Status: WontFix
Owner:
samans@chromium.org
Closed: Mar 2018
Cc:
fsam...@chromium.org
jonr...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocking:
issue 794961



Sign in to add a comment

Frame Eviction crash on invalid surface

Project Member Reported by jonr...@chromium.org, Mar 9 2018 
OS: Windows
Test suite: browser_tests
Viz: on
Test: ExtensionApiTabTest.TabsOnUpdated
Found on: March 9th's TOT 3457fe6c8dbd3da7a32778bbb167b0528431da07

There is a crash when attempting to serialize an invalid SurfaceID during a frame eviction:

Saman/Fady could you help me triage?

[33400:20508:0309/102955.510:FATAL:unguessable_token.h(58)] Check failed: !is_empty().
Backtrace:
        base::debug::StackTrace::StackTrace [0x00007FFC6C44CFAB+107] (C:\src\chromium\src\base\debug\stack_trace_win.cc:286)
        base::debug::StackTrace::StackTrace [0x00007FFC6C44BC4F+31] (C:\src\chromium\src\base\debug\stack_trace.cc:199)
        logging::LogMessage::~LogMessage [0x00007FFC6C4C5256+134] (C:\src\chromium\src\base\logging.cc:581)
        base::UnguessableToken::GetHighForSerialization [0x00007FFC6C3F10E9+169] (C:\src\chromium\src\base\unguessable_token.h:59)
        mojo::StructTraits<mojo::common::mojom::UnguessableTokenDataView,base::UnguessableToken>::high [0x00007FFC342AE3E4+20] (C:\src\chromium\src\mojo\common\common_custom_types_struct_traits.h:47)
        mojo::internal::CallWithContext<unsigned long long,const base::UnguessableToken &,const base::UnguessableToken &> [0x00007FFC342AE3B4+52] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\serialization_util.h:133)
        mojo::internal::Serializer<mojo::common::mojom::UnguessableTokenDataView,const base::UnguessableToken>::Serialize [0x00007FFC342AE21D+109] (C:\src\chromium\src\out\default\gen\mojo\common\unguessable_token.mojom-shared.h:108)
        mojo::internal::Serialize<mojo::common::mojom::UnguessableTokenDataView,const base::UnguessableToken &,mojo::internal::Buffer *&,mojo::common::mojom::internal::UnguessableToken_Data::BufferWriter *,mojo::internal::SerializationContext *&,nullptr> [0x00007FFC342ADEEF+111] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\serialization_forward.h:45)
        mojo::internal::Serializer<viz::mojom::LocalSurfaceIdDataView,const viz::LocalSurfaceId>::Serialize [0x00007FFC342ADA01+305] (C:\src\chromium\src\out\default\gen\services\viz\public\interfaces\compositing\local_surface_id.mojom-shared.h:122)
        mojo::internal::Serialize<viz::mojom::LocalSurfaceIdDataView,const viz::LocalSurfaceId &,mojo::internal::Buffer *&,viz::mojom::internal::LocalSurfaceId_Data::BufferWriter *,mojo::internal::SerializationContext *&,nullptr> [0x00007FFC342AD60F+111] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\serialization_forward.h:45)
        mojo::internal::Serializer<viz::mojom::SurfaceIdDataView,const viz::SurfaceId>::Serialize [0x00007FFC342AD0BB+747] (C:\src\chromium\src\out\default\gen\services\viz\public\interfaces\compositing\surface_id.mojom-shared.h:135)
        mojo::internal::Serialize<viz::mojom::SurfaceIdDataView,const viz::SurfaceId &,mojo::internal::Buffer *&,viz::mojom::internal::SurfaceId_Data::BufferWriter *&,mojo::internal::SerializationContext *&,nullptr> [0x00007FFC342AFCFF+111] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\serialization_forward.h:45)
        mojo::internal::ArraySerializer<mojo::ArrayDataView<viz::mojom::SurfaceIdDataView>,const std::vector<viz::SurfaceId,std::allocator<viz::SurfaceId> >,mojo::internal::ArrayIterator<mojo::ArrayTraits<std::vector<viz::SurfaceId,std::allocator<viz::SurfaceId>  [0x00007FFC342AFA28+88] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\array_serialization.h:395)
        mojo::internal::ArraySerializer<mojo::ArrayDataView<viz::mojom::SurfaceIdDataView>,const std::vector<viz::SurfaceId,std::allocator<viz::SurfaceId> >,mojo::internal::ArrayIterator<mojo::ArrayTraits<std::vector<viz::SurfaceId,std::allocator<viz::SurfaceId>  [0x00007FFC342AF35E+206] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\array_serialization.h:360)
        mojo::internal::Serializer<mojo::ArrayDataView<viz::mojom::SurfaceIdDataView>,const std::vector<viz::SurfaceId,std::allocator<viz::SurfaceId> > >::Serialize [0x00007FFC342AF068+584] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\array_serialization.h:492)
        mojo::internal::Serialize<mojo::ArrayDataView<viz::mojom::SurfaceIdDataView>,const std::vector<viz::SurfaceId,std::allocator<viz::SurfaceId> > &,mojo::internal::Buffer *&,mojo::internal::Array_Data<mojo::internal::Pointer<viz::mojom::internal::SurfaceId_D [0x00007FFC34294C7B+155] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\serialization_forward.h:45)
        viz::mojom::FrameSinkManagerProxy::EvictSurfaces [0x00007FFC34294805+389] (C:\src\chromium\src\out\default\gen\services\viz\privileged\interfaces\compositing\frame_sink_manager.mojom.cc:703)
        viz::HostFrameSinkManager::EvictSurfaces [0x00007FFC34216892+34] (C:\src\chromium\src\components\viz\host\host_frame_sink_manager.cc:249)
        content::DelegatedFrameHost::EvictDelegatedFrame [0x00007FFC49D25C0D+237] (C:\src\chromium\src\content\browser\renderer_host\delegated_frame_host.cc:567)
        viz::FrameEvictor::EvictCurrentFrame [0x00007FFC322BF398+24] (C:\src\chromium\src\components\viz\client\frame_evictor.cc:54)
        viz::FrameEvictionManager::CullUnlockedFrames [0x00007FFC322B3719+217] (C:\src\chromium\src\components\viz\client\frame_eviction_manager.cc:138)
        viz::FrameEvictionManager::AddFrame [0x00007FFC322B3354+148] (C:\src\chromium\src\components\viz\client\frame_eviction_manager.cc:38)
        viz::FrameEvictor::SwappedFrame [0x00007FFC322BF071+81] (C:\src\chromium\src\components\viz\client\frame_evictor.cc:22)
        content::DelegatedFrameHost::OnFirstSurfaceActivation [0x00007FFC49D258E2+1074] (C:\src\chromium\src\content\browser\renderer_host\delegated_frame_host.cc:546)
        viz::HostFrameSinkManager::OnFirstSurfaceActivation [0x00007FFC342181AD+269] (C:\src\chromium\src\components\viz\host\host_frame_sink_manager.cc:392)
        viz::mojom::FrameSinkManagerClientStubDispatch::Accept [0x00007FFC3429EB49+1433] (C:\src\chromium\src\out\default\gen\services\viz\privileged\interfaces\compositing\frame_sink_manager.mojom.cc:2061)
        viz::mojom::FrameSinkManagerClientStub<mojo::RawPtrImplRefTraits<viz::mojom::FrameSinkManagerClient> >::Accept [0x00007FFC3421BB43+99] (C:\src\chromium\src\out\default\gen\services\viz\privileged\interfaces\compositing\frame_sink_manager.mojom.h:367)
        mojo::InterfaceEndpointClient::HandleValidatedMessage [0x00007FFC6A2E0AC2+1826] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc:419)
        mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept [0x00007FFC6A2E0381+33] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc:133)
        mojo::FilterChain::Accept [0x00007FFC6A2DDE21+497] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\filter_chain.cc:40)
        mojo::InterfaceEndpointClient::HandleIncomingMessage [0x00007FFC6A2E3C94+212] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\interface_endpoint_client.cc:306)
        mojo::internal::MultiplexRouter::ProcessIncomingMessage [0x00007FFC6A2FC776+1686] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\multiplex_router.cc:879)
        mojo::internal::MultiplexRouter::Accept [0x00007FFC6A2FBADA+666] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\multiplex_router.cc:604)
        mojo::FilterChain::Accept [0x00007FFC6A2DDE21+497] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\filter_chain.cc:40)
        mojo::Connector::ReadSingleMessage [0x00007FFC6A2C940E+1070] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\connector.cc:444)
        mojo::Connector::ReadAllAvailableMessages [0x00007FFC6A2CA8FC+124] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\connector.cc:474)
        mojo::Connector::OnHandleReadyInternal [0x00007FFC6A2CA5E1+241] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\connector.cc:377)
        mojo::Connector::OnWatcherHandleReady [0x00007FFC6A2CA4DB+27] (C:\src\chromium\src\mojo\public\cpp\bindings\lib\connector.cc:353)
        base::internal::FunctorTraits<void (mojo::Connector::*)(unsigned int),void>::Invoke<mojo::Connector *,unsigned int> [0x00007FFC6A2CDDD5+69] (C:\src\chromium\src\base\bind_internal.h:447)
        base::internal::InvokeHelper<0,void>::MakeItSo<void (mojo::Connector::*const &)(unsigned int),mojo::Connector *,unsigned int> [0x00007FFC6A2CDD0D+77] (C:\src\chromium\src\base\bind_internal.h:530)
        base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int),base::internal::UnretainedWrapper<mojo::Connector> >,void (unsigned int)>::RunImpl<void (mojo::Connector::*const &)(unsigned int),const std::tuple<base::internal::Un [0x00007FFC6A2CDC83+115] (C:\src\chromium\src\base\bind_internal.h:604)
        base::internal::Invoker<base::internal::BindState<void (mojo::Connector::*)(unsigned int),base::internal::UnretainedWrapper<mojo::Connector> >,void (unsigned int)>::Run [0x00007FFC6A2CDB40+96] (C:\src\chromium\src\base\bind_internal.h:586)
        base::RepeatingCallback<void (unsigned int)>::Run [0x00007FFC7589BB39+105] (C:\src\chromium\src\base\callback.h:124)
        mojo::SimpleWatcher::DiscardReadyState [0x00007FFC7589B9B0+32] (C:\src\chromium\src\mojo\public\cpp\system\simple_watcher.h:195)
        base::internal::FunctorTraits<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),void>::Invoke<const base::RepeatingCallback<void (unsigned int)> &,unsigned int,const mojo::HandleSignalsState &> [0x00007FFC758A3351+97] (C:\src\chromium\src\base\bind_internal.h:402)
        base::internal::InvokeHelper<0,void>::MakeItSo<void (*const &)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),const base::RepeatingCallback<void (unsigned int)> &,unsigned int,const mojo::HandleSignal [0x00007FFC758A3266+102] (C:\src\chromium\src\base\bind_internal.h:530)
        base::internal::Invoker<base::internal::BindState<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),base::RepeatingCallback<void (unsigned int)> >,void (unsigned int, const mojo::HandleSignalsSt [0x00007FFC758A31C8+136] (C:\src\chromium\src\base\bind_internal.h:604)
        base::internal::Invoker<base::internal::BindState<void (*)(const base::RepeatingCallback<void (unsigned int)> &, unsigned int, const mojo::HandleSignalsState &),base::RepeatingCallback<void (unsigned int)> >,void (unsigned int, const mojo::HandleSignalsSt [0x00007FFC758A306B+123] (C:\src\chromium\src\base\bind_internal.h:586)
        base::RepeatingCallback<void (unsigned int, const mojo::HandleSignalsState &)>::Run [0x00007FFC758AE562+130] (C:\src\chromium\src\base\callback.h:124)
        mojo::SimpleWatcher::OnHandleReady [0x00007FFC758AE182+418] (C:\src\chromium\src\mojo\public\cpp\system\simple_watcher.cc:276)
        base::internal::FunctorTraits<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),void>::Invoke<const base::WeakPtr<mojo::SimpleWatcher> &,const int &,const unsigned int &,const mojo::HandleSignalsState &> [0x00007FFC758AF447+135] (C:\src\chromium\src\base\bind_internal.h:447)
        base::internal::InvokeHelper<1,void>::MakeItSo<void (mojo::SimpleWatcher::*const &)(int, unsigned int, const mojo::HandleSignalsState &),const base::WeakPtr<mojo::SimpleWatcher> &,const int &,const unsigned int &,const mojo::HandleSignalsState &> [0x00007FFC758AF226+166] (C:\src\chromium\src\base\bind_internal.h:553)
        base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState>,void ()>::RunImpl<void (mojo::SimpleWatcher: [0x00007FFC758AF13C+188] (C:\src\chromium\src\base\bind_internal.h:604)
        base::internal::Invoker<base::internal::BindState<void (mojo::SimpleWatcher::*)(int, unsigned int, const mojo::HandleSignalsState &),base::WeakPtr<mojo::SimpleWatcher>,int,unsigned int,mojo::HandleSignalsState>,void ()>::Run [0x00007FFC758AEEAD+61] (C:\src\chromium\src\base\bind_internal.h:586)
        base::OnceCallback<void ()>::Run [0x00007FFC6C3D38B1+97] (C:\src\chromium\src\base\callback.h:95)
        base::debug::TaskAnnotator::RunTask [0x00007FFC6C4518ED+781] (C:\src\chromium\src\base\debug\task_annotator.cc:55)
        base::internal::IncomingTaskQueue::RunTask [0x00007FFC6C504214+212] (C:\src\chromium\src\base\message_loop\incoming_task_queue.cc:124)
        base::MessageLoop::RunTask [0x00007FFC6C50FFA8+968] (C:\src\chromium\src\base\message_loop\message_loop.cc:395)
        base::MessageLoop::DeferOrRunPendingTask [0x00007FFC6C510AA3+83] (C:\src\chromium\src\base\message_loop\message_loop.cc:410)
        base::MessageLoop::DoWork [0x00007FFC6C510DC7+519] (C:\src\chromium\src\base\message_loop\message_loop.cc:451)
        base::MessagePumpForUI::DoRunLoop [0x00007FFC6C51DB5D+77] (C:\src\chromium\src\base\message_loop\message_pump_win.cc:173)
        base::MessagePumpWin::Run [0x00007FFC6C51CD1E+222] (C:\src\chromium\src\base\message_loop\message_pump_win.cc:58)

Comment 1 by samans@chromium.org, Mar 9 2018

Cc: -samans@chromium.org
Owner: samans@chromium.org
Status: Assigned (was: Untriaged)

Comment 2 by samans@chromium.org, Mar 9 2018

Status: WontFix (was: Assigned)
3457fe6c8dbd3da7a32778bbb167b0528431da07 is actually quite old (Feb 28th). This issue doesn't happen anymore on ToT (9917677e2ed67e237942855bec0fc96251546996). Please reopen if I'm wrong.

Comment 3 by jonr...@chromium.org, Mar 9 2018 

Yeah Windows lied to me when I pulled this morning.

This test is fine. Sorry!

Sign in to add a comment