Issue metadata
Sign in to add a comment
|
CHECK() failed in ui::HardwareDisplayController::SchedulePageFlip() |
||||||||||||||||||||||||
Issue descriptionIn top 10 gpu process crashes in dev: http://go/crash/7f104f542c03d3d6 http://go/crash/9b52fcf08e2188ac Product, version: Chrome_ChromeOS, 69.0.3486.0 Process type: gpu-process Magic Signature: ui::HardwareDisplayController::SchedulePageFlip Stable Signature: ui::HardwareDisplayController::SchedulePageFlip-6f2451c7edit bugs&comments Report Time: Wed, 18 Jul 2018 21:02:07 GMT Process uptime: 21 hours, 22 min, 26 sec, 411 ms Client ID: 137c6d5b770544c2b0753484f54591ff Thread 2 (id: 0xcbe) CRASHED [SIGTRAP @ 0x00000000 ] MAGIC SIGNATURE THREAD Stack Quality100%Show frame trust levels 0x000057e98e09784d (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/ozone/platform/drm/gpu/hardware_display_controller.cc:108 ) ui::HardwareDisplayController::SchedulePageFlip(std::__1::vector<ui::DrmOverlayPlane, std::__1::allocator<ui::DrmOverlayPlane> >, base::OnceCallback<void (gfx::SwapResult, std::__1::unique_ptr<gfx::GpuFence, std::__1::default_delete<gfx::GpuFence> >)>, base::OnceCallback<void (gfx::PresentationFeedback const&)>) 0x000057e98e08ebaf (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/ozone/platform/drm/gpu/drm_window.cc:151 ) ui::DrmWindow::SchedulePageFlip(std::__1::vector<ui::DrmOverlayPlane, std::__1::allocator<ui::DrmOverlayPlane> >, base::OnceCallback<void (gfx::SwapResult, std::__1::unique_ptr<gfx::GpuFence, std::__1::default_delete<gfx::GpuFence> >)>, base::OnceCallback<void (gfx::PresentationFeedback const&)>) 0x000057e98e084424 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/ozone/platform/drm/gpu/drm_thread.cc:228 ) ui::DrmThread::OnPlanesReadyForPageFlip(int, base::OnceCallback<void (gfx::SwapResult, std::__1::unique_ptr<gfx::GpuFence, std::__1::default_delete<gfx::GpuFence> >)>, base::OnceCallback<void (gfx::PresentationFeedback const&)>, std::__1::vector<ui::DrmOverlayPlane, std::__1::allocator<ui::DrmOverlayPlane> >) 0x000057e98e086227 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:507 ) base::internal::Invoker<base::internal::BindState<void (ui::DrmThread::*)(int, base::OnceCallback<void (gfx::SwapResult, std::__1::unique_ptr<gfx::GpuFence, std::__1::default_delete<gfx::GpuFence> >)>, base::OnceCallback<void (gfx::PresentationFeedback const&)>, std::__1::vector<ui::DrmOverlayPlane, std::__1::allocator<ui::DrmOverlayPlane> >), base::WeakPtr<ui::DrmThread>, int, base::OnceCallback<void (gfx::SwapResult, std::__1::unique_ptr<gfx::GpuFence, std::__1::default_delete<gfx::GpuFence> >)>, base::OnceCallback<void (gfx::PresentationFeedback const&)> >, void (std::__1::vector<ui::DrmOverlayPlane, std::__1::allocator<ui::DrmOverlayPlane> >)>::RunOnce(base::internal::BindStateBase*, std::__1::vector<ui::DrmOverlayPlane, std::__1::allocator<ui::DrmOverlayPlane> >&&) 0x000057e98e09ee6a (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) base::internal::Invoker<base::internal::BindState<base::OnceCallback<void (std::__1::vector<ui::DrmOverlayPlane, std::__1::allocator<ui::DrmOverlayPlane> >)>, std::__1::vector<ui::DrmOverlayPlane, std::__1::allocator<ui::DrmOverlayPlane> > >, void ()>::RunOnce(base::internal::BindStateBase*) 0x000057e98d9e47fe (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0x000057e98d9da902 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/incoming_task_queue.cc:129 ) base::MessageLoop::RunTask(base::PendingTask*) 0x000057e9905c2e77 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_loop.cc:361 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0x000057e98d9db49b (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_loop.cc:419 ) base::MessageLoop::DoWork() 0x000057e98d9e4115 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_pump_libevent.cc:210 ) base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) 0x000057e9905e3fb3 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/run_loop.cc:102 ) <name omitted> 0x000057e990613c1c (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/threading/thread.cc:337 ) base::Thread::ThreadMain() 0x000057e990647781 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/threading/platform_thread_posix.cc:76 ) base::(anonymous namespace)::ThreadFunc(void*) 0x00007ecbb86782b7 (libpthread-2.23.so -pthread_create.c:333 ) start_thread 0x00007ecbb7b2cfac (libc-2.23.so + 0x000f6fac ) 97 void HardwareDisplayController::SchedulePageFlip( 98 DrmOverlayPlaneList plane_list, 99 SwapCompletionOnceCallback submission_callback, 100 PresentationOnceCallback presentation_callback) { 101 DCHECK(!page_flip_request_); 102 scoped_refptr<PageFlipRequest> page_flip_request = 103 base::MakeRefCounted<PageFlipRequest>(GetRefreshInterval()); 104 std::unique_ptr<gfx::GpuFence> out_fence; 105 106 bool status = 107 ScheduleOrTestPageFlip(plane_list, page_flip_request, &out_fence); 108 CHECK(status) << "SchedulePageFlip failed";
,
Jul 20
There aren't many ways to get ERANGE from atomic, it seems just one:
/* Give drivers some help against integer overflows */
if (state->crtc_w > INT_MAX ||
state->crtc_x > INT_MAX - (int32_t) state->crtc_w ||
state->crtc_h > INT_MAX ||
state->crtc_y > INT_MAX - (int32_t) state->crtc_h) {
DRM_DEBUG_ATOMIC("Invalid CRTC coordinates %ux%u+%d+%d\n",
state->crtc_w, state->crtc_h,
state->crtc_x, state->crtc_y);
return -ERANGE;
}
,
Jul 20
I am also seeing EINVAL. The previous signature for this type of error is "ui::DrmThread::OnPlanesReadyForPageFlip" and is associated with https://bugs.chromium.org/p/chromium/issues/detail?id=819692 For example http://crash/50b814a1bf1627fb shows the the same ERANGE return was happening in M66.
,
Jul 20
It looks to me like these failures were already occurring before the CHECK moved.. possibly since we enabled atomic or overlays. Daniele, do you have any idea?
,
Jul 20
oops
,
Jul 24
I think it's likely those failures have been happening for a while. We added that CHECK only after we enabled drm atomic. Before that CHECK we'd just ignore the failed pageflips. Should we add more info to the log before we crash? Maybe we could dump plane_list->atomic_property_set to have a better idea of what's going on. What do you think?
,
Jul 24
Sounds good ... Didn't get a chance to look, but I'm wondering if this is caused by some clipping we might be doing when an overlay is scrolling causing the numbers to overflow. For example, we never check the incoming coordinates in HardwareDisplayPlaneAtomic::SetPlaneData(). gfx::Rect() takes integer coordinates and we're casting that into unsigned integers to match the drmModeAtomicAddProperty() call. But if any coordinate is -1 that could cause issues on conversion.
,
Jul 27
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/addc1911f07e8650dd7435c79c9c9d8af269c538 commit addc1911f07e8650dd7435c79c9c9d8af269c538 Author: Daniele Castagna <dcastagna@chromium.org> Date: Fri Jul 27 15:51:01 2018 login: Add lsof /drm/dri/card0 output when browser hangs. We noticed that Chrome fails to authenticate on the drm device when booting up. This causes session_manager to kill the browser process that stops answer to liveness checks. This CL adds to the output of session manager the list of processes with /drm/dri/card0 open. In this way we can see if there is any unexpected process holding the drm device open. BUG= chromium:865739 TEST=start ui when another process is drm master, then check /var/log/messages Change-Id: I27bb57e1dc0dcf38993dad8e51d22bdbee766517 Reviewed-on: https://chromium-review.googlesource.com/1152478 Commit-Ready: Daniele Castagna <dcastagna@chromium.org> Tested-by: Daniele Castagna <dcastagna@chromium.org> Reviewed-by: Dan Erat <derat@chromium.org> Reviewed-by: Daniele Castagna <dcastagna@chromium.org> [modify] https://crrev.com/addc1911f07e8650dd7435c79c9c9d8af269c538/login_manager/liveness_checker_impl.cc
,
Jul 27
Mmm, last CL was meant for https://crbug.com/865970 not for this one.
,
Aug 27
,
Sep 27
Observed on Pyro with version 71.0.3562.0/11105.0.0 with suspend/resume scenario. Crash ID's: 9f1a22aa4c85f33a 38003c950ba1fa5b beaebb590f697d25
,
Oct 17
crbug.com/896240 has another crash ID that has this same trace: crash/9f23ed7845f1a4b2 Not sure if I should merge that one into this one.
,
Oct 17
Looks like this has 60480 reports: https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_ChromeOS%27+AND+expanded_custom_data.ChromeCrashProto.ptype%3D%27gpu-process%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27ui%3A%3AHardwareDisplayController%3A%3ASchedulePageFlip%27 There's another bug that looks similar at crbug.com/888553 as well.
,
Nov 29
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by spang@chromium.org
, Jul 20