Crash: ash::WindowTreeHostManager::PreDisplayConfigurationChange |
|||||||||||||
Issue descriptionForked from: b/112923895. Chrome OS Version: 10895.32.0, 69.0.3497.51 beta channel eve Steps: 1. Eve in tablet -landscape mode 2. Perform OOBE, add a new user account and sign in to the device 3. Perform first time Google assistant voice training set up 4. Open assistant using 'OK Google' Hotword 5. Give assistant input say 'Navigate to Googleplex' 6. As the results are loading, rotate the device to portrait mode. Actual behavior: Chrome browser crash observed. Attached debug logs from eve. Crash reports: https://crash.corp.google.com/browse?stbtiq=6b631f35c0bd47ad https://crash.corp.google.com/browse?stbtiq=a78484ce07ea951c 0x00005c9d3da1bbe2 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/memory/weak_ptr.h ) ash::WindowTreeHostManager::PreDisplayConfigurationChange(bool) 0x00005c9d3d36f025 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/display/manager/display_manager.cc:1082 ) display::DisplayManager::UpdateDisplaysWith(std::__1::vector<display::ManagedDisplayInfo, std::__1::allocator<display::ManagedDisplayInfo> > const&) 0x00005c9d3d36a467 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/display/manager/display_manager.cc:933 ) display::DisplayManager::OnNativeDisplaysChanged(std::__1::vector<display::ManagedDisplayInfo, std::__1::allocator<display::ManagedDisplayInfo> > const&) 0x00005c9d3d384578 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/display/manager/display_change_observer.cc:204 ) display::DisplayChangeObserver::OnDisplayModeChanged(std::__1::vector<display::DisplaySnapshot*, std::__1::allocator<display::DisplaySnapshot*> > const&) 0x00005c9d3d38b6f6 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/display/manager/display_configurator.cc:1195 ) display::DisplayConfigurator::NotifyDisplayStateObservers(bool, display::MultipleDisplayState) 0x00005c9d3d38916e (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/display/manager/display_configurator.cc:1131 ) display::DisplayConfigurator::OnConfigured(bool, std::__1::vector<display::DisplaySnapshot*, std::__1::allocator<display::DisplaySnapshot*> > const&, display::MultipleDisplayState, chromeos::DisplayPowerState) 0x00005c9d3d395873 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:129 ) display::UpdateDisplayConfigurationTask::OnStateEntered(display::ConfigureDisplaysTask::Status) 0x00005c9d3d396b40 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:129 ) display::ConfigureDisplaysTask::Run() 0x00005c9d3d396f22 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/ui/display/manager/configure_displays_task.cc ) display::ConfigureDisplaysTask::OnConfigured(unsigned long, bool) 0x00005c9d38fdf19b (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) base::internal::Invoker<base::internal::BindState<base::OnceCallback<void (bool)>, bool>, void ()>::RunOnce(base::internal::BindStateBase*) 0x00005c9d38904605 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) base::MessageLoop::DoWork() 0x00005c9d38911e93 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_pump_libevent.cc:210 ) base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) 0x00005c9d3b4f6243 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/run_loop.cc:102 ) <name omitted> 0x00005c9d3b0e9816 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/chrome/browser/chrome_browser_main.cc:2086 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x00005c9d3963609b (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/browser/browser_main_loop.cc:1034 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x00005c9d39639841 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/browser/browser_main_runner_impl.cc:162 ) content::BrowserMainRunnerImpl::Run() 0x00005c9d3962de8c (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/browser/browser_main.cc:47 ) content::BrowserMain(content::MainFunctionParams const&) 0x00005c9d3b0d4d48 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/app/content_main_runner_impl.cc:596 ) content::ContentMainRunnerImpl::Run(bool) 0x00005c9d3b0dcc42 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/services/service_manager/embedder/main.cc:472 ) service_manager::Main(service_manager::MainParams const&) 0x00005c9d38a30a84 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/app/content_main.cc:19 ) ChromeMain 0x00007b8b824b0735 (libc-2.23.so -libc-start.c:289 ) __libc_start_main 0x00005c9d38a1f2b8 (chrome + 0x0028b2b8 ) _start
,
Aug 23
Another crash while using Ctrl + Shift + '-' . Does not repro consistently. Crash report: https://crash.corp.google.com/browse?stbtiq=c50d6e4bfe1140ae Feedback report: https://listnr.corp.google.com/report/85617810812
,
Aug 23
,
Aug 24
FYI issue 877177 is another crash in ash::WindowTreeHostManager, on shutdown. I wonder if there is a bogus observer in its observer list.
,
Aug 24
crash id=3548391aec66b226 - happened to me when attaching or detaching external monitor. Definitely a regression after beta update to M69. 69.0.3497.58 on beta channel.
,
Aug 24
Yes, I'm looking into it now.
,
Aug 24
Also happened when switching profiles with Ctrl+Alt+. and multiprofile setup, even without an external monitor attached so probably multi-trigger.
,
Aug 24
#7, sorry forgot the crash/53a0b948db960e81
,
Aug 24
This can be reproduced by opening the assistant and close it, then trigger any display event that will emit WindowTreeHostManager::PreDisplayConfigurationChange() such as resolution change, remove display, change user, ... etc. After some debugging, I found that on M-69 [1], ClientControlledShellSurface's ctor adds itself as an observer to WindowTreeHostManager, but its dtor doesn't remove itself. This was due to a merge error here: https://chromium-review.googlesource.com/c/chromium/src/+/1180413 This code no longer exists on ToT, so I will have to land the fix directly on M-69. This is the same root cause for issue 877177. [1]: https://chromium.googlesource.com/chromium/src/+/69.0.3497.58/components/exo/client_controlled_shell_surface.cc#324
,
Aug 24
,
Aug 24
,
Aug 24
This bug requires manual review: We are only 10 days from stable. Please contact the milestone owner if you have questions. Owners: amineer@(Android), kariahda@(iOS), cindyb@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 26
This is the #1 reported crash on 69 beta.
,
Aug 27
Yes, I have the fix ready to land but waiting for merge approval, as I have to land it to M-69 directly.
,
Aug 27
,
Aug 27
Merge approved, M69.
,
Aug 27
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6db22a5b6ac608a461e0f118d5935f90a093072c commit 6db22a5b6ac608a461e0f118d5935f90a093072c Author: Ahmed Fakhry <afakhry@google.com> Date: Mon Aug 27 17:22:34 2018 Fix a crash on M-69 Add missing WindowTreeHostManager observer remove call in ClientControlledShellSurface destructor. This is a direct land to M-69. TBR=oshima@chromium.org BUG= 877190 , 877177 TEST=Build M-69 manually and test on eve. Change-Id: I398eeedd46a4f19fb9ced45854403b0e10cddd88 Reviewed-on: https://chromium-review.googlesource.com/1189047 Reviewed-by: Ahmed Fakhry <afakhry@chromium.org> Cr-Commit-Position: refs/branch-heads/3497@{#815} Cr-Branched-From: 271eaf50594eb818c9295dc78d364aea18c82ea8-refs/heads/master@{#576753} [modify] https://crrev.com/6db22a5b6ac608a461e0f118d5935f90a093072c/components/exo/client_controlled_shell_surface.cc
,
Aug 27
,
Aug 27
,
Aug 29
Issue 878479 has been merged into this issue.
,
Aug 29
Thanks for getting a fix in so quickly. Do you know when this will be live for users?
,
Aug 29
It should be soon. +cindyb@
,
Aug 31
Issue 879431 has been merged into this issue.
,
Sep 5
Can we please have a fix for this soon? Between yesterday and today (so far), I've already ~7 crashes. Very disruptive. I know using the beta channel entails some disruption. I will adjust accordingly in the future. Thanks.
,
Sep 20
Just wanted to say thanks for the fix. I've had it for a week or two. No issues since. |
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by sdantul...@chromium.org
, Aug 23