Issue metadata
Sign in to add a comment
|
audio: crash on opening App Launcher |
||||||||||||||||||||||
Issue descriptionhttps://crash.corp.google.com/browse?q=product_name%3D%27Chrome_ChromeOS%27+AND+EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29+WHERE+FunctionName%3D%27audio%3A%3AInputIPC%3A%3AStreamCreated%28mojo%3A%3AStructPtr%3Cmedia%3A%3Amojom%3A%3AReadOnlyAudioDataPipe%3E%2C+bool%2C+base%3A%3AOptional%3Cbase%3A%3AUnguessableToken%3E+const%26%29%27%29 1. Open app laucnher 2. Observe crash (in rare case) See growing number of crashes. Also happened in M69 but majority comes to recent M70. cc last commiter and reviewer of crashed file. 0x000059b2094de70c (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/bind_internal.h:516 ) base::internal::Invoker<base::internal::BindState<void (audio::InputIPC::*)(mojo::StructPtr<media::mojom::ReadOnlyAudioDataPipe>, bool, base::Optional<base::UnguessableToken> const&), base::WeakPtr<audio::InputIPC> >, void (mojo::StructPtr<media::mojom::ReadOnlyAudioDataPipe>, bool, base::Optional<base::UnguessableToken> const&)>::RunOnce(base::internal::BindStateBase*, mojo::StructPtr<media::mojom::ReadOnlyAudioDataPipe>&&, bool, base::Optional<base::UnguessableToken> const&) 0x000059b2094d0409 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) audio::mojom::StreamFactory_CreateInputStream_ForwardToCallback::Accept(mojo::Message*) 0x000059b20adbcfbc (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:418 ) mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message*) 0x000059b20adc27e9 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:306 ) mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::internal::MultiplexRouter::MessageWrapper*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) 0x000059b20809afdb (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/mojo/public/cpp/bindings/lib/multiplex_router.cc:590 ) mojo::internal::MultiplexRouter::Accept(mojo::Message*) 0x000059b20809aaf6 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/mojo/public/cpp/bindings/lib/connector.cc:457 ) mojo::Connector::ReadAllAvailableMessages() 0x000059b20809be54 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:129 ) mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) 0x000059b20808b95e (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/callback.h:99 ) base::MessageLoop::DoWork() 0x000059b2080986e4 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/message_loop/message_pump_libevent.cc:210 ) base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) 0x000059b20acfb393 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/base/run_loop.cc:102 ) <name omitted> 0x000059b20a8ec48f (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/chrome/browser/chrome_browser_main.cc:2065 ) ChromeBrowserMainParts::MainMessageLoopRun(int*) 0x000059b208f0b5eb (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/browser/browser_main_loop.cc:1033 ) content::BrowserMainLoop::RunMainMessageLoopParts() 0x000059b208f0ecc1 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/browser/browser_main_runner_impl.cc:162 ) content::BrowserMainRunnerImpl::Run() 0x000059b208f033cd (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/browser/browser_main.cc:47 ) content::BrowserMain(content::MainFunctionParams const&) 0x000059b20a8d80ed (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/app/content_main_runner_impl.cc:536 ) content::ContentMainRunnerImpl::Run(bool) 0x000059b20a8dff6b (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/services/service_manager/embedder/main.cc:472 ) service_manager::Main(service_manager::MainParams const&) 0x000059b20819bc94 (chrome -./../../../../../../../home/chrome-bot/chrome_root/src/content/app/content_main.cc:19 ) ChromeMain 0x000078ff374d8735 (libc-2.23.so -libc-start.c:289 ) __libc_start_main 0x000059b20818c6b8 (chrome + 0x003236b8 ) _start
,
Aug 31
I'll take care of this.
,
Aug 31
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4ef85aa8a575d30148dc78d2f5a4c028def0936f commit 4ef85aa8a575d30148dc78d2f5a4c028def0936f Author: Max Morin <maxmorin@chromium.org> Date: Fri Aug 31 10:24:52 2018 Fix audio::InputIPC crash. StreamCreated() may be called after CloseStream(), leading to a null pointer deref on |delegate_|. Avoid this by invalidating the weak pointer that was bound into StreamCreated(). Bug: 879257 Change-Id: I954421b384928bff3c3d17506850012e2a1da1b3 Reviewed-on: https://chromium-review.googlesource.com/1199142 Commit-Queue: Olga Sharonova <olka@chromium.org> Reviewed-by: Olga Sharonova <olka@chromium.org> Cr-Commit-Position: refs/heads/master@{#587981} [modify] https://crrev.com/4ef85aa8a575d30148dc78d2f5a4c028def0936f/services/audio/public/cpp/input_ipc.cc [modify] https://crrev.com/4ef85aa8a575d30148dc78d2f5a4c028def0936f/services/audio/public/cpp/input_ipc_unittest.cc
,
Aug 31
Will merge on Monday.
,
Aug 31
[Auto-generated comment by a script] We noticed that this issue is targeted for M-70; it appears the fix may have landed after branch point, meaning a merge might be required. Please confirm if a merge is required here - if so add Merge-Request-70 label, otherwise remove Merge-TBD label. Thanks.
,
Aug 31
Alright, if a bot tells me to, I guess I'll request merge right away :D.
,
Sep 1
Your change meets the bar and is auto-approved for M70. Please go ahead and merge the CL to branch 3538 manually. Please contact milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 3
The NextAction date has arrived: 2018-09-03
,
Sep 3
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/03ff085fbab33e6cf10485cfa5802f93989bba96 commit 03ff085fbab33e6cf10485cfa5802f93989bba96 Author: Max Morin <maxmorin@chromium.org> Date: Mon Sep 03 11:44:16 2018 [M70]Fix audio::InputIPC crash. StreamCreated() may be called after CloseStream(), leading to a null pointer deref on |delegate_|. Avoid this by invalidating the weak pointer that was bound into StreamCreated(). Bug: 879257 Change-Id: I954421b384928bff3c3d17506850012e2a1da1b3 Reviewed-on: https://chromium-review.googlesource.com/1199142 Commit-Queue: Olga Sharonova <olka@chromium.org> Reviewed-by: Olga Sharonova <olka@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#587981}(cherry picked from commit 4ef85aa8a575d30148dc78d2f5a4c028def0936f) Reviewed-on: https://chromium-review.googlesource.com/1202042 Reviewed-by: Max Morin <maxmorin@chromium.org> Cr-Commit-Position: refs/branch-heads/3538@{#13} Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811} [modify] https://crrev.com/03ff085fbab33e6cf10485cfa5802f93989bba96/services/audio/public/cpp/input_ipc.cc [modify] https://crrev.com/03ff085fbab33e6cf10485cfa5802f93989bba96/services/audio/public/cpp/input_ipc_unittest.cc
,
Sep 10
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by olka@chromium.org
, Aug 30