Crash with Exo/Wayland on Ozone-DRM
Reported by
alexandr...@collabora.com,
Sep 10
|
||||||||||
Issue descriptionRunning wayland_simple_client with chrome (with Exo enabled) on Ozone-DRM crashes chrome with: #0 0x7f8f3d024d3d base::debug::StackTrace::StackTrace() #1 0x7f8f3cd0c36c base::debug::StackTrace::StackTrace() #2 0x7f8f3d0247c8 base::debug::(anonymous namespace)::StackDumpSignalHandler() #3 0x7f8f1196e8e0 <unknown> #4 0x7f8f08e99530 gbm_bo_get_handle_for_plane #5 0x7f8f23881279 gbm_wrapper::Buffer::GetHandle() #6 0x7f8f237ff735 ui::GbmPixmap::GetUniqueId() #7 0x555c72db602c arc::ProtectedBufferManager::ImportDummyFd() #8 0x555c72db7172 arc::ProtectedBufferManager::GetProtectedNativePixmapFor() #9 0x555c6d86fbcc _ZN4base8internal13FunctorTraitsIMN20resource_coordinator34LevelDBSiteCharacteristicsDatabase11AsyncHelperEFNS_8OptionalI24SiteCharacteristicsProtoEERKN3url6OriginEEvE6InvokeISD_PS4_JS9_EEES7_T_OT0_DpOT1_ #10 0x555c6d86fb26 _ZN4base8internal12InvokeHelperILb0ENS_8OptionalI24SiteCharacteristicsProtoEEE8MakeItSoIMN20resource_coordinator34LevelDBSiteCharacteristicsDatabase11AsyncHelperEFS4_RKN3url6OriginEEJPS9_SB_EEES4_OT_DpOT0_ #11 0x555c72d95134 _ZN4base8internal7InvokerINS0_9BindStateIMN3arc22ProtectedBufferManagerEF13scoped_refptrIN3gfx12NativePixmapEERKNS6_18NativePixmapHandleEEJNS0_17UnretainedWrapperIS4_EEEEEFS8_SB_EE7RunImplIRKSD_RKNSt3__15tupleIJSF_EEEJLm0EEEES8_OT_OT0_NSM_16integer_sequenceImJXspT1_EEEESB_ #12 0x555c72d9504b _ZN4base8internal7InvokerINS0_9BindStateIMN3arc22ProtectedBufferManagerEF13scoped_refptrIN3gfx12NativePixmapEERKNS6_18NativePixmapHandleEEJNS0_17UnretainedWrapperIS4_EEEEEFS8_SB_EE3RunEPNS0_13BindStateBaseESB_ #13 0x7f8f2380479f _ZNKR4base17RepeatingCallbackIF13scoped_refptrIN3gfx12NativePixmapEERKNS2_18NativePixmapHandleEEE3RunES7_ #14 0x7f8f23803d61 ui::GbmSurfaceFactory::CreateNativePixmapFromHandle() #15 0x7f8f0f5f8b36 gpu::GpuMemoryBufferFactoryNativePixmap::CreateImageForGpuMemoryBuffer() #16 0x7f8f0f5f9069 gpu::GpuMemoryBufferFactoryNativePixmap::CreateImageForGpuMemoryBuffer() #17 0x7f8f0f5c5da0 gpu::GpuChannel::CreateImageForGpuMemoryBuffer() #18 0x7f8f0f5a5697 gpu::CommandBufferStub::OnCreateImage() #19 0x7f8f0f5b306c _ZN4base20DispatchToMethodImplIPN3gpu17CommandBufferStubEMS2_Fv38GpuCommandBufferMsg_CreateImage_ParamsENSt3__15tupleIJS4_EEEJLm0EEEEvRKT_T0_OT1_NS7_16integer_sequenceImJXspT2_EEEE #20 0x7f8f0f5b2f88 _ZN4base16DispatchToMethodIPN3gpu17CommandBufferStubEMS2_Fv38GpuCommandBufferMsg_CreateImage_ParamsENSt3__15tupleIJS4_EEEEEvRKT_T0_OT1_ #21 0x7f8f0f5b2ef4 _ZN3IPC16DispatchToMethodIN3gpu17CommandBufferStubEMS2_Fv38GpuCommandBufferMsg_CreateImage_ParamsEvNSt3__15tupleIJS3_EEEEEvPT_T0_PT1_OT2_ #22 0x7f8f0f5ad8e1 _ZN3IPC8MessageTI36GpuCommandBufferMsg_CreateImage_MetaNSt3__15tupleIJ38GpuCommandBufferMsg_CreateImage_ParamsEEEvE8DispatchIN3gpu17CommandBufferStubES9_vMS9_FvS4_EEEbPKNS_7MessageEPT_PT0_PT1_T2_ #23 0x7f8f0f5a2a30 gpu::CommandBufferStub::OnMessageReceived() #24 0x7f8f3972c948 IPC::MessageRouter::RouteMessage() #25 0x7f8f0f5c5450 gpu::GpuChannel::HandleMessageHelper() #26 0x7f8f0f5c11a7 gpu::GpuChannel::HandleMessage() #27 0x7f8f0f5b691f _ZN4base8internal13FunctorTraitsIMN3gpu17CommandBufferStubEFvRKNS2_9SyncTokenEEvE6InvokeIS8_RKNS_7WeakPtrIS3_EEJS6_EEEvT_OT0_DpOT1_ #28 0x7f8f0f5cfa85 _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIMN3gpu10GpuChannelEFvRKN3IPC7MessageEENS_7WeakPtrIS5_EEJS7_EEEvOT_OT0_DpOT1_ #29 0x7f8f0f5cf9fd _ZN4base8internal7InvokerINS0_9BindStateIMN3gpu10GpuChannelEFvRKN3IPC7MessageEEJNS_7WeakPtrIS4_EES6_EEEFvvEE7RunImplISA_NSt3__15tupleIJSC_S6_EEEJLm0ELm1EEEEvOT_OT0_NSH_16integer_sequenceImJXspT1_EEEE #30 0x7f8f0f5cf909 _ZN4base8internal7InvokerINS0_9BindStateIMN3gpu10GpuChannelEFvRKN3IPC7MessageEEJNS_7WeakPtrIS4_EES6_EEEFvvEE7RunOnceEPNS0_13BindStateBaseE #31 0x7f8f32b0f9fe _ZNO4base12OnceCallbackIFvvEE3RunEv #32 0x7f8f32b23c11 gpu::Scheduler::RunNextTask() #33 0x7f8f32b3458f _ZN4base8internal13FunctorTraitsIMN3gpu9SchedulerEFvvEvE6InvokeIS5_RKNS_7WeakPtrIS3_EEJEEEvT_OT0_DpOT1_ #34 0x7f8f32b3450a _ZN4base8internal12InvokeHelperILb1EvE8MakeItSoIRKMN3gpu9SchedulerEFvvERKNS_7WeakPtrIS5_EEJEEEvOT_OT0_DpOT1_ #35 0x7f8f32b344a0 _ZN4base8internal7InvokerINS0_9BindStateIMN3gpu9SchedulerEFvvEJNS_7WeakPtrIS4_EEEEEFvvEE7RunImplIRKS6_RKNSt3__15tupleIJS8_EEEJLm0EEEEvOT_OT0_NSF_16integer_sequenceImJXspT1_EEEE #36 0x7f8f32b343dc _ZN4base8internal7InvokerINS0_9BindStateIMN3gpu9SchedulerEFvvEJNS_7WeakPtrIS4_EEEEEFvvEE3RunEPNS0_13BindStateBaseE #37 0x7f8f3cd55b2e _ZNO4base12OnceCallbackIFvvEE3RunEv #38 0x7f8f3cd0d54a base::debug::TaskAnnotator::RunTask() #39 0x7f8f3cdc9438 base::MessageLoop::RunTask() #40 0x7f8f3cdc973b base::MessageLoop::DeferOrRunPendingTask() #41 0x7f8f3cdc9b84 base::MessageLoop::DoWork() #42 0x7f8f3cdcc4e8 base::MessagePumpDefault::Run() #43 0x7f8f3cdc8c0e base::MessageLoop::Run() #44 0x7f8f3ce6ca32 base::RunLoop::Run() #45 0x7f8f341e6c90 content::GpuMain() #46 0x7f8f376be632 content::RunOtherNamedProcessTypeMain() #47 0x7f8f376c0b81 content::ContentMainRunnerImpl::Run() #48 0x7f8f376b5cac content::ContentServiceManagerMainDelegate::RunEmbedderProcess() #49 0x7f8f3d1b86d1 service_manager::Main() #50 0x7f8f376bbe25 content::ContentMain() #51 0x555c698ef546 ChromeMain #52 0x555c698ef452 main #53 0x7f8f109dcb17 __libc_start_main #54 0x555c698ef32a _start
,
Sep 10
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ecc67359661229db0334d646a6cd4ae0dca24127 commit ecc67359661229db0334d646a6cd4ae0dca24127 Author: Alexandros Frantzis <alexandros.frantzis@collabora.com> Date: Mon Sep 10 17:18:03 2018 ozone: Use a non-empty usage flag when checking formats with minigbm minigbm doesn't support passing an empty usage flag to gbm_device_is_format_supported(), which could happen with the previous code if the format isn't scanout-able. GBM_BO_USE_TEXTURING is an enum value and thus its existence cannot be checked with the preprocessor. Bug: 882429 Change-Id: I824dca82be65fdb6ffb8ab1e729af424e8969200 Reviewed-on: https://chromium-review.googlesource.com/1215947 Reviewed-by: Maksim Sisov <msisov@igalia.com> Reviewed-by: Michael Spang <spang@chromium.org> Commit-Queue: Michael Spang <spang@chromium.org> Cr-Commit-Position: refs/heads/master@{#589957} [modify] https://crrev.com/ecc67359661229db0334d646a6cd4ae0dca24127/ui/ozone/common/linux/gbm_wrapper.cc
,
Sep 14
Is there more work or is this done?
,
Sep 17
I would also like to get https://chromium-review.googlesource.com/c/chromium/src/+/1219087 merged before marking this as done.
,
Sep 25
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a01342d0f40473b50cf47e7cf3c34f1b2062fb1d commit a01342d0f40473b50cf47e7cf3c34f1b2062fb1d Author: Alexandros Frantzis <alexandros.frantzis@collabora.com> Date: Tue Sep 25 00:13:29 2018 ozone: Ensure we don't return invalid GbmBuffer objects In this particular case, ensure we don't return a non-null GbmBuffer backed by a null gbm_bo. Bug: 882429 Change-Id: I4f54102f18d6c177984316b07f30a1f1e4da92ff Reviewed-on: https://chromium-review.googlesource.com/1219087 Commit-Queue: Michael Spang <spang@chromium.org> Reviewed-by: Maksim Sisov <msisov@igalia.com> Reviewed-by: Michael Spang <spang@chromium.org> Cr-Commit-Position: refs/heads/master@{#593764} [modify] https://crrev.com/a01342d0f40473b50cf47e7cf3c34f1b2062fb1d/ui/ozone/common/linux/gbm_wrapper.cc
,
Oct 16
Issue 887658 has been merged into this issue.
,
Oct 16
Hi, I found CL#5 fixes the crash happening in M70. Would you cherry-pick CL#5 to M70?
,
Oct 16
,
Oct 18
ping? spang@, is it fine to send the request merge to M70?
,
Oct 18
Ok. Bringing the labels over from the dupe.
,
Oct 18
This bug requires manual review: Request affecting a post-stable build Please contact the milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), geohsu@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 18
,
Oct 19
,
Oct 20
According to the crash report, I am 100% sure the crash was fixed after https://chromium-review.googlesource.com/1219087 was landed. spang@, do we also need to cherry-pick #2 to M70 too? https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_ChromeOS%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27gbm_wrapper%3A%3ABuffer%3A%3AGetHandle%27
,
Oct 22
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f5bb522c9ecf08e34167f8ed0056dda0672de5e3 commit f5bb522c9ecf08e34167f8ed0056dda0672de5e3 Author: Alexandros Frantzis <alexandros.frantzis@collabora.com> Date: Mon Oct 22 17:25:33 2018 ozone: Ensure we don't return invalid GbmBuffer objects In this particular case, ensure we don't return a non-null GbmBuffer backed by a null gbm_bo. Bug: 882429 Change-Id: I4f54102f18d6c177984316b07f30a1f1e4da92ff Reviewed-on: https://chromium-review.googlesource.com/1219087 Commit-Queue: Michael Spang <spang@chromium.org> Reviewed-by: Maksim Sisov <msisov@igalia.com> Reviewed-by: Michael Spang <spang@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#593764}(cherry picked from commit a01342d0f40473b50cf47e7cf3c34f1b2062fb1d)h Reviewed-on: https://chromium-review.googlesource.com/c/1294198 Cr-Commit-Position: refs/branch-heads/3538@{#1025} Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811} [modify] https://crrev.com/f5bb522c9ecf08e34167f8ed0056dda0672de5e3/ui/ozone/common/linux/gbm_wrapper.cc
,
Oct 22
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f5bb522c9ecf08e34167f8ed0056dda0672de5e3 Commit: f5bb522c9ecf08e34167f8ed0056dda0672de5e3 Author: alexandros.frantzis@collabora.com Commiter: spang@chromium.org Date: 2018-10-22 17:25:33 +0000 UTC ozone: Ensure we don't return invalid GbmBuffer objects In this particular case, ensure we don't return a non-null GbmBuffer backed by a null gbm_bo. Bug: 882429 Change-Id: I4f54102f18d6c177984316b07f30a1f1e4da92ff Reviewed-on: https://chromium-review.googlesource.com/1219087 Commit-Queue: Michael Spang <spang@chromium.org> Reviewed-by: Maksim Sisov <msisov@igalia.com> Reviewed-by: Michael Spang <spang@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#593764}(cherry picked from commit a01342d0f40473b50cf47e7cf3c34f1b2062fb1d)h Reviewed-on: https://chromium-review.googlesource.com/c/1294198 Cr-Commit-Position: refs/branch-heads/3538@{#1025} Cr-Branched-From: 79f7c91a2b2a2932cd447fa6f865cb6662fa8fa6-refs/heads/master@{#587811}
,
Oct 25
How does this fix look? Can we close this out? Thanks.
,
Oct 26
See Crash report. https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_ChromeOS%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27gbm_wrapper%3A%3ABuffer%3A%3AGetHandle%27#samplereports The fix CL#16 was landed on Chrome OS M70 in 70.0.3538.76. No crash report is shown there from the version. We can wait and see more results just in case, if we want.
,
Oct 26
|
||||||||||
►
Sign in to add a comment |
||||||||||
Comment 1 by dtapu...@chromium.org
, Sep 10