New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 890952 link

Starred by 1 user
Status: Verified
Owner:
acourbot@chromium.org
Closed: Oct 2
Cc:
fsam...@chromium.org
posciak@chromium.org
avkodipelli@chromium.org
mustash-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug



Sign in to add a comment

Chrome crash in autotest desktopui_MashLogin in media::V4L2VideoDecodeAccelerator::StopOutputStream()

Project Member Reported by jamescook@chromium.org, Oct 1 
This test runs chrome --enable-features=Mash and attempts to log in.

First failing build:

https://stainless.corp.google.com/browse/chromeos-autotest-results/243815024-chromeos-test/chromeos4-row2-rack3-host14/debug/

Failure email:

Test: desktopui_MashLogin.
Suite: chrome-informational.
Chrome Version: 71.0.3567.0.
Build: tricky-tot-chrome-pfq-informational/R71-11116.0.0-b2993235.

Reason:
Unhandled BrowserGoneException: WebsocketException of type <class
'websocket._exceptions.WebSocketConnectionClosedException'>. Error
message: Connection is already closed..
build artifacts:
https://storage.cloud.google.com/?arg=chromeos-image-archive/tricky-tot-chrome-pfq-informational/R71-11116.0.0-b2993235.
results log: http://ubercautotest.corp.google.com/tko/retrieve_logs.cgi?job=/results/243815024-chromeos-test/chromeos4-row2-rack3-host14/debug/.
status log: http://ubercautotest.corp.google.com/tko/retrieve_logs.cgi?job=/results/243815024-chromeos-test/chromeos4-row2-rack3-host14/status.log.
job link: http://cautotest-prod/afe/#tab_id=view_job&object_id=243815024.

You may want to check the test history:
https://stainless.corp.google.com/search?test=^desktopui\_MashLogin$&first_date=2018-09-03&last_date=2018-10-01&row=model&col=build&view=matrix

Operating system: Linux
                  0.0.0 Linux 3.8.11 #1 SMP Sat Sep 29 01:40:18 PDT 2018 x86_64
CPU: amd64
     family 6 model 69 stepping 1
     1 CPU

GPU: UNKNOWN

Crash reason:  SIGSEGV
Crash address: 0x0
Process uptime: not available

Thread 0 (crashed)
 0  chrome!media::V4L2VideoDecodeAccelerator::StopOutputStream() [v4l2_device.cc : 684 + 0x0]
    rax = 0x00000000ffffffff   rdx = 0x0000000000000000
    rcx = 0xd143a9a826057d00   rbx = 0x00001d2c18430dd0
    rsi = 0x0000000000000019   rdi = 0x0000000000000000
    rbp = 0x00007f74d8a2bbe0   rsp = 0x00007f74d8a2ba90
     r8 = 0x000000000000001d    r9 = 0x0000000000000002
    r10 = 0x00007f74e9d65f17   r11 = 0x0000000000000000
    r12 = 0x00001d2c18328000   r13 = 0x00001d2c18328000
    r14 = 0x00007f74eb001e01   r15 = 0x00001d2c18328000
    rip = 0x00007f74e82a142b
    Found by: given as instruction pointer in context
 1  chrome!media::V4L2VideoDecodeAccelerator::DestroyTask() [v4l2_video_decode_accelerator.cc : 1841 + 0x8]
    rbx = 0x00001d2c18430dd0   rbp = 0x00007f74d8a2bdb0
    rsp = 0x00007f74d8a2bbf0   r12 = 0x00001d2c18328000
    r13 = 0x00001d2c18328000   r14 = 0x00007f74eb001e10
    r15 = 0x00001d2c18328400   rip = 0x00007f74e829bb25
    Found by: call frame info
 2  chrome!media::V4L2VideoDecodeAccelerator::Destroy() [v4l2_video_decode_accelerator.cc : 747 + 0x8]
    rbx = 0x00001d2c18430dd0   rbp = 0x00007f74d8a2bf20
    rsp = 0x00007f74d8a2bdc0   r12 = 0x00001d2c18328000
    r13 = 0x00001d2c183ca600   r14 = 0x00001d2c18328050
    r15 = 0x00001d2c18328400   rip = 0x00007f74e829b815
    Found by: call frame info
 3  chrome!media::GpuVideoDecodeAcceleratorFactory::CreateVDA(media::VideoDecodeAccelerator::Client*, media::VideoDecodeAccelerator::Config const&, gpu::GpuDriverBugWorkarounds const&, gpu::GpuPreferences const&, media::MediaLog*) [video_decode_accelerator.cc : 93 + 0x6]
    rbx = 0x00001d2c18476010   rbp = 0x00007f74d8a2bf80
    rsp = 0x00007f74d8a2bf30   r12 = 0x00007f74d8a2bfc8
    r13 = 0x00001d2c183ca600   r14 = 0x00001d2c18328000
    r15 = 0x00001d2c18328400   rip = 0x00007f74e827ee72
    Found by: call frame info
 4  chrome!media::GpuVideoDecodeAccelerator::Initialize(media::VideoDecodeAccelerator::Config const&) [gpu_video_decode_accelerator.cc : 367 + 0x1a]
    rbx = 0x00001d2c18476040   rbp = 0x00007f74d8a2c120
    rsp = 0x00007f74d8a2bf90   r12 = 0x00001d2c183ca600
    r13 = 0x00001d2c183ca620   r14 = 0x00001d2c18476000
    r15 = 0x00007f74d8a2c2b0   rip = 0x00007f74e53fbc5c
    Found by: call frame info
 5  chrome!media::MediaGpuChannelDispatchHelper::OnCreateVideoDecoder(media::VideoDecodeAccelerator::Config const&, int, IPC::Message*) [media_gpu_channel.cc : 119 + 0xc]
    rbx = 0x00001d2c18253a00   rbp = 0x00007f74d8a2c1f0
    rsp = 0x00007f74d8a2c130   r12 = 0x00001d2c18476000
    r13 = 0x00001d2c1841a440   r14 = 0x00001d2c18249840
    r15 = 0x0000000000000004   rip = 0x00007f74e53fd72b
    Found by: call frame info
 6  chrome!media::MediaGpuChannel::OnMessageReceived(IPC::Message const&) [tuple.h : 94 + 0x8]
    rbx = 0x00001d2c1841a440   rbp = 0x00007f74d8a2c400
    rsp = 0x00007f74d8a2c200   r12 = 0x0000000000000009
    r13 = 0x00001d2c183e5f40   r14 = 0x00001d2c183e5f40
    r15 = 0x0000000000000001   rip = 0x00007f74e53fd42c
    Found by: call frame info
 7  chrome!gpu::GpuChannel::HandleMessageHelper(IPC::Message const&) [gpu_channel.cc : 517 + 0x5]
    rbx = 0x00001d2c18253a00   rbp = 0x00007f74d8a2c7c0
    rsp = 0x00007f74d8a2c410   r12 = 0x0000000000000009
    r13 = 0x00001d2c183e5f40   r14 = 0x00001d2c181bec80
    r15 = 0x00001d2c183e5f00   rip = 0x00007f74e517ffa1
    Found by: call frame info
 8  chrome!gpu::GpuChannel::HandleMessage(IPC::Message const&) [gpu_channel.cc : 489 + 0xb]
    rbx = 0x00001d2c18253a00   rbp = 0x00007f74d8a2c820
    rsp = 0x00007f74d8a2c7d0   r12 = 0x0000000000000009
    r13 = 0x00001d2c181bec80   r14 = 0x00001d2c183e5f40
    r15 = 0x00001d2c183e5f00   rip = 0x00007f74e517d878
    Found by: call frame info
 9  chrome!gpu::Scheduler::RunNextTask() [callback.h : 99 + 0x7]
    rbx = 0x00001d2c1738a768   rbp = 0x00007f74d8a2c900
    rsp = 0x00007f74d8a2c830   r12 = 0x0000000000000009
    r13 = 0x00001d2c1838c480   r14 = 0x0000000000000000
    r15 = 0x00001d2c183e5f00   rip = 0x00007f74e5079f99
    Found by: call frame info
10  chrome!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) [callback.h : 99 + 0x6]
    rbx = 0x00001d2c1833e2c0   rbp = 0x00007f74d8a2c9f0
    rsp = 0x00007f74d8a2c910   r12 = 0x00001d2c1730bb98
    r13 = 0x00007f74d8a2cac0   r14 = 0x0000000000000000
    r15 = 0x00007f74eb001af0   rip = 0x00007f74e3c3d628
    Found by: call frame info
11  chrome!base::MessageLoop::RunTask(base::PendingTask*) [message_loop.cc : 434 + 0xf]
    rbx = 0x0000000000000000   rbp = 0x00007f74d8a2caa0
    rsp = 0x00007f74d8a2ca00   r12 = 0x00007f74d8a2cac0
    r13 = 0x00007f74d8a2cba8   r14 = 0x00001d2c172f9480
    r15 = 0x0000000000000000   rip = 0x00007f74e3b9d477
    Found by: call frame info
12  chrome!base::MessageLoop::DoWork() [message_loop.cc : 445 + 0x8]
    rbx = 0x00001d2c172f9480   rbp = 0x00007f74d8a2ccb0
    rsp = 0x00007f74d8a2cab0   r12 = 0x0000000000000421
    r13 = 0x00007f74d8a2cba8   r14 = 0x00001d2c172f9560
    r15 = 0x00007f74d8a2cac8   rip = 0x00007f74e3b9dbb6
    Found by: call frame info
13  chrome!base::MessagePumpDefault::Run(base::MessagePump::Delegate*) [message_pump_default.cc : 37 + 0x5]
    rbx = 0x00001d2c172f9480   rbp = 0x00007f74d8a2cd10
    rsp = 0x00007f74d8a2ccc0   r12 = 0x0000000000000421
    r13 = 0x0000000000000000   r14 = 0x00001d2c17306100
    r15 = 0x00001d2c17306118   rip = 0x00007f74e3ba0865
    Found by: call frame info
14  chrome!<name omitted> [run_loop.cc : 102 + 0x8]
    rbx = 0x00007f74d8a2cd50   rbp = 0x00007f74d8a2cd30
    rsp = 0x00007f74d8a2cd20   r12 = 0x00001d2c17285da0
    r13 = 0x00001d2c17285db0   r14 = 0x00001d2c172f9480
    r15 = 0x0000000000000000   rip = 0x00007f74e3bc20e4
    Found by: call frame info
15  chrome!base::Thread::ThreadMain() [thread.cc : 357 + 0x6]
    rbx = 0x00007f74d8a2cd50   rbp = 0x00007f74d8a2cdd0
    rsp = 0x00007f74d8a2cd40   r12 = 0x00001d2c17285da0
    r13 = 0x00001d2c17285db0   r14 = 0x00001d2c172f9480
    r15 = 0x0000000000000000   rip = 0x00007f74e3bfdc5c
    Found by: call frame info
16  chrome!base::(anonymous namespace)::ThreadFunc(void*) [platform_thread_posix.cc : 80 + 0x5]
    rbx = 0x00001d2c1728fd80   rbp = 0x00007f74d8a2ce00
    rsp = 0x00007f74d8a2cde0   r12 = 0x00007ffcd5775168
    r13 = 0x00007ffcd5774faf   r14 = 0x00001d2c17285da0
    r15 = 0x00007f74d8a2d700   rip = 0x00007f74e3c345ec
    Found by: call frame info
17  libpthread-2.23.so!start_thread [pthread_create.c : 333 + 0x11]
    rbx = 0x0000000000000000   rbp = 0x00007f74d8a2ceb0
    rsp = 0x00007f74d8a2ce10   r12 = 0x00007ffcd5775168
    r13 = 0x00007ffcd5774faf   r14 = 0x0000000000000000
    r15 = 0x00007ffcd5775168   rip = 0x00007f74e07262b8
    Found by: call frame info
18  libc-2.23.so!clone + 0x6d
    rbx = 0x00007f74d8a2d700   rbp = 0x0000000000000000
    rsp = 0x00007f74d8a2cec0   r12 = 0x00007ffcd5775168
    r13 = 0x00007ffcd5774faf   r14 = 0x0000000000000000
    r15 = 0x00007ffcd5775168   rip = 0x00007f74df222fad
    Found by: call frame info

I don't have a list of Chrome CLs in this build, as that's hard to figure out from the Chrome OS test infra. However, this test started failing Sunday September 30, around 10 PM Pacific.

I suspect this CL, or one of the related ones:

commit 7041363ffacdd76aba828f60cb29dce6ecb9a9bf
Author: Alexandre Courbot <acourbot@chromium.org>
Date:   Mon Oct 1 02:45:31 2018 +0000

    media/gpu/v4l2vda: use the V4L2Queue class
    
    Convert the V4L2VideoDecodeAccelerator class to use the V4L2Queue. This
    considerably reduces its amount of code, while also making buffers
    lifecycle safer.
    
    BUG=792790
    TEST=Made sure that VDA unittest was compiling and running on Hana
    
    Change-Id: I145778421cfc6d5951249cb9c934ac5e3b1e230b
    Reviewed-on: https://chromium-review.googlesource.com/1170707
    Reviewed-by: Pawel Osciak <posciak@chromium.org>
    Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#595372}

+fsamuel in case there's a known mash/V4L incompatibility.

acourbot, can you investigate and/or revert?

Comment 1 by emir...@chromium.org, Oct 1 

Hitting this issue with a custom build as well.

[1:15:1001/152131.920059:ERROR:rtc_video_decoder.cc(123)] Create
[1:16:1001/152131.920109:ERROR:rtc_video_decoder.cc(771)] CreateVDAvp9 profile0
[1:16:1001/152131.920173:ERROR:rtc_video_decoder.cc(775)] CreateVDA
[1:16:1001/152131.920214:ERROR:rtc_video_decoder.cc(777)] CreateVDAdone
Received signal 11 SEGV_MAPERR 00000000000c
#0 0x5b9e36a11cec base::debug::StackTrace::StackTrace()
#1 0x5b9e36a11861 base::debug::(anonymous namespace)::StackDumpSignalHandler()
#2 0x7ebe4de3d2e0 <unknown>
#3 0x5b9e370c23d0 <unknown>
#4 0x5b9e3a598d24 media::V4L2VideoDecodeAccelerator::StopOutputStream()
#5 0x5b9e3a59517a media::V4L2VideoDecodeAccelerator::DestroyTask()
#6 0x5b9e3a594f54 media::V4L2VideoDecodeAccelerator::Destroy()
#7 0x5b9e3a57d329 media::GpuVideoDecodeAcceleratorFactory::CreateVDA()
#8 0x5b9e37fa3dea media::GpuVideoDecodeAccelerator::Initialize()
#9 0x5b9e37fa5a2d media::MediaGpuChannel::OnCreateVideoDecoder()
#10 0x5b9e37fa5822 _ZN3IPC8MessageTI43GpuCommandBufferMsg_CreateVideoDecoder_MetaNSt3__15tupleIJN5media22VideoDecodeAccelerator6ConfigEiEEENS3_IJbEEEE18DispatchDelayReplyINS4_29MediaGpuChannelDispatchHelperEvMSB_FvRKS6_iPNS_7MessageEEEEbPKSE_PT_PT0_T1_
#11 0x5b9e37fa5738 media::MediaGpuChannel::OnMessageReceived()
#12 0x5b9e37d67c85 gpu::GpuChannel::HandleMessageHelper()
#13 0x5b9e37d65f38 gpu::GpuChannel::HandleMessage()
#14 0x5b9e37c8f777 gpu::Scheduler::RunNextTask()
#15 0x5b9e36a288e9 base::debug::TaskAnnotator::RunTask()
#16 0x5b9e3699831e base::MessageLoop::RunTask()
#17 0x5b9e369986e2 base::MessageLoop::DoWork()
#18 0x5b9e3699a9ea base::MessagePumpDefault::Run()
#19 0x5b9e369b7ec5 base::RunLoop::Run()
#20 0x5b9e39ce4837 content::GpuMain()
#21 0x5b9e3665a37a content::ContentMainRunnerImpl::Run()
#22 0x5b9e36660fcc service_manager::Main()
#23 0x5b9e36658841 content::ContentMain()
#24 0x5b9e3433841f ChromeMain
#25 0x7ebe4d221736 __libc_start_main
#26 0x5b9e34338249 _start

Comment 2 by acourbot@chromium.org, Oct 2

Labels: videoshortlist
Status: Started (was: Assigned)
Sorry about that. My change is very likely to be the culprit indeed. I am looking at a fix right now.
Project Member

Comment 3 by bugdroid1@chromium.org, Oct 2 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/95a4ab1f3bc93afb5298e16d8699f5505127bdea

commit 95a4ab1f3bc93afb5298e16d8699f5505127bdea
Author: Alexandre Courbot <acourbot@chromium.org>
Date: Tue Oct 02 04:52:26 2018

media/gpu/v4l2vda: support destroying before Initialize() is called

Methods called in DestroyTask() assume that the input and output queues
have been acquired. However this is only true if Initialize() has been
successfully invoked, which only happens if a V4L2 codec device has been
found. Consequently, the V4L2VDA crashes on every non-V4L2 platform.

Fix this by explicitly checking that the queues have been acquired in
the relevant methods. Also add a few DCHECK() that check our assumptions
about the presence of input and output queues to make the code sturdier.

BUG= 890952 
TEST=Checked that VDA unittest was passing on Eve and Hana.

Cq-Include-Trybots: luci.chromium.try:android_optional_gpu_tests_rel;luci.chromium.try:linux_optional_gpu_tests_rel;luci.chromium.try:mac_optional_gpu_tests_rel;luci.chromium.try:win_optional_gpu_tests_rel
Change-Id: Ibfa39a85486330c4daa1c0d16c0051796c0011c2
Reviewed-on: https://chromium-review.googlesource.com/1256387
Commit-Queue: Alexandre Courbot <acourbot@chromium.org>
Reviewed-by: Pawel Osciak <posciak@chromium.org>
Cr-Commit-Position: refs/heads/master@{#595723}
[modify] https://crrev.com/95a4ab1f3bc93afb5298e16d8699f5505127bdea/media/gpu/v4l2/v4l2_video_decode_accelerator.cc

Comment 4 by acourbot@chromium.org, Oct 2

Status: Fixed (was: Started)
This should be fixed on Chromium ToT. Apologies for the inconvenience!

Comment 5 by jamescook@chromium.org, Oct 2 

Our bots seem happy now. Thanks for the fix!

Sign in to add a comment