LoginDisplayHostWebUI::ResetLoginWindowAndView crash on shutdown |
|||||||||
Issue descriptionHappened on desktopui_MashLogin_SERVER_JOB Failure on tricky-tot-chrome-pfq-informational/R72-11210.0.0-b3086418 logs: https://stainless.corp.google.com/browse/chromeos-autotest-results/253724756-chromeos-test/chromeos4-row2-rack3-host12/debug/ artifacts: https://pantheon.corp.google.com/storage/browser/chromeos-image-archive/tricky-tot-chrome-pfq-informational/R72-11210.0.0-b3086418 The test itself passes but chrome crashed during shutdown. There are 4 crashes. And 2 of of them crashes in LoginDisplayHostWebUI::ResetLoginWindowAndView. Sample stack: ===== Thread 0 (crashed) 0 chrome!chromeos::LoginDisplayHostWebUI::ResetLoginWindowAndView() [login_display_host_webui.cc : 0 + 0x0] rax = 0xffffd11d63713365 rdx = 0x00007f95a0ebf9f0 rcx = 0xbfffea30f850a72e rbx = 0x00002ee15fd8c420 rsi = 0x00002ee15fc1e435 rdi = 0x00002ee16113d9a0 rbp = 0x00007ffec0460c00 rsp = 0x00007ffec0460bd0 r8 = 0x0000000000001000 r9 = 0x0000000000000000 r10 = 0x0000000000004000 r11 = 0x00007f95954841a0 r12 = 0x00002ee15fd8c420 r13 = 0x00007ffec0460e10 r14 = 0x0000000000000000 r15 = 0x00007f95a134c290 rip = 0x00007f9598e3e363 Found by: given as instruction pointer in context 1 chrome!chromeos::LoginDisplayHostWebUI::~LoginDisplayHostWebUI() [login_display_host_webui.cc : 473 + 0x8] rbx = 0x00002ee15fd8c420 rbp = 0x00007ffec0460c40 rsp = 0x00007ffec0460c10 r12 = 0x00002ee15fbebc38 r13 = 0x00007ffec0460e10 r14 = 0x0000000000000000 r15 = 0x00007f95a134c290 rip = 0x00007f9598e3df30 Found by: call frame info 2 chrome!<name omitted> [login_display_host_webui.cc : 448 + 0x5] rbx = 0x00002ee15fd8c420 rbp = 0x00007ffec0460c60 rsp = 0x00007ffec0460c50 r12 = 0x00002ee15fbebc38 r13 = 0x00007ffec0460e10 r14 = 0x0000000000000000 r15 = 0x00007f95a134c290 rip = 0x00007f9598e3e40e Found by: call frame info 3 chrome!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) [callback.h : 99 + 0x6] rbx = 0x00002ee15ffcff90 rbp = 0x00007ffec0460d50 rsp = 0x00007ffec0460c70 r12 = 0x00002ee15fbebc38 r13 = 0x00007ffec0460e10 r14 = 0x0000000000000000 r15 = 0x00007f95a134c290 rip = 0x00007f959a2b01cd Found by: call frame info 4 chrome!base::MessageLoop::RunTask(base::PendingTask*) [message_loop.cc : 550 + 0xf] rbx = 0x00002ee15fdf7518 rbp = 0x00007ffec0460df0 rsp = 0x00007ffec0460d60 r12 = 0x00007ffec0460e10 r13 = 0x00002ee15fdf7518 r14 = 0x00002ee15fb97180 r15 = 0x00007f95a0484cf2 rip = 0x00007f959a20c464 Found by: call frame info 5 chrome!base::MessageLoop::DoWork() [message_loop.cc : 561 + 0x8] rbx = 0x00002ee15fb97180 rbp = 0x00007ffec0461000 rsp = 0x00007ffec0460e00 r12 = 0x00002ee15fbea050 r13 = 0x00007ffec0460ef8 r14 = 0x00002ee15fb97270 r15 = 0x00007ffec0460e18 rip = 0x00007f959a20cbe6 Found by: call frame info
,
Nov 2
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/cddd44241914a16aa8d230fb38c160c342e252e8 commit cddd44241914a16aa8d230fb38c160c342e252e8 Author: Xiyuan Xia <xiyuan@chromium.org> Date: Fri Nov 02 16:10:53 2018 cros: Fix LoginDisplayHost double deletion We could have two DeleteSoon scheduled at the same time and cause double deletion. Change LoginDisplayHostMojo::OnFinalize to use ShutdownDisplayHost() so that they will be consolidated into one. Bug: 900615 Change-Id: I2f2db9369079adc7d4cf24bb9ef65b15ebc79320 Reviewed-on: https://chromium-review.googlesource.com/c/1313740 Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Commit-Queue: Xiyuan Xia <xiyuan@chromium.org> Cr-Commit-Position: refs/heads/master@{#604942} [modify] https://crrev.com/cddd44241914a16aa8d230fb38c160c342e252e8/chrome/browser/chromeos/login/ui/login_display_host_mojo.cc
,
Nov 2
,
Nov 2
Can we merge this to m71? I think this could fix issue 899910.
,
Nov 2
Issue 899910 has been merged into this issue.
,
Nov 2
Re-title and re-open for M71 merge.
,
Nov 2
+kbleicher
,
Nov 3
This bug requires manual review: M71 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), kbleicher@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Nov 5
Merge approved for ChromeOS M71
,
Nov 5
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/b6861db0c308ceef5d57bec1a2933033007d52ea commit b6861db0c308ceef5d57bec1a2933033007d52ea Author: Xiyuan Xia <xiyuan@chromium.org> Date: Mon Nov 05 18:58:41 2018 Merge M71 "cros: Fix LoginDisplayHost double deletion" > We could have two DeleteSoon scheduled at the same time and cause > double deletion. Change LoginDisplayHostMojo::OnFinalize to use > ShutdownDisplayHost() so that they will be consolidated into one. > > Bug: 900615 > Change-Id: I2f2db9369079adc7d4cf24bb9ef65b15ebc79320 > Reviewed-on: https://chromium-review.googlesource.com/c/1313740 > Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> > Commit-Queue: Xiyuan Xia <xiyuan@chromium.org> > Cr-Commit-Position: refs/heads/master@{#604942} > (cherry picked from commit cddd44241914a16aa8d230fb38c160c342e252e8) Change-Id: Id42e141cdaa4aa4bdcc96eeb5a9ce30a139bcaca Reviewed-on: https://chromium-review.googlesource.com/c/1318380 Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Cr-Commit-Position: refs/branch-heads/3578@{#502} Cr-Branched-From: 4226ddf99103e493d7afb23a4c7902ee496108b6-refs/heads/master@{#599034} [modify] https://crrev.com/b6861db0c308ceef5d57bec1a2933033007d52ea/chrome/browser/chromeos/login/ui/login_display_host_mojo.cc
,
Nov 5
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by xiy...@chromium.org
, Nov 1