Oxide

Random cc related crashes

Bug #1549459 reported by Chris Coulson on 2016-02-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Oxide	Fix Released	Critical	Chris Coulson	Oxide branch-1.14

Bug Description

This seems like fallout from http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/1345. I'm seeing crashes like this, eg, when resizing the browser window:

#0 0x00007fffb4a64d7c in cc::SurfaceManager::DeregisterSurface(cc::SurfaceId) (this=this@entry=0x555557faba10, surface_id=...)
    at ../../../../third_party/chromium/src/cc/surfaces/surface_manager.cc:41
#1 0x00007fffb4a65312 in cc::SurfaceManager::GarbageCollectSurfaces() (this=0x555557faba10) at ../../../../third_party/chromium/src/cc/surfaces/surface_manager.cc:115
#2 0x00007fffb4a65406 in cc::SurfaceManager::Destroy(scoped_ptr<cc::Surface, std::default_delete<cc::Surface> >) (this=<optimised out>, surface=...)
    at ../../../../third_party/chromium/src/cc/surfaces/surface_manager.cc:48
#3 0x00007fffb4a6485d in cc::SurfaceFactory::Destroy(cc::SurfaceId) (this=0x5555580600a0, surface_id=...) at ../../../../third_party/chromium/src/cc/surfaces/surface_factory.cc:54
#4 0x00007fffb39bce26 in oxide::RenderWidgetHostView::DestroyDelegatedContent() (this=this@entry=0x555558269d80) at ../../../../shared/browser/oxide_render_widget_host_view.cc:752
#5 0x00007fffb39bf819 in oxide::RenderWidgetHostView::OnSwapCompositorFrame(unsigned int, scoped_ptr<cc::CompositorFrame, std::default_delete<cc::CompositorFrame> >) (this=0x555558269d
80, output_surface_id=<optimised out>, frame=...) at ../../../../shared/browser/oxide_render_widget_host_view.cc:308
#6 0x00007fffb3cccf72 in content::RenderWidgetHostImpl::OnSwapCompositorFrame(IPC::Message const&) (this=0x555558189b80, message=...)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_widget_host_impl.cc:1599
#7 0x00007fffb3ccef95 in content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const&) (this=0x555558189b80, msg=...)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_widget_host_impl.cc:457
#8 0x00007fffb3cbc990 in content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&) (this=0x555557f795c0, msg=...)
    at ../../../../third_party/chromium/src/content/browser/renderer_host/render_process_host_impl.cc:1763
#9 0x00007fffb479d690 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) (this=0x555557f79890, message=...)
    at ../../../../third_party/chromium/src/ipc/ipc_channel_proxy.cc:293
#10 0x00007fffb39f9ebd in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) (this=0x7fffffffd0f8) at ../../../../third_party/chromium/src/base/callback.h:394
#11 0x00007fffb39f9ebd in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) (this=this@entry=0x555557e30438, queue_function=queue_function@entry=0x7fffb6fbf93f
"MessageLoop::PostTask", pending_task=...) at ../../../../third_party/chromium/src/base/debug/task_annotator.cc:51
#12 0x00007fffb3a16039 in base::MessageLoop::RunTask(base::PendingTask const&) (this=this@entry=0x555557e302c0, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:486
#13 0x00007fffb3a16719 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) (this=this@entry=0x555557e302c0, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:495
#14 0x00007fffb3a16bdd in base::MessageLoop::DoWork() (this=0x555557e302c0) at ../../../../third_party/chromium/src/base/message_loop/message_loop.cc:607
#15 0x00007fffb3981dcb in oxide::qt::MessagePump::RunOneTask() (this=0x555557e2d830) at ../../../../qt/core/browser/oxide_qt_message_pump.cc:108
#16 0x00007ffff6830603 in QObject::event(QEvent*) (this=0x555557e2d830, e=<optimised out>) at kernel/qobject.cpp:1267
#17 0x00007ffff78b1b8c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x55555580bce0, receiver=receiver@entry=0x555557e2d830, e=e@entry=0x55555813a830)
    at kernel/qapplication.cpp:3720
#18 0x00007ffff78b7230 in QApplication::notify(QObject*, QEvent*) (this=0x7fffffffd870, receiver=0x555557e2d830, e=0x55555813a830) at kernel/qapplication.cpp:3503
#19 0x00007ffff67fef1b in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x7fffffffd870, receiver=0x555557e2d830, event=event@entry=0x55555813a830)
    at kernel/qcoreapplication.cpp:935
#20 0x00007ffff6801057 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (event=0x55555813a830, receiver=<optimised out>)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:228
#21 0x00007ffff6801057 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x55555580be50)
    at kernel/qcoreapplication.cpp:1552
#22 0x00007ffff6801588 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1410
#23 0x00007ffff6855e73 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x5555558fd610) at kernel/qeventdispatcher_glib.cpp:271
#24 0x00007ffff51dbff7 in g_main_context_dispatch (context=0x7fffe40016f0) at /build/glib2.0-ajuDY6/glib2.0-2.46.1/./glib/gmain.c:3154
#25 0x00007ffff51dbff7 in g_main_context_dispatch (context=context@entry=0x7fffe40016f0) at /build/glib2.0-ajuDY6/glib2.0-2.46.1/./glib/gmain.c:3769
#26 0x00007ffff51dc250 in g_main_context_iterate (context=context@entry=0x7fffe40016f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimised out>)
    at /build/glib2.0-ajuDY6/glib2.0-2.46.1/./glib/gmain.c:3840
#27 0x00007ffff51dc2fc in g_main_context_iteration (context=0x7fffe40016f0, may_block=may_block@entry=1) at /build/glib2.0-ajuDY6/glib2.0-2.46.1/./glib/gmain.c:3901
#28 0x00007ffff685627f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5555558fd400, flags=...) at kernel/qeventdispatcher_glib.cpp:418
#29 0x00007ffff67fc75a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffffffd7c0, flags=..., flags@entry=...) at kernel/qeventloop.cpp:204
#30 0x00007ffff68042cc in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1188
#31 0x000055555559ce56 in BrowserApplication::run() ()
#32 0x000055555558ec95 in main ()

Related branches

lp:~oxide-developers/oxide/oxide.trunk

Revision history for this message

Chris Coulson (chrisccoulson) wrote on 2016-02-24:

Bug 1547868 saw calls through cc::Surface on the compositor thread, but from looking at the code, it doesn't look like cc::Surface, cc::SurfaceManager, cc::SurfaceFactory etc are thread safe (eg, cc::Surface can be deleted via cc::SurfaceFactory on the main thread whilst being accessed on the compositor thread). I wonder whether surfaces are only meant to be used with the single threaded compositor?

Changed in oxide:
importance:	Undecided → Critical
assignee:	nobody → Chris Coulson (chrisccoulson)
milestone:	none → branch-1.14
status:	New → Triaged

Chris Coulson (chrisccoulson) on 2016-02-24

Changed in oxide:
status:	Triaged → In Progress

Chris Coulson (chrisccoulson) on 2016-02-26

Changed in oxide:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.