Issue metadata
Sign in to add a comment
|
Chrome_Android: Crash Report - base::UTF16ToUTF8 |
||||||||||||||||||||||
Issue descriptionProduct name: Chrome_Android Magic Signature: base::UTF16ToUTF8 Current link: crash.corp.google.com/browse?q=ReportID%3D'517830f800000000'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'base%3A%3AUTF16ToUTF8'&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#3 Search properties: reportid: 517830f800000000 Metadata : Product Name: Chrome_Android Product Version: 51.0.2695.0 Report ID: 517830f800000000 Report Time: Thu, 31 Mar 2016 12:13:01 GMT Uptime: 40446 ms Cumulative Uptime: 0 ms User Email: OS Name: Android OS Version: 0.0.0 Linux 3.4.0-g8aa6344 #1 SMP PREEMPT Tue Jul 28 18:06:41 UTC 2015 armv7l CPU Architecture: arm CPU Info: ARMv7 Qualcomm Krait features: swp,half,thumb,fastmult,vfpv2,edsp,neon,vfpv3,tls,vfpv4 Crash Thread: CRASHED [SIGABRT @ 0x000028f5 ] MAGIC SIGNATURE THREAD 0xb6e4bf6c (libc.so + 0x00039f6c ) setgroups 0xb6e293c3 (libc.so + 0x000173c3 ) pthread_kill 0xb6e29fd5 (libc.so + 0x00017fd5 ) raise 0xb6e26797 (libc.so + 0x00014797 ) strlen 0xb47dd68a (libart.so + 0x002e868a ) zcfree 0xb47dd68a (libart.so + 0x002e868a ) zcfree 0xb6e24f46 (libc.so + 0x00012f46 ) abort 0xb471dcd9 (libart.so + 0x00228cd9 ) art::Runtime::Abort() 0xb459c373 (libart.so + 0x000a7373 ) art::LogMessage::~LogMessage() 0xb47bef5e (libart.so + 0x002c9f5e ) zcfree 0xb45a6b19 (libart.so + 0x000b1b19 ) std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >::insert(unsigned int, char const*) 0xb470e3b5 (libart.so + 0x002193b5 ) art::ObjectLock<art::mirror::Class>::~ObjectLock() 0xb47bef5e (libart.so + 0x002c9f5e ) zcfree 0xb47be4b2 (libart.so + 0x002c94b2 ) zcfree 0xb47bef5e (libart.so + 0x002c9f5e ) zcfree 0xa30f9e01 (data@app@com.chrome.dev-2@base.apk@classes.dex + 0x00490e01 ) 0x12c7a1be (dalvik-main space (deleted) + 0x0007a1be ) 0x701f32fe (system@framework@boot.art + 0x002a42fe ) 0x701f3326 (system@framework@boot.art + 0x002a4326 ) 0x701f3326 (system@framework@boot.art + 0x002a4326 ) 0x701f3326 (system@framework@boot.art + 0x002a4326 ) 0x701f3326 (system@framework@boot.art + 0x002a4326 ) 0x701f3326 (system@framework@boot.art + 0x002a4326 ) 0x701f3326 (system@framework@boot.art + 0x002a4326 ) 0x701f3326 (system@framework@boot.art + 0x002a4326 ) 0xb47eb766 (libart.so + 0x002f6766 ) zcfree 0xb45a7057 (libart.so + 0x000b2057 ) art::JniAbortF(char const*, char const*, ...) 0x12ee915e (dalvik-main space (deleted) + 0x002e915e ) 0xb46b560d (libart.so + 0x001c060d ) void std::__1::vector<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, void const*>, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, void const*> > >::__push_back_slow_path<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, void const*> >(std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, void const*>&&) 0xb47d481a (libart.so + 0x002df81a ) zcfree 0xb46b53cf (libart.so + 0x001c03cf ) void std::__1::vector<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, void const*>, std::__1::allocator<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, void const*> > >::__push_back_slow_path<std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, void const*> >(std::__1::pair<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, void const*>&&) 0xb47bef5e (libart.so + 0x002c9f5e ) zcfree 0xb47be5ca (libart.so + 0x002c95ca ) zcfree 0xb47bef5e (libart.so + 0x002c9f5e ) zcfree 0xb47be4b2 (libart.so + 0x002c94b2 ) zcfree 0xb47be4c6 (libart.so + 0x002c94c6 ) zcfree 0x131510fe (dalvik-main space (deleted) + 0x005510fe ) 0xa0224e93 (libchrome.so -string:2535 ) base::UTF16ToUTF8 0xa0224d99 (libchrome.so -jni.h:864 ) base::android::ConvertJavaStringToUTF8 0xa0228507 (libchrome.so -jni_string.cc:46 ) base::android::ConvertJavaStringToUTF8 0xa1f7e6e1 (libchrome.so -gcm_driver_android.cc:86 ) gcm::GCMDriverAndroid::OnMessageReceived 0xa1f7e9eb (libchrome.so -GCMDriver_jni.h:81 ) gcm::Java_org_chromium_components_gcm_1driver_GCMDriver_nativeOnMessageReceived 0xa3a0949d (data@app@com.chrome.dev-2@base.apk@classes.dex + 0x0061e49d ) 0x74224c66 (dalvik-non moving space (deleted) + 0x000aac66 )
,
Mar 31 2016
observed same issue in Nexus 9 also
,
Apr 1 2016
CLs in that range: https://chromium.googlesource.com/chromium/src/+log/51.0.2694.1..51.0.2695.0?pretty=fuller&n=10000 This was manifested by https://codereview.chromium.org/1828193002, but I think this is probably GCM driver's own issue. assigning to peter@chromium.org, cc'ing bauerb
,
Apr 1 2016
John, would you please take a look? Reading the code, specifically the calls to ConvertJavaStringToUTF8(), only j_collapse_key should be nullable but Bernhard's CL accounts for that. The fact that we hit a DCHECK means that either j_app_id or j_sender_id (which we assume to be valid) is NULL, but they shouldn't be according to the comments in Java.
,
Apr 4 2016
,
Apr 4 2016
I can confirm that the sender ID is null when subscribing on https://simple-push-demo.appspot.com and sending a message via XHR. Specifically, the bundle received by pushMessageReceived in ChromeGcmListenerService.java only contains the following key-value pairs: subtype = "wp:https://simple-push-demo.appspot.com/#31705C5D-BAF9-4305-87CF-78DCD70472F5" data = "" collapse_key = "do_not_collapse" which is odd because GCM clearly does know the sender ID (logged using `adb shell setprop log.tag.GCM DEBUG`): 04-04 15:04:50.287 27764 5912 D GCM : CH-IN: 8 211 39/17 DataMessage: app=org.chromium.chrome extras=2 from=653317226796 lastStream=17 04-04 15:04:50.301 27764 5912 I GCM : GCM message org.chromium.chrome 0:1459778690359454%869caec8f9fd7ecd 04-04 15:04:50.313 27764 5912 D GCM : [Alarm(GCM_HB_ALARM)] start mTimer=240000, next alarm time=188185387, intent with action =com.google.android.gms.gcm.HEARTBEAT_ALARM
,
Apr 4 2016
As a short-term fix, I propose we land https://codereview.chromium.org/1856753002 which gracefully handles missing sender IDs. I'll follow up with the GCM team anyway to try to figure out why it's missing, since that might indicate a bug on their end.
,
Apr 4 2016
,
Apr 4 2016
(Let's open this up.)
,
Apr 4 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/598e5bd98f9199a001cfdaa37842e40564538bed commit 598e5bd98f9199a001cfdaa37842e40564538bed Author: johnme <johnme@chromium.org> Date: Mon Apr 04 17:50:20 2016 GCM: Fix for null Sender ID on Android ChromeGcmListenerService was reading the sender ID from the wrong place (possibly because GCM used to include the sender ID both as a method parameter and in the bundle, then later stopped including it in the Bundle). This patch fixes that. The only real consequence of a missing sender ID was that if PushMessagingServiceImpl::DeliverMessageCallback decided to unsubscribe the subscription due to an error, PushMessagingServiceImpl::Unsubscribe would hit the sender_id.empty() code path and fail to unsubscribe from GCM (but messages would already have stopped being delivered). Even that consequence will become irrelevant once we switch to InstanceID, which no longer requires sender ID in order to unsubscribe. BUG= 599434 Review URL: https://codereview.chromium.org/1856753002 Cr-Commit-Position: refs/heads/master@{#384943} [modify] https://crrev.com/598e5bd98f9199a001cfdaa37842e40564538bed/chrome/android/java/src/org/chromium/chrome/browser/services/gcm/ChromeGcmListenerService.java [modify] https://crrev.com/598e5bd98f9199a001cfdaa37842e40564538bed/chrome/android/javatests/src/org/chromium/chrome/browser/push_messaging/PushMessagingTest.java [modify] https://crrev.com/598e5bd98f9199a001cfdaa37842e40564538bed/components/gcm_driver/android/java/src/org/chromium/components/gcm_driver/GCMDriver.java
,
Apr 4 2016
,
Apr 4 2016
,
Apr 5 2016
This crash is now not reproducible on following steps mentioned #1 on latest M51-51.0.2700.0
,
Apr 5 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by dknandiraju@chromium.org
, Mar 31 2016Owner: changwan@chromium.org
Status: Assigned (was: Untriaged)