New issue
Advanced search Search tips

Issue 622839 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Apr 2018
Cc:
dalecur...@chromium.org
mlamouri@chromium.org
tguilbert@chromium.org
mfo...@chromium.org
taku...@chromium.org
powerb@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug



Sign in to add a comment

Chrome_Android: Crash Report - [Android Java Exception] java.lang.ArrayIndexOutOfBoundsException at org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground(MediaUrlResolver.java)

Project Member Reported by mummare...@chromium.org, Jun 23 2016 
Product name: Chrome_Android
Magic Signature: [Android Java Exception] java.lang.ArrayIndexOutOfBoundsException at org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground(MediaUrlResolver.java)

Current link:
https://crash.corp.google.com/browse?q=product.name%3D'Chrome_Android'%20AND%20product.version%3D'51.0.2704.81'%20AND%20custom_data.ChromeCrashProto.ptype%3D'browser'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'%5BAndroid%20Java%20Exception%5D%20java.lang.ArrayIndexOutOfBoundsException%20at%20org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground(MediaUrlResolver.java)'&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#reports


Search properties:
product.name: Chrome_Android
product.version: 51.0.2704.81
custom_data.chromecrashproto.ptype: browser

Crash Stacktrace:
Thread 68java.lang.RuntimeException: An error occured while executing doInBackground()
at android.os.AsyncTask$3.done	(AsyncTask.java:300 )
at java.util.concurrent.FutureTask.finishCompletion	(FutureTask.java:355 )
at java.util.concurrent.FutureTask.setException	(FutureTask.java:222 )
at java.util.concurrent.FutureTask.run	(FutureTask.java:242 )
at android.os.AsyncTask$SerialExecutor$1.run	(AsyncTask.java:231 )
at java.util.concurrent.ThreadPoolExecutor.runWorker	(ThreadPoolExecutor.java:1112 )
at java.util.concurrent.ThreadPoolExecutor$Worker.run	(ThreadPoolExecutor.java:587 )
at java.lang.Thread.run	(Thread.java:818 )
Caused by: java.lang.ArrayIndexOutOfBoundsException: src.length=2048 srcPos=2048 dst.length=2048 dstPos=0 length=2048
at java.lang.System.arraycopy	(System.java:252 )
at com.android.okio.Segment.split	(Segment.java:98 )
at com.android.okio.OkBuffer.write	(OkBuffer.java:579 )
at com.android.okio.OkBuffer.read	(OkBuffer.java:610 )
at com.android.okio.RealBufferedSource.read	(RealBufferedSource.java:53 )
at com.android.okhttp.internal.http.HttpConnection$FixedLengthSource.read	(HttpConnection.java:442 )
at com.android.okhttp.internal.Util.skipAll	(Util.java:227 )
at com.android.okhttp.internal.http.HttpConnection.discard	(HttpConnection.java:212 )
at com.android.okhttp.internal.http.HttpConnection$FixedLengthSource.close	(HttpConnection.java:464 )
at com.android.okhttp.internal.Util.closeQuietly	(Util.java:97 )
at com.android.okhttp.internal.http.HttpEngine.close	(HttpEngine.java:433 )
at com.android.okhttp.internal.http.HttpURLConnectionImpl.disconnect	(HttpURLConnectionImpl.java:113 )
at com.android.okhttp.internal.http.DelegatingHttpsURLConnection.disconnect	(DelegatingHttpsURLConnection.java:93 )
at com.android.okhttp.internal.http.HttpsURLConnectionImpl.disconnect	(HttpsURLConnectionImpl.java:25 )
at org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground	(MediaUrlResolver.java:193 )
at org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground	(MediaUrlResolver.java:30 )
at android.os.AsyncTask$2.call	(AsyncTask.java:288 )
at java.util.concurrent.FutureTask.run	(FutureTask.java:237 )
... 4 more

Thread 15 CRASHED [DUMP_REQUESTED @ 0xa196fddf ] MAGIC SIGNATURE THREAD
0xa196fddf	(libchrome.so -exception_handler.cc:651 )	google_breakpad::ExceptionHandler::WriteMinidump
0xa164b6e5	(libchrome.so -breakpad_linux.cc:558 )	DumpProcess
0xa01d50a3	(libchrome.so -java_exception_reporter.cc:26 )	chrome::android::Java_org_chromium_chrome_browser_JavaExceptionReporter_nativeReportJavaException
0xa2e55555	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x00000555 )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0x12e8e15e	(dalvik-main space (deleted) + 0x0028e15e )	
0x130b08de	(dalvik-main space (deleted) + 0x004b08de )	
0x130b075e	(dalvik-main space (deleted) + 0x004b075e )	
0xb4eede77	(libart.so + 0x000a0e77 )	
0x130b08de	(dalvik-main space (deleted) + 0x004b08de )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0xb50236cb	(libart.so + 0x001d66cb )	
0xa2d023e6	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x004dc3e6 )	
0xa2d023e6	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x004dc3e6 )	
0x12c6ffce	(dalvik-main space (deleted) + 0x0006ffce )	
0xa282da8e	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x00007a8e )	
0xa2d023e6	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x004dc3e6 )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0xa28ef03a	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x000c903a )	
0xb50aca65	(libart.so + 0x0025fa65 )	
0xa2d023e6	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x004dc3e6 )	
0xa28a115a	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x0007b15a )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0x12cdeffe	(dalvik-main space (deleted) + 0x000deffe )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0xb50aca13	(libart.so + 0x0025fa13 )	
0xb4fb2dd5	(libart.so + 0x00165dd5 )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0x130b08de	(dalvik-main space (deleted) + 0x004b08de )	
0x130b08de	(dalvik-main space (deleted) + 0x004b08de )	
0x13f2f29f	(dalvik-main space (deleted) + 0x0132f29f )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0xa2d023e6	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x004dc3e6 )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0x75a1d9b6	(dalvik-alloc space (deleted) + 0x000e69b6 )	
0xa2ab7458	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x00291458 )	
0xb4edab05	(libart.so + 0x0008db05 )	
0xb5114062	(libart.so + 0x002c7062 )	
0xb4f21ed3	(libart.so + 0x000d4ed3 )	
0x75b675de	(dalvik-alloc space (deleted) + 0x002305de )	
0xa2ab743a	(data@app@com.android.chrome-1@base.apk@classes.dex + 0x0029143a )	
0xb510fb92	(libart.so + 0x002c2b92 )	
0x715f61a6	(boot.oat + 0x0044a1a6 )	
0xb51081a2	(libart.so + 0x002bb1a2 )	
0xb50fc872	(libart.so + 0x002af872 )	
0xb5113e3e	(libart.so + 0x002c6e3e )	
0xb5114062	(libart.so + 0x002c7062 )	
0x75a1da06	(dalvik-alloc space (deleted) + 0x000e6a06 )	
0x715f6266	(boot.oat + 0x0044a266 )	
... 71 more
0xb50fd746	(libart.so + 0x002b0746 )	
0xb50fcf32	(libart.so + 0x002aff32 )	
0xb50fcf46	(libart.so + 0x002aff46 )	
0xb4fe1cbf	(libart.so + 0x00194cbf )	
0x1eefffff	(dalvik-main space (deleted) + 0x0c2fffff )	
0xb4fdbc29	(libart.so + 0x0018ec29 )	
0xb506c683	(libart.so + 0x0021f683 )	
0x70444dfe	(system@framework@boot.art + 0x000d2dfe )	
0x1eefffff	(dalvik-main space (deleted) + 0x0c2fffff )	
0xb50fcf46	(libart.so + 0x002aff46 )	
0x130b08de	(dalvik-main space (deleted) + 0x004b08de )	
0x12c250ae	(dalvik-main space (deleted) + 0x000250ae )	
0x130b08de	(dalvik-main space (deleted) + 0x004b08de )	
0x73bc6901	(boot.oat + 0x0049c901 )	
0x70500ede	(system@framework@boot.art + 0x0018eede )	
0x12eb8c0e	(dalvik-main space (deleted) + 0x002b8c0e )	
0xb506cbd9	(libart.so + 0x0021fbd9 )	
0x12eb8c0e	(dalvik-main space (deleted) + 0x002b8c0e )	
0x12c250ae	(dalvik-main space (deleted) + 0x000250ae )	
0x704ff4de	(system@framework@boot.art + 0x0018d4de )	
0xb50fd746	(libart.so + 0x002b0746 )	
0xb50fd012	(libart.so + 0x002b0012 )	
0xb50fd746	(libart.so + 0x002b0746 )	
0xb50fcf32	(libart.so + 0x002aff32 )	
0xb50fcf46	(libart.so + 0x002aff46 )	
0xb4eede77	(libart.so + 0x000a0e77 )	
0x12eb6bbe	(dalvik-main space (deleted) + 0x002b6bbe )	
0x70445bd6	(system@framework@boot.art + 0x000d3bd6 )	
0xb507a95d	(libart.so + 0x0022d95d )	
0x12eb6bbe	(dalvik-main space (deleted) + 0x002b6bbe )	
0x716bc1e8	(boot.oat + 0x005101e8 )	
0xb505e4d9	(libart.so + 0x002114d9 )	
0x716bc1e8	(boot.oat + 0x005101e8 )	
0xb6f0c113	(libc.so + 0x0000f113 )	
0x716bc1e8	(boot.oat + 0x005101e8 )	
0x12eb6bbe	(dalvik-main space (deleted) + 0x002b6bbe )	
0x12eb8c4a	(dalvik-main space (deleted) + 0x002b8c4a )	
0xb6f25d37	(libc.so + 0x00028d37 )	
0xb5073c0b	(libart.so + 0x00226c0b )	
0xb50fd746	(libart.so + 0x002b0746 )	
0xb50fd012	(libart.so + 0x002b0012 )	
0xb50fd746	(libart.so + 0x002b0746 )	
0xb50fcf32	(libart.so + 0x002aff32 )	
0xb50fcf46	(libart.so + 0x002aff46 )	
0xb6f131bb	(libc.so + 0x000161bb )	
0xb6f0ff37	(libc.so + 0x00012f37 )	
0xb6f0ff57	(libc.so + 0x00012f57 )	
0xb6f0ff37	(libc.so + 0x00012f37 )	
0xb6f0ff37	(libc.so + 0x00012f37 )	
0xb6f0e017	(libc.so + 0x00011017 )	

This Crash observed in below builds:
53.0.2767.6	0.01%	1	
53.0.2763.0	0.05%	5	
52.0.2743.41	0.09%	9	
52.0.2743.32	0.12%	12	
52.0.2743.8	0.02%	2	
52.0.2739.3	0.05%	5	
52.0.2723.0	0.09%	9	
52.0.2718.2	0.01%	1	
51.0.2704.81	95.87%	9232	(latest stable)

Here is the link to the list of builds with OS version,GPU Vendor and CPU architecture:
https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Android%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27browser%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%5BAndroid%20Java%20Exception%5D%20java.lang.ArrayIndexOutOfBoundsException%20at%20org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground(MediaUrlResolver.java)%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#samplereports:5,productversion:1000,osversion,gpuvendor,cpuarchitecture

Crashes are seeing below versions of Android:
1	Android Lollipop	99.71%	9602	
2	Android KitKat	        0.23%	22	
3	Android Marshmallow	0.05%	5	
4	Android ???	        0.01%	1

Notes:
1. This is a regression issue with M51 (51.0.2681.4)
2. Observed 9186 crashes from 6831 clients with 0.37% on latest stable    51.0.2704.81

Code is not accessble, so adding Stability-Sheriff-Android could you please take a look?
Thanks you.

Comment 1 by wnwen@chromium.org, Jun 23 2016

Labels: -Stability-Sheriff-Android
Owner: avayvod@chromium.org
Status: Assigned (was: Untriaged)
Hi Anton,

Can you take a look at this crash? Not sure if your change was merged into M51 or not, but we still see crashes in M52, this is the change in question to doInBackground: http://crrev.com/1907413002

Here's the stack trace from M52:
Thread 64java.lang.RuntimeException: An error occured while executing doInBackground()
at android.os.AsyncTask$3.done	(AsyncTask.java:300 )
at java.util.concurrent.FutureTask.finishCompletion	(FutureTask.java:355 )
at java.util.concurrent.FutureTask.setException	(FutureTask.java:222 )
at java.util.concurrent.FutureTask.run	(FutureTask.java:242 )
at android.os.AsyncTask$SerialExecutor$1.run	(AsyncTask.java:231 )
at java.util.concurrent.ThreadPoolExecutor.runWorker	(ThreadPoolExecutor.java:1112 )
at java.util.concurrent.ThreadPoolExecutor$Worker.run	(ThreadPoolExecutor.java:587 )
at java.lang.Thread.run	(Thread.java:818 )
Caused by: java.lang.ArrayIndexOutOfBoundsException
at com.android.okio.Util.checkOffsetAndCount	(Util.java:29 )
at com.android.okio.Okio$1.write	(Okio.java:65 )
at com.android.okio.RealBufferedSink.emitCompleteSegments	(RealBufferedSink.java:116 )
at com.android.okio.RealBufferedSink.writeUtf8	(RealBufferedSink.java:56 )
at com.android.okhttp.internal.http.HttpConnection.writeRequest	(HttpConnection.java:157 )
at com.android.okhttp.internal.http.HttpTransport.writeRequestHeaders	(HttpTransport.java:97 )
at com.android.okhttp.internal.http.HttpEngine.readResponse	(HttpEngine.java:601 )
at com.android.okhttp.internal.http.HttpURLConnectionImpl.execute	(HttpURLConnectionImpl.java:379 )
at com.android.okhttp.internal.http.HttpURLConnectionImpl.getResponse	(HttpURLConnectionImpl.java:323 )
at com.android.okhttp.internal.http.HttpURLConnectionImpl.getHeaderFields	(HttpURLConnectionImpl.java:169 )
at org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground	(MediaUrlResolver.java:173 )
at org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground	(MediaUrlResolver.java:28 )
at android.os.AsyncTask$2.call	(AsyncTask.java:288 )
at java.util.concurrent.FutureTask.run	(FutureTask.java:237 )
... 4 more

https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Android%27%20AND%20custom_data.ChromeCrashProto.ptype%3D%27browser%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27%5BAndroid%20Java%20Exception%5D%20java.lang.ArrayIndexOutOfBoundsException%20at%20org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground(MediaUrlResolver.java)%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D

Thanks,

Peter

Comment 2 by avayvod@chromium.org, Jun 27 2016 

Could be that we call getResponseCode() without calling getInputStream() first? I found this article, for example: https://www.tbray.org/ongoing/When/201x/2012/01/17/HttpURLConnection

The comment in our code says getHeaderFields() should start the fetch but maybe it's not always true on all Android versions and devices...

Comment 3 by avayvod@chromium.org, Jun 27 2016

Labels: -Restrict-View-Google

Comment 4 by avayvod@chromium.org, Jun 27 2016

Status: Started (was: Assigned)

Comment 5 by avayvod@chromium.org, Jun 27 2016 

Another cause could be using the HUC from different threads...
https://github.com/square/okio/issues/163
Project Member

Comment 6 by sheriffbot@chromium.org, Jun 28 2016

Labels: FoundIn-M-51 Fracas
Users experienced this crash on the following builds:

Android Stable 51.0.2704.81 -  0.22 CPM, 12779 reports, 9945 clients (signature [Android Java Exception] java.lang.ArrayIndexOutOfBoundsException at org.chromium.chrome.browser.media.remote.MediaUrlResolver.doInBackground(MediaUrlResolver.java))

If this update was incorrect, please add "Fracas-Wrong" label to prevent future updates.

- Go/Fracas

Comment 7 by avayvod@chromium.org, Aug 5 2016

Labels: -M-51 M-54

Comment 8 by avayvod@chromium.org, Aug 31 2016

Cc: dalecur...@chromium.org
I don't think this is easily fixable unless we get rid of using HttpURLConnection at all because it's unreliable and the Android eng didn't find anything illegal we're doing in Clank (from the internal Android eng thread).

Not sure what to do for HLS but for everything else we would ideally do the same as what WMPI does to fetch the initial content and get the codec/format info. We would want to specify Chromecast UA for CORS checks and somehow manage URL escaping to be able to pass it to Chromecast. We want to avoid downloading the whole file, of course.

Dale, who on your team would be the best person to talk to about reusing this part of video stack?

Comment 9 by avayvod@chromium.org, Aug 31 2016

Components: Internals>Cast>MediaFling

Comment 10 by dalecur...@chromium.org, Aug 31 2016 

Probably you should just stop using this entirely and require that this information be forwarded from WMPI upon start of the casting session. For HLS I would actually drop casting support (it's ~5% of all playbacks, so casting is probably even lower).

Comment 11 by avayvod@chromium.org, Aug 31 2016 

We need the information for discovery so we don't show the Cast button at all for videos we know apriori we can't cast. Sometimes we get video URLs that accept CORS request on Chrome but not on Chromecast - hence the need to spoof the user agent - I doubt WMPI will do that for us?

HLS is actually about 10% of casts from Clank: see Cast.Sender.CastMediaType histogram. Media.Android.IsHttpLiveStreamingMedia shows about 15% of media URLs are HLS on Android if it's up-to-date.

We don't really care about decoding / parsing HLS for Cast though (unless we want to check the CORS header for all streams in the manifest), we could reuse the same fetching technique to verify redirects and headers.

Comment 12 by dalecur...@chromium.org, Aug 31 2016 

Media.Android.IsHttpLiveStreamingMedia isn't accurate anymore since the Spitzer launch, we only send HLS URLs to WMPA now, so it will eventually drift to 100%. I'm planning to submit a fix for that shortly, but for now don't rely on it. Your cast specific one is more interesting.

Ah, yeah I didn't realize you needed more than just codec/format information. You'll have to issue your own network request for that. This is probably best handled inside Blink, but if you really want to do it in content you likely want to use something like MediaInfoLoader:

https://cs.chromium.org/chromium/src/content/renderer/media/android/media_info_loader.h

Which uses similar loading mechanisms to WMPI w/o the additional caching overhead.

Comment 13 by avayvod@chromium.org, Sep 15 2016

Labels: -M-54 M-55
Moving to M55

Comment 14 by avayvod@chromium.org, Oct 19 2016

Labels: -M-55 M-56

Comment 15 by sko...@chromium.org, Nov 10 2016 

Ping Anton, can you update milestone/status?

Comment 16 by sko...@chromium.org, Dec 1 2016

Labels: -Pri-1 -M-56 M-57 Pri-2

Comment 17 by sko...@chromium.org, Feb 9 2017

Labels: -M-57

Comment 18 by avayvod@chromium.org, Oct 18 2017

Owner: mlamouri@chromium.org
Status: Untriaged (was: Started)
Assigning all my bugs to Mounir for him to triage and close/reassign later.

Comment 19 by sko...@chromium.org, Oct 23 2017

Status: Assigned (was: Untriaged)
Assigning to Mounir for decision so that these get out of the general untriaged bucket.

Comment 20 by mlamouri@chromium.org, Apr 7 2018

Cc: mlamouri@chromium.org
Owner: ----
Status: Available (was: Assigned)

Comment 21 by dalecur...@chromium.org, Apr 9 2018

Cc: tguilbert@chromium.org
cc: tguilbert since he's probably fixing some of these implicitly.

Comment 22 by tguilbert@chromium.org, Apr 10 2018

Status: WontFix (was: Available)
There are no reported crashes after 55.0.2883.99. There are still a few crashes per day on M53.

Sign in to add a comment