cts test failure is high priority, as it indicates API change. Well in this case crash?

 Issue 664093  has been merged into this issue.

Tobias's analysis seems to be correct (see the dupe'd bug)

https://skia.googlesource.com/skia.git/+/824075071885b6b741c141cbe2134d8345d34589

assigning to reed

Mike, this breaks an Android WebView API, so needs quick attention.

 Issue 664204  has been merged into this issue.

symbolized stack from bot, null pointer rather deep in skia code..

signal 11 (SIGSEGV), code 1, fault addr 0x60 in tid 2525 (roidJUnitRunner)
pid: 2507, tid: 2525, name: roidJUnitRunner  >>> com.android.cts.webkit <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x60
     r0 9afcd000  r1 000010e8  r2 00000000  r3 9afcd000
     r4 b34e5e9c  r5 b34e5ee8  r6 b34e5f80  r7 b34e5e90
     r8 00000000  r9 b34e5f60  sl 99850500  fp 12d65bc0
     ip 00000000  sp b34e5e90  lr 9de9c467  pc 9dd35ff0

Stack Trace:
  RELADDR   FUNCTION                                                                                                                                           FILE:LINE
  0052bff0  SkCanvas::save()+16                                                                                                                                /b/c/b/Android_arm_Builder__dbg_/src/third_party/skia/src/core/SkCanvas.cpp:1015
  00692463  SkNWayCanvas::willSave()+30                                                                                                                        /b/c/b/Android_arm_Builder__dbg_/src/third_party/skia/src/utils/SkNWayCanvas.cpp:59
  0052c075  SkCanvas::doSave()+12                                                                                                                              /b/c/b/Android_arm_Builder__dbg_/src/third_party/skia/src/core/SkCanvas.cpp:1020
  0052c431  SkCanvas::setMatrix(SkMatrix const&)+8                                                                                                             /b/c/b/Android_arm_Builder__dbg_/src/third_party/skia/src/core/SkCanvas.cpp:1489
  005e17f1  void SkRecords::Draw::draw<SkRecords::SetMatrix>(SkRecords::SetMatrix const&)+24                                                                   /b/c/b/Android_arm_Builder__dbg_/src/third_party/skia/src/core/SkRecordDraw.cpp:84
  v------>  decltype ({parm#2}((SkRecords::NoOp)())) SkRecord::visit<SkRecords::Draw&>(int, SkRecords::Draw&) const                                            /b/c/b/Android_arm_Builder__dbg_/src/third_party/skia/src/core/SkRecord.h:51
  005e2461  SkRecordDraw(SkRecord const&, SkCanvas*, SkPicture const* const*, SkDrawable* const*, int, SkBBoxHierarchy const*, SkPicture::AbortCallback*)+316  /b/c/b/Android_arm_Builder__dbg_/src/third_party/skia/src/core/SkRecordDraw.cpp:54
  00510657  SkBigPicture::playback(SkCanvas*, SkPicture::AbortCallback*) const+198                                                                             /b/c/b/Android_arm_Builder__dbg_/src/third_party/skia/src/core/SkBigPicture.cpp:41
  00381195  android_webview::AwPicture::Draw(_JNIEnv*, base::android::JavaParamRef<_jobject*> const&, base::android::JavaParamRef<_jobject*> const&)+128       /b/c/b/Android_arm_Builder__dbg_/src/android_webview/native/aw_picture.cc:47
  0038126f  Java_org_chromium_android_1webview_AwPicture_nativeDraw+114

This is *probably* a canvas created from SkCanvasStateUtils::CreateFromCanvasState, ie the canvas is created by skia in android (L in this case), and then passed over to skia in webview, which has a higher version

if that's true, that means software draw in webview is broken as well..

I can't check any of this because I don't have access to my desktop at the moment :(

Issue 664237 has been merged into this issue.

testing team filed loads of bugs due to this crash, so it's real

ok, apparently no one actually bisected, so https://skia.googlesource.com/skia.git/+/824075071885b6b741c141cbe2134d8345d34589 is only the current best guess..

We have a potentially related bug & fix in Skia.  https://skia-review.googlesource.com/c/4659/ should be rolling into Chrome via the next Skia roll (within next hour).  Mike is also continuing to look at this stack & his change.

thanks!

I can't compile today due to t/24048689.. anyone on the webivew team wanna try rolling skia locally and make sure, eg books loads fine?

re. c#8: @boliu, you mean WebView passes SkCanvas objects across library boundaries?  That sounds fundamentally unsafe to me - not only because Skia offers not ABI guarantees, but also because the libs could be built (and most likely are) with different feature flags.

> re. c#8: @boliu, you mean WebView passes SkCanvas objects across library boundaries?

Correct.

I was not involved with the discussion back when webview became updatable in L, but all you are saying is correct. SkCanvasStateUtils was added specifically for webview to handle this. I'm not entirely sure what kind of restrictions there are like build flags, but webview has been using this since L.

There's a comment at the top that says it's specifically added to cross library boundaries: https://cs.chromium.org/chromium/src/third_party/skia/include/utils/SkCanvasStateUtils.h

With respect to SkCanvasStateUtils the SkCanvas is not shared across the boundary.  The whole point of that class is to deconstruct the SkCanvas into an SkCanvasState object that is ABI compatible so that we can shuttle it between libraries.

Issue 664047 has been merged into this issue.

Issue 664118 has been merged into this issue.

Issue 664067 has been merged into this issue.

Issue 664122 has been merged into this issue.

Issue 664096 has been merged into this issue.

Oh, sorry, I was not very precise with language in #20..

I just tried maunlly rolling skia to https://skia-review.googlesource.com/4659. Did not help..

Ok, sounds like it's time for a little revertfest...working on it.

Fix and original changes reverted- Skia will autoroll shortly or need to manually get to https://skia-review.googlesource.com/c/4687/

And syncing to the revert https://skia-review.googlesource.com/c/4687/ fixes this. Thanks!

boilu@ -we are pushing M56 build Alpha/Dev tomorrow. These changes are going to be in tonight's M56 build, right?

Thanks!

this roll contains skia revert https://codereview.chromium.org/2498453002/

probably won't make tonights build unless someone cheerypicks the roll after branch is cut

Thanks hcm@ and rest of skia folks for jumping on this quickly.

Let me know if you need help testing to re-land of the change.

we see OEM email crashes on Samsung , HTC and Sony devices Please find the below issues which merged to this issue.

https://bugs.chromium.org/p/chromium/issues/detail?id=664122
https://bugs.chromium.org/p/chromium/issues/detail?id=664118
https://bugs.chromium.org/p/chromium/issues/detail?id=664067
https://bugs.chromium.org/p/chromium/issues/detail?id=664047
https://bugs.chromium.org/p/chromium/issues/detail?id=664096

the above issues are repro on latest M56 : 56.0.2920.0 , but doesn't repro on yesterdays build 56.0.2919.0. 

Some thing went wrong between 56.0.2919.0 - 56.0.2920.0
https://chromium.googlesource.com/chromium/src/+log/56.0.2919.0..56.0.2920.0?pretty=fuller&n=10000

Hence reopening this issue. 

Thank you, acindhe@ !

Lot of Skia changes went between these 2 builds also 1 blink change: crbug/663645. One of these changes could be causing these crashes (not 100% sure).
Definitely it is Alpha/Dev blocker.

Thanks!

Yep. CTS test broke again, on the following roll:

Change #32171

Changed by	skia-deps-roller@chromium.org
Changed at	Sun 13 Nov 2016 14:12:25
Repository	https://chromium.googlesource.com/chromium/src
Project	src
Branch	master
Revision	e6e40914596eacad1cf65697b7a55f3729ae61a9
Comments

Roll src/third_party/skia/ 14b748ddd..5df4934b3 (3 commits).

https://skia.googlesource.com/skia.git/+log/14b748ddd2a8..5df4934b3e40

$ git log 14b748ddd..5df4934b3 --date=short --no-merges --format='%ad %ae %s'
2016-11-12 reed Revert[2] "Change SkCanvas to *not* inherit from SkRefCnt"
2016-11-13 mtklein Revert of Make SkSmallAllocator obey the RAII invariants and be expandable (patchset #15 id:280001 of https://codereview.chromium.org/2488523003/ )
2016-11-13 herb Make SkSmallAllocator obey the RAII invariants and move to heap structures when needed.

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+/master/autoroll/README.md

If the roll is causing failures, see:
http://www.chromium.org/developers/tree-sheriffs/sheriff-details-chromium#TOC-Failures-due-to-DEPS-rolls

CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_precise_blink_rel
TBR=stani@google.com

Review-Url: https://codereview.chromium.org/2502463002
Cr-Commit-Position: refs/heads/master@{#431809}
Changed files

DEPS
Properties

Git_revision	e6e40914596eacad1cf65697b7a55f3729ae61a9

Reverting 2016-11-12 reed Revert[2] "Change SkCanvas to *not* inherit from SkRefCnt"

Indicates that it is the culprit.

Mike, I've added what I think is the fix for this here:

https://skia-review.googlesource.com/c/4800/

Issue 665407 has been merged into this issue.

Issue 665413 has been merged into this issue.

This should be fixed in ToT (https://skia-review.googlesource.com/c/4799/).  Can someone verify?

CTS test bot is red again but this time it looks incidental. I'll poke around.

CTS bot looks green again: https://uberchromegw.corp.google.com/i/chromium.android/builders/Android%20WebView%20CTS%20L-MR1%20%28dbg%29/

Thus closing, please re-open if further work is required.

All the OEM crashes mentioned in comment# 34 are doesn't repro on latest M56 - 56.0.2924.10

https://bugs.chromium.org/p/chromium/issues/detail?id=664122
https://bugs.chromium.org/p/chromium/issues/detail?id=664118
https://bugs.chromium.org/p/chromium/issues/detail?id=664067
https://bugs.chromium.org/p/chromium/issues/detail?id=664047
https://bugs.chromium.org/p/chromium/issues/detail?id=664096