Issue metadata
Sign in to add a comment
|
Chrome_Android: Crash Report - blink::PtrStorageImpl<WTF::StringImpl, (blink::WebPrivatePtrDestruction)0, (blink::WebPrivatePtrStrength)0, (blink::LifetimeManagementType)0>::release |
||||||||||||||||||||||
Issue description***Getting Error Bad request when trying to log the crash via go/chromecrash*** Crash id: 7ecec3df00000000 Stack trace: ============ Thread 9 CRASHED [SIGSEGV @ 0x00000108 ] MAGIC SIGNATURE THREAD Stack Quality20%Show frame trust levels 0xd6d3d554 (libmonochrome.so -WebPrivatePtr.h:125 ) blink::PtrStorageImpl<WTF::StringImpl, (blink::WebPrivatePtrDestruction)0, (blink::WebPrivatePtrStrength)0, (blink::LifetimeManagementType)0>::release() 0xd842a757 (libmonochrome.so -WebString.h:59 ) ~RenderWidget 0xd842738b (libmonochrome.so -render_view_impl.cc:737 ) ~RenderViewImpl 0xd84273f3 (libmonochrome.so -render_view_impl.cc:766 ) content::RenderViewImpl::~RenderViewImpl() 0xd8429989 (libmonochrome.so -ref_counted.h:135 ) scoped_refptr<content::RenderWidget>::~scoped_refptr() 0xd8429999 (libmonochrome.so -tuple:180 ) Destroy 0xd6a004ad (libmonochrome.so -callback_internal.cc:39 ) base::internal::CallbackBase<(base::internal::CopyMode)0>::~CallbackBase() 0xd6a273ef (libmonochrome.so -callback.h:102 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0xd6d415e9 (libmonochrome.so -task_queue_manager.cc:359 ) blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*) 0xd6d40a29 (libmonochrome.so -task_queue_manager.cc:251 ) blink::scheduler::TaskQueueManager::DoWork(base::TimeTicks, bool) 0xd6d408a9 (libmonochrome.so -bind_internal.h:214 ) Run 0xd6a273e9 (libmonochrome.so -callback.h:68 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0xd6ba23f7 (libmonochrome.so -message_loop.cc:413 ) base::MessageLoop::RunTask(base::PendingTask*) 0xd6ba231b (libmonochrome.so -message_loop.cc:422 ) base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) 0xd6ba1af5 (libmonochrome.so -message_loop.cc:515 ) base::MessageLoop::DoWork() 0xd6ba7111 (libmonochrome.so -message_pump_default.cc:33 ) base::MessagePumpDefault::Run(base::MessagePump::Delegate*) 0xd6ba1897 (libmonochrome.so -run_loop.cc:35 ) base::RunLoop::Run() 0xd6cf9a6d (libmonochrome.so -renderer_main.cc:200 ) content::RendererMain(content::MainFunctionParams const&) 0xd6a1ead3 (libmonochrome.so -content_main_runner.cc:786 ) content::ContentMainRunnerImpl::Run() 0xd6a155c1 (libmonochrome.so -content_main.cc:46 ) Java_org_chromium_content_app_ContentMain_nativeStart 0xd9d8ada5 (base.odex + 0x00042da5 ) 0xf5a6e66e (dalvik-LinearAlloc (deleted) + 0x0000666e ) 0x12c7fcfe (dalvik-main space (deleted) + 0x0007fcfe ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0xf2dbc941 (libart.so + 0x000a9941 ) 0xd9a618af (base.odex + 0x004258af ) 0xd9a618af (base.odex + 0x004258af ) 0xf311798b (libart.so + 0x0040498b ) 0xf304726f (libart.so + 0x0033426f ) 0xf2f92811 (libart.so + 0x0027f811 ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0xf5a6c45a (dalvik-LinearAlloc (deleted) + 0x0000445a ) 0xd9afad64 (base.odex + 0x004bed64 ) 0xf3028375 (libart.so + 0x00315375 ) 0xd9afad64 (base.odex + 0x004bed64 ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0xf5a6e66e (dalvik-LinearAlloc (deleted) + 0x0000666e ) 0xd9a618af (base.odex + 0x004258af ) 0xf2dc3c01 (libart.so + 0x000b0c01 ) 0xd9a618af (base.odex + 0x004258af ) 0xf3116d2d (libart.so + 0x00403d2d ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0xd96754e2 (base.odex + 0x000394e2 ) 0xf5a6e66e (dalvik-LinearAlloc (deleted) + 0x0000666e ) 0xd9a618ae (base.odex + 0x004258ae ) 0xf5a6e692 (dalvik-LinearAlloc (deleted) + 0x00006692 ) 0xf2f00047 (libart.so + 0x001ed047 ) 0xd9a618af (base.odex + 0x004258af ) 0xf3130da7 (libart.so + 0x0041dda7 ) ... 146 more 0xf417871d (libc.so + 0x0006271d ) 0x12c1ff6e (dalvik-main space (deleted) + 0x0001ff6e ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0x6fa14f5a (system@framework@boot.art + 0x00179f5a ) 0x705d5102 (boot.oat + 0x002d9102 ) 0xf2dc3bd7 (libart.so + 0x000b0bd7 ) 0x705d5102 (boot.oat + 0x002d9102 ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0x6fa14f5a (system@framework@boot.art + 0x00179f5a ) 0x705d5102 (boot.oat + 0x002d9102 ) 0x705d5102 (boot.oat + 0x002d9102 ) 0xf3028563 (libart.so + 0x00315563 ) 0x705d5102 (boot.oat + 0x002d9102 ) 0xf41846af (libc.so + 0x0006e6af ) 0xf4178d5b (libc.so + 0x00062d5b ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0xf3054747 (libart.so + 0x00341747 ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0xf30408fb (libart.so + 0x0032d8fb ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0xf304721f (libart.so + 0x0033421f ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0x6fa14f5a (system@framework@boot.art + 0x00179f5a ) 0x705d5102 (boot.oat + 0x002d9102 ) 0x12c1ff6e (dalvik-main space (deleted) + 0x0001ff6e ) 0xf302932f (libart.so + 0x0031632f ) 0x705d5102 (boot.oat + 0x002d9102 ) 0x705d5102 (boot.oat + 0x002d9102 ) 0x12c1ff6e (dalvik-main space (deleted) + 0x0001ff6e ) 0xf31300ff (libart.so + 0x0041d0ff ) 0xf303fc3d (libart.so + 0x0032cc3d ) 0xf3130da7 (libart.so + 0x0041dda7 ) 0xf417cb99 (libc.so + 0x00066b99 ) 0xf310ed77 (libart.so + 0x003fbd77 ) 0x12c20fde (dalvik-main space (deleted) + 0x00020fde ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0x6fa14f5a (system@framework@boot.art + 0x00179f5a ) 0xf3130da7 (libart.so + 0x0041dda7 ) 0xf3130dd8 (libart.so + 0x0041ddd8 ) 0xf31301a6 (libart.so + 0x0041d1a6 ) 0xf304049f (libart.so + 0x0032d49f ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) 0xf415d00b (libc.so + 0x0004700b ) 0xf304014b (libart.so + 0x0032d14b ) 0xf415d023 (libc.so + 0x00047023 ) 0xf412fe3d (libc.so + 0x00019e3d ) 0xf304014b (libart.so + 0x0032d14b ) 0x727ef428 (boot-framework.oat + 0x011b4428 ) Link to the list of the builds: =============================== https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3APtrStorageImpl%3CWTF%3A%3AStringImpl%2C%20(blink%3A%3AWebPrivatePtrDestruction)0%2C%20(blink%3A%3AWebPrivatePtrStrength)0%2C%20(blink%3A%3ALifetimeManagementType)0%3E%3A%3Arelease%27%20AND%20product.name%3D%27Chrome_Android%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D Note: ===== 1. Crashes have spiked in M-57 on Android, from chrome version: 57.0.2936.0.
,
Dec 5 2016
Appears related to text input state history. Sending to Ehsan as he was working in that area. https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.ptype%3D%27renderer%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27blink%3A%3APtrStorageImpl%3CWTF%3A%3AStringImpl%2C%20(blink%3A%3AWebPrivatePtrDestruction)0%2C%20(blink%3A%3AWebPrivatePtrStrength)0%2C%20(blink%3A%3ALifetimeManagementType)0%3E%3A%3Arelease%27%20AND%20product.name%3D%27Chrome_Android%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D&stbtiq=&reportid=246c2a4f00000000&index=4
,
Dec 5 2016
Appears unrelated to my change.
,
Dec 5 2016
I think my CL: https://codereview.chromium.org/2354793003/ could have caused this crash. The core reason as I see is that we are sending unnecessary ACKs do to |TextInputState.is_non_ime_change| flag being true. These could be for state updates initiated on the browser side. I will update soon.
,
Dec 7 2016
,
Dec 7 2016
The ACK IPC as well as text_input_state_history_ are being removed here: https://codereview.chromium.org/2553923002/ which would make my fix irrelevant.
,
Dec 12 2016
There should not be any more instances of this crash from 57.0.2946.0 on. The CL in comment #6 has landed and should be in today's Canary. |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by ajha@chromium.org
, Dec 5 2016Owner: dtapu...@chromium.org
Status: Assigned (was: Untriaged)