Crash on mojo::edk::ports::Node::ClosePort |
||
Issue descriptionThis bug is moved from http://b/35935935 com.google.android.webview : VersionCode:292408750;VersionName:56.0.2924.87 Operating system: Android samsung/heroltexx/herolte:6.0.1/MMB29K/G930FXXU1BPIP:user/release-keys CPU: arm64 8 CPUs GPU: UNKNOWN Crash reason: Crash address: 0x0 Process uptime: not available Thread 0 (crashed) 0 libwebviewchromium.so!std::__ndk1::__deque_base<base::WeakPtr<net::SpdyStreamRequest>, std::__ndk1::allocator<base::WeakPtr<net::SpdyStreamRequest> > >::end() [deque : 1076 + 0x0] x0 = 0x0000007fdefe7df8 x1 = 0x0000000000000000 x2 = 0x0000000000000000 x3 = 0x0000000000000000 x4 = 0x0000000000000000 x5 = 0x0000000000000000 x6 = 0x0000000000000000 x7 = 0x0000007f5ce844f0 x8 = 0x0000000000000000 x9 = 0x0000007f5ce844f0 x10 = 0x0000000000000001 x11 = 0x0000007f6eed7b80 x12 = 0x0000007f9e9b5fc0 x13 = 0x000000000000000a x14 = 0x000000000000000b x15 = 0x0000000000000071 x16 = 0x0000007f891a5580 x17 = 0x0000000000000000 x18 = 0x0000007f6eed7b80 x19 = 0x0000007f5ce83570 x20 = 0x0000000000000000 x21 = 0x0000000000000000 x22 = 0x0000007f5ce83570 x23 = 0x0000000000000000 x24 = 0x0000000000000000 x25 = 0x0000007f86bd8c44 x26 = 0x0000007f5ce83538 x27 = 0x0000007f5ce83548 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce83490 lr = 0x0000007f86965dc8 sp = 0x0000007f5ce83490 pc = 0x0000007f85d8108c Found by: given as instruction pointer in context 1 libwebviewchromium.so!std::__ndk1::__deque_base<content::AudioInputSyncWriter::OverflowParams, std::__ndk1::allocator<content::AudioInputSyncWriter::OverflowParams> >::~__deque_base() [deque : 1162 + 0x0] x19 = 0x0000007f5ce83570 x20 = 0x0000000000000000 x21 = 0x0000000000000000 x22 = 0x0000007f5ce83570 x23 = 0x0000000000000000 x24 = 0x0000000000000000 x25 = 0x0000007f86bd8c44 x26 = 0x0000007f5ce83538 x27 = 0x0000007f5ce83548 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce83490 sp = 0x0000007f5ce83490 pc = 0x0000007f86965dc8 Found by: call frame info 2 libwebviewchromium.so!mojo::edk::ports::Node::ClosePort(mojo::edk::ports::PortRef const&) [deque : 1182 + 0x4] x19 = 0x0000007f5ce83558 x20 = 0x0000007f94e9e630 x21 = 0x0000000000000000 x22 = 0x0000007f5ce83570 x23 = 0x0000000000000000 x24 = 0x0000000000000000 x25 = 0x0000007f86bd8c44 x26 = 0x0000007f5ce83538 x27 = 0x0000007f5ce83548 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce834c0 sp = 0x0000007f5ce834c0 pc = 0x0000007f86be12a4 Found by: call frame info 3 libwebviewchromium.so!mojo::edk::NodeController::ClosePort(mojo::edk::ports::PortRef const&) [node_controller.cc : 284 + 0x8] x19 = 0x0000000000000000 x20 = 0x0000007f9ae88800 x21 = 0x0000007f72096ad8 x22 = 0x0000007f5ce836a8 x23 = 0x0000007f5ce836a0 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce835a0 sp = 0x0000007f5ce835a0 pc = 0x0000007f86bd717c Found by: call frame info 4 libwebviewchromium.so!mojo::edk::MessagePipeDispatcher::CloseNoLock() [message_pipe_dispatcher.cc : 538 + 0x8] x19 = 0x0000007f72096ac0 x20 = 0x0000000000000000 x21 = 0x0000007f72096afc x22 = 0x0000007f5ce836a8 x23 = 0x0000007f5ce836a0 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce835e0 sp = 0x0000007f5ce835e0 pc = 0x0000007f86bd2d4c Found by: call frame info 5 libwebviewchromium.so!mojo::edk::MessagePipeDispatcher::Close() [message_pipe_dispatcher.cc : 209 + 0x4] x19 = 0x0000007f72096ac0 x20 = 0x0000000000000000 x21 = 0x0000007f5ce83698 x22 = 0x0000007f5ce836a8 x23 = 0x0000007f5ce836a0 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce83610 sp = 0x0000007f5ce83610 pc = 0x0000007f86bd2d8c Found by: call frame info 6 libwebviewchromium.so!mojo::edk::Core::Close(unsigned int) [core.cc : 410 + 0x4] x19 = 0x0000007f89193000 x20 = 0x0000000000000000 x21 = 0x0000007f5ce83698 x22 = 0x0000007f5ce836a8 x23 = 0x0000007f5ce836a0 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce83640 sp = 0x0000007f5ce83640 pc = 0x0000007f86bcd2d4 Found by: call frame info 7 libwebviewchromium.so!MojoClose [thunks.cc : 22 + 0x4] x19 = 0x0000007f5ce837d8 x20 = 0x0000007f7fde0dc0 x21 = 0x0000007f5ce838b8 x22 = 0x0000000000000029 x23 = 0x0000007f5ce838a8 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce837a0 sp = 0x0000007f5ce837a0 pc = 0x0000007f8649e43c Found by: call frame info 8 libwebviewchromium.so!mojo::Connector::CloseMessagePipe() [handle.h : 79 + 0x4] x19 = 0x0000007f5ce837d8 x20 = 0x0000007f7fde0dc0 x21 = 0x0000007f5ce838b8 x22 = 0x0000000000000029 x23 = 0x0000007f5ce838a8 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce837b0 sp = 0x0000007f5ce837b0 pc = 0x0000007f864961a4 Found by: call frame info 9 libwebviewchromium.so!mojo::internal::MultiplexRouter::CloseMessagePipe() [multiplex_router.cc : 471 + 0x4] x19 = 0x0000007f7fcb8e00 x20 = 0x0000007f7fde0dc0 x21 = 0x0000007f5ce838b8 x22 = 0x0000000000000029 x23 = 0x0000007f5ce838a8 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce837e0 sp = 0x0000007f5ce837e0 pc = 0x0000007f8649bb98 Found by: call frame info 10 libwebviewchromium.so!mojo::internal::InterfacePtrState<IPC::mojom::ChannelBootstrap, true>::~InterfacePtrState() [interface_ptr_state.h : 218 + 0x0] x19 = 0x0000007f5ce838d0 x20 = 0x0000007f7fde0dc0 x21 = 0x0000007f5ce838b8 x22 = 0x0000000000000029 x23 = 0x0000007f5ce838a8 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce83800 sp = 0x0000007f5ce83800 pc = 0x0000007f85d96ac0 Found by: call frame info 11 libwebviewchromium.so!service_manager::ConnectToInterfaceByName(service_manager::ServiceManager*, service_manager::Identity const&, service_manager::Identity const&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&) [interface_ptr.h : 68 + 0x4] x19 = 0x0000007f5ce838c0 x20 = 0x0000007f7fde0dc0 x21 = 0x0000007f5ce838b8 x22 = 0x0000000000000029 x23 = 0x0000007f5ce838a8 x24 = 0x0000007f5ce838b0 x25 = 0x0000007f5ce83970 x26 = 0x0000007f5ce838d0 x27 = 0x0000007f5ce839d0 x28 = 0x0000007f7fcb8e00 fp = 0x0000007f5ce83820 sp = 0x0000007f5ce83820 pc = 0x0000007f86be9498 Found by: call frame info 12 libwebviewchromium.so!void service_manager::ConnectToInterface<service_manager::mojom::Resolver>(service_manager::ServiceManager*, service_manager::Identity const&, service_manager::Identity const&, mojo::InterfacePtr<service_manager::mojom::Resolver>*) [connect_util.h : 32 + 0x0] x19 = 0x0000007f5ce83a40 x20 = 0x0000007f5ce839d0 x21 = 0x0000007f89193000 x22 = 0x0000007f5ce839a0 x23 = 0x0000007f5ce83970 x24 = 0x0000007f5ce83988 x25 = 0x0000007f5ce83cf8 x26 = 0x0000007f88b1f5b0 x27 = 0x0000000000000001 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce83920 sp = 0x0000007f5ce83920 pc = 0x0000007f86bec1cc Found by: call frame info 13 libwebviewchromium.so!service_manager::ServiceManager::GetResolver(service_manager::Identity const&) [service_manager.cc : 630 + 0x10] x19 = 0x0000007f5ce83aa0 x20 = 0x0000007f94c9e698 x21 = 0x0000007f94c9e620 x22 = 0x0000007f5ce83a40 x23 = 0x0000007f5ce83c10 x24 = 0x0000007f89193000 x25 = 0x0000007f5ce83cf8 x26 = 0x0000007f88b1f5b0 x27 = 0x0000000000000001 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce839f0 sp = 0x0000007f5ce839f0 pc = 0x0000007f86bec3bc Found by: call frame info 14 libwebviewchromium.so!service_manager::ServiceManager::Connect(std::__ndk1::unique_ptr<service_manager::ConnectParams, std::__ndk1::default_delete<service_manager::ConnectParams> >, mojo::InterfacePtr<service_manager::mojom::Service>, base::WeakPtr<service_manager::ServiceManager::Instance>) [service_manager.cc : 691 + 0x8] x19 = 0x0000007f5ce83cb0 x20 = 0x0000007f5ce83c10 x21 = 0x0000007f89193000 x22 = 0x0000007f5ce83bf8 x23 = 0x0000007f94c9e620 x24 = 0x0000007f5ce83cb8 x25 = 0x0000007f5ce83cf8 x26 = 0x0000007f88b1f5b0 x27 = 0x0000000000000001 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce83b30 sp = 0x0000007f5ce83af0 pc = 0x0000007f86bee9b0 Found by: call frame info 15 libwebviewchromium.so!service_manager::ServiceManager::StartEmbedderService(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&) [service_manager.cc : 598 + 0x10] x19 = 0x0000007f89193000 x20 = 0x0000007f5ce83cf8 x21 = 0x0000007f5ce83d40 x22 = 0x0000007f5ce83cc8 x23 = 0x0000007f5ce83cb8 x24 = 0x0000007f5ce83df0 x25 = 0x0000007f94c9e620 x26 = 0x0000007f88b1f5b0 x27 = 0x0000007f818ca930 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce83c60 sp = 0x0000007f5ce83c60 pc = 0x0000007f86beecec Found by: call frame info 16 libwebviewchromium.so!StartOnIOThread [service_manager_context.cc : 185 + 0xc] x19 = 0x0000007f5ce83e40 x20 = 0x0000007f89193000 x21 = 0x0000007f5ce83e10 x22 = 0x0000007f5ce83e90 x23 = 0x0000007f5ce83df0 x24 = 0x0000007f5ce83e08 x25 = 0x0000007f94c9e620 x26 = 0x0000007f88b1f5b0 x27 = 0x0000007f818ca930 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce83d90 sp = 0x0000007f5ce83d90 pc = 0x0000007f869a5f34 Found by: call frame info 17 libwebviewchromium.so!Run [bind_internal.h : 214 + 0x0] x19 = 0x0000007f5ce83e90 x20 = 0x0000007f5ce83fa0 x21 = 0x0000007f5ce83f80 x22 = 0x0000000000000000 x23 = 0x0000007f5ce83f88 x24 = 0x0000007f5ce83fc0 x25 = 0x0000007f5ce83f70 x26 = 0x0000007f88b1f5b0 x27 = 0x0000007f818ca930 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce83e60 sp = 0x0000007f5ce83e60 pc = 0x0000007f869a55e0 Found by: call frame info 18 libwebviewchromium.so!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) [callback.h : 47 + 0x8] x19 = 0x0000007f5ce841c8 x20 = 0x0000007f5ce83fa0 x21 = 0x0000007f5ce83f80 x22 = 0x0000000000000000 x23 = 0x0000007f5ce83f88 x24 = 0x0000007f5ce83fc0 x25 = 0x0000007f5ce83f70 x26 = 0x0000007f88b1f5b0 x27 = 0x0000007f818ca930 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce83ee0 sp = 0x0000007f5ce83ea0 pc = 0x0000007f85dc5aa0 Found by: call frame info 19 libwebviewchromium.so!base::MessageLoop::RunTask(base::PendingTask*) [message_loop.cc : 413 + 0x10] x19 = 0x0000007f5ce840b0 x20 = 0x0000007f5ce840d0 x21 = 0x0000007f5ce841c8 x22 = 0x0000007f818ca800 x23 = 0x0000007f89193000 x24 = 0x0000007f5ce84090 x25 = 0x0000007f88a1f5e7 x26 = 0x0000007f818ca908 x27 = 0x0000007f5ce84278 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce84020 sp = 0x0000007f5ce83fe0 pc = 0x0000007f85ddeabc Found by: call frame info 20 libwebviewchromium.so!base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) [message_loop.cc : 422 + 0x0] x19 = 0x0000007f818ca800 x20 = 0x0000000000000001 x21 = 0x0000007f5ce841c8 x22 = 0x0000007f5ce84178 x23 = 0x0000007f818ca818 x24 = 0x0000007f94cadd00 x25 = 0x0000000000000000 x26 = 0x0000000000000001 x27 = 0x0000007f5ce84278 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce840f0 sp = 0x0000007f5ce840f0 pc = 0x0000007f85ddf3c4 Found by: call frame info 21 libwebviewchromium.so!base::MessageLoop::DoWork() [message_loop.cc : 515 + 0x8] x19 = 0x0000007f818ca800 x20 = 0x0000007f5ce84180 x21 = 0x0000007f5ce841c8 x22 = 0x0000007f5ce84178 x23 = 0x0000007f818ca818 x24 = 0x0000007f94cadd00 x25 = 0x0000000000000000 x26 = 0x0000000000000001 x27 = 0x0000007f5ce84278 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce84130 sp = 0x0000007f5ce84130 pc = 0x0000007f85ddf840 Found by: call frame info 22 libwebviewchromium.so!base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) [message_pump_libevent.cc : 218 + 0xc] x19 = 0x0000007f7faf2740 x20 = 0x0000007f818ca800 x21 = 0x0000000000000001 x22 = 0x0000007f7faf2750 x23 = 0x0000007f85de0f24 x24 = 0x0000007f94cadd00 x25 = 0x0000000000000000 x26 = 0x0000000000000001 x27 = 0x0000007f5ce84278 x28 = 0x0000007f5ce84280 fp = 0x0000007f5ce84210 sp = 0x0000007f5ce84210 pc = 0x0000007f85de0df8 Found by: call frame info 23 libwebviewchromium.so!base::MessageLoop::RunHandler() [message_loop.cc : 378 + 0x4] x19 = 0x0000007f5ce84398 x20 = 0x0000007f5ce842c0 x21 = 0x0000007f89193000 x22 = 0x0000007f5d43dc0c x23 = 0x0000007f818ca800 x24 = 0x0000007f94c8c710 x25 = 0x0000007f6eeec0a0 x26 = 0x0000007f9e976000 x27 = 0x0000007ffd66d958 x28 = 0x0000000000001000 fp = 0x0000007f5ce84290 sp = 0x0000007f5ce84290 pc = 0x0000007f85dde6e4 Found by: call frame info 24 libwebviewchromium.so!base::RunLoop::Run() [run_loop.cc : 35 + 0x4] x19 = 0x0000007f5ce84398 x20 = 0x0000007f5ce842c0 x21 = 0x0000007f89193000 x22 = 0x0000007f5d43dc0c x23 = 0x0000007f818ca800 x24 = 0x0000007f94c8c710 x25 = 0x0000007f6eeec0a0 x26 = 0x0000007f9e976000 x27 = 0x0000007ffd66d958 x28 = 0x0000000000001000 fp = 0x0000007f5ce842a0 sp = 0x0000007f5ce842a0 pc = 0x0000007f85df697c Found by: call frame info 25 libwebviewchromium.so!content::BrowserThreadImpl::IOThreadRun(base::RunLoop*) [browser_thread_impl.cc : 253 + 0x0] x19 = 0x0000007f5d43dc00 x20 = 0x0000007f5ce84398 x21 = 0x0000007f89193000 x22 = 0x0000007f5d43dc0c x23 = 0x0000007f818ca800 x24 = 0x0000007f94c8c710 x25 = 0x0000007f6eeec0a0 x26 = 0x0000007f9e976000 x27 = 0x0000007ffd66d958 x28 = 0x0000000000001000 fp = 0x0000007f5ce842e0 sp = 0x0000007f5ce842e0 pc = 0x0000007f867f9294 Found by: call frame info 26 libwebviewchromium.so!content::BrowserThreadImpl::Run(base::RunLoop*) [browser_thread_impl.cc : 288 + 0x4] x19 = 0x0000007f5d43dc00 x20 = 0x0000007f5ce84398 x21 = 0x0000007f89193000 x22 = 0x0000007f5d43dc0c x23 = 0x0000007f818ca800 x24 = 0x0000007f94c8c710 x25 = 0x0000007f6eeec0a0 x26 = 0x0000007f9e976000 x27 = 0x0000007ffd66d958 x28 = 0x0000000000001000 fp = 0x0000007f5ce84300 sp = 0x0000007f5ce84300 pc = 0x0000007f867f9380 Found by: call frame info 27 libwebviewchromium.so!base::Thread::ThreadMain() [thread.cc : 333 + 0x10] x19 = 0x0000007f5d43dc00 x20 = 0x0000007f5ce84398 x21 = 0x0000007f89193000 x22 = 0x0000007f5d43dc0c x23 = 0x0000007f818ca800 x24 = 0x0000007f94c8c710 x25 = 0x0000007f6eeec0a0 x26 = 0x0000007f9e976000 x27 = 0x0000007ffd66d958 x28 = 0x0000000000001000 fp = 0x0000007f5ce84340 sp = 0x0000007f5ce84340 pc = 0x0000007f85e144ec Found by: call frame info 28 libwebviewchromium.so!ThreadFunc [platform_thread_posix.cc : 71 + 0xc] x19 = 0x0000000000003480 x20 = 0x0000007f5ce84440 x21 = 0x0000007f5d43dc00 x22 = 0x0000007f7fb35800 x23 = 0x00000000000ff000 x24 = 0x0000000000000002 x25 = 0x0000007f6eeec0a0 x26 = 0x0000007f9e976000 x27 = 0x0000007ffd66d958 x28 = 0x0000000000001000 fp = 0x0000007f5ce843e0 sp = 0x0000007f5ce843e0 pc = 0x0000007f85e0f8ec Found by: call frame info 29 libc.so + 0x65fa0 x19 = 0x0000007f5ce84440 x20 = 0x0000007f5ce844c0 x21 = 0x0000007f9e9e7000 x22 = 0x0000007f9ee1b290 x23 = 0x00000000000ff000 x24 = 0x0000000000000002 x25 = 0x0000007f6eeec0a0 x26 = 0x0000007f9e976000 x27 = 0x0000007ffd66d958 x28 = 0x0000000000001000 fp = 0x0000007f5ce84410 sp = 0x0000007f5ce84410 pc = 0x0000007f9e976fa4 Found by: call frame info
,
Mar 10 2017
I can't really do anything this this. Do we have actual crash reports? There have been similar crashes in the past ( issue 665869 is one example) that were due to hardware errata, and our unfortunate but successful solution was to perturb the binary slightly in order to dodge the bug. It seems likely that this is a similar scenario, as this code path is hit in extremely high frequency on all platforms and we aren't seeing any noticeable volume of crash reports.
,
Mar 10 2017
Is your fix in 56.0.2924.87 ?
,
Mar 10 2017
That was suspected to be a hardware errata on one specific Tegra CPU. It's unlikely it will have any impact on a crash happening on a Samsung device.
,
Mar 10 2017
That fix is in M56 but probably not relevant. I'm not saying it's the same bug, just raising the likely possibility of a hardware problem.
,
May 29 2017
Looks like a dupe of 703421 - i.e. we have a deadlock caused by an sendmsg blocking on what should be a non-blocking socket fd, while holding a lock some other thread needs to acquire. |
||
►
Sign in to add a comment |
||
Comment 1 by michaelbai@chromium.org
, Mar 10 2017