Issue 704372 link

Starred by 1 user

Issue metadata

Status:	Fixed
Owner:	tiborg@chromium.org
Closed:	Mar 2017
Components:	Blink>WebXR
EstimatedDays:	----
NextAction:	----
OS:	Android
Pri:	1
Type:	Bug
M-59 Proj-VR
Proj-XR

ToT crashes if WebVR page is visited without VR Services installed

Project Member Reported by bsheedy@chromium.org, Mar 23 2017

Issue description

Reproducible on ToT, but not Canary (59.0.3046.3), so should be a recent change.

Visiting a WebVR page, e.g. one of the sample pages, without VR Services installed causes a crash with the following trace.

--------- beginning of crash
03-22 17:49:33.279  2998  2998 F libc    : Fatal signal 6 (SIGABRT), code -6 in tid 2998 (chromium.chrome)
03-22 17:49:33.279   534   534 W         : debuggerd: handling request: pid=2998 uid=10281 gid=10281 tid=2998
03-22 17:49:33.356  3145  3145 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-22 17:49:33.356  3145  3145 F DEBUG   : Build fingerprint: 'google/sailfish/sailfish:7.1.2/N2G47/3740936:userdebug/dev-keys'
03-22 17:49:33.357  3145  3145 F DEBUG   : Revision: '0'
03-22 17:49:33.357  3145  3145 F DEBUG   : ABI: 'arm'
03-22 17:49:33.357  3145  3145 F DEBUG   : pid: 2998, tid: 2998, name: chromium.chrome  >>> org.chromium.chrome <<<
03-22 17:49:33.357  3145  3145 F DEBUG   : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
03-22 17:49:33.358  3145  3145 F DEBUG   : Abort message: '[FATAL:vr_service.mojom.cc(602)] The outgoing message will trigger VALIDATION_ERROR_UNEXPECTED_NULL_POINTER at the receiving side (null displayInfo in VRServiceClient.OnDisplayConnected request).
03-22 17:49:33.358  3145  3145 F DEBUG   : #00 0xcd63326f /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x0008e26f
03-22 17:49:33.358  3145  3145 F DEBUG   : #01 0xcd647bb7 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x000a2bb7
03-22 17:49:33.358  3145  3145 F DEBUG   : #02 0xc9b02f29 /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so+0x00027f29
03-22 17:49:33.358  3145  3145 F DEBUG   : #03 0xc9afd3f1 /data/app/org.chromium.chrome-1/lib/arm
03-22 17:49:33.358  3145  3145 F DEBUG   :     r0 00000000  r1 00000bb6  r2 00000006  r3 00000008
03-22 17:49:33.358  3145  3145 F DEBUG   :     r4 eabe558c  r5 00000006  r6 eabe5534  r7 0000010c
03-22 17:49:33.358  3145  3145 F DEBUG   :     r8 ff853c18  r9 00000000  sl e9390830  fp ff8540c4
03-22 17:49:33.358  3145  3145 F DEBUG   :     ip 0000000b  sp ff853aa0  lr e934e5c7  pc e9350e30  cpsr 600a0010
03-22 17:49:33.369  3145  3145 F DEBUG   : 
03-22 17:49:33.369  3145  3145 F DEBUG   : backtrace:
03-22 17:49:33.369  3145  3145 F DEBUG   :     #00 pc 00049e30  /system/lib/libc.so (tgkill+12)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #01 pc 000475c3  /system/lib/libc.so (pthread_kill+34)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #02 pc 0001d635  /system/lib/libc.so (raise+10)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #03 pc 00019181  /system/lib/libc.so (__libc_android_abort+34)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #04 pc 00017048  /system/lib/libc.so (abort+4)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #05 pc 0008e22f  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base5debug13BreakDebuggerEv+18)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #06 pc 000a2d29  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN7logging10LogMessageD1Ev+604)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #07 pc 00027f27  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device5mojom20VRServiceClientProxy18OnDisplayConnectedEN4mojo12InterfacePtrINS0_9VRDisplayEEENS2_16InterfaceRequestINS0_15VRDisplayClientEEENS2_9StructPtrINS0_13VRDisplayInfoEEE+574)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #08 pc 000223f1  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #09 pc 00022ce3  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #10 pc 0002298d  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #11 pc 00bf22b7  /data/app/org.chromium.chrome-1/lib/arm/libchrome.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #12 pc 00023325  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device9GvrDevice19CreateVRDisplayInfoERKN4base8CallbackIFvN4mojo9StructPtrINS_5mojom13VRDisplayInfoEEEELNS1_8internal8CopyModeE1ELNS9_10RepeatModeE1EEE+36)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #13 pc 00022739  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #14 pc 00020a35  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device15VRDeviceManager10AddServiceEPNS_13VRServiceImplE+184)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #15 pc 00022c43  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #16 pc 0002a209  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device5mojom21VRServiceStubDispatch19AcceptWithResponderEPNS0_9VRServiceEPN4mojo7MessageENSt6__ndk110unique_ptrINS4_25MessageReceiverWithStatusENS7_14default_deleteIS9_EEEE+676)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #17 pc 00022449  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #18 pc 00019519  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo23InterfaceEndpointClient22HandleValidatedMessageEPNS_7MessageE+320)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #19 pc 000176dd  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo11FilterChain6AcceptEPNS_7MessageE+100)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #20 pc 000193b3  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo23InterfaceEndpointClient21HandleIncomingMessageEPNS_7MessageE+74)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #21 pc 0001e20b  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo8internal15MultiplexRouter22ProcessIncomingMessageEPNS_7MessageENS1_18ClientCallBehaviorEPN4base22SingleThreadTaskRunnerE+426)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #22 pc 0001ebe7  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo8internal15MultiplexRouter6AcceptEPNS_7MessageE+182)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #23 pc 000176dd  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo11FilterChain6AcceptEPNS_7MessageE+100)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #24 pc 0001551d  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector17ReadSingleMessageEPj+164)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #25 pc 00015771  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector24ReadAllAvailableMessagesEv+88)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #26 pc 000158d3  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector21OnHandleReadyInternalEj+90)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #27 pc 0000570b  /data/app/org.chromium.chrome-1/lib/arm/libmojo_public_system_cpp.cr.so (_ZN4mojo13SimpleWatcher13OnHandleReadyEij+230)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #28 pc 00004f25  /data/app/org.chromium.chrome-1/lib/arm/libmojo_public_system_cpp.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #29 pc 0008ec33  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base5debug13TaskAnnotator7RunTaskEPKcPNS_11PendingTaskE+598)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #30 pc 000a9b57  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop7RunTaskEPNS_11PendingTaskE+442)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #31 pc 000a9fbd  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop21DeferOrRunPendingTaskENS_11PendingTaskE+28)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #32 pc 000aa0a7  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop6DoWorkEv+144)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #33 pc 000abe37  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #34 pc 000abf39  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (Java_org_chromium_base_SystemMessageHandler_nativeDoRunLoopOnce+52)
03-22 17:49:33.371  3145  3145 F DEBUG   :     #35 pc 00fba51d  /data/app/org.chromium.chrome-1/oat/arm/base.odex (offset 0xf7f000)

Reproducible on ToT (6cf1f32a1b57b5f3018cab99820f6f8a4c0270f9), but not Canary (59.0.3046.3), so should be a recent change.

Visiting a WebVR page, e.g. one of the sample pages, without VR Services installed causes a crash with the following trace.

--------- beginning of crash
03-22 17:49:33.279  2998  2998 F libc    : Fatal signal 6 (SIGABRT), code -6 in tid 2998 (chromium.chrome)
03-22 17:49:33.279   534   534 W         : debuggerd: handling request: pid=2998 uid=10281 gid=10281 tid=2998
03-22 17:49:33.356  3145  3145 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-22 17:49:33.356  3145  3145 F DEBUG   : Build fingerprint: 'google/sailfish/sailfish:7.1.2/N2G47/3740936:userdebug/dev-keys'
03-22 17:49:33.357  3145  3145 F DEBUG   : Revision: '0'
03-22 17:49:33.357  3145  3145 F DEBUG   : ABI: 'arm'
03-22 17:49:33.357  3145  3145 F DEBUG   : pid: 2998, tid: 2998, name: chromium.chrome  >>> org.chromium.chrome <<<
03-22 17:49:33.357  3145  3145 F DEBUG   : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
03-22 17:49:33.358  3145  3145 F DEBUG   : Abort message: '[FATAL:vr_service.mojom.cc(602)] The outgoing message will trigger VALIDATION_ERROR_UNEXPECTED_NULL_POINTER at the receiving side (null displayInfo in VRServiceClient.OnDisplayConnected request).
03-22 17:49:33.358  3145  3145 F DEBUG   : #00 0xcd63326f /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x0008e26f
03-22 17:49:33.358  3145  3145 F DEBUG   : #01 0xcd647bb7 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x000a2bb7
03-22 17:49:33.358  3145  3145 F DEBUG   : #02 0xc9b02f29 /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so+0x00027f29
03-22 17:49:33.358  3145  3145 F DEBUG   : #03 0xc9afd3f1 /data/app/org.chromium.chrome-1/lib/arm
03-22 17:49:33.358  3145  3145 F DEBUG   :     r0 00000000  r1 00000bb6  r2 00000006  r3 00000008
03-22 17:49:33.358  3145  3145 F DEBUG   :     r4 eabe558c  r5 00000006  r6 eabe5534  r7 0000010c
03-22 17:49:33.358  3145  3145 F DEBUG   :     r8 ff853c18  r9 00000000  sl e9390830  fp ff8540c4
03-22 17:49:33.358  3145  3145 F DEBUG   :     ip 0000000b  sp ff853aa0  lr e934e5c7  pc e9350e30  cpsr 600a0010
03-22 17:49:33.369  3145  3145 F DEBUG   : 
03-22 17:49:33.369  3145  3145 F DEBUG   : backtrace:
03-22 17:49:33.369  3145  3145 F DEBUG   :     #00 pc 00049e30  /system/lib/libc.so (tgkill+12)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #01 pc 000475c3  /system/lib/libc.so (pthread_kill+34)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #02 pc 0001d635  /system/lib/libc.so (raise+10)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #03 pc 00019181  /system/lib/libc.so (__libc_android_abort+34)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #04 pc 00017048  /system/lib/libc.so (abort+4)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #05 pc 0008e22f  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base5debug13BreakDebuggerEv+18)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #06 pc 000a2d29  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN7logging10LogMessageD1Ev+604)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #07 pc 00027f27  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device5mojom20VRServiceClientProxy18OnDisplayConnectedEN4mojo12InterfacePtrINS0_9VRDisplayEEENS2_16InterfaceRequestINS0_15VRDisplayClientEEENS2_9StructPtrINS0_13VRDisplayInfoEEE+574)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #08 pc 000223f1  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #09 pc 00022ce3  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #10 pc 0002298d  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #11 pc 00bf22b7  /data/app/org.chromium.chrome-1/lib/arm/libchrome.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #12 pc 00023325  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device9GvrDevice19CreateVRDisplayInfoERKN4base8CallbackIFvN4mojo9StructPtrINS_5mojom13VRDisplayInfoEEEELNS1_8internal8CopyModeE1ELNS9_10RepeatModeE1EEE+36)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #13 pc 00022739  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #14 pc 00020a35  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device15VRDeviceManager10AddServiceEPNS_13VRServiceImplE+184)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #15 pc 00022c43  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #16 pc 0002a209  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device5mojom21VRServiceStubDispatch19AcceptWithResponderEPNS0_9VRServiceEPN4mojo7MessageENSt6__ndk110unique_ptrINS4_25MessageReceiverWithStatusENS7_14default_deleteIS9_EEEE+676)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #17 pc 00022449  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #18 pc 00019519  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo23InterfaceEndpointClient22HandleValidatedMessageEPNS_7MessageE+320)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #19 pc 000176dd  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo11FilterChain6AcceptEPNS_7MessageE+100)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #20 pc 000193b3  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo23InterfaceEndpointClient21HandleIncomingMessageEPNS_7MessageE+74)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #21 pc 0001e20b  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo8internal15MultiplexRouter22ProcessIncomingMessageEPNS_7MessageENS1_18ClientCallBehaviorEPN4base22SingleThreadTaskRunnerE+426)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #22 pc 0001ebe7  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo8internal15MultiplexRouter6AcceptEPNS_7MessageE+182)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #23 pc 000176dd  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo11FilterChain6AcceptEPNS_7MessageE+100)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #24 pc 0001551d  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector17ReadSingleMessageEPj+164)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #25 pc 00015771  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector24ReadAllAvailableMessagesEv+88)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #26 pc 000158d3  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector21OnHandleReadyInternalEj+90)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #27 pc 0000570b  /data/app/org.chromium.chrome-1/lib/arm/libmojo_public_system_cpp.cr.so (_ZN4mojo13SimpleWatcher13OnHandleReadyEij+230)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #28 pc 00004f25  /data/app/org.chromium.chrome-1/lib/arm/libmojo_public_system_cpp.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #29 pc 0008ec33  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base5debug13TaskAnnotator7RunTaskEPKcPNS_11PendingTaskE+598)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #30 pc 000a9b57  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop7RunTaskEPNS_11PendingTaskE+442)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #31 pc 000a9fbd  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop21DeferOrRunPendingTaskENS_11PendingTaskE+28)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #32 pc 000aa0a7  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop6DoWorkEv+144)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #33 pc 000abe37  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #34 pc 000abf39  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (Java_org_chromium_base_SystemMessageHandler_nativeDoRunLoopOnce+52)
03-22 17:49:33.371  3145  3145 F DEBUG   :     #35 pc 00fba51d  /data/app/org.chromium.chrome-1/oat/arm/base.odex (offset 0xf7f000)

Reproducible on ToT (6cf1f32a1b57b5f3018cab99820f6f8a4c0270f9), but not Canary (59.0.3048.0), so should be a recent change.

Visiting a WebVR page, e.g. one of the sample pages, without VR Services installed causes a crash with the following trace.

--------- beginning of crash
03-22 17:49:33.279  2998  2998 F libc    : Fatal signal 6 (SIGABRT), code -6 in tid 2998 (chromium.chrome)
03-22 17:49:33.279   534   534 W         : debuggerd: handling request: pid=2998 uid=10281 gid=10281 tid=2998
03-22 17:49:33.356  3145  3145 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-22 17:49:33.356  3145  3145 F DEBUG   : Build fingerprint: 'google/sailfish/sailfish:7.1.2/N2G47/3740936:userdebug/dev-keys'
03-22 17:49:33.357  3145  3145 F DEBUG   : Revision: '0'
03-22 17:49:33.357  3145  3145 F DEBUG   : ABI: 'arm'
03-22 17:49:33.357  3145  3145 F DEBUG   : pid: 2998, tid: 2998, name: chromium.chrome  >>> org.chromium.chrome <<<
03-22 17:49:33.357  3145  3145 F DEBUG   : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
03-22 17:49:33.358  3145  3145 F DEBUG   : Abort message: '[FATAL:vr_service.mojom.cc(602)] The outgoing message will trigger VALIDATION_ERROR_UNEXPECTED_NULL_POINTER at the receiving side (null displayInfo in VRServiceClient.OnDisplayConnected request).
03-22 17:49:33.358  3145  3145 F DEBUG   : #00 0xcd63326f /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x0008e26f
03-22 17:49:33.358  3145  3145 F DEBUG   : #01 0xcd647bb7 /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so+0x000a2bb7
03-22 17:49:33.358  3145  3145 F DEBUG   : #02 0xc9b02f29 /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so+0x00027f29
03-22 17:49:33.358  3145  3145 F DEBUG   : #03 0xc9afd3f1 /data/app/org.chromium.chrome-1/lib/arm
03-22 17:49:33.358  3145  3145 F DEBUG   :     r0 00000000  r1 00000bb6  r2 00000006  r3 00000008
03-22 17:49:33.358  3145  3145 F DEBUG   :     r4 eabe558c  r5 00000006  r6 eabe5534  r7 0000010c
03-22 17:49:33.358  3145  3145 F DEBUG   :     r8 ff853c18  r9 00000000  sl e9390830  fp ff8540c4
03-22 17:49:33.358  3145  3145 F DEBUG   :     ip 0000000b  sp ff853aa0  lr e934e5c7  pc e9350e30  cpsr 600a0010
03-22 17:49:33.369  3145  3145 F DEBUG   : 
03-22 17:49:33.369  3145  3145 F DEBUG   : backtrace:
03-22 17:49:33.369  3145  3145 F DEBUG   :     #00 pc 00049e30  /system/lib/libc.so (tgkill+12)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #01 pc 000475c3  /system/lib/libc.so (pthread_kill+34)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #02 pc 0001d635  /system/lib/libc.so (raise+10)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #03 pc 00019181  /system/lib/libc.so (__libc_android_abort+34)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #04 pc 00017048  /system/lib/libc.so (abort+4)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #05 pc 0008e22f  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base5debug13BreakDebuggerEv+18)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #06 pc 000a2d29  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN7logging10LogMessageD1Ev+604)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #07 pc 00027f27  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device5mojom20VRServiceClientProxy18OnDisplayConnectedEN4mojo12InterfacePtrINS0_9VRDisplayEEENS2_16InterfaceRequestINS0_15VRDisplayClientEEENS2_9StructPtrINS0_13VRDisplayInfoEEE+574)
03-22 17:49:33.369  3145  3145 F DEBUG   :     #08 pc 000223f1  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #09 pc 00022ce3  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #10 pc 0002298d  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #11 pc 00bf22b7  /data/app/org.chromium.chrome-1/lib/arm/libchrome.cr.so
03-22 17:49:33.369  3145  3145 F DEBUG   :     #12 pc 00023325  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device9GvrDevice19CreateVRDisplayInfoERKN4base8CallbackIFvN4mojo9StructPtrINS_5mojom13VRDisplayInfoEEEELNS1_8internal8CopyModeE1ELNS9_10RepeatModeE1EEE+36)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #13 pc 00022739  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #14 pc 00020a35  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device15VRDeviceManager10AddServiceEPNS_13VRServiceImplE+184)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #15 pc 00022c43  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #16 pc 0002a209  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so (_ZN6device5mojom21VRServiceStubDispatch19AcceptWithResponderEPNS0_9VRServiceEPN4mojo7MessageENSt6__ndk110unique_ptrINS4_25MessageReceiverWithStatusENS7_14default_deleteIS9_EEEE+676)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #17 pc 00022449  /data/app/org.chromium.chrome-1/lib/arm/libdevice_vr.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #18 pc 00019519  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo23InterfaceEndpointClient22HandleValidatedMessageEPNS_7MessageE+320)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #19 pc 000176dd  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo11FilterChain6AcceptEPNS_7MessageE+100)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #20 pc 000193b3  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo23InterfaceEndpointClient21HandleIncomingMessageEPNS_7MessageE+74)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #21 pc 0001e20b  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo8internal15MultiplexRouter22ProcessIncomingMessageEPNS_7MessageENS1_18ClientCallBehaviorEPN4base22SingleThreadTaskRunnerE+426)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #22 pc 0001ebe7  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo8internal15MultiplexRouter6AcceptEPNS_7MessageE+182)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #23 pc 000176dd  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo11FilterChain6AcceptEPNS_7MessageE+100)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #24 pc 0001551d  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector17ReadSingleMessageEPj+164)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #25 pc 00015771  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector24ReadAllAvailableMessagesEv+88)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #26 pc 000158d3  /data/app/org.chromium.chrome-1/lib/arm/libbindings.cr.so (_ZN4mojo9Connector21OnHandleReadyInternalEj+90)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #27 pc 0000570b  /data/app/org.chromium.chrome-1/lib/arm/libmojo_public_system_cpp.cr.so (_ZN4mojo13SimpleWatcher13OnHandleReadyEij+230)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #28 pc 00004f25  /data/app/org.chromium.chrome-1/lib/arm/libmojo_public_system_cpp.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #29 pc 0008ec33  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base5debug13TaskAnnotator7RunTaskEPKcPNS_11PendingTaskE+598)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #30 pc 000a9b57  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop7RunTaskEPNS_11PendingTaskE+442)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #31 pc 000a9fbd  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop21DeferOrRunPendingTaskENS_11PendingTaskE+28)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #32 pc 000aa0a7  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (_ZN4base11MessageLoop6DoWorkEv+144)
03-22 17:49:33.370  3145  3145 F DEBUG   :     #33 pc 000abe37  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so
03-22 17:49:33.370  3145  3145 F DEBUG   :     #34 pc 000abf39  /data/app/org.chromium.chrome-1/lib/arm/libbase.cr.so (Java_org_chromium_base_SystemMessageHandler_nativeDoRunLoopOnce+52)
03-22 17:49:33.371  3145  3145 F DEBUG   :     #35 pc 00fba51d  /data/app/org.chromium.chrome-1/oat/arm/base.odex (offset 0xf7f000)

Comment 1 by bsheedy@chromium.org, Mar 23 2017

Description: Show this description

Comment 2 by bsheedy@chromium.org, Mar 23 2017

I've been able to reproduce on both my Pixel w/ N and 5X w/ M.

Comment 3 by bsheedy@chromium.org, Mar 23 2017

Description: Show this description

Comment 4 by billorr@chromium.org, Mar 23 2017

Owner: tiborg@chromium.org

regression from https://chromium.googlesource.com/chromium/src/+/e3db9aa8aa3160f96599766955bf286a64a072e2

service_client->OnDisplayConnected is called with a null DisplayInfo, but the mojo interface doesn't support this.  Either filter in VRDisplayImpl's constructor or (better) filter in VRServiceImpl::OnVRDisplayInfoCreated.

Comment 5 by ddorwin@chromium.org, Mar 23 2017

Labels: -Pri-2 M-59 Pri-1
Status: Assigned (was: Untriaged)

Comment 6 by bsheedy@chromium.org, Mar 23 2017

Here's the symbols that Klaus requested, although it looks like they're not necessary.

tracedump.txt
75.0 KB View Download

Project Member

Comment 7 by bugdroid1@chromium.org, Mar 29 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/afc06442b2cfafd520fe4dbbdddf081714e53154

commit afc06442b2cfafd520fe4dbbdddf081714e53154
Author: tiborg <tiborg@chromium.org>
Date: Wed Mar 29 15:18:33 2017

Fixes crash where the browser crashed when visiting WebVR pages without VR Services installed.

- No VrDisplayImpls and subsequently VRDisplays are instantiated when querying a VRDsiplayInfo failed.

BUG= 704372 

Review-Url: https://codereview.chromium.org/2773223002
Cr-Commit-Position: refs/heads/master@{#460392}

[modify] https://crrev.com/afc06442b2cfafd520fe4dbbdddf081714e53154/device/vr/vr_service_impl.cc

Comment 8 by tiborg@chromium.org, Mar 29 2017

Status: Fixed (was: Assigned)

Comment 9 by btebbs@chromium.org, Jul 4

Components: Blink>WebXR

►

Issue 704372 link

Issue metadata

ToT crashes if WebVR page is visited without VR Services installed

Issue description

Comment 1 by bsheedy@chromium.org, Mar 23 2017

Comment 1 Deleted

Comment 2 by bsheedy@chromium.org, Mar 23 2017

Comment 2 Deleted

Comment 3 by bsheedy@chromium.org, Mar 23 2017

Comment 3 Deleted

Comment 4 by billorr@chromium.org, Mar 23 2017

Comment 4 Deleted

Comment 5 by ddorwin@chromium.org, Mar 23 2017

Comment 5 Deleted

Comment 6 by bsheedy@chromium.org, Mar 23 2017

Comment 6 Deleted

Comment 7 by bugdroid1@chromium.org, Mar 29 2017

Comment 7 Deleted

Comment 8 by tiborg@chromium.org, Mar 29 2017

Comment 8 Deleted

Comment 9 by btebbs@chromium.org, Jul 4

Comment 9 Deleted

Sign in to add a comment