New issue
Advanced search Search tips

Issue 712145 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Nov 2017
Cc:
bokan@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug



Sign in to add a comment

Crash in libwebviewchromium.so: F/libc (19506): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x20 in tid 19553 (Chrome_InProcRe)

Reported by ashokpit...@gmail.com, Apr 17 2017 
Steps to reproduce the problem:
1. connect the VOIP android app to WIFI
2. Keep the application in background overnight idle(~15 hour)
3. on bringing down the network by turning off the WIFI on mobile crash is observed 

Stack trace:

03-21 17:30:32.971 E/GooglePlayServicesUtil(30551): The Google Play services resources were not found. Check your project configuration to ensure that the resources are included.

03-21 17:30:32.971 W/SELinux ( 3043): SELinux: Loaded file_contexts contexts from /data/security/spota/file_contexts.

03-21 17:30:32.981 E/Zygote  (30572): v2

03-21 17:30:32.981 I/SELinux (30572): Function: selinux_compare_spd_ram, index[1], SPD-policy is existed. and_ver=SEPF_SECMOBILE_6.0.1 ver=11

03-21 17:30:32.981 F/DEBUG   ( 3043): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***

03-21 17:30:32.981 F/DEBUG   ( 3043): Build fingerprint: 'samsung/marinelteuc/marinelteatt:6.0.1/MMB29K/G890AUCU3CPC1:user/release-keys'

03-21 17:30:32.981 F/DEBUG   ( 3043): Revision: '4'

03-21 17:30:32.981 F/DEBUG   ( 3043): ABI: 'arm64'

03-21 17:30:32.981 F/DEBUG   ( 3043): pid: 19506, tid: 19553, name: Chrome_InProcRe  >>> com.kodiak                                                                                          <<<

03-21 17:30:32.981 F/DEBUG   ( 3043): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x20

03-21 17:30:32.981 I/libpersona(30572): KNOX_SDCARD checking this for 10175

03-21 17:30:32.981 I/libpersona(30572): KNOX_SDCARD not a persona

03-21 17:30:32.981 I/ActivityManager( 3493): Start proc 30572:com.sec.tetheringprovision/u0a175 for broadcast-3 com.sec.tetheringprovision/.TetheringProvisionReceiver

03-21 17:30:32.991 W/SELinux (30572): Function: selinux_compare_spd_ram, index[1], priority [1], priority version is VE=SEPF_SECMOBILE_6.0.1_0011

03-21 17:30:32.991 E/Zygote  (30572): accessInfo : 0

03-21 17:30:32.991 W/SELinux (30572): SELinux: seapp_context_lookup: seinfo=platform, level=s0:c512,c768, pkgname=com.sec.tetheringprovision 

03-21 17:30:33.001 E/Zygote  (30583): v2

03-21 17:30:33.001 F/DEBUG   ( 3043):     x0   0000000000000020  x1   0000000000000020  x2   0000007f683be510  x3   0000007f683c0750

03-21 17:30:33.001 F/DEBUG   ( 3043):     x4   0000007f7e543000  x5   00000000ffffffff  x6   0000000000000001  x7   0000007f6283a4f0

03-21 17:30:33.001 F/DEBUG   ( 3043):     x8   0000000000000000  x9   0000007f6283a4f0  x10  0000000000000001  x11  0000007f62957ca0

03-21 17:30:33.001 F/DEBUG   ( 3043):     x12  0000007f7e503f40  x13  0000000000000000  x14  0000000000000001  x15  0000000000000099

03-21 17:30:33.001 F/DEBUG   ( 3043):     x16  000000000000009a  x17  0000007f7e503000  x18  0000007f62957ca0  x19  0000007f2668a2e8

03-21 17:30:33.001 F/DEBUG   ( 3043):     x20  0000007f2668db60  x21  0000007f62839090  x22  0000000000000009  x23  0000007f2668db90

03-21 17:30:33.001 F/DEBUG   ( 3043):     x24  0000007f25874280  x25  0000007f62839598  x26  0000000000000000  x27  00000000000003ee

03-21 17:30:33.001 F/DEBUG   ( 3043):     x28  0000007f628395c0  x29  0000007f62839040  x30  0000007f68acaed0

03-21 17:30:33.001 F/DEBUG   ( 3043):     sp   0000007f62839040  pc   0000007f68417b90  pstate 0000000080000000

03-21 17:30:33.001 I/SELinux (30583): Function: selinux_compare_spd_ram, index[1], SPD-policy is existed. and_ver=SEPF_SECMOBILE_6.0.1 ver=11

03-21 17:30:33.001 F/DEBUG   ( 3043): 

03-21 17:30:33.001 F/DEBUG   ( 3043): backtrace:

03-21 17:30:33.001 F/DEBUG   ( 3043):     #00 pc 0000000000721b90  /data/app/com.google.android.webview-2/lib/arm64/libwebviewchromium.so

03-21 17:30:33.001 F/DEBUG   ( 3043):     #01 pc 0000000000dd4ecc  /data/app/com.google.android.webview-2/lib/arm64/libwebviewchromium.so

03-21 17:30:33.001 W/SELinux (30583): Function: selinux_compare_spd_ram, index[1], priority [1], priority version is VE=SEPF_SECMOBILE_6.0.1_0011

What is the expected behavior?
application should not crash

What went wrong?
Application crashed 

Did this work before? N/A 

Chrome version: 58.0.3029.21  Channel: beta
OS Version: Android M 
Flash Version:
adb_stackTrace.txt
70.6 KB View Download
DumpState_03.21.2017_17.32.19.42.txt
6.5 MB View Download

Comment 1 by bokan@chromium.org, Apr 19 2017

Cc: bokan@chromium.org
Components: -Blink Mobile>WebView
Labels: Needs-Feedback
Hi ashokpitambar@gmail.com: Is this crash easy to reproduce or is it random? Is there a specific app that's causing it?

Comment 2 by boliu@chromium.org, Apr 19 2017

Components: Blink>Network>WebSockets
Labels: -Arch-x86_64
Bug in websocket maybe? This is 58.0.3029.21. I still don't know mojo well enough to read the stack..

Thread 0 (crashed)
 0  libwebviewchromium.so!base::subtle::RefCountedThreadSafeBase::AddRef() const [atomic : 740 + 0x0]
 1  libwebviewchromium.so!mojo::Watcher::CallOnHandleReady(unsigned long, unsigned int, MojoHandleSignalsState, unsigned int) [weak_ptr.h : 152 + 0x4]
 2  libwebviewchromium.so!CallWatchCallback [core.cc : 57 + 0x8]
 3  libwebviewchromium.so!base::internal::Invoker<base::internal::BindState<void (*)(void (*)(unsigned long, unsigned int, MojoHandleSignalsState, unsigned int), unsigned long, unsigned int, mojo::edk::HandleSignalsState const&, unsigned int), void (*)(unsigned long, unsigned int, MojoHandleSignalsState, unsigned int), unsigned long>, void (unsigned int, mojo::edk::HandleSignalsState const&, unsigned int)>::Run(base::internal::BindStateBase*, unsigned int&&, mojo::edk::HandleSignalsState const&, unsigned int&&) [bind_internal.h : 164 + 0x14]
 4  libwebviewchromium.so!mojo::edk::Watcher::MaybeInvokeCallback(unsigned int, mojo::edk::HandleSignalsState const&, unsigned int) [callback.h : 85 + 0x10]
 5  libwebviewchromium.so!mojo::edk::RequestContext::~RequestContext() [request_context.cc : 59 + 0x10]
 6  libwebviewchromium.so!mojo::edk::Core::Close(unsigned int) [core.cc : 385 + 0x4]
 7  libwebviewchromium.so!MojoClose [thunks.cc : 22 + 0x4]
 8  libwebviewchromium.so!mojo::Connector::CloseMessagePipe() [handle.h : 79 + 0x4]
 9  libwebviewchromium.so!mojo::internal::MultiplexRouter::CloseMessagePipe() [multiplex_router.cc : 559 + 0x4]
10  libwebviewchromium.so!mojo::internal::BindingStateBase::Close() [binding_state.cc : 42 + 0x4]
11  libwebviewchromium.so!blink::WebSocketHandleImpl::~WebSocketHandleImpl() [binding_state.h : 98 + 0x8]
12  libwebviewchromium.so!blink::WebSocketHandleImpl::~WebSocketHandleImpl() [WebSocketHandleImpl.cpp : 37 + 0x0]
13  libwebviewchromium.so!blink::DocumentWebSocketChannel::didClose(blink::WebSocketHandle*, bool, unsigned short, WTF::String const&) [memory : 2431 + 0x8]
14  libwebviewchromium.so!blink::WebSocketHandleImpl::OnDropChannel(bool, unsigned short, WTF::String const&) [WebSocketHandleImpl.cpp : 250 + 0x1c]
15  libwebviewchromium.so!blink::mojom::blink::WebSocketClientStubDispatch::Accept(blink::mojom::blink::WebSocketClient*, mojo::Message*) [websocket.mojom-blink.cc : 574 + 0x14]
16  libwebviewchromium.so!mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) [interface_endpoint_client.cc : 409 + 0x10]
17  libwebviewchromium.so!mojo::FilterChain::Accept(mojo::Message*) [filter_chain.cc : 40 + 0x10]
18  libwebviewchromium.so!mojo::internal::MultiplexRouter::ProcessIncomingMessage(mojo::Message*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SingleThreadTaskRunner*) [multiplex_router.cc : 901 + 0x8]
19  libwebviewchromium.so!mojo::internal::MultiplexRouter::Accept(mojo::Message*) [multiplex_router.cc : 634 + 0x10]
20  libwebviewchromium.so!mojo::FilterChain::Accept(mojo::Message*) [filter_chain.cc : 40 + 0x10]
21  libwebviewchromium.so!mojo::Connector::ReadSingleMessage(unsigned int*) [connector.cc : 258 + 0x8]
22  libwebviewchromium.so!mojo::Connector::ReadAllAvailableMessages() [connector.cc : 283 + 0x8]
23  libwebviewchromium.so!Run [bind_internal.h : 214 + 0x4]
24  libwebviewchromium.so!mojo::Watcher::OnHandleReady(unsigned int) [callback.h : 85 + 0xc]
symbolized.txt
28.5 KB View Download

Comment 3 by ricea@chromium.org, Apr 20 2017

Components: Internals>Mojo
The WebSocket part looks normal. It looks like mojo is trying to add a ref on an object that doesn't exist any more. Adding Internals>Mojo.

Comment 4 by tyoshino@chromium.org, Apr 20 2017

Status: Untriaged (was: Unconfirmed)
I see some crashes within the WebSocketHandleImpl dtor, but no entry with the same stack trace (checked one entry for each magic signature). 5ae05fd0e0000000 is similar.

REGEXP(product.name, '^Chrome')
  AND REGEXP(product.version, '^(57|58|59|60)\\.')
  AND crash.reason != 'EXCEPTION_BREAKPOINT'
  AND crash.reason != 'Out of Memory'
  AND custom_data.ChromeCrashProto.malware_verdict = false
  OMIT RECORD IF
    SUM(REGEXP(CrashedStackTrace.StackFrame.FunctionName,
               '^blink::WebSocketHandleImpl::~WebSocketHandleImpl')) = 0

Comment 5 by kimi.rib...@gmail.com, May 3 2017 

I get similar errors on some of my apps. It suddenly started to happen after I upgraded my Chrome if I remembered it correctly.

One reliable way for me to get this error: Open the Chinese train ticket app. You can download the APK from here: http://dynamic.12306.cn/otn/appdownload/12306v2.5.apk
It will crash just when you open it.


Log here:

05-03 19:56:03.063 12130 12217 F libc    : Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 12217 (Chrome_InProcRe)
05-03 19:56:03.119  9886  9886 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
05-03 19:56:03.120  9886  9886 F DEBUG   : Build fingerprint: 'Xiaomi/helium/helium:6.0.1/MMB29M/V8.2.3.0.MBDCNDL:user/release-keys'
05-03 19:56:03.120  9886  9886 F DEBUG   : Revision: '0'
05-03 19:56:03.120  9886  9886 F DEBUG   : ABI: 'arm'
05-03 19:56:03.120  9886  9886 F DEBUG   : pid: 12130, tid: 12217, name: Chrome_InProcRe  >>> com.MobileTicket <<<
05-03 19:56:03.121  9886  9886 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
05-03 19:56:03.160  9886  9886 F DEBUG   :     r0 00000000  r1 0000002f  r2 ffffffff  r3 00000000
05-03 19:56:03.161  9886  9886 F DEBUG   :     r4 00000000  r5 00000000  r6 00000000  r7 d7f4cfcc
05-03 19:56:03.161  9886  9886 F DEBUG   :     r8 d7f4cfcc  r9 d7f4cfcc  sl d7f4d0c4  fp d7f4d0c4
05-03 19:56:03.161  9886  9886 F DEBUG   :     ip f6f8e644  sp d7f4cda0  lr df802ee3  pc f6f7854a  cpsr 000b0030
05-03 19:56:03.162  9886  9886 F DEBUG   : 
05-03 19:56:03.162  9886  9886 F DEBUG   : backtrace:
05-03 19:56:03.162  9886  9886 F DEBUG   :     #00 pc 0000054a  /system/lib/libc.so (offset 0x48000)
05-03 19:56:03.162  9886  9886 F DEBUG   :     #01 pc 001c7edf  /data/app/com.MobileTicket-1/lib/arm/libDexHelper.so

Comment 6 by ashokpit...@gmail.com, May 3 2017 

@bokan it is random crash , I have mentioned one case.

Comment 7 by yhirano@chromium.org, Jun 9 2017

Components: -Blink>Network>WebSockets
Removing Blink>Network>WebSockets. Feel free to re-add the label if WebSocket is related.

Comment 8 by tobiasjs@chromium.org, Jun 9 2017 

#5 looks like a dup of  crbug.com/714232  which is caused by an antipiracy library common in China intercepting dlopen() but not understanding that it's legal to call dlopen with path == nullptr. I don't think that has anything to do with the crash in the original report though.

Comment 9 by cmasso@google.com, Nov 13 2017 

Are we still seeing this crash? Should this issue be marked as won't fix?

Comment 10 by cma...@chromium.org, Nov 28 2017

Status: WontFix (was: Untriaged)
Since this is a random crash with only one case presented so far, there is probably nothing we can do about it now. I am marking this bug as WontFix but feel free to open it if you have more information or if you see more crashes.

Sign in to add a comment