Issue metadata
Sign in to add a comment
|
com.cmbchina.ccd.pluto app crashes on Samsung Galaxy S7/S7 Edge international version starting in M58
Reported by
gu7...@gmail.com,
Apr 26 2017
|
||||||||||||||||||||||||||||||||
Issue descriptionTHIS TEMPLATE IS FOR FILING BUGS ON THE ANDROID SYSTEM WEBVIEW. GENERAL WEB BUGS SHOULD BE FILED USING A DIFFERENT TEMPLATE! Device name: Samsung S7 Edge Android version: 7.0 WebView version (from system settings -> Apps -> Android System WebView):58.0.3029.83 Application:发现精彩(广发银行信用卡客户端)/掌上生活(招商银行信用卡客户端) Application version: 发现精彩1.2.3 招行掌上生活5.5.7 URLs (if applicable): http://www.coolapk.com/apk/com.cmbchina.ccd.pluto.cmbActivity http://sj.qq.com/myapp/detail.htm?apkName=com.cs_credit_bank Steps to reproduce: (1)Update your phone's webview to the latest version 58.0.3029.83 (2)Start the "发现精彩/掌上生活" client (3)Waiting for software to enter Expected result: Operating normally Actual result: Crash p.s If the webview on the 55 version, there will be no such problem, and if you open the system developers option "Enable multi-process webview" , the problem will not be repeated
,
Apr 28 2017
https://chromium.googlesource.com/chromium/src/+log/58.0.3021.0..58.0.3026.0?pretty=fuller&n=10000 58.0.3021.0 - Good 58.0.3022.0 - No build 58.0.3023.0 - No build 58.0.3024.0 - No build 58.0.3025.0 - No build 58.0.3026.0 - Bad
,
May 1 2017
,
May 6 2017
We need the device. Assigning to aluo@, please reassign back to a bug cop if you are able to revive it. It seems we also need to order the rooted device to do bisection with user builds.
,
May 8 2017
,
May 8 2017
aluo@ ordered Galaxy S7 (SM-G930F) and right now device with ntfschr@(bug cop). Thanks!
,
May 9 2017
I narrowed the bisect range down to: https://chromium.googlesource.com/chromium/src.git/+log/ce8e030ea1a1f88e12e9d8ce1c3e5f921f27c81b..f9cb6a502f37bb663d158bcb09a0a231f8519e64?pretty=fuller&n=10000 There's one CL which touches "gpu/" and one revert. Reverting the revert doesn't change anything, so this is probably not the cause. Bisecting manually is taking forever, so I may have to postpone work until I can use the per-CL bisect script on this.
,
May 10 2017
Ok, bisect is finished. Commit at blame is a skia roll: https://chromium.googlesource.com/chromium/src.git/+/030f8344b34bbfe3d7d73501eca197e2ed2114ef Bisecting skia suggests the blame is to fall on this commit: https://skia.googlesource.com/skia.git/+/fc497343cbcbd526f77da913ae2feca0e1b1b866 bungeman@, any ideas why this would be causing crashes for this GPU? Any ideas for a fix I could try out locally?
,
May 10 2017
When https://skia.googlesource.com/skia.git/+/fc497343cbcbd526f77da913ae2feca0e1b1b866 landed it added a method to query a font property to Skia, but this method was not immediately in any use in Chromium / WebView. It wasn't until later that Chromium started calling the new function. Also, this just changes how to query some data out of a font, I can't imagine how it would be causing an issue in some texture manager. By 'bisecting skia' do you mean you actually set up the WebView build at this point and built with and without this change and it made a difference? Because I'm struggling to understand what difference this might have made at all (since Chromium wasn't using most of this code change yet).
,
May 10 2017
To bisect, I set: - clank revision: https://chrome-internal.googlesource.com/clank/internal/apps/+/3b2dd52c2ca9b35952fe25c2893e980a7c585b33 - chromium revision: https://chromium.googlesource.com/chromium/src.git/+/030f8344b34bbfe3d7d73501eca197e2ed2114ef - skia revision: first https://skia.googlesource.com/skia.git/+/fc497343cbcbd526f77da913ae2feca0e1b1b866, then https://skia.googlesource.com/skia.git/+/9fe1b22249171087a0f01c67369559f6fd491540 I saw a crash in the first configuration (includes fc4973), and no crash in the second configuration (right before fc4973). Stepping to e30f758 and reverting fc4973 also fixed the crash. Ben, any ideas on how this might cause a crash, or how we might step around this?
,
May 10 2017
By 'fixed the crash' do you mean it just crashed or that it crashed in the same way the stack in comment #1? Because that Skia change did have an issue where it was possible to deference a nullptr, but that was fixed later (e7e5499c787a492d98f73445dea78b9dfb0f773b). On the other hand I don't see how this Skia change can possibly be related since as far as I can tell there is no data interaction between and of the code in the Skia change and the stack trace in comment #1.
,
May 10 2017
All I see is that the app no longer crashes at startup. When I observed the crash, I never actually saw a microdump with the same stack as in c#1, so I'm not sure if this can be chalked up to memory corruption or not. I did my best to symbolize the microdump I see from the crash (this is different than the microdump I saw at the start of the bisection, but perhaps is still related to the issue). Does the stack (see attached unsymbolized-skia-stack.txt/symbolized-skia-stack.txt) make any sense? Could it be the nullptr issue you mentioned? Cherry picking e7e549 didn't fix the crash, but the stack changed (see the attached *-with-cherry.txt files).
,
May 15 2017
CC'ing Torne
,
May 15 2017
Oh, ok. I think Torne was right, I see some "dlopen(nullptr...)" stuff in here, so that might be the issue.
,
May 15 2017
The skia change linked here: https://skia.googlesource.com/skia.git/+/fc497343cbcbd526f77da913ae2feca0e1b1b866 changes a bunch of the #ifdef guards around some code which uses dlopen(nullptr) to get a handle for the current executable. It looks like this is causing the dlopen(nullptr) to be executed on Android, which it previously wasn't. This has a bad interaction with some third party app obfuscation code which hooks dlopen incorrectly and doesn't check if the path is null before attempting to do string operations on it. If the change to the behaviour on Android here was unintentional, then it may be worth changing in M59 to reduce compatibility issues with these apps (what we're doing is perfectly legitimate, but it looks like this is the first time we've ever happened to make this particular libc call). If this is actually providing some benefit on Android (I really can't follow the change to work out what it's supposed to do) then that's fine. See also b/38162069
,
May 15 2017
Thanks for the in-depth explanation, Torne. Yeah, I never would've guessed dlopen(nullptr) was to blame until you mentioned it today.
,
May 15 2017
Issue 722502 has been merged into this issue.
,
May 24 2017
note that bungeman is on paternity leave, questionable availability for a while- adding some others on Skia team
,
May 24 2017
Ah, thanks for adding them. djsollen@, reed@: we believe the issue for WebView is simply due to the `dlopen(nullptr)`. Is it reasonable to avoid this call on Android? Or is there a non-null argument we can put there? As Torne said, this isn't really a bug--it's valid to pass nullptr to the function. On the other hand, there seem to be a large number of apps that don't handle the nullptr case and are crashing because of it. Ideally, the apps should fix their bugs, but WebView team wants to be flexible where possible.
,
May 25 2017
,
May 25 2017
Per comment 19, this isn't a bug in WebView. It is also causing about less than 0.5% of crashes on M58. Removing RBS label and bumping to M-60.
,
May 25 2017
There's no non-null arg to put there; dlopen(null) requests a specific thing that can't be replicated any other way. However, this code didn't used to actually call dlopen(null) on webview (probably not on android at all) and so my guess from the CL is that introducing it was a mistake, since it seems unlikely that it's actually going to end up finding the symbol it's looking for on android. The crash rate is apparently much higher in China where we don't get crash data; there's various app obfuscation frameworks that are popular in that market that aren't common on the Play Store. But I agree that this isn't critical.
,
May 25 2017
Passing off to djsollen@ to make sure this gets looked at. Please reassign as necessary.
,
May 26 2017
It looks like it might be the case that the Nexus 4 LMY48T libc doesn't support this either. We've seen about 200 crashes on this device in m59 with magic signature FreeTypeLibrary::FreeTypeLibrary.
,
May 26 2017
(25% of those crashes are in GSA)
,
Jun 1 2017
,
Jun 5 2017
Whether or not dlopen is called here is based on the SK_FREETYPE_MINIMUM_RUNTIME_VERSION build flag. I'm not entirely sure how WebView is built, does it have its own copy of FreeType or use the system FreeType? If it's the system copy then there's no real way around this, if it is using it's own copy of FreeType then setting SK_FREETYPE_MINIMUM_RUNTIME_VERSION and using an up to date FreeType should work.
,
Jun 5 2017
WebView is a standard build of the chromium code for android; it should be using exactly the same freetype build and settings as Chrome does on Android, so if this is happening in WebView it's probably also happening in Chrome.
,
Jun 5 2017
Also: this doesn't appear to have been happening before the CL linked above, so I'm pretty sure that CL changed this behaviour even though it's not documented as doing so.
,
Jun 5 2017
I think the issue here is that SK_FREETYPE_MINIMUM_RUNTIME_VERSION isn't being set. It should be set when !use_system_freetype . I'll take a look at making sure that's done.
,
Jun 9 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/981d5eacd1b5812b6803065a3bfe5d5e690be48a commit 981d5eacd1b5812b6803065a3bfe5d5e690be48a Author: Ben Wagner <bungeman@chromium.org> Date: Fri Jun 09 21:11:58 2017 Remove gtk dependency from gles tests. Remove gtk2 dependency from gles2_conform_test_windowless on Linux. This dependendency no longer seems to be used and indirectly drags in the sysroot libfreetype.so.6 (through pkg-config) to link against. This introduces difficult to track link errors in component builds as FreeType should be selected by //build/config/freetype. BUG= chromium:715429 Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel Change-Id: I1f29360c1b5eba11d799de57936b64846cb24b6d Reviewed-on: https://chromium-review.googlesource.com/527918 Reviewed-by: Dominik Röttsches <drott@chromium.org> Reviewed-by: Dirk Pranke <dpranke@chromium.org> Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> Reviewed-by: Antoine Labour <piman@chromium.org> Commit-Queue: Ben Wagner <bungeman@chromium.org> Cr-Commit-Position: refs/heads/master@{#478415} [modify] https://crrev.com/981d5eacd1b5812b6803065a3bfe5d5e690be48a/build/config/linux/gtk2/BUILD.gn [modify] https://crrev.com/981d5eacd1b5812b6803065a3bfe5d5e690be48a/gpu/gles2_conform_support/BUILD.gn
,
Jun 12 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d40a96d7f62188cfd4347ba7a817d3e786e5aff1 commit d40a96d7f62188cfd4347ba7a817d3e786e5aff1 Author: Ben Wagner <bungeman@chromium.org> Date: Mon Jun 12 16:03:17 2017 Set build flag when using own FreeType. Set the SK_FREETYPE_MINIMUM_RUNTIME_VERSION build flag when the use_system_freetype gn flag is false. Currently the build flag is only set when is_win or is_mac, but this needs to be set any time it is known that FreeType will be built into the resulting binary. In particular this is desired for Android and WebView, but also for desktop Linux. BUG= chromium:715429 Change-Id: Ie5e425b0b347caf51400c5522a42e8a88605c147 Reviewed-on: https://chromium-review.googlesource.com/524185 Reviewed-by: Dominik Röttsches <drott@chromium.org> Reviewed-by: Ben Wagner <bungeman@chromium.org> Commit-Queue: Ben Wagner <bungeman@chromium.org> Cr-Commit-Position: refs/heads/master@{#478644} [modify] https://crrev.com/d40a96d7f62188cfd4347ba7a817d3e786e5aff1/skia/BUILD.gn
,
Jun 14 2017
So this should now be fixed in tip of tree (m61). If the branches don't care about (don't build) gles2_conform_test_windowless then just cherry-picking the patch from comment #32 is enough. If gles2_conform_test_windowless are a concern then the change in comment #31 will also need to be cherry-picked. Not sure how much this fix is desired so not sure if merging is desired or to which branches. Note that these changes are all build file changes (which effectively modify the code to match what was being built for Windows and Mac already). I'm assigning this back to WebView for verification that this is really fixed and determination of which branches (if any) this should be merged into. If it's fixed and this doesn't seem important to merge, feel free to close. Otherwise, let me know and assign it back.
,
Jun 15 2017
Do commits in c31 and 32 fix most of the crashes seen on Chinese apps in M58? If so, should it be merged into M59 and/or M60 given the high number of affected users? Making the merge request to get comments on this.
,
Jun 15 2017
This bug requires manual review: M60 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: amineer@(Android), cmasso@(iOS), josafat@(ChromeOS), bustamante@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 16 2017
dneelamegam@, please verify the http://www.coolapk.com/apk/com.cmbchina.ccd.pluto.cmbActivity no longer crashes in M61, ntfschr@ indicated if fix works it should fix other similar crashes for apps in China.
,
Jun 16 2017
I verified on M61, this apps is not crashing (http://www.coolapk.com/apk/com.cmbchina.ccd.pluto.cmbActivity). But I do see the other App (http://sj.qq.com/myapp/detail.htm?apkName=com.cs_credit_bank) still crashes on M61/61.0.3132.0 on Samsung S7 Edge
,
Jun 16 2017
Unfortunately all the reported crashes in Crash_logcat.txt from Comment 37 are very generic, just toybox and libc stack frames (looks like strncmp is being passed nullptr though). Which app was used for the bisect (in Comment 8)? Did com.cs_credit_bank break across the same change (the one pointed out in Comment 15)?
,
Jun 16 2017
dneelamegam@ Thanks for verifying. If I remember correctly, I could never get com.cs_credit_bank working on my device. I assume that the app or my device had something misconfigured. I used com.cmbchina.ccd.pluto.cmbActivity for the bisect. If that app is fixed on tip of tree, then the dlopen(nullptr) issue is fixed, and that was the main concern. I'll try to confirm if we need both commits to be cherry picked.
,
Jun 16 2017
It appears that the tests are at least built on the builders, so it looks like both changes from Comment 31 and 32 will be needed. I just locally built gles2_conform_test_windowless with the change from Comment 31 at the M59 branch point and things seem ok.
,
Jun 16 2017
Approved for M59 branch 3071 and M60 branch 3112.
,
Jun 16 2017
bungeman@, are you able to take care of the merges?
,
Jun 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8aac87a96da48b465b40eff08a3fe807c49c62a9 commit 8aac87a96da48b465b40eff08a3fe807c49c62a9 Author: Ben Wagner <bungeman@chromium.org> Date: Fri Jun 16 21:48:12 2017 Remove gtk dependency from gles tests. Remove gtk2 dependency from gles2_conform_test_windowless on Linux. This dependendency no longer seems to be used and indirectly drags in the sysroot libfreetype.so.6 (through pkg-config) to link against. This introduces difficult to track link errors in component builds as FreeType should be selected by //build/config/freetype. BUG= chromium:715429 TBR=bungeman@chromium.org (cherry picked from commit 981d5eacd1b5812b6803065a3bfe5d5e690be48a) Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel Change-Id: I1f29360c1b5eba11d799de57936b64846cb24b6d Reviewed-on: https://chromium-review.googlesource.com/527918 Reviewed-by: Dominik Röttsches <drott@chromium.org> Reviewed-by: Dirk Pranke <dpranke@chromium.org> Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> Reviewed-by: Antoine Labour <piman@chromium.org> Commit-Queue: Ben Wagner <bungeman@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#478415} Reviewed-on: https://chromium-review.googlesource.com/538336 Reviewed-by: Ben Wagner <bungeman@google.com> Cr-Commit-Position: refs/branch-heads/3071@{#795} Cr-Branched-From: a106f0abbf69dad349d4aaf4bcc4f5d376dd2377-refs/heads/master@{#464641} [modify] https://crrev.com/8aac87a96da48b465b40eff08a3fe807c49c62a9/build/config/linux/gtk2/BUILD.gn [modify] https://crrev.com/8aac87a96da48b465b40eff08a3fe807c49c62a9/gpu/gles2_conform_support/BUILD.gn
,
Jun 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a604d1fbffd399ef13a3506a49d074aa109a192f commit a604d1fbffd399ef13a3506a49d074aa109a192f Author: Ben Wagner <bungeman@chromium.org> Date: Fri Jun 16 21:50:47 2017 Remove gtk dependency from gles tests. Remove gtk2 dependency from gles2_conform_test_windowless on Linux. This dependendency no longer seems to be used and indirectly drags in the sysroot libfreetype.so.6 (through pkg-config) to link against. This introduces difficult to track link errors in component builds as FreeType should be selected by //build/config/freetype. BUG= chromium:715429 TBR=bungeman@chromium.org (cherry picked from commit 981d5eacd1b5812b6803065a3bfe5d5e690be48a) Cq-Include-Trybots: master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel Change-Id: I1f29360c1b5eba11d799de57936b64846cb24b6d Reviewed-on: https://chromium-review.googlesource.com/527918 Reviewed-by: Dominik Röttsches <drott@chromium.org> Reviewed-by: Dirk Pranke <dpranke@chromium.org> Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> Reviewed-by: Antoine Labour <piman@chromium.org> Commit-Queue: Ben Wagner <bungeman@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#478415} Reviewed-on: https://chromium-review.googlesource.com/538600 Reviewed-by: Ben Wagner <bungeman@google.com> Cr-Commit-Position: refs/branch-heads/3112@{#368} Cr-Branched-From: b6460e24cf59f429d69de255538d0fc7a425ccf9-refs/heads/master@{#474897} [modify] https://crrev.com/a604d1fbffd399ef13a3506a49d074aa109a192f/build/config/linux/gtk2/BUILD.gn [modify] https://crrev.com/a604d1fbffd399ef13a3506a49d074aa109a192f/gpu/gles2_conform_support/BUILD.gn
,
Jun 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/149e65cb0a8c073f8ed25db26ab526dae7314817 commit 149e65cb0a8c073f8ed25db26ab526dae7314817 Author: Ben Wagner <bungeman@chromium.org> Date: Fri Jun 16 22:09:03 2017 Set build flag when using own FreeType. Set the SK_FREETYPE_MINIMUM_RUNTIME_VERSION build flag when the use_system_freetype gn flag is false. Currently the build flag is only set when is_win or is_mac, but this needs to be set any time it is known that FreeType will be built into the resulting binary. In particular this is desired for Android and WebView, but also for desktop Linux. BUG= chromium:715429 TBR=bungeman@chromium.org (cherry picked from commit d40a96d7f62188cfd4347ba7a817d3e786e5aff1) Change-Id: Ie5e425b0b347caf51400c5522a42e8a88605c147 Reviewed-on: https://chromium-review.googlesource.com/524185 Reviewed-by: Dominik Röttsches <drott@chromium.org> Reviewed-by: Ben Wagner <bungeman@chromium.org> Commit-Queue: Ben Wagner <bungeman@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#478644} Reviewed-on: https://chromium-review.googlesource.com/538337 Reviewed-by: Ben Wagner <bungeman@google.com> Cr-Commit-Position: refs/branch-heads/3071@{#796} Cr-Branched-From: a106f0abbf69dad349d4aaf4bcc4f5d376dd2377-refs/heads/master@{#464641} [modify] https://crrev.com/149e65cb0a8c073f8ed25db26ab526dae7314817/skia/BUILD.gn
,
Jun 16 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2e193fbb20ab0b9118937a7c82d8e1ce7eaad410 commit 2e193fbb20ab0b9118937a7c82d8e1ce7eaad410 Author: Ben Wagner <bungeman@chromium.org> Date: Fri Jun 16 22:11:54 2017 Set build flag when using own FreeType. Set the SK_FREETYPE_MINIMUM_RUNTIME_VERSION build flag when the use_system_freetype gn flag is false. Currently the build flag is only set when is_win or is_mac, but this needs to be set any time it is known that FreeType will be built into the resulting binary. In particular this is desired for Android and WebView, but also for desktop Linux. BUG= chromium:715429 TBR=bungeman@chromium.org (cherry picked from commit d40a96d7f62188cfd4347ba7a817d3e786e5aff1) Change-Id: Ie5e425b0b347caf51400c5522a42e8a88605c147 Reviewed-on: https://chromium-review.googlesource.com/524185 Reviewed-by: Dominik Röttsches <drott@chromium.org> Reviewed-by: Ben Wagner <bungeman@chromium.org> Commit-Queue: Ben Wagner <bungeman@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#478644} Reviewed-on: https://chromium-review.googlesource.com/538601 Reviewed-by: Ben Wagner <bungeman@google.com> Cr-Commit-Position: refs/branch-heads/3112@{#370} Cr-Branched-From: b6460e24cf59f429d69de255538d0fc7a425ccf9-refs/heads/master@{#474897} [modify] https://crrev.com/2e193fbb20ab0b9118937a7c82d8e1ce7eaad410/skia/BUILD.gn
,
Jun 16 2017
To summarize all of that... Cherry-picked preliminary change for tests https://chromium.googlesource.com/chromium/src/+/981d5eacd1b5812b6803065a3bfe5d5e690be48a to M59 (3071) as https://chromium.googlesource.com/chromium/src/+/8aac87a96da48b465b40eff08a3fe807c49c62a9 to M60 (3112) as https://chromium.googlesource.com/chromium/src/+/a604d1fbffd399ef13a3506a49d074aa109a192f Cherry-picked the actual change to definitions https://chromium.googlesource.com/chromium/src/+/d40a96d7f62188cfd4347ba7a817d3e786e5aff1 to M59 (3071) with slight modification (build files were different then) as https://chromium.googlesource.com/chromium/src/+/149e65cb0a8c073f8ed25db26ab526dae7314817 to M60 (3112) unchanged as https://chromium.googlesource.com/chromium/src/+/2e193fbb20ab0b9118937a7c82d8e1ce7eaad410
,
Jun 21 2017
Verified on webivew : 59.0.3071.112 and 60.0.3112.40 on Samsung S7 Edge/NRD90M (http://www.coolapk.com/apk/com.cmbchina.ccd.pluto.cmbActivity) For the "com.cs_credit_bank" apps shows white screen and some time crashes (filed seprated bug crbug.com/735597), (http://sj.qq.com/myapp/detail.htm?apkName=com.cs_credit_bank)
,
Jun 21 2017
|
|||||||||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||||||||
Comment 1 by aluo@chromium.org
, Apr 26 2017Owner: dneelame...@chromium.org
Status: Untriaged (was: Unconfirmed)