New issue
Advanced search Search tips

Issue 728752 link

Starred by 1 user
Status: Fixed
Owner:
fgor...@chromium.org
Closed: Jun 2017
Cc:
dewittj@chromium.org
jbudorick@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug
Team-Security-UX



Sign in to add a comment

Chrome_Android: Crash Report - security_state::GetVisibleSecurityState

Project Member Reported by aluo@chromium.org, Jun 1 2017 
There were reports in M58 and earlier but none in 59 or 60, got reports again in 61.0.3117.0.  Logcat msgs for the 61.0.3117.0 crashes indicates bug in code:

06-01 06:57:49.549 19594 19594 F libc    : /usr/local/google/buildbot/src/android/ndk-r12-release/ndk/sources/cxx-stl/llvm-libc++abi/libcxxabi/src/abort_message.cpp:74: void abort_message(const char *, ...): assertion "Pure virtual function called!" failed

earlier crashes seem to be different.

All reports:
https://crash.corp.google.com/browse?q=product.name%3D%27Chrome_Android%27%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D%27security_state%3A%3AGetVisibleSecurityState%27%20%20AND%20custom_data.ChromeCrashProto.ptype%3D%27browser%27&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D

Stack:
0xf1160b74	(libc.so + 0x00049b74 )	
0xf1134537	(libc.so + 0x0001d537 )	
0xf1130083	(libc.so + 0x00019083 )	
0xf116599b	(libc.so + 0x0004e99b )	
0xd492fba6	(libmonochrome.so + 0x028deba6 )	libunwind::Registers_arm::getRegisterName(int)
0xf112e0e6	(libc.so + 0x000170e6 )	
0xd232add9	(libmonochrome.so -activity_tracker.h:1284 )	base::internal::LockImpl::Lock()
0xc7b5101e		
0xd46f9f7f	(libmonochrome.so -abort_message.cpp:74 )	abort_message
0xd46f95c7	(libmonochrome.so -cxa_virtual.cpp:21 )	__cxa_pure_virtual
0xd46f95bb	(libmonochrome.so -cxa_personality.cpp:411 )	__cxxabiv1::exception_spec_can_catch(long long, unsigned char const*, unsigned char, __cxxabiv1::__shim_type_info const*, void*, _Unwind_Control_Block*)
0xd2423f47	(libmonochrome.so -content_utils.cc:144 )	security_state::GetVisibleSecurityState(content::WebContents*)
0xd2423f1b	(libmonochrome.so -security_state_tab_helper.cc:194 )	SecurityStateTabHelper::GetVisibleSecurityState() const
0xd2423ea9	(libmonochrome.so -security_state_tab_helper.cc:50 )	SecurityStateTabHelper::GetSecurityInfo(security_state::SecurityInfo*) const
0xd44c5399	(libmonochrome.so -offline_page_mhtml_archiver.cc:146 )	offline_pages::OfflinePageMHTMLArchiver::HasConnectionSecurityError()
0xd44c5833	(libmonochrome.so -offline_page_mhtml_archiver.cc:64 )	offline_pages::OfflinePageMHTMLArchiver::CreateArchive(base::FilePath const&, offline_pages::OfflinePageArchiver::CreateArchiveParams const&, base::Callback<void (offline_pages::OfflinePageArchiver*, offline_pages::OfflinePageArchiver::ArchiverResult, GURL const&, base::FilePath const&, std::__ndk1::basic_string<unsigned short, base::string16_char_traits, std::__ndk1::allocator<unsigned short> > const&, long long), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&)
0xd46443a5	(libmonochrome.so -offline_page_model_impl.cc:413 )	offline_pages::OfflinePageModelImpl::ContinueSavingPageWithArchivesDir(offline_pages::OfflinePageModel::SavePageParams const&, std::__ndk1::unique_ptr<offline_pages::OfflinePageArchiver, std::__ndk1::default_delete<offline_pages::OfflinePageArchiver> >, base::Callback<void (offline_pages::SavePageResult, long long), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, base::TimeTicks const&, offline_pages::ArchiveManager::ArchivesDirCreationResult)
0xd46458f9	(libmonochrome.so -bind_internal.h:214 )	base::internal::Invoker<base::internal::BindState<void (offline_pages::OfflinePageModelImpl::*)(offline_pages::OfflinePageModel::SavePageParams const&, std::__ndk1::unique_ptr<offline_pages::OfflinePageArchiver, std::__ndk1::default_delete<offline_pages::OfflinePageArchiver> >, base::Callback<void (offline_pages::SavePageResult, long long), (base::internal::CopyMode)1, (base::internal::RepeatMode)1> const&, base::TimeTicks const&, offline_pages::ArchiveManager::ArchivesDirCreationResult), base::WeakPtr<offline_pages::OfflinePageModelImpl>, offline_pages::OfflinePageModel::SavePageParams, base::internal::PassedWrapper<std::__ndk1::unique_ptr<offline_pages::OfflinePageArchiver, std::__ndk1::default_delete<offline_pages::OfflinePageArchiver> > >, base::Callback<void (offline_pages::SavePageResult, long long), (base::internal::CopyMode)1, (base::internal::RepeatMode)1>, base::TimeTicks>, void (offline_pages::ArchiveManager::ArchivesDirCreationResult)>::Run(base::internal::BindStateBase*, offline_pages::ArchiveManager::ArchivesDirCreationResult&&)
0xd23f1011	(libmonochrome.so -callback.h:91 )	void base::internal::ReplyAdapter<PathValidationResult, PathValidationResult>(base::Callback<void (PathValidationResult), (base::internal::CopyMode)0, (base::internal::RepeatMode)0>, PathValidationResult*)
0xd23f0fed	(libmonochrome.so -bind_internal.h:164 )	RunOnce
0xd2546bad	(libmonochrome.so -callback.h:91 )	RunReplyAndSelfDestruct
0xd24edf19	(libmonochrome.so -callback.h:91 )	base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*)
0xd24edcaf	(libmonochrome.so -message_loop.cc:418 )	base::MessageLoop::RunTask(base::PendingTask*)
0xd24edb79	(libmonochrome.so -message_loop.cc:429 )	base::MessageLoop::DeferOrRunPendingTask(base::PendingTask)
0xd24ed35d	(libmonochrome.so -message_loop.cc:536 )	base::MessageLoop::DoWork()
0xd2348031	(libmonochrome.so -message_pump_android.cc:44 )	Java_org_chromium_base_SystemMessageHandler_nativeDoRunLoopOnce
0xd5e80cc5	(base.odex + 0x007afcc5 )	

Product name: Chrome_Android
Magic Signature: security_state::GetVisibleSecurityState

Current link:
https://crash.corp.google.com/browse?q=product.name%3D'Chrome_Android'%20AND%20custom_data.ChromeCrashProto.magic_signature_1.name%3D'security_state%3A%3AGetVisibleSecurityState'%20%20AND%20custom_data.ChromeCrashProto.ptype%3D'browser'%20AND%20product.Version%3D'61.0.3117.0'%20AND%20ReportID%3D'5584727e18000000'&ignore_case=false&enable_rewrite=true&omit_field_name=&omit_field_value=&omit_field_opt=%3D#3


Search properties:
product.name: Chrome_Android
custom_data.chromecrashproto.magic_signature_1.name: security_state::GetVisibleSecurityState
custom_data.chromecrashproto.ptype: browser
product.version: 61.0.3117.0
reportid: 5584727e18000000

Metadata :
Product Name: Chrome_Android
Product Version: 61.0.3117.0
Report ID: 5584727e18000000
Report Time: Thu, 01 Jun 2017 11:57:49 GMT
Uptime: 59456 ms
Cumulative Uptime: 0 ms
User Email: 
OS Name: Android
OS Version: 0.0.0 Linux 3.18.31-g416bf43 #1 SMP PREEMPT Fri Mar 24 17:16:11 UTC 2017 armv8l
CPU Architecture: arm
CPU Info: ARMv1 Qualcomm part(0x51002050) features: half,thumb,fastmult,vfpv2,edsp,neon,vfpv3,tls,vfpv4,idiva,idivt

Comment 1 by boliu@chromium.org, Jun 1 2017

Components: -Internals UI>Browser>Offline
Owner: dewittj@chromium.org
F libc : /usr/local/google/buildbot/src/android/ndk-r12-release/ndk/sources/cxx-stl/llvm-libc++abi/libcxxabi/src/abort_message.cpp:74: void abort_message(const char *, ...): assertion "Pure virtual function called!" failed

that's amusing..

My best guess is that the web_contents_ pointer in OfflinePageMHTMLArchiver became dangling, but that code is too complicated to trace.

Passing to owners

Comment 2 by dewittj@chromium.org, Jun 1 2017

Cc: dewittj@chromium.org
Owner: romax@chromium.org
+romax for ArchiveManager

Comment 3 by dewittj@chromium.org, Jun 1 2017

Cc: fgor...@chromium.org
Owner: ----
+fgorski for security state

Comment 4 by wangxianzhu@chromium.org, Jun 6 2017

Cc: -fgor...@chromium.org
Components: Internals>PageSecurityState
Owner: fgor...@chromium.org
Status: Assigned (was: Untriaged)

Comment 6 by lgar...@chromium.org, Jun 6 2017

Cc: jbudorick@chromium.org
Labels: -Restrict-View-Google

Sign in to add a comment