New issue
Advanced search Search tips

Issue 738726 link

Starred by 2 users
Status: Duplicate
Owner: ----
Closed: Sep 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: Bug



Sign in to add a comment

Unfortunately Stopped Happen in Chrome App During Stability Test Run on Android M

Reported by ankithbt...@gmail.com, Jul 2 2017 
Steps to reproduce the problem:
1. open chrome app
2. clear browser cache history and cookie
3. Open www.att.com
4. clear browser cache history and cookie
5. open facebook.com
6. clear browser cache history and cookie
7. open youtube.com
8. clear browser cache history and cookie
9. open www.yahoo.com

Repeat step 1 to 9 around 100 times, then Chrome crash will happen. 

What is the expected behavior?
Chrome crash should not happen in any scenario.

What went wrong?
W/google-breakpad(20845): ### ### ### ### ### ### ### ### ### ### ### ### ###
W/google-breakpad(20845): Chrome build fingerprint:
W/google-breakpad(20845): 58.0.3029.83
W/google-breakpad(20845): 302908311
W/google-breakpad(20845): ### ### ### ### ### ### ### ### ### ### ### ### ###
F/libc    (20845): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xd62c0000 in tid 20906 (Thread-5410)

F/DEBUG   ( 3045): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
F/DEBUG   ( 3045): Build fingerprint: 'Zebra/ET5X/ET50E:6.0.1/01-07-20-MG-0R-M1/170614:user/release-keys'
F/DEBUG   ( 3045): Revision: '0'
F/DEBUG   ( 3045): ABI: 'x86'
F/DEBUG   ( 3045): pid: 20845, tid: 20906, name: Thread-5410  >>> com.android.chrome <<<
F/DEBUG   ( 3045): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xd62c0000
W/Herrevad( 5903): [2627] rwh.b: Invalid mccmnc 
I/ufoGralloc(20910): Hello, this is UFO GRALLOC/Intel Corporation
F/DEBUG   ( 3045):     eax 00000000  ebx ca6f6a80  ecx d528e230  edx 00000000
F/DEBUG   ( 3045):     esi 00000002  edi d528e230
F/DEBUG   ( 3045):     xcs 00000023  xds 0000002b  xes 0000002b  xfs 000000e7  xss 0000002b
F/DEBUG   ( 3045):     eip c8b78698  ebp d62bfffd  esp d528e1e8  flags 00010202
F/DEBUG   ( 3045): 
F/DEBUG   ( 3045): backtrace:
F/DEBUG   ( 3045):     #00 pc 02838698  /data/app/com.android.chrome-1/base.apk (offset 0x9a3000)
W/Herrevad( 5903): [2627] rwh.b: Invalid mccmnc 
D/        (20910): droid_create_context : config id = 2 conf->NativeVisualID=4
D/        (20910): Pixel Format : HAL_PIXEL_FORMAT_RGB_565
I/        (20910): Requested context : GLES 2.0
D/        (20910): Pixel Format : HAL_PIXEL_FORMAT_RGB_565
F/DEBUG   ( 3045): 
F/DEBUG   ( 3045): Tombstone written to: /data/tombstones/tombstone_00
E/DEBUG   ( 3045): AM write failed: Broken pipe
D/TombstonePlugin( 7563): Received file observer event: 00000008 path: tombstone_00
D/TombstonePlugin( 7563): Detected Tombstone activity: tombstone_00
D/TombstonePlugin( 7563): Adding path to list
I/BootReceiver( 3843): Copying /data/tombstones/tombstone_00 to DropBox (SYSTEM_TOMBSTONE)
W/DropBoxManagerService( 3843): Dropping: system_app_native_crash (800 > 0 bytes)
D/ConnectivityService( 3843): ConnectivityService NetworkRequestInfo binderDied(NetworkRequest [ id=1076, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED] ], android.os.BinderProxy@57b7f04)
D/ConnectivityService( 3843): releasing NetworkRequest NetworkRequest [ id=1076, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED] ]
D/ConnectivityService( 3843): ConnectivityService NetworkRequestInfo binderDied(NetworkRequest [ id=1077, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED] ], android.os.BinderProxy@7607ced)
D/GraphicsStats( 3843): Buffer count: 5
E/ConnectivityService( 3843): RemoteException caught trying to send a callback msg for NetworkRequest [ id=1076, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED] ]
I/WindowState( 3843): WIN DEATH: Window{5f56f86 u0 com.android.chrome/org.chromium.chrome.browser.ChromeTabbedActivity}
D/ConnectivityService( 3843): releasing NetworkRequest NetworkRequest [ id=1077, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED] ]
W/WindowManager( 3843): Force-removing child win Window{6739722 u0 SurfaceView} from container Window{5f56f86 u0 com.android.chrome/org.chromium.chrome.browser.ChromeTabbedActivity}
E/ConnectivityService( 3843): RemoteException caught trying to send a callback msg for NetworkRequest [ id=1077, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED] ]
W/WindowManager( 3843): Failed looking up window
W/WindowManager( 3843): java.lang.IllegalArgumentException: Requested window android.os.BinderProxy@91f8047 does not exist
W/WindowManager( 3843): 	at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:8779)
W/WindowManager( 3843): 	at com.android.server.wm.WindowManagerService.windowForClientLocked(WindowManagerService.java:8770)
W/WindowManager( 3843): 	at com.android.server.wm.WindowState$DeathRecipient.binderDied(WindowState.java:1209)
W/WindowManager( 3843): 	at android.os.BinderProxy.sendDeathNotice(Binder.java:558)
I/WindowState( 3843): WIN DEATH: null
W/ActivityManager( 3843):   Force finishing activity com.android.chrome/org.chromium.chrome.browser.ChromeTabbedActivity
I/chromium(20910): [INFO:child_process_service_impl.cc(182)] ChildProcessServiceImpl: Exiting child process.
W/ActivityManager( 3843): Exception thrown during pause
W/ActivityManager( 3843): android.os.DeadObjectException
W/ActivityManager( 3843): 	at android.os.BinderProxy.transactNative(Native Method)
W/ActivityManager( 3843): 	at android.os.BinderProxy.transact(Binder.java:503)
W/ActivityManager( 3843): 	at android.app.ApplicationThreadProxy.schedulePauseActivity(ApplicationThreadNative.java:727)
W/ActivityManager( 3843): 	at com.android.server.am.ActivityStack.startPausingLocked(ActivityStack.java:867)
W/ActivityManager( 3843): 	at com.android.server.am.ActivityStack.finishActivityLocked(ActivityStack.java:2907)
W/ActivityManager( 3843): 	at com.android.server.am.ActivityStack.finishTopRunningActivityLocked(ActivityStack.java:2763)
W/ActivityManager( 3843): 	at com.android.server.am.ActivityStackSupervisor.finishTopRunningActivityLocked(ActivityStackSupervisor.java:2760)
W/ActivityManager( 3843): 	at com.android.server.am.ActivityManagerService.handleAppCrashLocked(ActivityManagerService.java:12099)
W/ActivityManager( 3843): 	at com.android.server.am.ActivityManagerService.makeAppCrashingLocked(ActivityManagerService.java:11995)
W/ActivityManager( 3843): 	at com.android.server.am.ActivityManagerService.crashApplication(ActivityManagerService.java:12684)
W/ActivityManager( 3843): 	at com.android.server.am.ActivityManagerService.handleApplicationCrashInner(ActivityManagerService.java:12191)
W/ActivityManager( 3843): 	at com.android.server.am.NativeCrashListener$NativeCrashReporter.run(NativeCrashListener.java:86)

Did this work before? No 

Does this work in other browsers? Yes

Chrome version: 58.0.3029.83  Channel: stable
OS Version: Marshmallow
Flash Version: 

Android M OS running on Platform intel x86 and kernel x86_64.
LC_20170616_215342.txt
638 KB View Download
tombstone_00
340 KB View Download

Comment 1 by phistuck@gmail.com, Jul 2 2017 

Can you reproduce with Chrome 59?

Comment 2 by ankithbt...@gmail.com, Jul 3 2017 

Testing is going on with chrome version 59. By end of day I will get the
results. Then I will let u know.

Comment 3 by ankithbt...@gmail.com, Jul 3 2017 

Hi phist,. Can you please tell me the root cause of this crash. From the
logs it doesn't seem that issue is related to Android webview. It is
pointing into libchromioum.so library. Is it correct ?

Comment 4 by ppolise...@chromium.org, Jul 14 2017

Labels: Stability-Sheriff-Android

Comment 5 by phistuck@chromium.org, Jul 15 2017

Components: Internals>Core
Labels: -Hotlist-Interop Stability-Crash
#2 - any result when using Chrome 59?

#3 - mmm... How does this have anything to do with Android WebView? You are using the Chrome application, not Android WebView, according to your report.

I do not know the root cause, someone from the Chrome team would take a look and might be able to figure it out.
But because I see "OOM" in LC_20170616_215342.txt, I presume Chrome used too much memory and was killed. Perhaps there is a memory leak somewhere.

Comment 6 by ankithbt...@gmail.com, Jul 15 2017 

Thanks phist for replying....

I have tested on chrome 59. Now the crash occurrence is very less, but still I got the same crash on 2 devices out of 16 devices.

Comment 7 by yfried...@chromium.org, Sep 6 2017

Mergedinto: 554264
Status: Duplicate (was: Unconfirmed)
From the microdump this looks like a crash in leveldb:

Thread 0 (crashed)
 0  libchrome.so!leveldb::ConsumeDecimalNumber(leveldb::Slice*, unsigned long long*) [slice.h : 52 + 0x0]
    eip = 0xc8b78698   esp = 0xd528e1e8   ebp = 0xd62bfffd   ebx = 0xca6f6a80
    esi = 0x00000002   edi = 0xd528e230   eax = 0x00000000   ecx = 0xd528e230
    edx = 0x00000000   efl = 0x00010202
    Found by: given as instruction pointer in context
 1  libchrome.so!leveldb::ParseFileName(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&, unsigned long long*, leveldb::FileType*) [filename.cc : 96 + 0x9]
    eip = 0xc8b6775a   esp = 0xd528e200   ebp = 0xd528e248   ebx = 0xca6f6a80
    esi = 0x00000000   edi = 0xd528e230
    Found by: call frame info
 2  libchrome.so!leveldb::DBImpl::DeleteObsoleteFiles() [db_impl.cc : 234 + 0xc]
    eip = 0xc8b6348c   esp = 0xd528e270   ebp = 0xd528e2a8   ebx = 0xca6f6a80
    esi = 0xd4de58c0   edi = 0x00000018
    Found by: call frame info
 3  libchrome.so!leveldb::DB::Open(leveldb::Options const&, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&, leveldb::DB**) [db_impl.cc : 1521 + 0x9]
    eip = 0xc8b66280   esp = 0xd528e300   ebp = 0xd528e348   ebx = 0xca6f6a80
    esi = 0xd4de58c0   edi = 0xd528e3ec
    Found by: call frame info
 4  libchrome.so!leveldb_proto::LevelDB::InitWithOptions(base::FilePath const&, leveldb::Options const&) [leveldb_database.cc : 65 + 0x21]
    eip = 0xc8b5b16b   esp = 0xd528e3c0   ebp = 0xd528e4dc   ebx = 0xca6f6a80
    esi = 0xd4d6e120   edi = 0xd528e3f0
    Found by: call frame info
 5  libchrome.so!leveldb_proto::LevelDB::Init(leveldb_proto::Options const&) [leveldb_database.cc : 105 + 0x9]
    eip = 0xc8b5acf8   esp = 0xd528e4c0   ebp = 0xd528e4dc   ebx = 0xca6f6a80
    esi = 0xd4d6e120   edi = 0xd4d6f108
    Found by: call frame info
 6  libchrome.so!InitFromTaskRunner [proto_database_impl.h : 134 + 0xa]  
    eip = 0xc9179be8   esp = 0xd528e530   ebp = 0xea0877c0   ebx = 0xca6f6a80
    esi = 0xea0877f4   edi = 0xd4d6e260
    Found by: call frame info
 7  libchrome.so!base::internal::Invoker<base::internal::BindState<void (*)(leveldb_proto::LevelDB*, leveldb_proto::Options const&, bool*), base::internal::UnretainedWrapper<leveldb_proto::LevelDB>, leveldb_proto::Options, bool*>, void ()>::Run(base::internal::BindStateBase*) [bind_internal.h : 164 + 0x7]
    eip = 0xc83db801   esp = 0xd528e550   ebp = 0xea0877c0   ebx = 0xca6f6a80
    esi = 0xea0877f4   edi = 0xd4d6e260
    Found by: call frame info
 8  libchrome.so!RunTaskAndPostReply [callback.h : 85 + 0x5]
    eip = 0xc64526ae   esp = 0xd528e570   ebp = 0xea0877c0   ebx = 0xca6f6a80
    esi = 0xea0877f4   edi = 0xd4d6e260
    Found by: call frame info
 9  libchrome.so!Run [bind_internal.h : 214 + 0x5]
    eip = 0xc6452682   esp = 0xd528e5a0   ebp = 0xea0877c0   ebx = 0xca6f6a80
    esi = 0xea0877f4   edi = 0xd528e640
    Found by: call frame info
10  libchrome.so!base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) [callback.h : 68 + 0x5]
    eip = 0xc63deb19   esp = 0xd528e5c0   ebp = 0xea0877c0   ebx = 0xca6f6a80
    esi = 0xea0877f4   edi = 0xd528e640

Looks like this was recently addressed in issue 554264

Comment 8 by ankithbt...@gmail.com, Sep 6 2017 

@yfried

I have not permission to view the issue 554264. Please tell me the solution to resolve this issue.

Sign in to add a comment