https://crash.corp.google.com/browse?q=custom_data.ChromeCrashProto.magic_signature_1.name%3D%22autofill%3A%3AAutofillProfileComparator%3A%3AMergeAddresses%22
Stack traces are not revealing much, but it seems to happen more and more recently (i.e. new crash).
Roger can you take a look?
0xce463e98 (libmonochrome.so -form_group.cc:55 ) <name omitted>
0xce45d003 (libmonochrome.so -autofill_profile_comparator.cc:599 ) autofill::AutofillProfileComparator::MergeAddresses(autofill::AutofillProfile const&, autofill::AutofillProfile const&, autofill::Address*) const
0xcefa0eb7 (libmonochrome.so -prerender_manager.cc:991 ) prerender::PrerenderManager::PostCleanupTask()
0xcd03eff3 (libmonochrome.so -message_loop.cc:395 ) base::MessageLoop::RunTask(base::PendingTask*)
0xcd03d0a3 (libmonochrome.so -message_loop.cc:407 ) base::MessageLoop::DoWork()
0xcd03eb37 (libmonochrome.so -message_pump_android.cc:60 ) base::MessagePumpForUI::DoRunLoopOnce(_JNIEnv*, base::android::JavaParamRef<_jobject*> const&, unsigned char)
Comment 1 by rogerm@chromium.org
, May 29 2018That call stack looks broken. prerender::PrerenderManager::PostCleanupTask() calls these functions base::ThreadTaskRunnerHandle::Get()->PostTask() And ends up jumping into AutofillProfileComparator::MergeAddresses Implications: The thread task runner handle is invalid or task runner is invalid.