At tip-of-tree, if I open an incognito tab, navigate to youtube.com, enter fullscreen, and then close the incognito tab, I crash.
Crash id-https://crash.corp.google.com/browse?stbtiq=f0ca65f3b526deb1 Crash details: 0xd542acb9 (libmonochrome.so -origin.cc:51 ) url::Origin::Origin(url::Origin const&) 0xffffffdd 0xf2a4f036 (libc.so + 0x00017036 ) 0xd539689b (libmonochrome.so -stdexcept:228 ) void std::__ndk1::vector<base::OnceCallback<void ()>, std::__ndk1::allocator<base::OnceCallback<void ()> > >::__emplace_back_slow_path<base::OnceCallback<void ()> >(base::OnceCallback<void ()>&&) 0xd5cb0625 (libmonochrome.so -video_decode_perf_history.cc:196 ) media::VideoDecodePerfHistory::SavePerfRecord(url::Origin const&, bool, media::mojom::PredictionFeatures, media::mojom::PredictionTargets, unsigned long long, base::OnceCallback<void ()>) 0xd5cb12ad (libmonochrome.so -video_decode_stats_recorder.cc:83 ) media::VideoDecodeStatsRecorder::FinalizeRecord() 0xd5cb1233 (libmonochrome.so -video_decode_stats_recorder.cc:31 ) media::VideoDecodeStatsRecorder::~VideoDecodeStatsRecorder() 0xd5cb12c7 (libmonochrome.so -video_decode_stats_recorder.cc:29 ) media::VideoDecodeStatsRecorder::~VideoDecodeStatsRecorder() 0xd53bcc71 (libmonochrome.so -memory:2233 ) mojo::StrongBinding<blink::mojom::BackgroundFetchService>::~StrongBinding() 0xd53bcc39 (libmonochrome.so -strong_binding.h:91 ) mojo::StrongBinding<blink::mojom::BackgroundFetchService>::Close() 0xd539d95d (libmonochrome.so -bind_internal.h:607 ) void base::internal::InvokeHelper<false, void>::MakeItSo<void (ProxyConfigServiceImpl::* const&)(ProxyPrefs::ConfigState, net::ProxyConfigWithAnnotation const&), ProxyConfigServiceImpl*, ProxyPrefs::ConfigState const&, net::ProxyConfigWithAnnotation const&>(void (ProxyConfigServiceImpl::* const&&&)(ProxyPrefs::ConfigState, net::ProxyConfigWithAnnotation const&), ProxyConfigServiceImpl*&&, ProxyPrefs::ConfigState const&&&, net::ProxyConfigWithAnnotation const&&&) 0xd539d945 (libmonochrome.so -bind_internal.h:681 ) void base::internal::Invoker<base::internal::BindState<void (blink::BufferingDataPipeWriter::*)(unsigned int, mojo::HandleSignalsState const&), base::internal::UnretainedWrapper<blink::BufferingDataPipeWriter> >, void (unsigned int, mojo::HandleSignalsState const&)>::RunImpl<void (blink::BufferingDataPipeWriter::* const&)(unsigned int, mojo::HandleSignalsState const&), std::__ndk1::tuple<base::internal::UnretainedWrapper<blink::BufferingDataPipeWriter> > const&, 0u>(void (blink::BufferingDataPipeWriter::* const&&&)(unsigned int, mojo::HandleSignalsState const&), std::__ndk1::tuple<base::internal::UnretainedWrapper<blink::BufferingDataPipeWriter> > const&&&, std::__ndk1::integer_sequence<unsigned int, 0u>, unsigned int&&, mojo::HandleSignalsState const&) 0xd539d937 (libmonochrome.so -bind_internal.h:663 ) base::internal::Invoker<base::internal::BindState<void (blink::BufferingDataPipeWriter::*)(unsigned int, mojo::HandleSignalsState const&), base::internal::UnretainedWrapper<blink::BufferingDataPipeWriter> >, void (unsigned int, mojo::HandleSignalsState const&)>::Run(base::internal::BindStateBase*, unsigned int, mojo::HandleSignalsState const&) 0xd5380f0d (libmonochrome.so -callback.h:96 ) base::OnceCallback<void (AccountInfo const&, identity::AccountState const&)>::Run(AccountInfo const&, identity::AccountState const&) && 0xd538f2d3 (libmonochrome.so -interface_endpoint_client.cc:332 ) mojo::InterfaceEndpointClient::NotifyError(base::Optional<mojo::DisconnectReason> const&) 0xd538f23f (libmonochrome.so -multiplex_router.cc:785 ) mojo::internal::MultiplexRouter::ProcessNotifyErrorTask(mojo::internal::MultiplexRouter::Task*, mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) 0xd52c8061 (libmonochrome.so -multiplex_router.cc:698 ) mojo::internal::MultiplexRouter::ProcessTasks(mojo::internal::MultiplexRouter::ClientCallBehavior, base::SequencedTaskRunner*) 0xd52e21c7 (libmonochrome.so -multiplex_router.cc:667 ) mojo::internal::MultiplexRouter::OnPipeConnectionError() 0xd52be9d9 (libmonochrome.so -bind_internal.h:607 ) void base::internal::Invoker<base::internal::BindState<base::internal::IgnoreResultHelper<base::android::JavaRef<_jobject*> const& (media::AudioManagerAndroid::*)()>, base::internal::UnretainedWrapper<media::AudioManagerAndroid> >, void ()>::RunImpl<base::internal::IgnoreResultHelper<base::android::JavaRef<_jobject*> const& (media::AudioManagerAndroid::*)()> const&, std::__ndk1::tuple<base::internal::UnretainedWrapper<media::AudioManagerAndroid> > const&, 0u>(base::internal::IgnoreResultHelper<base::android::JavaRef<_jobject*> const& (media::AudioManagerAndroid::*)()> const&&&, std::__ndk1::tuple<base::internal::UnretainedWrapper<media::AudioManagerAndroid> > const&&&, std::__ndk1::integer_sequence<unsigned int, 0u>) 0xd52bda35 (libmonochrome.so -callback.h:96 ) base::OnceCallback<void ()>::Run() && 0xd538f037 (libmonochrome.so -connector.cc:535 ) mojo::Connector::HandleError(bool, bool) 0xd52fd49b (libmonochrome.so -bind_internal.h:681 ) void base::internal::Invoker<base::internal::BindState<void (ChromeMetricsServiceClient::*)(OmniboxLog*), base::internal::UnretainedWrapper<ChromeMetricsServiceClient> >, void (OmniboxLog*)>::RunImpl<void (ChromeMetricsServiceClient::* const&)(OmniboxLog*), std::__ndk1::tuple<base::internal::UnretainedWrapper<ChromeMetricsServiceClient> > const&, 0u>(void (ChromeMetricsServiceClient::* const&&&)(OmniboxLog*), std::__ndk1::tuple<base::internal::UnretainedWrapper<ChromeMetricsServiceClient> > const&&&, std::__ndk1::integer_sequence<unsigned int, 0u>, OmniboxLog*&&) 0xd52fd48d (libmonochrome.so -bind_internal.h:663 ) base::internal::Invoker<base::internal::BindState<void (ChromeMetricsServiceClient::*)(OmniboxLog*), base::internal::UnretainedWrapper<ChromeMetricsServiceClient> >, void (OmniboxLog*)>::Run(base::internal::BindStateBase*, OmniboxLog*) 0xd538a041 (libmonochrome.so -callback.h:125 ) mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) 0xd5389fb3 (libmonochrome.so -bind_internal.h:627 ) void base::internal::InvokeHelper<true, void>::MakeItSo<void (android::TabContentManager::* const&)(int, float, SkBitmap const&), base::WeakPtr<android::TabContentManager> const&, int const&, float, SkBitmap const&>(void (android::TabContentManager::* const&&&)(int, float, SkBitmap const&), base::WeakPtr<android::TabContentManager> const&&&, int const&&&, float&&, SkBitmap const&&&) 0xd5389f8d (libmonochrome.so -bind_internal.h:681 ) void base::internal::Invoker<base::internal::BindState<void (content::FrameInputHandlerImpl::*)(int, int, std::__ndk1::vector<ui::ImeTextSpan, std::__ndk1::allocator<ui::ImeTextSpan> > const&), base::WeakPtr<content::FrameInputHandlerImpl>, int, int, std::__ndk1::vector<ui::ImeTextSpan, std::__ndk1::allocator<ui::ImeTextSpan> > >, void ()>::RunImpl<void (content::FrameInputHandlerImpl::* const&)(int, int, std::__ndk1::vector<ui::ImeTextSpan, std::__ndk1::allocator<ui::ImeTextSpan> > const&), std::__ndk1::tuple<base::WeakPtr<content::FrameInputHandlerImpl>, int, int, std::__ndk1::vector<ui::ImeTextSpan, std::__ndk1::allocator<ui::ImeTextSpan> > > const&, 0u, 1u, 2u, 3u>(void (content::FrameInputHandlerImpl::* const&&&)(int, int, std::__ndk1::vector<ui::ImeTextSpan, std::__ndk1::allocator<ui::ImeTextSpan> > const&), std::__ndk1::tuple<base::WeakPtr<content::FrameInputHandlerImpl>, int, int, std::__ndk1::vector<ui::ImeTextSpan, std::__ndk1::allocator<ui::ImeTextSpan> > > const&&&, std::__ndk1::integer_sequence<unsigned int, 0u, 1u, 2u, 3u>) 0xd52bd37f (libmonochrome.so -callback.h:96 ) base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) 0xd52bd031 (libmonochrome.so -message_loop.cc:319 ) base::MessageLoop::RunTask(base::PendingTask*) 0xd5297f81 (libmonochrome.so -message_loop.cc:329 ) base::MessageLoop::DoWork() 0xd52be67b (libmonochrome.so -message_pump_android.cc:59 ) base::MessagePumpForUI::DoRunLoopOnce(_JNIEnv*, base::android::JavaParamRef<_jobject*> const&, unsigned char)
Quite a significant number of reports on Android Canary, FWIW: https://crash.corp.google.com/browse?q=product_name%3D%27Chrome_Android%27+AND+expanded_custom_data.ChromeCrashProto.channel%3D%27canary%27+AND+expanded_custom_data.ChromeCrashProto.magic_signature_1.name%3D%27url%3A%3AOrigin%3A%3AOrigin%27+AND+EXISTS+%28SELECT+1+FROM+UNNEST%28CrashedStackTrace.StackFrame%29+WHERE+FunctionName%3D%27media%3A%3AVideoDecodePerfHistory%3A%3ASavePerfRecord%28url%3A%3AOrigin+const%26%2C+bool%2C+media%3A%3Amojom%3A%3APredictionFeatures%2C+media%3A%3Amojom%3A%3APredictionTargets%2C+unsigned+long+long%2C+base%3A%3AOnceCallback%3Cvoid+%28%29%3E%29%27%29#samplereports
(Unless this is the same as bug 855215?)
Looks like the same so this should be fixed by the revert that went in for that issue.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9febeb19dab5b13383b5b4145c0a3e6e0af82531 commit 9febeb19dab5b13383b5b4145c0a3e6e0af82531 Author: chcunningham <chcunningham@chromium.org> Date: Wed Jul 11 13:53:21 2018 VideoDecodePerfHistory - safer SaveCB. This changes the interface such that saves can only performed via the SaveCB. Internally the CB is weakly bound to the perf history so post destruction saves are quietly dropped. This unblocks re-landing https://chromium-review.googlesource.com/c/chromium/src/+/1123687/1 The above CL will give incognito profiles a distinct VideoDecodePerfHistory instance. Incognito profile's are rapidly deleted when the last tab closes, creating a race condition for any per stats that are inbound from video's on that tab. Now, using the SaveCB, those late stats will be safely dropped. Bug: 855631 , 855215, 796280 Change-Id: Ia978dbca14d5584ca92301aee84020437a90311e Reviewed-on: https://chromium-review.googlesource.com/1123396 Reviewed-by: Markus Heintz <markusheintz@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Reviewed-by: Dale Curtis <dalecurtis@chromium.org> Commit-Queue: Chrome Cunningham (In Paris) <chcunningham@chromium.org> Cr-Commit-Position: refs/heads/master@{#574144} [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/chrome/browser/browsing_data/browsing_data_remover_browsertest.cc [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/content/browser/frame_host/render_frame_host_impl.cc [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/blink/webmediaplayer_impl_unittest.cc [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/media_metrics_provider.cc [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/media_metrics_provider.h [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/media_metrics_provider_unittest.cc [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/video_decode_perf_history.cc [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/video_decode_perf_history.h [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/video_decode_perf_history_unittest.cc [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/video_decode_stats_recorder.cc [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/video_decode_stats_recorder.h [modify] https://crrev.com/9febeb19dab5b13383b5b4145c0a3e6e0af82531/media/mojo/services/watch_time_recorder_unittest.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9205ea89ebb4bd23b2f0099726f641a27ed269bb commit 9205ea89ebb4bd23b2f0099726f641a27ed269bb Author: chcunningham <chcunningham@chromium.org> Date: Thu Jul 12 18:04:20 2018 RELAND: InMemory MediaCapabilities DB for Guest/Incognito Original CL was reverted: https://chromium-review.googlesource.com/c/chromium/src/+/1092156 Reland now possible thanks to: https://chromium-review.googlesource.com/c/chromium/src/+/1123396 Prior to this change, Guest mode has an empty read-only DB and Incongito has a read-only DB. This CL allows both profiles to write to an "in memory" database that disapears when the profile is destroyed. This improves the experience for the user and avoids the possibility of using MediaCapabilites to detect incognito/guest profiles. Bug: 796280 , 855631 , 855215 Change-Id: Ideb9dd2eabab2e594a24dd9b514557e473c3afc0 Reviewed-on: https://chromium-review.googlesource.com/1123687 Commit-Queue: Mounir Lamouri <mlamouri@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Mounir Lamouri <mlamouri@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Cr-Commit-Position: refs/heads/master@{#574633} [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/chrome/browser/DEPS [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/chrome/browser/profiles/off_the_record_profile_impl.cc [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/content/browser/frame_host/render_frame_host_impl.cc [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/BUILD.gn [add] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/in_memory_video_decode_stats_db_impl.cc [add] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/in_memory_video_decode_stats_db_impl.h [add] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/in_memory_video_decode_stats_db_unittest.cc [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/video_decode_stats_db.cc [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/video_decode_stats_db.h [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/video_decode_stats_db_impl.cc [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/video_decode_stats_db_impl.h [add] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/video_decode_stats_db_provider.cc [add] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/video_decode_stats_db_provider.h [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/capabilities/video_decode_stats_db_unittest.cc [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/mojo/services/video_decode_perf_history.cc [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/mojo/services/video_decode_perf_history.h [modify] https://crrev.com/9205ea89ebb4bd23b2f0099726f641a27ed269bb/media/mojo/services/video_decode_perf_history_unittest.cc
Comment 1 by krav...@chromium.org
, Jun 22 2018Labels: ReleaseBlock-Beta M-69