VR: Tab crash after exiting WebXR presentation |
|||||
Issue descriptionChrome Version: ToT, Debug build OS: Android What steps will reproduce the problem? (1) Go to https://immersive-web.github.io/webxr-samples/tests/permission-request.html (2) Click the "Enter VR" button in the content. (3) Press App Button to exit presentation What is the expected result? Presentation exits normally What happens instead? Tab crashes Stack Trace: RELADDR FUNCTION FILE:LINE 000139b1 gin::(anonymous namespace)::PrintStackTrace() /usr/local/google/code/chromium/src/gin/v8_platform.cc:39:27 00010513 V8_Fatal(char const*, int, char const*, ...) /usr/local/google/code/chromium/src/v8/src/base/logging.cc:168:38 00010343 v8::base::(anonymous namespace)::DefaultDcheckHandler(char const*, int, char const*) /usr/local/google/code/chromium/src/v8/src/base/logging.cc:56:3 v------> v8::Utils::OpenHandle(v8::Data const*, bool) /usr/local/google/code/chromium/src/v8/src/api-inl.h:120:1 0021074b v8::Value::IsFunction() const /usr/local/google/code/chromium/src/v8/src/api.cc:3543:0 0044d325 blink::V8XRFrameRequestCallback::Invoke(blink::ScriptWrappable*, double, blink::XRFrame*) /usr/local/google/code/chromium/src/out/Debug/gen/third_party/blink/renderer/bindings/modules/v8/v8_xr_frame_request_callback.cc:60:5 0044d4a7 blink::V8XRFrameRequestCallback::InvokeAndReportException(blink::ScriptWrappable*, double, blink::XRFrame*) /usr/local/google/code/chromium/src/out/Debug/gen/third_party/blink/renderer/bindings/modules/v8/v8_xr_frame_request_callback.cc:109:7 006360cb blink::XRFrameRequestCallbackCollection::ExecuteCallbacks(blink::XRSession*, double, blink::XRFrame*) /usr/local/google/code/chromium/src/third_party/blink/renderer/modules/xr/xr_frame_request_callback_collection.cc:53:15 00637ea7 blink::XRSession::OnFrame(double, std::__ndk1::unique_ptr<blink::TransformationMatrix, std::__ndk1::default_delete<blink::TransformationMatrix> >, base::Optional<gpu::MailboxHolder> const&, base::Optional<gpu::MailboxHolder> const&, base::Optional<blink::IntSize> const&) /usr/local/google/code/chromium/src/third_party/blink/renderer/modules/xr/xr_session.cc:501:27 00634dfd blink::XRFrameProvider::ProcessScheduledFrame(mojo::StructPtr<device::mojom::blink::XRFrameData>, double) /usr/local/google/code/chromium/src/third_party/blink/renderer/modules/xr/xr_frame_provider.cc:431:18 00635ca5 void base::internal::FunctorTraits<void (blink::XRFrameProvider::*)(mojo::StructPtr<device::mojom::blink::XRFrameData>, double), void>::Invoke<void (blink::XRFrameProvider::*)(mojo::StructPtr<device::mojom::blink::XRFrameData>, double), blink::WeakPersistent<blink::XRFrameProvider>, std::nullptr_t, double>(void (blink::XRFrameProvider::*)(mojo::StructPtr<device::mojom::blink::XRFrameData>, double), blink::WeakPersistent<blink::XRFrameProvider>&&, std::nullptr_t&&, double&&) /usr/local/google/code/chromium/src/base/bind_internal.h:516:12 00635c75 void base::internal::InvokeHelper<true, void>::MakeItSo<void (blink::XRFrameProvider::*)(mojo::StructPtr<device::mojom::blink::XRFrameData>, double), blink::WeakPersistent<blink::XRFrameProvider>, std::nullptr_t, double>(void (blink::XRFrameProvider::*&&)(mojo::StructPtr<device::mojom::blink::XRFrameData>, double), blink::WeakPersistent<blink::XRFrameProvider>&&, std::nullptr_t&&, double&&) /usr/local/google/code/chromium/src/base/bind_internal.h:636:5 00498103 base::OnceCallback<void ()>::Run() && /usr/local/google/code/chromium/src/base/callback.h:99:12 v------> WTF::ThreadCheckingCallbackWrapper<base::OnceCallback<void ()>, void ()>::RunInternal(base::OnceCallback<void ()>*) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/wtf/functional.h:262:33 004a8a07 WTF::ThreadCheckingCallbackWrapper<base::OnceCallback<void ()>, void ()>::Run() /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/wtf/functional.h:247:0 000cb737 base::OnceCallback<void ()>::Run() && /usr/local/google/code/chromium/src/base/callback.h:99:12 000d3df3 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) /usr/local/google/code/chromium/src/base/debug/task_annotator.cc:101:33 001100ad base::sequence_manager::internal::ThreadControllerImpl::DoWork(base::sequence_manager::internal::ThreadControllerImpl::WorkType) /usr/local/google/code/chromium/src/base/task/sequence_manager/thread_controller_impl.cc:169:21 000cb737 base::OnceCallback<void ()>::Run() && /usr/local/google/code/chromium/src/base/callback.h:99:12 000d3df3 base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) /usr/local/google/code/chromium/src/base/debug/task_annotator.cc:101:33 000e488b base::MessageLoop::RunTask(base::PendingTask*) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:431:46 000e4a8d base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:442:5 000e4b6f base::MessageLoop::DoWork() /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:514:16 000e69f7 base::MessagePumpDefault::Run(base::MessagePump::Delegate*) /usr/local/google/code/chromium/src/base/message_loop/message_pump_default.cc:37:31 000e4661 base::MessageLoop::Run(bool) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:383:12 000f9efb base::RunLoop::Run() /usr/local/google/code/chromium/src/base/run_loop.cc:102:14 00f94ff7 content::RendererMain(content::MainFunctionParams const&) /usr/local/google/code/chromium/src/content/renderer/renderer_main.cc:200:23 00fd9e1d content::ContentMainRunnerImpl::Run(bool) /usr/local/google/code/chromium/src/content/app/content_main_runner_impl.cc:924:10 0000fa45 service_manager::Main(service_manager::MainParams const&) /usr/local/google/code/chromium/src/services/service_manager/embedder/main.cc:472:29 v------> content::JNI_ContentMain_Start(_JNIEnv*, base::android::JavaParamRef<_jclass*> const&, unsigned char) /usr/local/google/code/chromium/src/content/app/android/content_main.cc:53:10 00fd9577 Java_org_chromium_content_app_ContentMain_nativeStart /usr/local/google/code/chromium/src/out/Debug/gen/content/public/android/content_jni_headers/content/jni/ContentMain_jni.h:48:0
,
Aug 3
As I don't know well about XR, I don't see a tracing path for V8 GC. We have two GCs until the unified GC completes, we need to think about V8 GC (V8 reference graph) independent from Blink GC (Oilpan). > XRFrameProvider must be alive if we are processing mojo messages from it This doesn't make sense to me. You're talking about Blink objects and Blink reference graph. You're saying that Blink GC keeps a XRFrameProvider alive. It doesn't mean that V8 GC makes the object alive nor V8 GC traces the object's Trace method. We need to think of V8 GC. We need to think of V8 objects (including TraceWrapperV8Reference) and V8 reference graph. How XRFrameProvider::Trace is traceable from V8 GC? > However, we have a HeapVector<Member<XRSession>> on the stack (processing_sessions) This is not safe, because you cannot let V8 GC trace such sessions' Trace method. I see the same problem in XRFrameRequestCallbackCollection::ExecuteCallbacks, too. As you |Take| the callback out of CallbackMap, there is no way for V8 to trace the callback. https://cs.chromium.org/chromium/src/third_party/blink/renderer/modules/xr/xr_frame_request_callback_collection.cc?rcl=51c23e5a3a821d63278b751489bec0efc5afbffc&l=45
,
Aug 3
> We no-longer have separate trace vs. tracewrappers now Nothing has changed yet. When we had Trace and TraceWrappers methods, Blink GC traced through Trace method, and V8 GC traced through TraceWrappers method. Now, both of Blink GC and V8 GC trace through Trace method. That's all. It just means that Blink GC and V8 GC shares Trace method (as a preparation of the Unified GC), and there is no other major changes yet. We need to let V8 GC trace the necessary object graph (through Trace method) and let V8 GC find out all TraceWrapperV8Reference's. Note that "root reference set" for Blink GC and V8 GC are different. For example, blink::Persistent is a root reference for Blink GC, but it's not for V8 GC. v8::Persistent is a root reference for V8 GC (unless it's marked as a weak reference). Another example is that we're making the global object (e.g. Window) always alive (until the window gets closed or navigated away), so we can consider that the v8::Object for the global object is a (sort of) root reference for V8 GC. XRFrameRequestCallback::Trace must be traced by V8 GC, i.e. XRFrameRequestCallback::Trace must be traceable from a root reference of V8 GC.
,
Aug 6
taking this
,
Aug 6
Summarizing my understanding of the v8 and blink heaps at this point in time. There are 2 heaps - v8 and blink. These are each managed separately and garbage collected separately. If we have references between the two, the tracing can be shared - ie, we can trace v8 object -> wrappers -> blink object -> handles -> more v8 objects. If v8 traces like this, and determines that a v8 object isn't alive, it may be destroyed. However, the blink objects may still be alive because v8 and blink have different roots at the start of tracing. This means that blink objects pointing to v8 objects may silently have the v8 objects disappear out from under them if we have different roots for tracing. The current solution I'm thinking of makes XRSession an ActiveScriptWrappable, so it will be a v8 root when there are pending callbacks, so it will keep itself alive, along with other v8 objects it links to (directly or indirectly). If I didn't want to do this, perhaps I could override UnsetWrapperIfAny as a hint that the corresponding v8 wrapper object has been destroyed, and in that case we know not to touch v8 objects.
,
Aug 6
I have a fix for the wrapper tracing issues. Other things in the traces that don't look right: 1. Did not find frame, Client waiting on non-existent sync token 08-06 10:33:19.823 8573 8594 E FrameEvents: updateAcquireFence: Did not find frame. 08-06 10:33:19.829 8573 8594 E chromium: [ERROR:sync_point_manager.cc(248)] Client waiting on non-existent sync token 2. Occasionally I'm seeing a notification that the page isn't rendering and appears hung (ie - not submitting frames). This is probably related to the "Did not find frame". 3. DisplayScheduler::OnBeginFrameSourcePausedChanged NOT_IMPLEMENTED was hit 4. Occasionally seeing errors about non-monotonically increasing timestamps. 5. I'm seeing "Aw, Snap" a few seconds into each XR session. adb doesn't give me a stack currently, so I'm not sure what the issue is yet (this happens sometimes when a render process is killed instead of crashes).
,
Aug 7
Re #c5: > Summarizing my understanding of the v8 and blink heaps at this point in time. Your understanding is perfect, I think. Making XRSession (or something) an ActiveScriptWrappable is an option. Another options is to make XRSession traceable from Document that is a (sort of) root. I don't know well about WebXR, so I cannot tell what the best option would be. FYI (maybe you already knew), a major drawback of ActiveScriptWrappable is that ActiveScriptWrappable will be alive as a root reference as long as HasPendingActivity() returns true. This means that objects referenced from the ActiveScriptWrappable will not be collected as long as HasPendingActivity() returns true. We can easily make a memory leak. And note that the swap technique you mentioned before doesn't work because T::Trace does not trace any on-stack references. |callbacks_.Take(id)| in the following code doesn't work, too. https://cs.chromium.org/chromium/src/third_party/blink/renderer/modules/xr/xr_frame_request_callback_collection.cc?rcl=51c23e5a3a821d63278b751489bec0efc5afbffc&l=45
,
Aug 8
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/8bd14f4bfbe2addefc5f2f52ece0719a5210b656 commit 8bd14f4bfbe2addefc5f2f52ece0719a5210b656 Author: Bill Orr <billorr@chromium.org> Date: Wed Aug 08 10:21:56 2018 Fix a crash after exiting WebXR presentation XRSession has a collection of V8 callbacks that it will call for animation frame requests. These callbacks were detected as unreachable from V8's perspective, even though XRSession was alive from blink's perspective. The fix is to make XRSession an ActiveScriptWrappable, so it is a root object from V8's garbage collection while there are active callbacks. In discussion about this bug, it was pointed out that a couple places we keep objects on the stack might also cause V8's garbage collector to think wrappers are unreachable, so I now keep those objects alive with explcit traceable references. BUG= 870403 Cq-Include-Trybots: luci.chromium.try:win_optional_gpu_tests_rel Change-Id: I54cfda8597439c0a988acd918a1fcc6904cca340 Reviewed-on: https://chromium-review.googlesource.com/1166187 Commit-Queue: Bill Orr <billorr@chromium.org> Reviewed-by: Brandon Jones <bajones@chromium.org> Reviewed-by: Yuki Shiino <yukishiino@chromium.org> Cr-Commit-Position: refs/heads/master@{#581515} [modify] https://crrev.com/8bd14f4bfbe2addefc5f2f52ece0719a5210b656/third_party/blink/renderer/modules/xr/xr_frame_provider.cc [modify] https://crrev.com/8bd14f4bfbe2addefc5f2f52ece0719a5210b656/third_party/blink/renderer/modules/xr/xr_frame_provider.h [modify] https://crrev.com/8bd14f4bfbe2addefc5f2f52ece0719a5210b656/third_party/blink/renderer/modules/xr/xr_frame_request_callback_collection.cc [modify] https://crrev.com/8bd14f4bfbe2addefc5f2f52ece0719a5210b656/third_party/blink/renderer/modules/xr/xr_frame_request_callback_collection.h [modify] https://crrev.com/8bd14f4bfbe2addefc5f2f52ece0719a5210b656/third_party/blink/renderer/modules/xr/xr_session.cc [modify] https://crrev.com/8bd14f4bfbe2addefc5f2f52ece0719a5210b656/third_party/blink/renderer/modules/xr/xr_session.h [modify] https://crrev.com/8bd14f4bfbe2addefc5f2f52ece0719a5210b656/third_party/blink/renderer/modules/xr/xr_session.idl
,
Aug 8
,
Aug 13
Issue 866497 has been merged into this issue.
,
Aug 20
There's a new error with the same repro steps which looks related. Fatal error in ../../v8/src/api-inl.h, line 120 Debug check failed: allow_empty_handle || that != nullptr. Stack Trace: RELADDR FUNCTION FILE:LINE v------> std::__ndk1::unique_ptr<gin::V8Platform::TracingControllerImpl, std::__ndk1::default_delete<gin::V8Platform::TracingControllerImpl> >::get() const /usr/local/google/code/chromium/src/third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/memory:2519:19 00013999 gin::V8Platform::GetTracingController() /usr/local/google/code/chromium/src/gin/v8_platform.cc:410:0 00010513 V8_Fatal(char const*, int, char const*, ...) /usr/local/google/code/chromium/src/v8/src/base/logging.cc:171:3 00010343 std::__ndk1::enable_if<(!(std::is_function<std::__ndk1::remove_pointer<signed char>::type>::value)) && (has_output_operator<signed char>::value), void>::type v8::base::PrintCheckOperand<signed char>(std::__ndk1::basic_ostream<char, std::__ndk1::char_traits<char> >&, signed char) /usr/local/google/code/chromium/src/v8/src/base/logging.cc:86:1 0021074b v8::Object::HasRealNamedCallbackProperty(v8::Local<v8::Context>, v8::Local<v8::Name>) /usr/local/google/code/chromium/src/v8/src/counters.h:0:9 0044c271 WTF::Vector<blink::BluetoothLEScanFilterInit, 0u, blink::HeapAllocator>::ShrinkCapacity(unsigned int) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/wtf/vector.h:0:9 0044c3f3 blink::CanvasRenderingContext2DSettings::CanvasRenderingContext2DSettings() /usr/local/google/code/chromium/src/out/Debug/gen/third_party/blink/renderer/modules/canvas/canvas2d/canvas_rendering_context_2d_settings.cc:15:70 v------> blink::TransformationMatrix::SetMatrix(double, double, double, double, double, double, double, double, double, double, double, double, double, double, double, double) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/transforms/transformation_matrix.h:214:19 v------> blink::TransformationMatrix::TransformationMatrix(double, double, double, double, double, double, double, double, double, double, double, double, double, double, double, double) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/transforms/transformation_matrix.h:153:0 v------> std::__ndk1::__unique_if<blink::TransformationMatrix>::__unique_single std::__ndk1::make_unique<blink::TransformationMatrix, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&>(double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&, double&) /usr/local/google/code/chromium/src/third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/memory:3026:0 v------> blink::TransformationMatrix::Create(double, double, double, double, double, double, double, double, double, double, double, double, double, double, double, double) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/transforms/transformation_matrix.h:113:0 00634bcb blink::XRSession::UpdateInputSourceState(blink::XRInputSource*, mojo::StructPtr<device::mojom::blink::XRInputSourceState> const&) /usr/local/google/code/chromium/src/third_party/blink/renderer/modules/xr/xr_session.cc:687:0 006369a7 void WTF::Vector<blink::Member<blink::XRView>, 0u, blink::HeapAllocator>::AppendSlowCase<blink::XRView*>(blink::XRView*&&) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/wtf/vector.h:1776:3 v------> blink::GarbageCollected<blink::XRCanvasInputProvider>::AllocateObject(unsigned int, bool) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/heap/heap.h:521:12 00633905 blink::GarbageCollected<blink::XRCanvasInputProvider>::operator new(unsigned int) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/heap/heap.h:517:0 0063479d blink::XRSession::OnFrame(double, std::__ndk1::unique_ptr<blink::TransformationMatrix, std::__ndk1::default_delete<blink::TransformationMatrix> >, base::Optional<gpu::MailboxHolder> const&, base::Optional<gpu::MailboxHolder> const&, base::Optional<blink::IntSize> const&) /usr/local/google/code/chromium/src/third_party/blink/renderer/modules/xr/xr_session.cc:458:3 v------> base::AutoReset<bool>::AutoReset(bool*, bool) /usr/local/google/code/chromium/src/base/auto_reset.h:28:25 0063476d blink::XRSession::OnFrame(double, std::__ndk1::unique_ptr<blink::TransformationMatrix, std::__ndk1::default_delete<blink::TransformationMatrix> >, base::Optional<gpu::MailboxHolder> const&, base::Optional<gpu::MailboxHolder> const&, base::Optional<blink::IntSize> const&) /usr/local/google/code/chromium/src/third_party/blink/renderer/modules/xr/xr_session.cc:500:0 00496feb WTF::HashTable<char const*, WTF::KeyValuePair<char const*, blink::TraceWrapperMember<blink::Supplement<blink::LocalFrame> > >, WTF::KeyValuePairKeyExtractor, WTF::PtrHash<char const>, WTF::HashMapValueTraits<WTF::HashTraits<char const*>, WTF::HashTraits<blink::TraceWrapperMember<blink::Supplement<blink::LocalFrame> > > >, WTF::HashTraits<char const*>, blink::HeapAllocator>::ExpandBuffer(unsigned int, WTF::KeyValuePair<char const*, blink::TraceWrapperMember<blink::Supplement<blink::LocalFrame> > >*, bool&) /usr/local/google/code/chromium/src/third_party/blink/renderer/platform/wtf/hash_table.h:1710:3 004a78b7 blink::BluetoothRemoteGATTServer::operator new(unsigned int) /usr/local/google/code/chromium/src/third_party/blink/renderer/modules/bluetooth/bluetooth_remote_gatt_server.h:0:3 000cb64b base::circular_deque<base::RepeatingCallback<void ()> >::pop_back() /usr/local/google/code/chromium/src/base/containers/circular_deque.h:0:3 v------> trace_event_internal::ScopedTracer::Initialize(unsigned char const*, char const*, base::trace_event::TraceEventHandle) /usr/local/google/code/chromium/src/base/trace_event/trace_event.h:1118:13 000d3cbf base::debug::TaskAnnotator::WillQueueTask(char const*, base::PendingTask*) /usr/local/google/code/chromium/src/base/debug/task_annotator.cc:41:0 0010fc7d base::sequence_manager::internal::TaskQueueSelector::AllEnabledWorkQueuesAreEmpty() const /usr/local/google/code/chromium/src/base/task/sequence_manager/task_queue_selector.cc:385:3 000cb64b base::circular_deque<base::RepeatingCallback<void ()> >::pop_back() /usr/local/google/code/chromium/src/base/containers/circular_deque.h:0:3 v------> trace_event_internal::ScopedTracer::Initialize(unsigned char const*, char const*, base::trace_event::TraceEventHandle) /usr/local/google/code/chromium/src/base/trace_event/trace_event.h:1118:13 000d3cbf base::debug::TaskAnnotator::WillQueueTask(char const*, base::PendingTask*) /usr/local/google/code/chromium/src/base/debug/task_annotator.cc:41:0 000e46af base::MessageLoop::Run(bool) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:0:29 000e48b1 base::MessageLoop::RunTask(base::PendingTask*) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:433:23 000e4993 base::MessageLoop::RunTask(base::PendingTask*) /usr/local/google/code/chromium/src/base/trace_event/trace_event.h:0:24 000e67ff base::MessagePumpForUI::ScheduleDelayedWork(base::TimeTicks const&) /usr/local/google/code/chromium/src/base/message_loop/message_pump_android.cc:282:42 000e4485 base::MessageLoop::SetThreadTaskRunnerHandle() /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:403:63 v------> std::__ndk1::basic_ios<char, std::__ndk1::char_traits<char> >::init(std::__ndk1::basic_streambuf<char, std::__ndk1::char_traits<char> >*) /usr/local/google/code/chromium/src/third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/ios:691:12 v------> std::__ndk1::basic_ostream<char, std::__ndk1::char_traits<char> >::basic_ostream(std::__ndk1::basic_streambuf<char, std::__ndk1::char_traits<char> >*) /usr/local/google/code/chromium/src/third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/ostream:165:0 v------> std::__ndk1::basic_ostringstream<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >::basic_ostringstream(unsigned int) /usr/local/google/code/chromium/src/third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/sstream:782:0 000f9b67 std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> >* logging::MakeCheckOpString<double, double>(double const&, double const&, char const*) /usr/local/google/code/chromium/src/base/logging.h:734:0 00f7fc9b content::RenderWidget::DidAutoResize(gfx::Size const&) /usr/local/google/code/chromium/src/content/renderer/render_widget.cc:2386:41 00fc48ad mojo::StructPtr<data_decoder::mojom::AnimationFrame>::StructPtr(mojo::StructPtr<data_decoder::mojom::AnimationFrame>&&) /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/struct_ptr.h:47:34 0000e94d void base::internal::FunctorTraits<void (service_manager::EmbeddedInstanceManager::*)(), void>::Invoke<void (service_manager::EmbeddedInstanceManager::*)(), scoped_refptr<service_manager::EmbeddedInstanceManager> const&>(void (service_manager::EmbeddedInstanceManager::*)(), scoped_refptr<service_manager::EmbeddedInstanceManager> const&) /usr/local/google/code/chromium/src/base/bind_internal.h:516:14 v------> std::__ndk1::__compressed_pair_elem<data_decoder::mojom::ImageDecoder*, 0, false>::__compressed_pair_elem<data_decoder::mojom::ImageDecoder*, void>(data_decoder::mojom::ImageDecoder*&&) /usr/local/google/code/chromium/src/third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/memory:2050:9 v------> std::__ndk1::__compressed_pair<data_decoder::mojom::ImageDecoder*, std::__ndk1::default_delete<data_decoder::mojom::ImageDecoder> >::__compressed_pair<data_decoder::mojom::ImageDecoder*, std::__ndk1::default_delete<data_decoder::mojom::ImageDecoder> >(data_decoder::mojom::ImageDecoder*&&, std::__ndk1::default_delete<data_decoder::mojom::ImageDecoder>&&) /usr/local/google/code/chromium/src/third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/memory:2145:0 v------> std::__ndk1::unique_ptr<data_decoder::mojom::ImageDecoder, std::__ndk1::default_delete<data_decoder::mojom::ImageDecoder> >::unique_ptr(std::__ndk1::unique_ptr<data_decoder::mojom::ImageDecoder, std::__ndk1::default_delete<data_decoder::mojom::ImageDecoder> >&&) /usr/local/google/code/chromium/src/third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/memory:2389:0 00fc3fb7 mojo::StrongBinding<data_decoder::mojom::ImageDecoder>::Create(std::__ndk1::unique_ptr<data_decoder::mojom::ImageDecoder, std::__ndk1::default_delete<data_decoder::mojom::ImageDecoder> >, mojo::InterfaceRequest<data_decoder::mojom::ImageDecoder>) /usr/local/google/code/chromium/src/mojo/public/cpp/bindings/strong_binding.h:54:0
,
Oct 29
I'm unable to repro the latest report of this from acondor@. The stack has some weirdness to it that doesn't make sense - methods that don't call eachother are nested in the stack. Potentially this was stack corruption or bad symbols. Resolving as fixed due to the original issue - if we see similar crashes again we should file a new bug. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by billorr@chromium.org
, Aug 2