Issue metadata
Sign in to add a comment
|
Crash after closing WebVR experiment |
||||||||||||||||||||||||||||
Issue descriptionChrome Version: ToT OS: Android What steps will reproduce the problem? (1) Go to https://experiments.withgoogle.com/collection/webvr (2) Place phone on Daydream View (3) Click on "Launch Experiment" on KONTERBALL. This opens in a new tab. (4) Click back button What is the expected result? Chrome gets back to Experiments page What happens instead? Crashes Searching for native crashes in: /tmp/crash Reading Android symbols from: /usr/local/google/code/chromium/src Searching for Chrome symbols from within: /usr/local/google/code/chromium/src/out/Debug/lib.unstripped:/usr/local/google/code/chromium/src/out/Debug Find ABI:arm [FATAL:jni_android.cc(249)] Please include Java exception stack in crash report Stack Trace: RELADDR FUNCTION FILE:LINE 000d8c3f logging::LogMessage::~LogMessage() /usr/local/google/code/chromium/src/base/logging.cc:599:29 00143beb base::android::CheckException(_JNIEnv*) /usr/local/google/code/chromium/src/base/android/jni_android.cc:249:3 v------> jni_generator::CheckException(_JNIEnv*) /usr/local/google/code/chromium/src/base/android/jni_generator/jni_generator_helper.h:51:3 v------> vr::Java_VrShell_navigateBack(_JNIEnv*, base::android::JavaRef<_jobject*> const&) /usr/local/google/code/chromium/src/out/Debug/gen/chrome/browser/android/vr/vr_jni_headers/vr/jni/VrShell_jni.h:740:0 013ea44b vr::VrShell::NavigateBack() /usr/local/google/code/chromium/src/chrome/browser/android/vr/vr_shell.cc:356:0 000c3cfd base::OnceCallback<void ()>::Run() && /usr/local/google/code/chromium/src/base/callback.h:99:12 000cce3f base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) /usr/local/google/code/chromium/src/base/debug/task_annotator.cc:101:33 000de9c5 base::MessageLoop::RunTask(base::PendingTask*) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:434:46 000deb9d base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:445:5 000dec87 base::MessageLoop::DoWork() /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:517:16 000e0713 base::MessagePumpForUI::OnNonDelayedLooperCallback() /usr/local/google/code/chromium/src/base/message_loop/message_pump_android.cc:165:37 000e0567 base::(anonymous namespace)::NonDelayedLooperCallback(int, int, void*) /usr/local/google/code/chromium/src/base/message_loop/message_pump_android.cc:70:9 000104b5 <UNKNOWN> /system/lib/libutils.so 000101e3 <UNKNOWN> /system/lib/libutils.so 000a3ed3 <UNKNOWN> /system/lib/libandroid_runtime.so Java stderr from crashing pid (may identify underlying Java exception): java.lang.AssertionError: Neither key nor object of UserDataHost can be null at org.chromium.base.UserDataHost.setUserData(UserDataHost.java:73) at org.chromium.chrome.browser.tab.TabRedirectHandler.swapFor(TabRedirectHandler.java:93) at org.chromium.chrome.browser.vr.VrShell.restoreTabFromVR(VrShell.java:504) at org.chromium.chrome.browser.vr.VrShell.swapToTab(VrShell.java:461) at org.chromium.chrome.browser.vr.VrShell.swapToForegroundTab(VrShell.java:455) at org.chromium.chrome.browser.vr.VrShell.access$900(VrShell.java:74) at org.chromium.chrome.browser.vr.VrShell$3.onChange(VrShell.java:282) at org.chromium.chrome.browser.tabmodel.TabModelSelectorBase.notifyChanged(TabModelSelectorBase.java:232) at org.chromium.chrome.browser.tabmodel.TabModelSelectorImpl.notifyChanged(TabModelSelectorImpl.java:422) at org.chromium.chrome.browser.tabmodel.TabModelSelectorBase$1.didSelectTab(TabModelSelectorBase.java:55) at org.chromium.chrome.browser.tabmodel.TabModelImpl.setIndex(TabModelImpl.java:484) at org.chromium.chrome.browser.tabmodel.TabModelImpl.removeTabAndSelectNext(TabModelImpl.java:565) at org.chromium.chrome.browser.tabmodel.TabModelImpl.startTabClosure(TabModelImpl.java:524) at org.chromium.chrome.browser.tabmodel.TabModelImpl.closeTab(TabModelImpl.java:362) at org.chromium.chrome.browser.tabmodel.TabModelImpl.closeTab(TabModelImpl.java:337) at org.chromium.chrome.browser.ChromeTabbedActivity.handleBackPressed(ChromeTabbedActivity.java:1834) at org.chromium.chrome.browser.vr.VrShell.navigateBack(VrShell.java:1033) at android.os.MessageQueue.nativePollOnce(Native Method) at android.os.MessageQueue.next(MessageQueue.java:325) at android.os.Looper.loop(Looper.java:142) at android.app.ActivityThread.main(ActivityThread.java:6633) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.Zygote$MethodAndArgsCaller.run(Zygote.java:240) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:772) ----------------------------------------------------- pid: 26935, tid: 26935, name: chromium.chrome >>> org.chromium.chrome <<< signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr -------- [FATAL:jni_android.cc(249)] Please include Java exception stack in crash report Stack Trace: RELADDR FUNCTION FILE:LINE 000d8c3f logging::LogMessage::~LogMessage() /usr/local/google/code/chromium/src/base/logging.cc:599:29 00143beb base::android::CheckException(_JNIEnv*) /usr/local/google/code/chromium/src/base/android/jni_android.cc:249:3 v------> jni_generator::CheckException(_JNIEnv*) /usr/local/google/code/chromium/src/base/android/jni_generator/jni_generator_helper.h:51:3 v------> vr::Java_VrShell_navigateBack(_JNIEnv*, base::android::JavaRef<_jobject*> const&) /usr/local/google/code/chromium/src/out/Debug/gen/chrome/browser/android/vr/vr_jni_headers/vr/jni/VrShell_jni.h:740:0 013ea44b vr::VrShell::NavigateBack() /usr/local/google/code/chromium/src/chrome/browser/android/vr/vr_shell.cc:356:0 000c3cfd base::OnceCallback<void ()>::Run() && /usr/local/google/code/chromium/src/base/callback.h:99:12 Java stderr from crashing pid (may identify underlying Java exception): java.lang.AssertionError: Neither key nor object of UserDataHost can be null at org.chromium.base.UserDataHost.setUserData(UserDataHost.java:73) at org.chromium.chrome.browser.tab.TabRedirectHandler.swapFor(TabRedirectHandler.java:93) at org.chromium.chrome.browser.vr.VrShell.restoreTabFromVR(VrShell.java:504) at org.chromium.chrome.browser.vr.VrShell.swapToTab(VrShell.java:461) at org.chromium.chrome.browser.vr.VrShell.swapToForegroundTab(VrShell.java:455) at org.chromium.chrome.browser.vr.VrShell.access$900(VrShell.java:74) at org.chromium.chrome.browser.vr.VrShell$3.onChange(VrShell.java:282) at org.chromium.chrome.browser.tabmodel.TabModelSelectorBase.notifyChanged(TabModelSelectorBase.java:232) at org.chromium.chrome.browser.tabmodel.TabModelSelectorImpl.notifyChanged(TabModelSelectorImpl.java:422) at org.chromium.chrome.browser.tabmodel.TabModelSelectorBase$1.didSelectTab(TabModelSelectorBase.java:55) at org.chromium.chrome.browser.tabmodel.TabModelImpl.setIndex(TabModelImpl.java:484) at org.chromium.chrome.browser.tabmodel.TabModelImpl.removeTabAndSelectNext(TabModelImpl.java:565) at org.chromium.chrome.browser.tabmodel.TabModelImpl.startTabClosure(TabModelImpl.java:524) at org.chromium.chrome.browser.tabmodel.TabModelImpl.closeTab(TabModelImpl.java:362) at org.chromium.chrome.browser.tabmodel.TabModelImpl.closeTab(TabModelImpl.java:337) at org.chromium.chrome.browser.ChromeTabbedActivity.handleBackPressed(ChromeTabbedActivity.java:1834) at org.chromium.chrome.browser.vr.VrShell.navigateBack(VrShell.java:1033) at android.os.MessageQueue.nativePollOnce(Native Method) at android.os.MessageQueue.next(MessageQueue.java:325) at android.os.Looper.loop(Looper.java:142) at android.app.ActivityThread.main(ActivityThread.java:6633) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.Zygote$MethodAndArgsCaller.run(Zygote.java:240) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:772) ----------------------------------------------------- r0 00000000 r1 00006937 r2 00000006 r3 00000008 r4 00006937 r5 00006937 r6 ffafe62c r7 0000010c r8 00000000 r9 ffafeabc sl ffafeab8 fp ffafe685 ip cf3b00ac sp ffafe618 lr eb87ce6b pc eb8766bc Stack Trace: RELADDR FUNCTION FILE:LINE 0001a6bc <UNKNOWN> /system/lib/libc.so v------> base::debug::(anonymous namespace)::DebugBreak() /usr/local/google/code/chromium/src/base/debug/debugger_posix.cc:229:5 001367b9 base::debug::BreakDebugger() /usr/local/google/code/chromium/src/base/debug/debugger_posix.cc:263:0 000d8e3d logging::LogMessage::~LogMessage() /usr/local/google/code/chromium/src/base/logging.cc:865:7 00143be9 base::android::CheckException(_JNIEnv*) /usr/local/google/code/chromium/src/base/android/jni_android.cc:249:3 v------> jni_generator::CheckException(_JNIEnv*) /usr/local/google/code/chromium/src/base/android/jni_generator/jni_generator_helper.h:51:3 v------> vr::Java_VrShell_navigateBack(_JNIEnv*, base::android::JavaRef<_jobject*> const&) /usr/local/google/code/chromium/src/out/Debug/gen/chrome/browser/android/vr/vr_jni_headers/vr/jni/VrShell_jni.h:740:0 013ea449 vr::VrShell::NavigateBack() /usr/local/google/code/chromium/src/chrome/browser/android/vr/vr_shell.cc:356:0 000c3cfd base::OnceCallback<void ()>::Run() && /usr/local/google/code/chromium/src/base/callback.h:99:12 000cce3d base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) /usr/local/google/code/chromium/src/base/debug/task_annotator.cc:101:33 000de9c3 base::MessageLoop::RunTask(base::PendingTask*) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:434:46 000deb9b base::MessageLoop::DeferOrRunPendingTask(base::PendingTask) /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:445:5 000dec85 base::MessageLoop::DoWork() /usr/local/google/code/chromium/src/base/message_loop/message_loop.cc:517:16 000e0713 base::MessagePumpForUI::OnNonDelayedLooperCallback() /usr/local/google/code/chromium/src/base/message_loop/message_pump_android.cc:165:37 000e0565 base::(anonymous namespace)::NonDelayedLooperCallback(int, int, void*) /usr/local/google/code/chromium/src/base/message_loop/message_pump_android.cc:70:9 000104b5 <UNKNOWN> /system/lib/libutils.so 000101e1 <UNKNOWN> /system/lib/libutils.so 000b4ed1 <UNKNOWN> /system/lib/libandroid_runtime.so 0073f16d <UNKNOWN> /system/framework/arm/boot-framework.oat 000055ad <UNKNOWN> /dev/ashmem/dalvik-jit-code-cache
,
Sep 11
,
Sep 11
Reverting this CL seems to solve the issue https://crrev.com/c/1201630 jinsukkim, any ideas?
,
Sep 11
I found that when we initialize the newly opened tab for VR, we swap the TabRedirectHandler. The old one that we receive and store is null (VrShell.java at l=497). Is this expected? If so, I suppose that there should be a conditional on TabRedirectHelper that allows swapping to a null handler again.
,
Sep 11
,
Sep 11
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/ac0ae92c17dfb83b8b1e2d87e5d0b94b84e59f46 commit ac0ae92c17dfb83b8b1e2d87e5d0b94b84e59f46 Author: Jinsuk Kim <jinsukkim@chromium.org> Date: Tue Sep 11 21:51:18 2018 Android: Fix VR crash TabRedirectHandler can be null when swapped out for VR mode change, for which it should not be put into UserDataHost when restored. This CL adds the missing null check to prevent crash upon exiting VR mode. Bug: 882977 Change-Id: I67f740eceffb2ad2acde12501d142583a10d052b Reviewed-on: https://chromium-review.googlesource.com/1220407 Reviewed-by: Ted Choc <tedchoc@chromium.org> Commit-Queue: Jinsuk Kim <jinsukkim@chromium.org> Cr-Commit-Position: refs/heads/master@{#590493} [modify] https://crrev.com/ac0ae92c17dfb83b8b1e2d87e5d0b94b84e59f46/chrome/android/java/src/org/chromium/chrome/browser/tab/TabRedirectHandler.java
,
Sep 12
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c5fea20cd37cfcc3571c572fa4dd73f0bc509e98 commit c5fea20cd37cfcc3571c572fa4dd73f0bc509e98 Author: Jinsuk Kim <jinsukkim@chromium.org> Date: Wed Sep 12 11:20:39 2018 Android: Set TabRedirectHandler.swapFor() right The entry in UserDataHost should be removed if a new object to set is null in TabRedirectHandler.swapFor(Tab, TabRedirectHandler). It should have been addressed in https://crrev.com/c/1220407 but left out by mistake. This CL handles it by calling |UserDataHost.removeUserData|. Bug: 882977 Change-Id: If9dc31df668cede3a1571061b028f1c36bd30dad Reviewed-on: https://chromium-review.googlesource.com/1220247 Reviewed-by: Ted Choc <tedchoc@chromium.org> Commit-Queue: Jinsuk Kim <jinsukkim@chromium.org> Cr-Commit-Position: refs/heads/master@{#590644} [modify] https://crrev.com/c5fea20cd37cfcc3571c572fa4dd73f0bc509e98/chrome/android/java/src/org/chromium/chrome/browser/tab/TabRedirectHandler.java
,
Sep 12
I tested in Canary this morning. Everything seems fine in the VR side.
,
Sep 18
|
|||||||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||||||
Comment 1 by mthiesse@chromium.org
, Sep 11