New issue
Advanced search Search tips

Issue 903663 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Nov 29
Cc:
tobiasjs@chromium.org
ntfschr@chromium.org
boliu@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug



Sign in to add a comment

Webview crash in Chrome_InProcGp thread when browsing canvas page.

Reported by perrywan...@gmail.com, Nov 9 
Steps to reproduce the problem:
Webview crash in Chrome_InProcGp thread when browsing canvas page.

Steps to reproduce the problem:
1. WebView open canvas page:https://n.molixiangce.com/index/index/play/share/p11908c567191612?ADTAG=share
2. Keep the page show about 10 minutes, webview crash. 

The crash is easy to appear from WebView m64 to m71.

The crash call stack is:
#00 pc 016a41ec gpu::gles2::(anonymous namespace)::NativeImageBufferEGL::IsClient(gl::GLImage*)(../../gpu/command_buffer/service/texture_definition.cc:238) + 0x0
#01 pc 01693f0d gpu::gles2::MailboxManagerSync::UpdateDefinitionLocked(gpu::TextureBase*, gpu::gles2::MailboxManagerSync::TextureGroupRef*)(../../gpu/command_buffer/service/mailbox_manager_sync.cc:470) + 0x3
#02 pc 01693fd3 gpu::gles2::MailboxManagerSync::PushTextureUpdates(gpu::SyncToken const&)(../../gpu/command_buffer/service/mailbox_manager_sync.cc:495) + 0x1
#03 pc 00a99299 gpu::CommandBufferStub::OnFenceSyncRelease(unsigned long long)(../../gpu/ipc/service/command_buffer_stub.cc:789) + 0x9
#04 pc 0164ba11 gpu::gles2::GLES2DecoderImpl::HandleInsertFenceSyncCHROMIUM(unsigned int, void const volatile*)(../../gpu/command_buffer/service/gles2_cmd_decoder.cc:16629) + 0x9
#05 pc 01655021 gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false>(unsigned int, void const volatile*, int, int*)(../../gpu/command_buffer/service/gles2_cmd_decoder.cc:5671) + 0x1

What is the expected behavior?

What went wrong?
WebView crash

Crashed report ID: 

How much crashed? Just one tab

Is it a problem with a plugin? No 

Did this work before? N/A 

Chrome version: 70.0.3538.77  Channel: stable
OS Version: os 7.1.1
Flash Version:

Comment 1 by perrywan...@gmail.com, Nov 9 

Sometimes crash call stack is like this:
#00 pc 003b32fe std::__ndk1::__hash_const_iterator<std::__ndk1::__hash_node<std::__ndk1::__hash_value_type<int, base::FilePath>, void*>*> std::__ndk1::__hash_table<std::__ndk1::__hash_value_type<int, base::FilePath>, std::__ndk1::__unordered_map_hasher<int, std::__ndk1::__hash_value_type<int, base::FilePath>, std::__ndk1::hash<int>, true>, std::__ndk1::__unordered_map_equal<int, std::__ndk1::__hash_value_type<int, base::FilePath>, std::__ndk1::equal_to<int>, true>, std::__ndk1::allocator<std::__ndk1::__hash_value_type<int, base::FilePath> > >::find<int>(int const&) const(../../third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/__hash_table:102) + 0x0
#01 pc 015f7bc9 gpu::gles2::TextureManager::GetTexture(unsigned int) const(../../third_party/android_ndk/sources/cxx-stl/llvm-libc++/include/unordered_map:1104) + 0x1
#02 pc 015be51b gpu::gles2::GLES2DecoderImpl::DoBindTexture(unsigned int, unsigned int)(../../gpu/command_buffer/service/gles2_cmd_decoder.cc:880) + 0x3
#03 pc 015a9331 gpu::gles2::GLES2DecoderImpl::HandleBindTexture(unsigned int, void const volatile*)(../../gpu/command_buffer/service/gles2_cmd_decoder_autogen.h:146) + 0x3
#04 pc 00325703 gpu::error::Error gpu::gles2::GLES2DecoderImpl::DoCommandsImpl<false>(unsigned int, void const volatile*, int, int*)(../../gpu/command_buffer/service/gles2_cmd_decoder.cc:5789) + 0x1
#05 pc 01593a83 gpu::CommandBufferService::Flush(int, gpu::AsyncAPIInterface*)(../../gpu/command_buffer/service/command_buffer_service.cc:90) + 0x9
#06 pc 00a39033 gpu::CommandBufferStub::OnAsyncFlush(int, unsigned int, bool)(../../gpu/ipc/service/command_buffer_stub.cc:666) + 0x3

Comment 2 by perrywan...@gmail.com, Nov 9 

The crash is related to GPU.
It happened on Qualcomm Adreno 5XX GPU.

My mobile phone is vivo xplay6, Android7.1.1, gpu is Adreno (TM) 530

Comment 3 by dtapu...@chromium.org, Nov 9

Components: Mobile>WebView

Comment 4 by chelamcherla@chromium.org, Nov 12

Labels: Needs-triage-Mobile

Comment 5 by ntfschr@chromium.org, Nov 29

Cc: ntfschr@chromium.org boliu@chromium.org tobiasjs@chromium.org
Labels: -Pri-2 Pri-3
boliu@ anything we can do for this GPU-specific bug?

Given this only crashes after 10 minutes of use on a single GPU, I think we can lower priority.

Comment 6 by boliu@chromium.org, Nov 29

Status: WontFix (was: Unconfirmed)
Tried that page on a pixel 1 for awhile without crash. This sort of thing generally suggests webview's memory got stomped by something else, which could be device- or app-specific.

Sign in to add a comment