Native crash on Android using Chromium 90
334 views
Skip to first unread message
JJ
May 21, 2021, 3:10:08 AM5/21/21
to Chromium-dev
Hey devs,
we are seeing a crash in our Android browser app which uses Chromium 90.0.4430.96. In the Google Play Console it only shows as "abort". It certainly is a native crash and it exclusively happens on Android 11 devices. We symbolized the stack traces we got in the Play Store, but even with these information we can't identify the root cause to be able to fix it. Unfortunately we cannot use crash pad, which I now would give us more insights. Maybe the stack trace looks familiar to one of you and you can give us a hint. The only useful information I can see is, that it seems to have something to do with media playback. But we cannot reproduce it at all.
Stack Trace:
RELADDR FUNCTION FILE:LINE
000000000004e750 abort+164 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000000042910 scudo::die()+8 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000000042f8c scudo::ScopedErrorReport::~ScopedErrorReport()+32 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
00000000000431c0 scudo::reportInvalidChunkState(scudo::AllocatorAction, void*)+76 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
00000000000445f0 scudo::Allocator<scudo::AndroidConfig, &(scudo_malloc_postinit)>::deallocate(void*, scudo::Chunk::Origin, unsigned long, unsigned long)+332 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> std::__1::__tuple_leaf<0ul, base::WeakPtr<media::DecoderSelector<(media::DemuxerStream::Type)1> >, false>::~__tuple_leaf() ../../buildtools/third_party/libc++/trunk/include/tuple:181:7
v------> std::__1::tuple<base::WeakPtr<media::DecoderSelector<(media::DemuxerStream::Type)1> > >::~tuple() ../../buildtools/third_party/libc++/trunk/include/tuple:477:28
v------> base::internal::BindState<void (media::DecoderSelector<(media::DemuxerStream::Type)1>::*)(media::Status), base::WeakPtr<media::DecoderSelector<(media::DemuxerStream::Type)1> > >::~BindState() ../../base/bind_internal.h:907:24
000000000180ac3c base::internal::BindState<performance_manager::policies::TabLoadingFrameNavigationPolicy::StopThrottlingExpiredPages()::$_2, base::internal::UnretainedWrapper<performance_manager::policies::TabLoadingFrameNavigationPolicy::MechanismDelegate>, performance_manager::WebContentsProxy>::Destroy(base::internal::BindStateBase const*) ../../base/bind_internal.h:910:5
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> base::internal::BindStateBaseRefCountTraits::Destruct(base::internal::BindStateBase const*) ../../base/callback_internal.cc:30:3
v------> base::RefCountedThreadSafe<base::internal::BindStateBase, base::internal::BindStateBaseRefCountTraits>::Release() const ../../base/memory/ref_counted.h:400:7
v------> scoped_refptr<base::internal::BindStateBase>::Release(base::internal::BindStateBase*) ../../base/memory/scoped_refptr.h:322:8
v------> scoped_refptr<base::internal::BindStateBase>::~scoped_refptr() ../../base/memory/scoped_refptr.h:224:7
v------> base::internal::CallbackBase::~CallbackBase() ../../base/callback_internal.cc:85:29
v------> base::PendingTask::~PendingTask() ../../base/pending_task.cc:23:27
v------> base::sequence_manager::Task::~Task() ../../base/task/sequence_manager/tasks.cc:34:13
v------> base::sequence_manager::internal::LazilyDeallocatedDeque<base::sequence_manager::Task, &(base::subtle::TimeTicksNowIgnoringOverride())>::Ring::pop_front() ../../base/task/sequence_manager/lazily_deallocated_deque.h:276:28
v------> base::sequence_manager::internal::LazilyDeallocatedDeque<base::sequence_manager::Task, &(base::subtle::TimeTicksNowIgnoringOverride())>::pop_front() ../../base/task/sequence_manager/lazily_deallocated_deque.h:155:12
0000000002e5c31c base::sequence_manager::internal::WorkQueue::RemoveAllCanceledTasksFromFront() ../../base/task/sequence_manager/work_queue.cc:230:12
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> base::sequence_manager::internal::SequenceManagerImpl::SelectNextTaskImpl(base::sequence_manager::internal::SequencedTaskSource::SelectTaskOption) ../../base/task/sequence_manager/sequence_manager_impl.cc:613:9
0000000002e4dc64 base::sequence_manager::internal::SequenceManagerImpl::SelectNextTask(base::sequence_manager::internal::SequencedTaskSource::SelectTaskOption) ../../base/task/sequence_manager/sequence_manager_impl.cc:511:16
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow*) ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:331:41
0000000002e59f00 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:268:36
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002ea04b0 base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ../../base/message_loop/message_pump_libevent.cc:209:55
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002e5a880 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:477:12
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002e37518 base::RunLoop::Run() ../../base/run_loop.cc:124:14
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002e71754 base::Thread::ThreadMain() ../../base/threading/thread.cc:382:3
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002e88b80 base::(anonymous namespace)::ThreadFunc(void*) ../../base/threading/platform_thread_posix.cc:87:13
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
00000000000b0228 __pthread_start(void*)+64 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
000000000005070c __start_thread+64 /apex/com.android.runtime/lib64/bionic/libc.so
RELADDR FUNCTION FILE:LINE
000000000004e750 abort+164 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000000042910 scudo::die()+8 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000000042f8c scudo::ScopedErrorReport::~ScopedErrorReport()+32 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
00000000000431c0 scudo::reportInvalidChunkState(scudo::AllocatorAction, void*)+76 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
00000000000445f0 scudo::Allocator<scudo::AndroidConfig, &(scudo_malloc_postinit)>::deallocate(void*, scudo::Chunk::Origin, unsigned long, unsigned long)+332 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> std::__1::__tuple_leaf<0ul, base::WeakPtr<media::DecoderSelector<(media::DemuxerStream::Type)1> >, false>::~__tuple_leaf() ../../buildtools/third_party/libc++/trunk/include/tuple:181:7
v------> std::__1::tuple<base::WeakPtr<media::DecoderSelector<(media::DemuxerStream::Type)1> > >::~tuple() ../../buildtools/third_party/libc++/trunk/include/tuple:477:28
v------> base::internal::BindState<void (media::DecoderSelector<(media::DemuxerStream::Type)1>::*)(media::Status), base::WeakPtr<media::DecoderSelector<(media::DemuxerStream::Type)1> > >::~BindState() ../../base/bind_internal.h:907:24
000000000180ac3c base::internal::BindState<performance_manager::policies::TabLoadingFrameNavigationPolicy::StopThrottlingExpiredPages()::$_2, base::internal::UnretainedWrapper<performance_manager::policies::TabLoadingFrameNavigationPolicy::MechanismDelegate>, performance_manager::WebContentsProxy>::Destroy(base::internal::BindStateBase const*) ../../base/bind_internal.h:910:5
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> base::internal::BindStateBaseRefCountTraits::Destruct(base::internal::BindStateBase const*) ../../base/callback_internal.cc:30:3
v------> base::RefCountedThreadSafe<base::internal::BindStateBase, base::internal::BindStateBaseRefCountTraits>::Release() const ../../base/memory/ref_counted.h:400:7
v------> scoped_refptr<base::internal::BindStateBase>::Release(base::internal::BindStateBase*) ../../base/memory/scoped_refptr.h:322:8
v------> scoped_refptr<base::internal::BindStateBase>::~scoped_refptr() ../../base/memory/scoped_refptr.h:224:7
v------> base::internal::CallbackBase::~CallbackBase() ../../base/callback_internal.cc:85:29
v------> base::PendingTask::~PendingTask() ../../base/pending_task.cc:23:27
v------> base::sequence_manager::Task::~Task() ../../base/task/sequence_manager/tasks.cc:34:13
v------> base::sequence_manager::internal::LazilyDeallocatedDeque<base::sequence_manager::Task, &(base::subtle::TimeTicksNowIgnoringOverride())>::Ring::pop_front() ../../base/task/sequence_manager/lazily_deallocated_deque.h:276:28
v------> base::sequence_manager::internal::LazilyDeallocatedDeque<base::sequence_manager::Task, &(base::subtle::TimeTicksNowIgnoringOverride())>::pop_front() ../../base/task/sequence_manager/lazily_deallocated_deque.h:155:12
0000000002e5c31c base::sequence_manager::internal::WorkQueue::RemoveAllCanceledTasksFromFront() ../../base/task/sequence_manager/work_queue.cc:230:12
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> base::sequence_manager::internal::SequenceManagerImpl::SelectNextTaskImpl(base::sequence_manager::internal::SequencedTaskSource::SelectTaskOption) ../../base/task/sequence_manager/sequence_manager_impl.cc:613:9
0000000002e4dc64 base::sequence_manager::internal::SequenceManagerImpl::SelectNextTask(base::sequence_manager::internal::SequencedTaskSource::SelectTaskOption) ../../base/task/sequence_manager/sequence_manager_impl.cc:511:16
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
v------> base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::sequence_manager::LazyNow*) ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:331:41
0000000002e59f00 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:268:36
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002ea04b0 base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) ../../base/message_loop/message_pump_libevent.cc:209:55
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002e5a880 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::Run(bool, base::TimeDelta) ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:477:12
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002e37518 base::RunLoop::Run() ../../base/run_loop.cc:124:14
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002e71754 base::Thread::ThreadMain() ../../base/threading/thread.cc:382:3
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
0000000002e88b80 base::(anonymous namespace)::ThreadFunc(void*) ../../base/threading/platform_thread_posix.cc:87:13
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
00000000000b0228 __pthread_start(void*)+64 /apex/com.android.runtime/lib64/bionic/libc.so
-----------------------------------------------------
Stack Trace:
RELADDR FUNCTION FILE:LINE
000000000005070c __start_thread+64 /apex/com.android.runtime/lib64/bionic/libc.so
Diego
May 27, 2021, 2:28:43 PM5/27/21
to Chromium-dev, JJ
This stacktrace might also be related to the above:
backtrace:
#00 pc 000000000004ef24 /apex/com.android.runtime/lib64/bionic/libc.so (abort+164)
#00 pc 000000000001c034 /system/lib64/libaaudio_internal.so (__cfi_check_fail+32)
#00 pc 000000000001e660 /system/lib64/libaaudio_internal.so (__cfi_check+5728)
#00 pc 00000000000242b0 /system/lib64/libaaudio_internal.so (aaudio::AudioStreamLegacy::onAudioDeviceUpdate(int)+872)
#00 pc 0000000000083580 /system/lib64/libaudioclient.so (android::AudioTrack::onAudioDeviceUpdate(int, int)+316)
#00 pc 000000000006ccec /system/lib64/libaudioclient.so (android::AudioSystem::AudioFlingerClient::ioConfigChanged(android::audio_io_config_event, android::sp<android::AudioIoDescriptor> const&)+3488)
#00 pc 00000000000a83ec /system/lib64/libaudioclient.so (android::BnAudioFlingerClient::onTransact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+548)
#00 pc 000000000004a834 /system/lib64/libbinder.so (android::BBinder::transact(unsigned int, android::Parcel const&, android::Parcel*, unsigned int)+232)
#00 pc 0000000000053ab4 /system/lib64/libbinder.so (android::IPCThreadState::executeCommand(int)+700)
#00 pc 0000000000053748 /system/lib64/libbinder.so (android::IPCThreadState::getAndExecuteCommand()+156)
#00 pc 0000000000054304 /system/lib64/libbinder.so (android::IPCThreadState::joinThreadPool(bool)+116)
#00 pc 000000000007cdf4 /system/lib64/libbinder.so (android::PoolThread::threadLoop()+400)
#00 pc 000000000001553c /system/lib64/libutils.so (android::Thread::_threadLoop(void*)+320)
#00 pc 00000000000a48a8 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::javaThreadShell(void*)+144)
#00 pc 0000000000014db0 /system/lib64/libutils.so (thread_data_t::trampoline(thread_data_t const*)+408)
#00 pc 00000000000b6234 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+64)
#00 pc 0000000000050e64 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64)
Reply all
Reply to author
Forward
0 new messages