svillar
commented
9 months ago This was the stack trace BTW
Stack Trace:
RELADDR FUNCTION FILE:LINE
00000000026cce24 _JNIEnv::CallVoidMethod(_jobject*, _jmethodID*, ...) ../../third_party/android_toolchain/ndk/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/include/jni.h:631:9
v------> web_contents_delegate_android::Java_WebContentsDelegateAndroid_loadingStateChanged(_JNIEnv*, base::android::JavaRef<_jobject*> const&, unsigned char) gen/jni_headers/components/embedder_support/android/web_contents_delegate_jni_headers/WebContentsDelegateAndroid_jni.h:446:29
0000000007317994 web_contents_delegate_android::WebContentsDelegateAndroid::LoadingStateChanged(content::WebContents*, bool) ../../components/embedder_support/android/delegate/web_contents_delegate_android.cc:145:3
0000000003918244 content::WebContentsImpl::LoadingStateChanged(content::LoadingState) ../../content/browser/web_contents/web_contents_impl.cc:7075:16
0000000003735554 content::FrameTree::NodeLoadingStateChanged(content::FrameTreeNode&, content::LoadingState) ../../content/browser/renderer_host/frame_tree.cc:927:14
0000000003737324 content::FrameTreeNode::DidStopLoading() ../../content/browser/renderer_host/frame_tree_node.cc:716:19
00000000037dcdd4 content::RenderFrameHostImpl::DidStopLoading() ../../content/browser/renderer_host/render_frame_host_impl.cc:8128:13
00000000032eab10 content::mojom::FrameHostStubDispatch::Accept(content::mojom::FrameHost*, mojo::Message*) gen/content/common/frame.mojom.cc:0:0
v------> mojo::InterfaceEndpointClient::HandleValidatedMessage(mojo::Message*) ../../mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:1016:54
0000000004c1f364 mojo::InterfaceEndpointClient::HandleIncomingMessageThunk::Accept(mojo::Message*) ../../mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:363:18
0000000004c23394 mojo::MessageDispatcher::Accept(mojo::Message*) ../../mojo/public/cpp/bindings/lib/message_dispatcher.cc:48:24
0000000004c204fc mojo::InterfaceEndpointClient::HandleIncomingMessage(mojo::Message*) ../../mojo/public/cpp/bindings/lib/interface_endpoint_client.cc:701:20
0000000004ead2a4 IPC::(anonymous namespace)::ChannelAssociatedGroupController::AcceptOnEndpointThread(mojo::Message) ../../ipc/ipc_mojo_bootstrap.cc:1075:24
v------> void base::internal::FunctorTraits<void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*)(mojo::Message), void>::Invoke<void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*)(mojo::Message), scoped_refptr<mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy>, mojo::Message>(void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*)(mojo::Message), scoped_refptr<mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy>&&, mojo::Message&&) ../../base/functional/bind_internal.h:713:12
v------> void base::internal::InvokeHelper<false, void, 0ul, 1ul>::MakeItSo<void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*)(mojo::Message), std::__Cr::tuple<scoped_refptr<mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy>, mojo::Message>>(void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*&&)(mojo::Message), std::__Cr::tuple<scoped_refptr<mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy>, mojo::Message>&&) ../../base/functional/bind_internal.h:868:12
v------> void base::internal::Invoker<base::internal::BindState<void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*)(mojo::Message), scoped_refptr<mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy>, mojo::Message>, void ()>::RunImpl<void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*)(mojo::Message), std::__Cr::tuple<scoped_refptr<mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy>, mojo::Message>, 0ul, 1ul>(void (mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy::*&&)(mojo::Message), std::__Cr::tuple<scoped_refptr<mojo::(anonymous namespace)::ThreadSafeInterfaceEndpointClientProxy>, mojo::Message>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul>) ../../base/functional/bind_internal.h:968:12
0000000004c21a60 base::internal::Invoker<base::internal::BindState<void (IPC::(anonymous namespace)::ChannelAssociatedGroupController::*)(mojo::Message), scoped_refptr<IPC::(anonymous namespace)::ChannelAssociatedGroupController>, mojo::Message>, void ()>::RunOnce(base::internal::BindStateBase*) ../../base/functional/bind_internal.h:919:12
v------> base::OnceCallback<void ()>::Run() && ../../base/functional/callback.h:152:12
0000000004970168 base::TaskAnnotator::RunTaskImpl(base::PendingTask&) ../../base/task/common/task_annotator.cc:201:34
0000000004985fa4 void base::TaskAnnotator::RunTask<base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::$_3>(perfetto::StaticString, base::PendingTask&, base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::$_3&&) ../../base/task/common/task_annotator.h:89:5
v------> base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*) ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:480:23
0000000004985b54 base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork() ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:345:41
00000000049bcfec base::MessagePumpForUI::DoNonDelayedLooperWork(bool) ../../base/message_loop/message_pump_android.cc:186:33
00000000049bcf94 base::MessagePumpForUI::OnNonDelayedLooperCallback() ../../base/message_loop/message_pump_android.cc:172:3
00000000049bcc14 base::(anonymous namespace)::NonDelayedLooperCallback(int, int, void*) ../../base/message_loop/message_pump_android.cc:43:9
This fixes a crash that we started to observe in Quest3 devices after upgrading to M118. This null check is present in almost all the WebContentsDelegateAndroid methods but not in the LoadingStateChanged. Perhaps it's a precondition of the call and we're hitting a bug in some untested code path.