Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

133.0.6943.60 crash #1814

Open
5 tasks done
onslaught86 opened this issue Feb 12, 2025 · 18 comments
Open
5 tasks done

133.0.6943.60 crash #1814

onslaught86 opened this issue Feb 12, 2025 · 18 comments
Labels
crash

Comments

@onslaught86
Copy link

onslaught86 commented Feb 12, 2025
edited
Loading

Preliminary checklist

  • I have read the README.
  • I have searched the existing issues for my problem. This is a new ticket, NOT a duplicate or related to another open issue.
  • I have read the FAQs.
  • I have updated Cromite to the latest version. The bug is reproducible on this latest version.
  • This is a bug report about the Cromite browser; not the website nor F-Droid nor anything else.

Can the bug be reproduced with corresponding Chromium version?

No

Are you sure?

Yes

Cromite version

133.0.6943.60

Device architecture

arm64-v8a

Platform version

Android 15

Android Device model

Samsung Galaxy S24 Ultra

Is the device rooted?

No

Changed flags

#android-bottom-toolbar#android-open-pdf-inline#darken-websites-checkbox-in-themes-setting#enable-smart-zoom#enable-quic
There may be more, however I cannot confirm as cromite crashes on launch.

Is this bug happening ONLY in an incognito tab?

No

Is this bug caused by the adblocker?

No

Is this bug a crash?

Logcat filtered by error:

ConnectivityService: RemoteException caught trying to send a callback msg for NetworkRequest [LISTEN id=3555, [ Capabilities: INTERNET& NOT_RESTRICTED&TRUSTED&FORE GROUND&NOT_VCN_MANAGED&N OT_BANDWIDTH_CONSTRAINED Forbidden: LOCAL_NETWORK Uid: 10551 RequestorUid: 10551 RequestorPkg: org.chromium.chrome UnderlyingNetworks: Null

Verbose logcat:

11:39
on
Log-2025-02-12_23-35-23
? 02-12 23:35:25.562 14008 14008
---12 Feb 2025 11:35:23 pm--.
D ConnectivityManager: StackLog: [android.net.ConnectivityManager.sendRequestFo rNetwork(ConnectivityManager.java:4692)] [androi d.net.ConnectivityManager.registerDefaultNetwor kCallbackForUid(ConnectivityManager.java:5381)] [android.net.ConnectivityManager.registerDefaultN etworkCallback(ConnectivityManager.java:5348)] [RQ0.c(chromium-ChromePublic.apk-stable-69430 6004:42)] [lm1.r(chromium-ChromePublic.apk-s
D
table-694306004:7)] [Im1.b(chromium-ChromeP ublic.apk-stable-694306004:7)] [SQ0.(chro mium-ChromePublic.apk-stable-694306004:109)] [org.chromium.net.NetworkChangeNotifier.setAut oDetectConnectivity State(chromium-ChromePublic .apk-stable-694306004:29)] [ng1.run(chromium-Chr omePublic.apk-stable-694306004:200)] [rx.run(chro mium-ChromePublic.apk-stable-694306004:52)]
02-12 23:35:25.562 2530 6404 D ConnectivityService: requestNetwork for uid/pid:10337/14008 activeRequest: null callbackRequest: 3418 [NetworkRequest [ REQUEST id=3419, [ Capabilities:
D
INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VC N_MANAGED&NOT_BANDWIDTH_CONSTRAINED Uid: 10337 RequestorUid: 10337 RequestorPkg: org.cromite.cromite UnderlyingNetworks: Null]] callback flags: 0 order: 2147483647 isUidTracked false declaredMethods: ALL
02-12 23:35:25.562 2530 3456 D ConnectivityService: accepting network in place of null for NetworkRequest [REQUEST id=3419,[ Capabilities:
D
INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VC N_MANAGED&NOT_BANDWIDTH_CONSTRAINED Uid: 10337 RequestorUid: 10337 RequestorPkg: org.cromite.cromite UnderlyingNetworks: Null]]
02-12 23:35:25.562 14008 14008
D ConnectivityManager: StackLog:
[android.net.ConnectivityManager.sendReques tForNetwork[ConnectivityManager.java:4692)] [android.net.ConnectivityManager.sendReque stForNetwork/(ConnectivityManager.java:4859)] [android.net.ConnectivityManager.registerNet workCallback(ConnectivityManager.java:5241)]
D
[RQ0.c(chromium-ChromePublic.apk-stable-6943 06004:84)] [Im1.r(chromium-ChromePublic.apk- stable-694306004:7)] [Im1.b(chromium-Chrome Public.apk-stable-694306004:7)] [SQ0.(chro nium-ChromePublic.apk-stable-694306004:109)] [org.chromium.net.NetworkChangeNotifier.setAut DetectConnectivityState(chromium-ChromePublic apk-stable-694306004;29)] [ng1-.run(chromium-Chr omePublic.apk-stable-694306004:200)] [rx.run(chro mium-ChromePublic.apk-stable-694306004:52)]
D
02-12 23:35:25.563 2530 3456 D
ConnectivityService: Rematched networks [computed 0ms] [applied 1ms] lissued 0]
D
02-12 23:35:25.563 2530 3456 D ConnectivityService: NetworkReassignment:
D
02-12 23:35:25.563 2530 3456 D Connectivity Service: 3419:null->120
D
02-12 23:35:25.564 2530 3456 D
Connectivity Service: Rematched networks [computed Oms| [applied 1ms] issued 0]
D
02-12 23:35:25.564 2530 3456 D ConnectivityService: NetworkReassignment:no changes
02-12 23:35:25.920 2530 3456 D
Connectivity Service: releasing NetworkRequest [ REQUEST id=3419,[ Capabilities
D
INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VC N_MANAGED&NOT_BANDWIDTH_CONSTRAINED Uid: 10337 RequestorUid: 10337 RequestorPkg: org.cromite.cromite UnderlyingNetworks: Nullj] (release request)
02-12 23:35:25.921 2530 3456D
D ConnectivityService: Removing from current network [120 WIFIl), leaving 193 requests,
?
--12 Feb 2025 11:35:28 pm --"

Describe the bug

Hi master uazo,

Humbly requesting your help to diagnose this strange crash on Galaxy S24 Ultra. Upon upgrading from 132.0.6834.163 to 133.0.6943.60, cromite crashes instantly on launch. Please see attached verbose logcat.

This does not occur on 133.0.6943.60 on 2x other handsets, Pixel 7 Pro (Android 15) or ASUS ROG Phone 7 (Android 13). As no others have reported the crash, it may not be widespread.

I would love to test Vanilla Chromium 133.0.6943.60, however this build does not appear to have been uploaded yet. I can confirm the crash does not occur on Vanilla Chromium 132.0.6834.163.

Many thanks for your hard work on this wonderful project.

Steps to reproduce the bug

Upgrade from 132.0.6834.163 to 133.0.6943.60. Launch cromite.

Expected behavior

Cromite should not crash.

Screenshots

No response
@uazo
Copy link
Owner

uazo commented Feb 12, 2025
edited
Loading

I am rewriting your stacklog here because it is a bit illegible:

StackLog: 
[android.net.ConnectivityManager.sendRequestForNetwork(ConnectivityManager.java:4692)] 
[android.net.ConnectivityManager.registerDefaultNetworkCallbackForUid(ConnectivityManager.java:5381)] 
[android.net.ConnectivityManager.registerDefaultNetworkCallback(ConnectivityManager.java:5348)] 
[RQ0.c(chromium-ChromePublic.apk-stable-694306004:42)]
[lm1.r(chromium-ChromePublic.apk-stable-694306004:7)]
[Im1.b(chromium-ChromePublic.apk-stable-694306004:7)] 
[SQ0.<init>(chro mium-ChromePublic.apk-stable-694306004:109)]
[org.chromium.net.NetworkChangeNotifier.setAutoDetectConnectivityState(chromium-ChromePublic.apk-stable-694306004:29)]
[ng1.run(chromium-ChromePublic.apk-stable-694306004:200)]
[rx.run(chromium-ChromePublic.apk-stable-694306004:52)] 

StackLog:
[android.net.ConnectivityManager.sendRequestForNetwork(ConnectivityManager.java:4692)]
[android.net.ConnectivityManager.sendRequestForNetwork(ConnectivityManager.java:4859)]
[android.net.ConnectivityManager.registerNetworkCallback(ConnectivityManager.java:5241)] 
[RQ0.c(chromium-ChromePublic.apk-stable-694306004:84)]
[Im1.r(chromium-ChromePublic.apk-stable-694306004:7)]
[Im1.b(chromium-ChromePublic.apk-stable-694306004:7)]
[SQ0.<init>(chronium-ChromePublic.apk-stable-694306004:109)]
[org.chromium.net.NetworkChangeNotifier.setAutoDetectConnectivityState(chromium-ChromePublic apk-stable-694306004;29)]
[ng1-.run(chromium-ChromePublic.apk-stable-694306004:200)]
[rx.run(chro mium-ChromePublic.apk-stable-694306004:52)]

@uazo uazo added the crash label Feb 12, 2025
@uazo
Copy link
Owner

uazo commented Feb 12, 2025

[android.net.ConnectivityManager.sendRequestForNetwork(ConnectivityManager.java:4692)]

the first strange thing, which android distribution are you using?

@uazo
Copy link
Owner

uazo commented Feb 12, 2025

RequestorUid: 10551 RequestorPkg: org.chromium.chrome

and this second one: why org.chromium.chrome ?

@uazo uazo added the awaiting info Further information is requested label Feb 12, 2025
@uazo
Copy link
Owner

uazo commented Feb 12, 2025

[RQ0.c(chromium-ChromePublic.apk-stable-694306004:42)]

and there is also a third one: why chromium-ChromePublic.apk ?

@onslaught86
Copy link
Author

[android.net.ConnectivityManager.sendRequestForNetwork(ConnectivityManager.java:4692)]

the first strange thing, which android distribution are you using?

One UI 7, Android 15. Currently in beta for S24 series, in stable for S25 series. I will test on S25 next week.

I can confirm Chrome 133.0.6943.49 behaves as expected.

I am rewriting your stacklog here because it is a bit illegible:

Thank you.

@uazo
Copy link
Owner

uazo commented Feb 12, 2025

it is not cromite.
can you prove it to me? where did you download it from?

@onslaught86
Copy link
Author

it is not cromite. can you prove it to me? where did you download it from?

From github via the internal update mechanism, as usual. An in-place upgrade from 132 to 133, it could not be anything else or the signatures would not match.

I submit this screen recording, please let me know anything else that may be useful.

Screen_Recording_20250213_015754_One.UI.Home.mp4

@uazo
Copy link
Owner

uazo commented Feb 12, 2025

call stack:

at android.net.ConnectivityManager.sendRequestForNetwork(ConnectivityManager.java:4692)
at android.net.ConnectivityManager.registerDefaultNetworkCallbackForUid(ConnectivityManager.java:5381)
at android.net.ConnectivityManager.registerDefaultNetworkCallback(ConnectivityManager.java:5348)
at org.chromium.net.NetworkChangeNotifierAutoDetect$ConnectivityManagerDelegate.registerDefaultNetworkCallback(NetworkChangeNotifierAutoDetect.java:449)
at org.chromium.net.NetworkChangeNotifierAutoDetect.register(NetworkChangeNotifierAutoDetect.java:1169)
at org.chromium.net.NetworkChangeNotifierAutoDetect$RegistrationPolicy.register(NetworkChangeNotifierAutoDetect.java:931)
at org.chromium.chrome.browser.tab.RedirectHandlerTabHelper.r(RedirectHandlerTabHelper.java:7)
at org.chromium.net.RegistrationPolicyApplicationStatus.init(RegistrationPolicyApplicationStatus.java:22)
at org.chromium.net.NetworkChangeNotifierAutoDetect.<init>(NetworkChangeNotifierAutoDetect.java:1091)
at org.chromium.net.NetworkChangeNotifier.setAutoDetectConnectivityStateInternal(NetworkChangeNotifier.java:221)
at org.chromium.net.NetworkChangeNotifier.setAutoDetectConnectivityStateInternal(NetworkChangeNotifier.java:208)
at org.chromium.net.NetworkChangeNotifier.setAutoDetectConnectivityState(NetworkChangeNotifier.java:169)
at org.chromium.chrome.browser.init.ProcessInitializationHandler.initNetworkChangeNotifier(ProcessInitializationHandler.java:514)
at org.chromium.base.task.ChainedTasks$1.run(ChainedTasks.java:52)

at android.net.ConnectivityManager.sendRequestForNetwork(ConnectivityManager.java:4692)
at android.net.ConnectivityManager.sendRequestForNetwork(ConnectivityManager.java:4859)
at android.net.ConnectivityManager.registerNetworkCallback(ConnectivityManager.java:5241)
at org.chromium.net.NetworkChangeNotifierAutoDetect$ConnectivityManagerDelegate.registerNetworkCallback(NetworkChangeNotifierAutoDetect.java:435)
at org.chromium.net.NetworkChangeNotifierAutoDetect.register(NetworkChangeNotifierAutoDetect.java:1195)
at org.chromium.net.NetworkChangeNotifierAutoDetect$RegistrationPolicy.register(NetworkChangeNotifierAutoDetect.java:931)
at org.chromium.net.RegistrationPolicyApplicationStatus.onApplicationStateChange(RegistrationPolicyApplicationStatus.java:39)
at org.chromium.net.RegistrationPolicyApplicationStatus.init(RegistrationPolicyApplicationStatus.java:22)
at org.chromium.net.NetworkChangeNotifierAutoDetect.<init>(NetworkChangeNotifierAutoDetect.java:1091)
at org.chromium.net.NetworkChangeNotifier.setAutoDetectConnectivityState(NetworkChangeNotifier.java)
at ng1-.run(chromium-ChromePublic.apk-stable-694306004:200)
at org.chromium.base.task.ChainedTasks$1.run(ChainedTasks.java:52)

@uazo
Copy link
Owner

uazo commented Feb 12, 2025

I submit this screen recording, please let me know anything else that may be useful.

thanks!

Image

ConnectivityService: RemoteException caught trying to send a callback msg for NetworkRequest [LISTEN id=3555, [ Capabilities: INTERNET& NOT_RESTRICTED&TRUSTED&FORE GROUND&NOT_VCN_MANAGED&N OT_BANDWIDTH_CONSTRAINED Forbidden: LOCAL_NETWORK Uid: 10551 RequestorUid: 10551 RequestorPkg: org.chromium.chrome UnderlyingNetworks: Null

so, where did you get org.chromium.chrome from?

as soon as https://github.com/uazo/cromite/actions/runs/13281053139 finishes I'll look at it.

@uazo uazo removed the awaiting info Further information is requested label Feb 12, 2025
@onslaught86
Copy link
Author

onslaught86 commented Feb 12, 2025
edited by uazo
Loading

so, where did you get org.chromium.chrome from?

This will be Vanilla Chromium 132, also from cromite github.

Log for cromite 133:

Details

Image

vs. log for Vanilla Chromium 132:

Details

Image

as soon as https://github.com/uazo/cromite/actions/runs/13281053139 finishes I'll look at it.

Many thanks 👍

@uazo
Copy link
Owner

uazo commented Feb 12, 2025

you know i don't think that's the bug?
What I think is that it is the ConnectivityService log that tries to contact cromite again but fails because it has crashed.

From what I can see, you have a rooted device: could you check whether you have any files in ‘/data/tombstones’? If so, could you send them to me?

@onslaught86
Copy link
Author

you know i don't think that's the bug? What I think is that it is the ConnectivityService log that tries to contact cromite again but fails because it has crashed.

From what I can see, you have a rooted device: could you check whether you have any files in ‘/data/tombstones’? If so, could you send them to me?

My device is not rooted, however I was able to recover the tombstones via adb bugreport.

tombstone_31.zip

@uazo
Copy link
Owner

uazo commented Feb 12, 2025

perfect! just as I thought.

at first glance it looks like a UAF.

Build fingerprint: 'samsung/e3qxxx/e3q:15/AP3A.240905.015.A2/S928BXXU4ZXLJ:user/release-keys'
Revision: '13'
pid: 19523, tid: 19523, name: cromite.cromite  >>> org.cromite.cromite <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000000008

Stack Trace:
  RELADDR   FUNCTION                                                                          FILE:LINE                                                                                                                                        v------>  scoped_refptr<base::internal::WeakReference::Flag const>::scoped_refptr<base::internal::WeakReference::Flag>(scoped_refptr<T> const&)  ../../base/memory/scoped_refptr.h:260:62
  v------>  base::internal::WeakReference::WeakReference(scoped_refptr<base::internal::WeakReference::Flag> const&)  ../../base/memory/weak_ptr.cc:60:65
  00000000052aba48  base::internal::WeakReferenceOwner::GetRef() const                                ../../base/memory/weak_ptr.cc:97:10
  00000000064f8de4  base::WeakPtrFactory<translate::TranslateAgent>::GetWeakPtr() requires !std::is_const_v<T>  ../../base/memory/weak_ptr.h:386:45
  000000000897916c  segmentation_platform::home_modules::RankFetcherHelper::GetHomeModulesRank(segmentation_platform::SegmentationPlatformService*, segmentation_platform::PredictionOptions const&, scoped_refptr<segmentation_platform::Inp
utContext>, base::OnceCallback<void (segmentation_platform::ClassificationResult const&)>)  ../../components/segmentation_platform/embedder/home_modules/rank_fetcher_helper.cc:65:40
  v------>  JNI_HomeModulesRankingHelper_GetClassificationResult(_JNIEnv*, Profile*, jni_zero::JavaParamRef<_jobject*> const&, jni_zero::JavaParamRef<_jobject*> const&, jni_zero::JavaParamRef<_jobject*> const&)  ../../chrome/browser/segm
entation_platform/android/home_modules_ranking_helper.cc:62:40
  v------>  Muxed_org_chromium_chrome_browser_segmentation_1platform_client_1util_HomeModulesRankingHelper_getClassificationResult  gen/jni_headers/chrome/browser/segmentation_platform/client_util_jni_headers/HomeModulesRankingHelper_jni
.h:32:3
  00000000020bae8c  Java_J_N__1V_1OOOO                                                                gen/jni_headers/chrome/android/libchrome__jni_registration_generated.cc:17064:14
  000000000037f970  art_quick_generic_jni_trampoline+144) (BuildId: d062c9de79838c0ddb9d758595062c10  /apex/com.android.art/lib64/libart.so
  0000000000784408  nterp_helper+152) (BuildId: d062c9de79838c0ddb9d758595062c10                      /apex/com.android.art/lib64/libart.so
  00000000002b8cb8  Jk0.i+260                                                                         /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007852c4  nterp_helper+3924) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  00000000003383e4  uR0.m+232                                                                         /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007852c4  nterp_helper+3924) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  0000000000337afe  uR0.<init>+3006                                                                   /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007859c8  nterp_helper+5720) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  0000000000437620  JY1.c+1468                                                                        /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007860e4  nterp_helper+7540) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  0000000000532c26  org.chromium.chrome.browser.tab.TabImpl.o0+98                                     /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007852c4  nterp_helper+3924) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  000000000053244a  org.chromium.chrome.browser.tab.TabImpl.l+198                                     /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007852c4  nterp_helper+3924) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so                                                                                                    00000000001fe830  rC.j+1348                                                                         /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007859c8  nterp_helper+5720) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  00000000001fe252  rC.b+14                                                                           /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007852c4  nterp_helper+3924) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  00000000004282f8  kV1.l+616                                                                         /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007852c4  nterp_helper+3924) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  00000000004283fa  kV1.m+38                                                                          /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007852c4  nterp_helper+3924) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  0000000000422fa8  PT1.d+260                                                                         /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007852c4  nterp_helper+3924) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  00000000004da15e  org.chromium.chrome.browser.ChromeTabbedActivity.e0+694                           /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  0000000000786190  nterp_helper+7712) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  00000000001f5126  sA.run+130                                                                        /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  00000000007860e4  nterp_helper+7540) (BuildId: d062c9de79838c0ddb9d758595062c10                     /apex/com.android.art/lib64/libart.so
  00000000001e5f86  rx.run+102                                                                        /data/app/~~FNvRFUAHeQcqS1ADtJSm3w==/org.cromite.cromite-yRHXDBaT-BGI1ggOXdVzjQ==/oat/arm64/base.vdex
  0000000000369174  art_quick_invoke_stub+612) (BuildId: d062c9de79838c0ddb9d758595062c10             /apex/com.android.art/lib64/libart.so
  0000000000367b04  art::JValue art::InvokeVirtualOrInterfaceWithVarArgs<art::ArtMethod*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, art::ArtMethod*, std::__va_list)+812) (BuildId: d062c9de79838c0ddb9d758595062c10  /apex/c
om.android.art/lib64/libart.so
  000000000072eccc  art::JNI<false>::CallVoidMethodV(_JNIEnv*, _jobject*, _jmethodID*, std::__va_list)+192) (BuildId: d062c9de79838c0ddb9d758595062c10  /apex/com.android.art/lib64/libart.so
  00000000065e86c4  _JNIEnv::CallVoidMethod(_jobject*, _jmethodID*, ...)                              ../../third_party/android_toolchain/ndk/toolchains/llvm/prebuilt/linux-x86_64/sysroot/usr/include/jni.h:631:9
  v------>  JNI_Runnable::Java_Runnable_run(_JNIEnv*, jni_zero::JavaRef<_jobject*> const&)    gen/jni_headers/base/android_runtime_jni_headers/Runnable_jni.h:39:8
  00000000046b3838  base::(anonymous namespace)::RunJavaTask(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&)  ../../base/android/task_scheduler/tas
k_runner_android.cc:47:3
  v------>  void base::internal::DecayedFunctorTraits<void (*)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), jni_zero::ScopedJavaGlobalRef<_jobj
ect*>&&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>&&>::Invoke<void (*)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocat
or<char>> const&), jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>>(void (*&&)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std:
:__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), jni_zero::ScopedJavaGlobalRef<_jobject*>&&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>&&)  ../../base/functional/bind_internal.h:
662:12
  v------>  void base::internal::InvokeHelper<false, base::internal::FunctorTraits<void (*&&)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), jni_
zero::ScopedJavaGlobalRef<_jobject*>&&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>&&>, void, 0ul, 1ul>::MakeItSo<void (*)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char
, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), std::__Cr::tuple<jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>>>(void (*&&)(jni_zero
::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), std::__Cr::tuple<jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_t
raits<char>, std::__Cr::allocator<char>>>&&)  ../../base/functional/bind_internal.h:921:12
  v------>  void base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), jni_zero::Scoped
JavaGlobalRef<_jobject*>&&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>&&>, base::internal::BindState<false, true, false, void (*)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>>, void ()>::RunImpl<void (*)(j
ni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), std::__Cr::tuple<jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr:
:char_traits<char>, std::__Cr::allocator<char>>>, 0ul, 1ul>(void (*&&)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), std::__Cr::tuple<jni_zero::
ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>>&&, std::__Cr::integer_sequence<unsigned long, 0ul, 1ul>)  ../../base/functional/bind_internal.h:1058:14
  00000000046b3bac  base::internal::Invoker<base::internal::FunctorTraits<void (*&&)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), jni_zero::Sco
pedJavaGlobalRef<_jobject*>&&, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>&&>, base::internal::BindState<false, true, false, void (*)(jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_
string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>> const&), jni_zero::ScopedJavaGlobalRef<_jobject*>, std::__Cr::basic_string<char, std::__Cr::char_traits<char>, std::__Cr::allocator<char>>>, void ()>::RunOnce(base::i
nternal::BindStateBase*)  ../../base/functional/bind_internal.h:971:12
  v------>  base::OnceCallback<void ()>::Run() &&                                             ../../base/functional/callback.h:156:12
  v------>  base::TaskAnnotator::RunTaskImpl(base::PendingTask&)                              ../../base/task/common/task_annotator.cc:210:34
  v------>  void base::TaskAnnotator::RunTask<base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::$_3>(perfetto::StaticString, base::PendingTask&, base::sequence_manager::internal::ThreadCon
trollerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)::$_3&&)  ../../base/task/common/task_annotator.h:106:5
  v------>  base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWorkImpl(base::LazyNow*)  ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:472:23
  v------>  base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()   ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:332:40
  0000000004eff0c8  non-virtual thunk to base::sequence_manager::internal::ThreadControllerWithMessagePumpImpl::DoWork()  ../../base/task/sequence_manager/thread_controller_with_message_pump_impl.cc:0:0
  v------>  base::MessagePumpAndroid::DoNonDelayedLooperWork(bool)                            ../../base/message_loop/message_pump_android.cc:456:33
  v------>  base::MessagePumpAndroid::OnNonDelayedLooperCallback()                            ../../base/message_loop/message_pump_android.cc:441:3
  0000000004f01af4  base::(anonymous namespace)::NonDelayedLooperCallback(int, int, void*)            ../../base/message_loop/message_pump_android.cc:65:9
  00000000000140d8  android::Looper::pollInner(int)+1236) (BuildId: e8ca185081b63aac9283ca5771684e59  /system/lib64/libutils.so
  0000000000013ba0  android::Looper::pollOnce(int, int*, int*, void**)+124) (BuildId: e8ca185081b63aac9283ca5771684e59  /system/lib64/libutils.so
  000000000019a434  android::android_os_MessageQueue_nativePollOnce(_JNIEnv*, _jobject*, long, int)+48) (BuildId: 26367d521dbbd353ec2545d950362618  /system/lib64/libandroid_runtime.so
  000000000020ce80  art_jni_trampoline+112) (BuildId: 4af0344fbfa62096930d02f214671ade30c6600d        /system/framework/arm64/boot-framework.oat
  000000000054e790  android.os.MessageQueue.next+256) (BuildId: 4af0344fbfa62096930d02f214671ade30c6600d  /system/framework/arm64/boot-framework.oat
  000000000054be28  android.os.Looper.loopOnce+88) (BuildId: 4af0344fbfa62096930d02f214671ade30c6600d  /system/framework/arm64/boot-framework.oat
  000000000054bd54  android.os.Looper.loop+244) (BuildId: 4af0344fbfa62096930d02f214671ade30c6600d    /system/framework/arm64/boot-framework.oat                                                                                               00000000003195ac  android.app.ActivityThread.main+1644) (BuildId: 4af0344fbfa62096930d02f214671ade30c6600d  /system/framework/arm64/boot-framework.oat
  0000000000369440  art_quick_invoke_static_stub+640) (BuildId: d062c9de79838c0ddb9d758595062c10      /apex/com.android.art/lib64/libart.so
  0000000000364e90  _jobject* art::InvokeMethod<(art::PointerSize)8>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jobject*, _jobject*, unsigned long)+732) (BuildId: d062c9de79838c0ddb9d758595062c10  /apex/com.android.art/li
b64/libart.so
  00000000006cc044  art::Method_invoke(_JNIEnv*, _jobject*, _jobject*, _jobjectArray*) (.__uniq.165753521025965369065708152063621506277)+32) (BuildId: d062c9de79838c0ddb9d758595062c10  /apex/com.android.art/lib64/libart.so
  00000000000a2114  art_jni_trampoline+116) (BuildId: bab19d7ed251632bef354975d0d6e01616532777        /system/framework/arm64/boot.oat
  00000000008447b4  com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run+116) (BuildId: 4af0344fbfa62096930d02f214671ade30c6600d  /system/framework/arm64/boot-framework.oat
  000000000084da5c  com.android.internal.os.ZygoteInit.main+3132) (BuildId: 4af0344fbfa62096930d02f214671ade30c6600d  /system/framework/arm64/boot-framework.oat
  0000000000369440  art_quick_invoke_static_stub+640) (BuildId: d062c9de79838c0ddb9d758595062c10      /apex/com.android.art/lib64/libart.so
  0000000000354908  art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+204) (BuildId: d062c9de79838c0ddb9d758595062c10  /apex/com.android.art/lib64/libart.so
  00000000003528bc  art::JValue art::InvokeWithVarArgs<_jmethodID*>(art::ScopedObjectAccessAlreadyRunnable const&, _jobject*, _jmethodID*, std::__va_list)+512) (BuildId: d062c9de79838c0ddb9d758595062c10  /apex/com.android.art/lib64/libar
t.so
  0000000000740fb8  art::JNI<true>::CallStaticVoidMethodV(_JNIEnv*, _jclass*, _jmethodID*, std::__va_list)+104) (BuildId: d062c9de79838c0ddb9d758595062c10  /apex/com.android.art/lib64/libart.so
  00000000000e142c  _JNIEnv::CallStaticVoidMethod(_jclass*, _jmethodID*, ...)+108) (BuildId: 26367d521dbbd353ec2545d950362618  /system/lib64/libandroid_runtime.so
  00000000000f732c  android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+928) (BuildId: 26367d521dbbd353ec2545d950362618  /system/lib64/libandroid_runtime.so
  00000000000045c8  main+1288) (BuildId: e9e9dd5710619044bf719e0aab7eb551                             /system/bin/app_process64
  00000000000599ac  __libc_init+120) (BuildId: a7d3435cebd777f0dc1a07c5e7386036                       /apex/com.android.runtime/lib64/bionic/libc.so

@uazo
Copy link
Owner

uazo commented Feb 13, 2025
edited
Loading

I checked the crash log, that piece of code should not even enter since the kSegmentationPlatformFeature flag is deactivated.
unfortunately I have to ask you to reset the cromite storage, or uninstall and reinstall it, you will lose everything, sorry, but I need to understand the result.

This seems to be what happens:

std::unique_ptr<KeyedService>
SegmentationPlatformServiceFactory::BuildServiceInstanceForBrowserContext(
    content::BrowserContext* context) const {
  if (context->IsOffTheRecord())
    return nullptr;

  if (!base::FeatureList::IsEnabled(features::kSegmentationPlatformFeature))
    return std::make_unique<DummySegmentationPlatformService>();         <----- it must go here

  Profile* profile = Profile::FromBrowserContext(context);
  OptimizationGuideKeyedService* optimization_guide =
      OptimizationGuideKeyedServiceFactory::GetForProfile(profile);
  sync_sessions::SessionSyncService* session_sync_service =
      SessionSyncServiceFactory::GetForProfile(profile);
  auto tab_fetcher = std::make_unique<processing::LocalTabHandler>(
      session_sync_service, profile);
  auto home_modules_card_registry =
      std::make_unique<home_modules::HomeModulesCardRegistry>(
          profile->GetPrefs());                                          <--- instead you pass by here

if you can't lose your data, let me know so we can try another way.

EDIT: did you by any chance enable the ‘enable-magic-stack-android’ flag?

@onslaught86
Copy link
Author

if you can't lose your data, let me know so we can try another way.

If it is possible to try another way first, i would like to do so, at least to extract the latest bookmarks. e.g. by downgrading with ADB.

EDIT: did you by any chance enable the ‘enable-magic-stack-android’ flag?

This flag seems enabled by default in Vanilla Chromium 132.0.6834.163, disabled by default on cromite 133.0.6943.49. If ADB downgrade is successful I can check this.

@uazo
Copy link
Owner

uazo commented Feb 14, 2025
edited
Loading

If it is possible to try another way first

yes, I can create an ad-hoc release with some additional logs and check.
I am concerned that, for some reason, static ctors are not instantiated (excuse the technicality).

However, one thing I do not understand:

what is that?
Image

theoretically in android an application cannot see the logcat of another application, that's why I thought you had a rooted device

This flag seems enabled by default in Vanilla Chromium

yes, like many others, all google experiments, some good, some better to avoid. for that I don't recommend using it, I only need it for testing.

@drogga
Copy link

drogga commented Feb 14, 2025
edited
Loading

uazo - v133.0.6943.60 in Windows Sandbox (modern hardware) the Screen_Recording_20250213_015754_One.UI.Home.mp4 video attached above can't be played with Cromite it seems, Edge, Chrome, ungoogled-chromium, Thorium_AVX2 all can play it.

what is that? theoretically in android an application cannot see the logcat of another application, that's why I thought you had a rooted device

With a command like the following to read logs adb shell pm grant PACKAGE.NAME.of.LogCat.App android.permission.READ_LOGS apps like LogFox or LogCat Extreme like here (the floating window is from it) can read them, but this is harder since A.12, because the permission gets revoked after time/reboot.

onslaught86 - I suppose you can't downgrade on your A.15, since Google changed/crippled the behavior in A.14 and now unless you installed before with a rollback parameter/attribute, you can't downgrade (-d param/attrib), only if the package is debuggable (should be explicitly set in the manifest).

@shenzero123
Copy link

Hello @uazo
Previous version is 132.x, cromite still use normal but when i update to lastest version(133.0.6943.60) it crashed.
And i dont know why...i swear i almost had not fucked up so much on chrome://flags, it just some flags like dark mode and bottom toolbar!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crash
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@uazo @drogga @onslaught86 @shenzero123