Closed Bug 1085461 Opened 10 years ago Closed 10 years ago

crash in nsAString_internal::BeginReading(nsReadingIterator<char16_t>&) const

Categories

(Firefox for Android Graveyard :: General, defect)

All
Android
defect
Not set
critical

Tracking

(firefox34 unaffected, firefox35+ verified, firefox36+ verified, fennec35+)

VERIFIED DUPLICATE of bug 1083425
Tracking Status
firefox34 --- unaffected
firefox35 + verified
firefox36 + verified
fennec 35+ ---

People

(Reporter: u279076, Unassigned)

Details

(Keywords: crash, regression, topcrash-android-armv7)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-ebf3c368-5643-4d03-a20d-26b062141017.
=============================================================
0 	libxul.so 	nsAString_internal::BeginReading(nsReadingIterator<char16_t>&) const 	xpcom/string/nsTSubstring.h
1 	libxul.so 	AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&, mozilla::fallible_t const&) 	xpcom/string/nsReadableUtils.cpp
2 	libxul.so 	AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&) 	xpcom/string/nsReadableUtils.cpp
3 	libxul.so 	mozilla::dom::WebSocketImpl::GetName(nsACString_internal&) 	content/base/src/WebSocket.cpp
4 	libxul.so 	nsLoadGroup::Cancel(tag_nsresult) 	netwerk/base/src/nsLoadGroup.cpp
5 	libxul.so 	nsDocLoader::Stop() 	uriloader/base/nsDocLoader.cpp
6 	libxul.so 	nsDocShell::Stop(unsigned int) 	docshell/base/nsDocShell.cpp
7 	libxul.so 	nsDocShell::InternalLoad(nsIURI*, nsIURI*, nsISupports*, unsigned int, char16_t const*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, unsigned int, nsISHEntry*, bool, nsAString_internal const&, nsIDocShell*, nsIURI*, nsIDocShell**, nsIRequest**) 	docshell/base/nsDocShell.cpp
8 	libxul.so 	nsDocShell::OnLinkClickSync(nsIContent*, nsIURI*, char16_t const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, nsIDocShell**, nsIRequest**) 	docshell/base/nsDocShell.cpp
9 	libxul.so 	OnLinkClickEvent::Run() 	docshell/base/nsDocShell.cpp
10 	libxul.so 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
11 	libxul.so 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
12 	libxul.so 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
13 	libxul.so 	MessageLoop::RunInternal() 	ipc/chromium/src/base/message_loop.cc
14 	libxul.so 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
15 	libxul.so 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
16 	libxul.so 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
17 	libxul.so 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
18 	libxul.so 	XREMain::XRE_main(int, char**, nsXREAppData const*) 	toolkit/xre/nsAppRunner.cpp
19 	libxul.so 	XRE_main 	toolkit/xre/nsAppRunner.cpp
20 	libxul.so 	GeckoStart 	toolkit/xre/nsAndroidStartup.cpp
21 	libmozglue.so 	Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun 	mozglue/android/APKOpen.cpp
Ø 22 	libdvm.so 	libdvm.so@0x1ea12 	
Ø 23 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x4ef816 	
Ø 24 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 25 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 26 	libdvm.so 	libdvm.so@0x4f6d1 	
Ø 27 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x4ef814 	
28 	libmozglue.so 	report_mapping 	mozglue/android/APKOpen.cpp
29 	libmozglue.so 	report_mapping 	mozglue/android/APKOpen.cpp
30 		@0x721dca46 	
Ø 31 	libdvm.so 	libdvm.so@0x512e1 	
Ø 32 	libdvm.so 	libdvm.so@0xb22c6 	
Ø 33 	dalvik-aux-structure (deleted) 	dalvik-aux-structure (deleted)@0x17196 	
Ø 34 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 35 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x4e7dde 	
Ø 36 	libdvm.so 	libdvm.so@0xb22c6 	
Ø 37 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x4e7dde 	
Ø 38 	libdvm.so 	libdvm.so@0x749e7 	
Ø 39 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602f2 	
Ø 40 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 41 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602de 	
Ø 42 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 43 	libdvm.so 	libdvm.so@0x6d659 	
Ø 44 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 45 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0xdb79e 	
Ø 46 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 47 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 48 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x6ffffe 	
Ø 49 	libdvm.so 	libdvm.so@0x511e7 	
Ø 50 	libdvm.so 	libdvm.so@0xadc7a 	
Ø 51 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602de 	
Ø 52 	libdvm.so 	libdvm.so@0x4f53f 	
Ø 53 	libdvm.so 	libdvm.so@0xb22c6 	
Ø 54 	libdvm.so 	libdvm.so@0xadc7a 	
Ø 55 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 56 	libdvm.so 	libdvm.so@0x5109d 	
Ø 57 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x338fb6 	
Ø 58 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 59 	libdvm.so 	libdvm.so@0x1eb7e 	
Ø 60 	libdvm.so 	libdvm.so@0x27ea2 	
Ø 61 	libdvm.so 	libdvm.so@0x2f396 	
Ø 62 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x36ebce 	
Ø 63 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 64 	libdvm.so 	libdvm.so@0x2f3e6 	
Ø 65 	libdvm.so 	libdvm.so@0xb22c6 	
Ø 66 	libdvm.so 	libdvm.so@0x2f396 	
Ø 67 	libdvm.so 	libdvm.so@0x2ca4a
=============================================================
More reports: https://crash-stats.mozilla.com/report/list?product=FennecAndroid&signature=nsAString_internal%3A%3ABeginReading%28nsReadingIterator%3Cchar16_t%3E%26%29+const

Top Devices
===========
Nightly: 
 * 45% - Samsung Galaxy Note II
 * 17% - Asus Nexus 7
Aurora:
 * 38% - Samsung Nexus 10
 * 25% - Sony Xperia Z1 C6943

Top URLs
========
https://news.ycombinator.com/...
http://www.collegehumor.com/...

=============================================================

Currently this crash sits at #3 @ 10.57% in Fennec Aurora 35.0a2 and #2 in Fennec Nightly 36.0a1 @ 5.38%, with no crashes showing up for 33/34. I suspect this might be a regression introduced on Nightly 36 and uplifted to Aurora 35.

Looking at build IDs, it looks like this first showed up in Aurora on Oct 17 and Nightly on Oct 15. Below I've included a pushlog for each branch.

It may be premature to call this a topcrash since we only enabled updates on Friday. However I think we will want to keep an eye on this.

Pushlogs
========
Nightly (2014-10-14 to 2014-10-15):
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=54217864bae9&tochange=62f0b771583c

Aurora (2014-10-16 to 2014-10-17):
https://hg.mozilla.org/releases/mozilla-aurora/pushloghtml?fromchange=8cd0eedecef2&tochange=c35d9f79f1ff

Bugs in Common:
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1079848%2C1081906%2C1079312%2C1082114%2C1081992%2C1058660%2C1082108&bug_id_type=anyexact&list_id=11404546&query_format=advanced
Kevin, do we have any of these devices in house to try to reproduce this crash?
Flags: needinfo?(kbrosnan)
[Tracking Requested - why for this release]: regression that could potentially become a topcrash.
Keywords: regression
Have both Nexus devices, Aaron has most of the Note lineup.
Flags: needinfo?(kbrosnan)
(In reply to Kevin Brosnan [:kbrosnan] from comment #3)
> Have both Nexus devices, Aaron has most of the Note lineup.

Thanks, could you and/or Aaron try this on your devices and see if it reproduces?
Flags: needinfo?(kbrosnan)
Flags: needinfo?(aaron.train)
I'm upgrading this to a topcrash since it's #2 now and rising at 12% of our crashes in Fennec 35.
I was able to crash once on Aurora by going to http://www.collegehumor.com/ , clicking on the 50 states sex moves then clicking through the pages in the article. However I have been unable to reproduce this in Aurora or Nightly.

I don't think this is device specific after looking at the affected devices for the 28 day view.
Flags: needinfo?(kbrosnan)
Looks like this crash may involve websockets. Needinfo to a couple of the networking team to take a look.
tracking-fennec: --- → ?
Flags: needinfo?(mcmanus)
Flags: needinfo?(jduell.mcbugs)
fallout from websockets on workers
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(mcmanus)
Resolution: --- → DUPLICATE
Flags: needinfo?(jduell.mcbugs)
Flags: needinfo?(aaron.train)
Marking this verified based on bug 1083425 comment 19.
Status: RESOLVED → VERIFIED
tracking-fennec: ? → 35+
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.