crash in nsAString_internal::BeginReading(nsReadingIterator<char16_t>&) const

VERIFIED DUPLICATE of bug 1083425

Status

()

Firefox for Android
General
--
critical
VERIFIED DUPLICATE of bug 1083425
4 years ago
2 years ago

People

(Reporter: ashughes, Unassigned)

Tracking

({crash, regression, topcrash-android-armv7})

Trunk
All
Android
crash, regression, topcrash-android-armv7
Points:
---

Firefox Tracking Flags

(firefox34 unaffected, firefox35+ verified, firefox36+ verified, fennec35+)

Details

(crash signature)

(Reporter)

Description

4 years ago
This bug was filed from the Socorro interface and is 
report bp-ebf3c368-5643-4d03-a20d-26b062141017.
=============================================================
0 	libxul.so 	nsAString_internal::BeginReading(nsReadingIterator<char16_t>&) const 	xpcom/string/nsTSubstring.h
1 	libxul.so 	AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&, mozilla::fallible_t const&) 	xpcom/string/nsReadableUtils.cpp
2 	libxul.so 	AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&) 	xpcom/string/nsReadableUtils.cpp
3 	libxul.so 	mozilla::dom::WebSocketImpl::GetName(nsACString_internal&) 	content/base/src/WebSocket.cpp
4 	libxul.so 	nsLoadGroup::Cancel(tag_nsresult) 	netwerk/base/src/nsLoadGroup.cpp
5 	libxul.so 	nsDocLoader::Stop() 	uriloader/base/nsDocLoader.cpp
6 	libxul.so 	nsDocShell::Stop(unsigned int) 	docshell/base/nsDocShell.cpp
7 	libxul.so 	nsDocShell::InternalLoad(nsIURI*, nsIURI*, nsISupports*, unsigned int, char16_t const*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, unsigned int, nsISHEntry*, bool, nsAString_internal const&, nsIDocShell*, nsIURI*, nsIDocShell**, nsIRequest**) 	docshell/base/nsDocShell.cpp
8 	libxul.so 	nsDocShell::OnLinkClickSync(nsIContent*, nsIURI*, char16_t const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, nsIDocShell**, nsIRequest**) 	docshell/base/nsDocShell.cpp
9 	libxul.so 	OnLinkClickEvent::Run() 	docshell/base/nsDocShell.cpp
10 	libxul.so 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
11 	libxul.so 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
12 	libxul.so 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
13 	libxul.so 	MessageLoop::RunInternal() 	ipc/chromium/src/base/message_loop.cc
14 	libxul.so 	MessageLoop::Run() 	ipc/chromium/src/base/message_loop.cc
15 	libxul.so 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
16 	libxul.so 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
17 	libxul.so 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
18 	libxul.so 	XREMain::XRE_main(int, char**, nsXREAppData const*) 	toolkit/xre/nsAppRunner.cpp
19 	libxul.so 	XRE_main 	toolkit/xre/nsAppRunner.cpp
20 	libxul.so 	GeckoStart 	toolkit/xre/nsAndroidStartup.cpp
21 	libmozglue.so 	Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun 	mozglue/android/APKOpen.cpp
Ø 22 	libdvm.so 	libdvm.so@0x1ea12 	
Ø 23 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x4ef816 	
Ø 24 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 25 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 26 	libdvm.so 	libdvm.so@0x4f6d1 	
Ø 27 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x4ef814 	
28 	libmozglue.so 	report_mapping 	mozglue/android/APKOpen.cpp
29 	libmozglue.so 	report_mapping 	mozglue/android/APKOpen.cpp
30 		@0x721dca46 	
Ø 31 	libdvm.so 	libdvm.so@0x512e1 	
Ø 32 	libdvm.so 	libdvm.so@0xb22c6 	
Ø 33 	dalvik-aux-structure (deleted) 	dalvik-aux-structure (deleted)@0x17196 	
Ø 34 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 35 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x4e7dde 	
Ø 36 	libdvm.so 	libdvm.so@0xb22c6 	
Ø 37 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x4e7dde 	
Ø 38 	libdvm.so 	libdvm.so@0x749e7 	
Ø 39 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602f2 	
Ø 40 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 41 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602de 	
Ø 42 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 43 	libdvm.so 	libdvm.so@0x6d659 	
Ø 44 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 45 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0xdb79e 	
Ø 46 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 47 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 48 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x6ffffe 	
Ø 49 	libdvm.so 	libdvm.so@0x511e7 	
Ø 50 	libdvm.so 	libdvm.so@0xadc7a 	
Ø 51 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602de 	
Ø 52 	libdvm.so 	libdvm.so@0x4f53f 	
Ø 53 	libdvm.so 	libdvm.so@0xb22c6 	
Ø 54 	libdvm.so 	libdvm.so@0xadc7a 	
Ø 55 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 56 	libdvm.so 	libdvm.so@0x5109d 	
Ø 57 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x338fb6 	
Ø 58 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 59 	libdvm.so 	libdvm.so@0x1eb7e 	
Ø 60 	libdvm.so 	libdvm.so@0x27ea2 	
Ø 61 	libdvm.so 	libdvm.so@0x2f396 	
Ø 62 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x36ebce 	
Ø 63 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 64 	libdvm.so 	libdvm.so@0x2f3e6 	
Ø 65 	libdvm.so 	libdvm.so@0xb22c6 	
Ø 66 	libdvm.so 	libdvm.so@0x2f396 	
Ø 67 	libdvm.so 	libdvm.so@0x2ca4a
=============================================================
More reports: https://crash-stats.mozilla.com/report/list?product=FennecAndroid&signature=nsAString_internal%3A%3ABeginReading%28nsReadingIterator%3Cchar16_t%3E%26%29+const

Top Devices
===========
Nightly: 
 * 45% - Samsung Galaxy Note II
 * 17% - Asus Nexus 7
Aurora:
 * 38% - Samsung Nexus 10
 * 25% - Sony Xperia Z1 C6943

Top URLs
========
https://news.ycombinator.com/...
http://www.collegehumor.com/...

=============================================================

Currently this crash sits at #3 @ 10.57% in Fennec Aurora 35.0a2 and #2 in Fennec Nightly 36.0a1 @ 5.38%, with no crashes showing up for 33/34. I suspect this might be a regression introduced on Nightly 36 and uplifted to Aurora 35.

Looking at build IDs, it looks like this first showed up in Aurora on Oct 17 and Nightly on Oct 15. Below I've included a pushlog for each branch.

It may be premature to call this a topcrash since we only enabled updates on Friday. However I think we will want to keep an eye on this.

Pushlogs
========
Nightly (2014-10-14 to 2014-10-15):
https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=54217864bae9&tochange=62f0b771583c

Aurora (2014-10-16 to 2014-10-17):
https://hg.mozilla.org/releases/mozilla-aurora/pushloghtml?fromchange=8cd0eedecef2&tochange=c35d9f79f1ff

Bugs in Common:
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1079848%2C1081906%2C1079312%2C1082114%2C1081992%2C1058660%2C1082108&bug_id_type=anyexact&list_id=11404546&query_format=advanced
(Reporter)

Comment 1

4 years ago
Kevin, do we have any of these devices in house to try to reproduce this crash?
Flags: needinfo?(kbrosnan)
(Reporter)

Comment 2

4 years ago
[Tracking Requested - why for this release]: regression that could potentially become a topcrash.
tracking-firefox35: --- → ?
tracking-firefox36: --- → ?
Keywords: regression
Have both Nexus devices, Aaron has most of the Note lineup.
Flags: needinfo?(kbrosnan)
(Reporter)

Comment 4

4 years ago
(In reply to Kevin Brosnan [:kbrosnan] from comment #3)
> Have both Nexus devices, Aaron has most of the Note lineup.

Thanks, could you and/or Aaron try this on your devices and see if it reproduces?
Flags: needinfo?(kbrosnan)
Flags: needinfo?(aaron.train)
(Reporter)

Comment 5

4 years ago
I'm upgrading this to a topcrash since it's #2 now and rising at 12% of our crashes in Fennec 35.
Keywords: topcrash-android-armv7
tracking-firefox35: ? → +
tracking-firefox36: ? → +
I was able to crash once on Aurora by going to http://www.collegehumor.com/ , clicking on the 50 states sex moves then clicking through the pages in the article. However I have been unable to reproduce this in Aurora or Nightly.

I don't think this is device specific after looking at the affected devices for the 28 day view.
Flags: needinfo?(kbrosnan)
Looks like this crash may involve websockets. Needinfo to a couple of the networking team to take a look.
tracking-fennec: --- → ?
Flags: needinfo?(mcmanus)
Flags: needinfo?(jduell.mcbugs)
fallout from websockets on workers
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Flags: needinfo?(mcmanus)
Resolution: --- → DUPLICATE
Duplicate of bug: 1083425
Flags: needinfo?(jduell.mcbugs)
Flags: needinfo?(aaron.train)
(Reporter)

Comment 9

4 years ago
Marking this verified based on bug 1083425 comment 19.
Status: RESOLVED → VERIFIED
status-firefox35: affected → verified
status-firefox36: affected → verified
tracking-fennec: ? → 35+
You need to log in before you can comment on or make changes to this bug.