crash in nsAString_internal::BeginReading(nsReadingIterator<char16_t>&) const




4 years ago
3 years ago


(Reporter: ashughes, Unassigned)


({crash, regression, topcrash-android-armv7})

crash, regression, topcrash-android-armv7

Firefox Tracking Flags

(firefox34 unaffected, firefox35+ verified, firefox36+ verified, fennec35+)


(crash signature)



4 years ago
This bug was filed from the Socorro interface and is 
report bp-ebf3c368-5643-4d03-a20d-26b062141017.
0 	nsAString_internal::BeginReading(nsReadingIterator<char16_t>&) const 	xpcom/string/nsTSubstring.h
1 	AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&, mozilla::fallible_t const&) 	xpcom/string/nsReadableUtils.cpp
2 	AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&) 	xpcom/string/nsReadableUtils.cpp
3 	mozilla::dom::WebSocketImpl::GetName(nsACString_internal&) 	content/base/src/WebSocket.cpp
4 	nsLoadGroup::Cancel(tag_nsresult) 	netwerk/base/src/nsLoadGroup.cpp
5 	nsDocLoader::Stop() 	uriloader/base/nsDocLoader.cpp
6 	nsDocShell::Stop(unsigned int) 	docshell/base/nsDocShell.cpp
7 	nsDocShell::InternalLoad(nsIURI*, nsIURI*, nsISupports*, unsigned int, char16_t const*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, unsigned int, nsISHEntry*, bool, nsAString_internal const&, nsIDocShell*, nsIURI*, nsIDocShell**, nsIRequest**) 	docshell/base/nsDocShell.cpp
8 	nsDocShell::OnLinkClickSync(nsIContent*, nsIURI*, char16_t const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, nsIDocShell**, nsIRequest**) 	docshell/base/nsDocShell.cpp
9 	OnLinkClickEvent::Run() 	docshell/base/nsDocShell.cpp
10 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
11 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
12 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
13 	MessageLoop::RunInternal() 	ipc/chromium/src/base/
14 	MessageLoop::Run() 	ipc/chromium/src/base/
15 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
16 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
17 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
18 	XREMain::XRE_main(int, char**, nsXREAppData const*) 	toolkit/xre/nsAppRunner.cpp
19 	XRE_main 	toolkit/xre/nsAppRunner.cpp
20 	GeckoStart 	toolkit/xre/nsAndroidStartup.cpp
21 	Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun 	mozglue/android/APKOpen.cpp
Ø 22 	
Ø 23 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x4ef816 	
Ø 24 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 25 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 26 	
Ø 27 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x4ef814 	
28 	report_mapping 	mozglue/android/APKOpen.cpp
29 	report_mapping 	mozglue/android/APKOpen.cpp
30 		@0x721dca46 	
Ø 31 	
Ø 32 	
Ø 33 	dalvik-aux-structure (deleted) 	dalvik-aux-structure (deleted)@0x17196 	
Ø 34 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 35 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x4e7dde 	
Ø 36 	
Ø 37 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x4e7dde 	
Ø 38 	
Ø 39 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602f2 	
Ø 40 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 41 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602de 	
Ø 42 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 43 	
Ø 44 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 45 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0xdb79e 	
Ø 46 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 47 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 48 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x6ffffe 	
Ø 49 	
Ø 50 	
Ø 51 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602de 	
Ø 52 	
Ø 53 	
Ø 54 	
Ø 55 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 56 	
Ø 57 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x338fb6 	
Ø 58 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 59 	
Ø 60 	
Ø 61 	
Ø 62 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x36ebce 	
Ø 63 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 64 	
Ø 65 	
Ø 66 	
Ø 67
More reports:

Top Devices
 * 45% - Samsung Galaxy Note II
 * 17% - Asus Nexus 7
 * 38% - Samsung Nexus 10
 * 25% - Sony Xperia Z1 C6943

Top URLs


Currently this crash sits at #3 @ 10.57% in Fennec Aurora 35.0a2 and #2 in Fennec Nightly 36.0a1 @ 5.38%, with no crashes showing up for 33/34. I suspect this might be a regression introduced on Nightly 36 and uplifted to Aurora 35.

Looking at build IDs, it looks like this first showed up in Aurora on Oct 17 and Nightly on Oct 15. Below I've included a pushlog for each branch.

It may be premature to call this a topcrash since we only enabled updates on Friday. However I think we will want to keep an eye on this.

Nightly (2014-10-14 to 2014-10-15):

Aurora (2014-10-16 to 2014-10-17):

Bugs in Common:

Comment 1

4 years ago
Kevin, do we have any of these devices in house to try to reproduce this crash?
Flags: needinfo?(kbrosnan)

Comment 2

4 years ago
[Tracking Requested - why for this release]: regression that could potentially become a topcrash.
tracking-firefox35: --- → ?
tracking-firefox36: --- → ?
Keywords: regression
Have both Nexus devices, Aaron has most of the Note lineup.
Flags: needinfo?(kbrosnan)

Comment 4

4 years ago
(In reply to Kevin Brosnan [:kbrosnan] from comment #3)
> Have both Nexus devices, Aaron has most of the Note lineup.

Thanks, could you and/or Aaron try this on your devices and see if it reproduces?
Flags: needinfo?(kbrosnan)
Flags: needinfo?(aaron.train)

Comment 5

4 years ago
I'm upgrading this to a topcrash since it's #2 now and rising at 12% of our crashes in Fennec 35.
Keywords: topcrash-android-armv7
tracking-firefox35: ? → +
tracking-firefox36: ? → +
I was able to crash once on Aurora by going to , clicking on the 50 states sex moves then clicking through the pages in the article. However I have been unable to reproduce this in Aurora or Nightly.

I don't think this is device specific after looking at the affected devices for the 28 day view.
Flags: needinfo?(kbrosnan)
Looks like this crash may involve websockets. Needinfo to a couple of the networking team to take a look.
tracking-fennec: --- → ?
Flags: needinfo?(mcmanus)
Flags: needinfo?(jduell.mcbugs)
fallout from websockets on workers
Last Resolved: 4 years ago
Flags: needinfo?(mcmanus)
Resolution: --- → DUPLICATE
Duplicate of bug: 1083425
Flags: needinfo?(jduell.mcbugs)
Flags: needinfo?(aaron.train)

Comment 9

4 years ago
Marking this verified based on bug 1083425 comment 19.
status-firefox35: affected → verified
status-firefox36: affected → verified
tracking-fennec: ? → 35+
You need to log in before you can comment on or make changes to this bug.