Closed Bug 1085461 Opened 9 years ago Closed 9 years ago

crash in nsAString_internal::BeginReading(nsReadingIterator<char16_t>&) const


(Firefox for Android Graveyard :: General, defect)

Not set


(firefox34 unaffected, firefox35+ verified, firefox36+ verified, fennec35+)

Tracking Status
firefox34 --- unaffected
firefox35 + verified
firefox36 + verified
fennec 35+ ---


(Reporter: u279076, Unassigned)


(Keywords: crash, regression, topcrash-android-armv7)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-ebf3c368-5643-4d03-a20d-26b062141017.
0 	nsAString_internal::BeginReading(nsReadingIterator<char16_t>&) const 	xpcom/string/nsTSubstring.h
1 	AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&, mozilla::fallible_t const&) 	xpcom/string/nsReadableUtils.cpp
2 	AppendUTF16toUTF8(nsAString_internal const&, nsACString_internal&) 	xpcom/string/nsReadableUtils.cpp
3 	mozilla::dom::WebSocketImpl::GetName(nsACString_internal&) 	content/base/src/WebSocket.cpp
4 	nsLoadGroup::Cancel(tag_nsresult) 	netwerk/base/src/nsLoadGroup.cpp
5 	nsDocLoader::Stop() 	uriloader/base/nsDocLoader.cpp
6 	nsDocShell::Stop(unsigned int) 	docshell/base/nsDocShell.cpp
7 	nsDocShell::InternalLoad(nsIURI*, nsIURI*, nsISupports*, unsigned int, char16_t const*, char const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, unsigned int, nsISHEntry*, bool, nsAString_internal const&, nsIDocShell*, nsIURI*, nsIDocShell**, nsIRequest**) 	docshell/base/nsDocShell.cpp
8 	nsDocShell::OnLinkClickSync(nsIContent*, nsIURI*, char16_t const*, nsAString_internal const&, nsIInputStream*, nsIInputStream*, nsIDocShell**, nsIRequest**) 	docshell/base/nsDocShell.cpp
9 	OnLinkClickEvent::Run() 	docshell/base/nsDocShell.cpp
10 	nsThread::ProcessNextEvent(bool, bool*) 	xpcom/threads/nsThread.cpp
11 	NS_ProcessNextEvent(nsIThread*, bool) 	xpcom/glue/nsThreadUtils.cpp
12 	mozilla::ipc::MessagePump::Run(base::MessagePump::Delegate*) 	ipc/glue/MessagePump.cpp
13 	MessageLoop::RunInternal() 	ipc/chromium/src/base/
14 	MessageLoop::Run() 	ipc/chromium/src/base/
15 	nsBaseAppShell::Run() 	widget/xpwidgets/nsBaseAppShell.cpp
16 	nsAppStartup::Run() 	toolkit/components/startup/nsAppStartup.cpp
17 	XREMain::XRE_mainRun() 	toolkit/xre/nsAppRunner.cpp
18 	XREMain::XRE_main(int, char**, nsXREAppData const*) 	toolkit/xre/nsAppRunner.cpp
19 	XRE_main 	toolkit/xre/nsAppRunner.cpp
20 	GeckoStart 	toolkit/xre/nsAndroidStartup.cpp
21 	Java_org_mozilla_gecko_mozglue_GeckoLoader_nativeRun 	mozglue/android/APKOpen.cpp
Ø 22 	
Ø 23 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x4ef816 	
Ø 24 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 25 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 26 	
Ø 27 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x4ef814 	
28 	report_mapping 	mozglue/android/APKOpen.cpp
29 	report_mapping 	mozglue/android/APKOpen.cpp
30 		@0x721dca46 	
Ø 31 	
Ø 32 	
Ø 33 	dalvik-aux-structure (deleted) 	dalvik-aux-structure (deleted)@0x17196 	
Ø 34 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 35 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x4e7dde 	
Ø 36 	
Ø 37 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x4e7dde 	
Ø 38 	
Ø 39 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602f2 	
Ø 40 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 41 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602de 	
Ø 42 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 43 	
Ø 44 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 45 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0xdb79e 	
Ø 46 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 47 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x5376c1 	
Ø 48 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x6ffffe 	
Ø 49 	
Ø 50 	
Ø 51 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x3602de 	
Ø 52 	
Ø 53 	
Ø 54 	
Ø 55 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 56 	
Ø 57 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex 	data@app@org.mozilla.fennec_aurora-2.apk@classes.dex@0x338fb6 	
Ø 58 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x2088f6 	
Ø 59 	
Ø 60 	
Ø 61 	
Ø 62 	dalvik-LinearAlloc (deleted) 	dalvik-LinearAlloc (deleted)@0x36ebce 	
Ø 63 	dalvik-heap (deleted) 	dalvik-heap (deleted)@0x25b81e 	
Ø 64 	
Ø 65 	
Ø 66 	
Ø 67
More reports:

Top Devices
 * 45% - Samsung Galaxy Note II
 * 17% - Asus Nexus 7
 * 38% - Samsung Nexus 10
 * 25% - Sony Xperia Z1 C6943

Top URLs


Currently this crash sits at #3 @ 10.57% in Fennec Aurora 35.0a2 and #2 in Fennec Nightly 36.0a1 @ 5.38%, with no crashes showing up for 33/34. I suspect this might be a regression introduced on Nightly 36 and uplifted to Aurora 35.

Looking at build IDs, it looks like this first showed up in Aurora on Oct 17 and Nightly on Oct 15. Below I've included a pushlog for each branch.

It may be premature to call this a topcrash since we only enabled updates on Friday. However I think we will want to keep an eye on this.

Nightly (2014-10-14 to 2014-10-15):

Aurora (2014-10-16 to 2014-10-17):

Bugs in Common:
Kevin, do we have any of these devices in house to try to reproduce this crash?
Flags: needinfo?(kbrosnan)
[Tracking Requested - why for this release]: regression that could potentially become a topcrash.
Keywords: regression
Have both Nexus devices, Aaron has most of the Note lineup.
Flags: needinfo?(kbrosnan)
(In reply to Kevin Brosnan [:kbrosnan] from comment #3)
> Have both Nexus devices, Aaron has most of the Note lineup.

Thanks, could you and/or Aaron try this on your devices and see if it reproduces?
Flags: needinfo?(kbrosnan)
Flags: needinfo?(aaron.train)
I'm upgrading this to a topcrash since it's #2 now and rising at 12% of our crashes in Fennec 35.
I was able to crash once on Aurora by going to , clicking on the 50 states sex moves then clicking through the pages in the article. However I have been unable to reproduce this in Aurora or Nightly.

I don't think this is device specific after looking at the affected devices for the 28 day view.
Flags: needinfo?(kbrosnan)
Looks like this crash may involve websockets. Needinfo to a couple of the networking team to take a look.
tracking-fennec: --- → ?
Flags: needinfo?(mcmanus)
Flags: needinfo?(jduell.mcbugs)
fallout from websockets on workers
Closed: 9 years ago
Flags: needinfo?(mcmanus)
Resolution: --- → DUPLICATE
Flags: needinfo?(jduell.mcbugs)
Flags: needinfo?(aaron.train)
Marking this verified based on bug 1083425 comment 19.
tracking-fennec: ? → 35+
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.