Closed Bug 1140830 Opened 9 years ago Closed 9 years ago

HTC One M8 (Verizon) users reporting startup crashes after Lollipop (Android 5.0.1) update

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Version:
36 Branch
Platform:
All
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(firefox36+ fixed, firefox37 fixed, firefox38 fixed, firefox39 fixed, fennec36+)

Status:
VERIFIED FIXED
Milestone:
Firefox 39
Tracking Flags:
Tracking Status
firefox36 + fixed
firefox37 --- fixed
firefox38 --- fixed
firefox39 --- fixed
fennec 36+ ---

People

(Reporter: philipp, Assigned: snorp)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Don't try to use a null JSONObject in SiteIdentity.update()
4.12 KB, patch
rnewman
: review+
lsblakk
: approval-mozilla-aurora+
lsblakk
: approval-mozilla-beta+
Sylvestre
: approval-mozilla-release+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-387ba616-0b87-410e-a96d-347df2150306.
=============================================================

there are reports of htc one m8 users in the sumo forum that said their firefox for android was always crashing at startup after they have applied a system update to android lollipop (5.0.1) which is getting rolled-out at the moment: http://mzl.la/1A3ACYP - the crash report above is from one of those users.

the details of the crash signature shows that at the moment this only affects the HTC6525LVW variant which is the Verizon HTC One M8 2014 LTE-A version of the smartphone.
most of the crash comments also link the crashes to the update.
tracking-fennec: --- → ?
No crashes on Beta. I see an API 9 JNI header in the stack; if that's not spurious, it might indicate that our split APK work in Beta happens to work around the issue.

If someone's in contact with affected users, please get them to try Beta to confirm.

Comments and uptime indicate that this is a Gecko startup crash, so at least we're not doing something wrong in frontend code.

One comment says:

---
I recently installed the latest version of Android from verizon for the HTC one m8, the previous version of FF failed to work, so I updated FF and it is Still crashing without any input from me.
---

which implies that this isn't a regression in 36.
One user at sumo said the crashes happened across all channels:
"I tested the latest releases on the Beta, Aurora, and Nightly channels, as well as Firefox for Android 35.0.1, and all displayed the same issue. It also persists after a factory reset"
Is Gecko startup logging anything in the logs (I don't have access to logcat's on crash-stats and mfinkle is out this week)?
Looking at the logcat metadata exposed on a variety of signatures they all have a common failure which may or may not be at fault:

  ActTriggerJNI: open library fail
In any case we need a developer to get ahold of an affected device.
To support the scope given, I'm unable to reproduce on a *non-Verizon* M8.
This user got the wrong build? The crash stat disassembly at the end says api-9 build. Can we trust that?
Flags: needinfo?(rnewman)
Crash Signature: [@ data@app@org.mozilla.firefox-1@base.apk@classes.dex@0x896484] [@ data@app@org.mozilla.firefox-2@base.apk@classes.dex@0x896484] → [@ data@app@org.mozilla.firefox-1@base.apk@classes.dex@0x896484] [@ data@app@org.mozilla.firefox-2@base.apk@classes.dex@0x896484] [@ data@app@org.mozilla.firefox_beta-1@base.apk@classes.dex@0x893b14] [@ data@app@org.mozilla.firefox-1@base.apk@classes.d…
I have a device now, but haven't been able to make it update to Lollipop so far.
(In reply to Kevin Brosnan [:kbrosnan] from comment #7)
> This user got the wrong build? The crash stat disassembly at the end says
> api-9 build. Can we trust that?

This is a release build, which targets API 9 and supports 9-23+. No crashes on Beta, thousands and thousands on release.
Flags: needinfo?(rnewman)
(In reply to Richard Newman [:rnewman] from comment #9)
> This is a release build, which targets API 9 and supports 9-23+. No crashes
> on Beta, thousands and thousands on release.
i've updated the related crash signatures before. there are plenty of crashes for beta as well...
(In reply to philipp from comment #10)

> i've updated the related crash signatures before. there are plenty of
> crashes for beta as well...

Thanks, Philipp.

The beta crash stacks I looked at don't indicate that this is a wrong-APK situation.
I finally figured out a way to update the device, and can reproduce the crash. It looks like it's not a crash, but the OS killing us. Still investigating.
OK, actually does appear to be a segfault. Given the address, I'd say JITed code. Not sure if it's JS or ART/Dalvik.
It turns out we're referencing a null JSONObject instance in SiteIdentity.update() intentionally. It normally works
because we catch the Exception and fall back appropriately, but we are evidently hitting some Dalvik or ART bug 
which prevents that from working in this case. The patch avoids the NRE in the first place and cleans up a bit.
[Tracking Requested - why for this release]: startup crash for flagship HTC device receiving updates
tracking-firefox36: --- → ?
I feel pretty confident in marking this tracking-36.
Assignee: nobody → snorp
Status: NEW → ASSIGNED
tracking-fennec: ? → 36+
Comment on attachment 8575031 [details] [diff] [review]
Don't try to use a null JSONObject in SiteIdentity.update()

Review of attachment 8575031 [details] [diff] [review]:
-----------------------------------------------------------------

This looks like a totally safe transformation to me.

::: mobile/android/base/SiteIdentity.java
@@ +175,2 @@
>              mMixedMode = MixedMode.UNKNOWN;
>              mTrackingMode = TrackingMode.UNKNOWN;

These two lines are redundant, given your changes above.

::: mobile/android/base/Tab.java
@@ -611,5 @@
>          mBaseDomain = message.optString("baseDomain");
>  
>          setHasFeeds(false);
>          setHasOpenSearch(false);
> -        updateIdentityData(null);

This change was introduced in Bug 695204. Margaret, Mark: if you have any recollection of why you took this approach, fill me in some time :)
Attachment #8575031 - Flags: review+
Try so green, so I landed this on fx-team to get a few hours ahead. Worst case it's some nice cleanup. Best case it fixes the crash.

ni snorp to verify then request uplift.
Flags: needinfo?(snorp)
https://hg.mozilla.org/mozilla-central/rev/3e4cfc16f693
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox39: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 39
Comment on attachment 8575031 [details] [diff] [review]
Don't try to use a null JSONObject in SiteIdentity.update()

Approval Request Comment
[Feature/regressing bug #]: OS update
[User impact if declined]: startup crashes on Verizon HTC One M8 with Lollipop
[Describe test coverage new/current, TreeHerder]: nightly
[Risks and why]: low
[String/UUID change made/needed]: none

We need to consider a 36.02 for this, I think. The M8 is HTC's flagship phone, and VZW is the largest carrier in the US. Getting some one-star reviews due to this issue.
Flags: needinfo?(snorp)
Attachment #8575031 - Flags: approval-mozilla-release?
Attachment #8575031 - Flags: approval-mozilla-beta?
Attachment #8575031 - Flags: approval-mozilla-aurora?
Comment on attachment 8575031 [details] [diff] [review]
Don't try to use a null JSONObject in SiteIdentity.update()

Approving Aurora/Beta for now only, Sylvestre will need to make the call on a potential 36.0.2.
Flags: needinfo?(sledru)
Attachment #8575031 - Flags: approval-mozilla-release?
Attachment #8575031 - Flags: approval-mozilla-release+
Attachment #8575031 - Flags: approval-mozilla-beta?
Attachment #8575031 - Flags: approval-mozilla-beta+
Comment on attachment 8575031 [details] [diff] [review]
Don't try to use a null JSONObject in SiteIdentity.update()

oops - wrong flags set.  fixing.
Attachment #8575031 - Flags: approval-mozilla-release?
Attachment #8575031 - Flags: approval-mozilla-release+
Attachment #8575031 - Flags: approval-mozilla-aurora?
Attachment #8575031 - Flags: approval-mozilla-aurora+
Comment on attachment 8575031 [details] [diff] [review]
Don't try to use a null JSONObject in SiteIdentity.update()

let's take it for a 36.0.2
Flags: needinfo?(sledru)
Attachment #8575031 - Flags: approval-mozilla-release? → approval-mozilla-release+
Flags: needinfo?(lhenry)
The fix of this bug has caused a new issue: Bug 1142459. The Mixed Content Blocking shield icon is not displayed anymore in the URL Bar, after choosing "I Understand the Risks" -> "Visit Site" option.
Depends on: 1142459
I was able to check on a Verizon HTC M8. I verified that it was crashing consistently with 36.0. I downloaded the apk from mobile/candidates/36.0.2-candidates/build1 and it is no longer crashing.
Status: RESOLVED → VERIFIED
Flags: needinfo?(lhenry)
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: