Closed
Bug 1340959
Opened 7 years ago
Closed 6 years ago
Crash in res_countArrayItems_59
Categories
(Core :: JavaScript: Internationalization API, defect)
Tracking
()
RESOLVED
FIXED
mozilla59
People
(Reporter: n.nethercote, Assigned: anba)
References
Details
(Keywords: crash, regression, topcrash)
Crash Data
This bug was filed from the Socorro interface and is report bp-75b24ccb-c5d3-48f7-8a7a-5dede2170219. ============================================================= New crash, first showed up in Nightly 20170209110155, though it's infrequent enough that the root cause may have landed a couple of days before that. I think ICU just got enabled on Android, presumably that's relevant. snorp, any ideas?
Flags: needinfo?(snorp)
Nope, sorry, I have no knowledge of that stuff.
Flags: needinfo?(snorp)
Updated•7 years ago
|
Component: Internationalization → JavaScript: Internationalization API
Comment 2•7 years ago
|
||
(ICU will be turned off release build, so it is only nightly and aurora)
Comment 3•7 years ago
|
||
#4 crash on the 5-31 Android Nightly.
Updated•7 years ago
|
Crash Signature: [@ res_countArrayItems_58] → [@ res_countArrayItems_58]
[@ res_countArrayItems_59]
Comment 5•7 years ago
|
||
We're about to turn on ICU in Android production (bug 1344625) and this crash may skyrocket in crash stats. NI'ing :m_kato, :jfkthame and anrebargull hoping we could get some help here.
Flags: needinfo?(m_kato)
Flags: needinfo?(jfkthame)
Flags: needinfo?(andrebargull)
Comment 6•7 years ago
|
||
My interesting is that this crash on android is Samsung and API level 17 only.
Flags: needinfo?(m_kato)
Comment 7•7 years ago
|
||
(and, even if data address is valid, it will be unalignment access on some cases)
Comment 8•7 years ago
|
||
I don't really know anything about this. Is it possible the JS engine is passing a null pointer as a locale argument to ICU somewhere it shouldn't? (In general, though, I thought NULL was permitted, meaning "default locale".) Note that it's not unique to Android, there are also some crash reports from Windows.
Updated•7 years ago
|
Flags: needinfo?(jfkthame)
Assignee | ||
Comment 9•7 years ago
|
||
There are some reports (like https://crash-stats.mozilla.com/report/index/2b885441-11f1-417a-b911-9246d0170716) where we call an ICU function (ucal_openTimeZones) which doesn't accept any parameters, so I don't think this is caused by passing invalid parameters to ICU.
Comment 10•7 years ago
|
||
True; I hadn't spotted that version of the stack. I wonder if the problem arises when we hit some kind of resource limitation (e.g. memory/address space) and a memory-allocation or resource-load within ICU fails, and isn't handled well at the immediate point of failure.
Updated•7 years ago
|
status-firefox55:
--- → affected
status-firefox56:
--- → affected
Comment 11•7 years ago
|
||
From early beta crash reports this is the #2 top crash for Fennec.
Comment 12•7 years ago
|
||
I looked at a number of reports, and AFAICT (judging by the "telemetry environment" they show) all the ones I checked are coming from low-end phones that only have 1GB RAM. I'm guessing that's just not enough to be able to reliably load the data we need. As of Firefox 55, we state (https://www.mozilla.org/en-US/firefox/android/55.0/system-requirements/) that 384MB RAM is required. I wonder if that's still a reasonable claim, or do we need to update it to something significantly more generous?
Comment 13•7 years ago
|
||
Jeff, should we consider changing our system requirements for Android?
Flags: needinfo?(jgriffiths)
Comment 14•7 years ago
|
||
Or, Joe , is this for you to decide?
Flags: needinfo?(jgriffiths) → needinfo?(jcheng)
Comment 15•7 years ago
|
||
Wontfix for 56 since are a week and a half away from the 56 release and the volume here is not release-blocking high. We should still consider changing our system requirements for the future.
status-firefox57:
--- → affected
Keywords: regression
Comment 16•7 years ago
|
||
I checked the last 10 reports and they all have memoryMB in telemetry data in the range of 816mb-880mb. This seems to confirm comment 12 hypothesis.
Summary: Crash in res_countArrayItems_58 → Crash in res_countArrayItems_59
I think the memory thing is a red herring. Every report I've looked at for the res_countArrayItems_59 signature is on a single SoC, the Marvell PXA988. The vast majority of devices seem to be the Samsung GT-I8200N aka Galaxy S III Mini VE. Gandalf, maybe you or another ICU hacker can get ahold of one of those devices?
Flags: needinfo?(gandalf)
Comment 18•7 years ago
|
||
I'm not familiar with memory management in C++ at all :( Jonathan may be the right person to ask.
Flags: needinfo?(gandalf) → needinfo?(jfkthame)
Comment 19•7 years ago
|
||
I doubt I'm likely to have a chance to dig into this any time soon; I don't have a suitable device to try and reproduce or debug it here.
Flags: needinfo?(jfkthame)
Comment 20•7 years ago
|
||
Hello. I have GT-I8200N Android 4.2.2 Crash always happens * after type in password input field * on about:downloads Can i help to debug it somehow ?
Jamie, do you have a device that hits this?
Flags: needinfo?(jnicol)
Comment 22•7 years ago
|
||
This is the top browser crash in Fennec 57. Adding top crash keyword.
Keywords: topcrash
Comment 23•7 years ago
|
||
I don't, but I have submitted a servicenow request for the device with the most crashes currently, SM-T110 (galaxy tab 3 lite 7.0)
Flags: needinfo?(jnicol)
Comment 24•7 years ago
|
||
No crash data on 58+. Although we change toolchain from gcc to clang, is this compiler issue?
Comment 25•7 years ago
|
||
Some of the comments mention crashing while entering a password: *Firefox crashes everytime a password is asked for *crashes every time I try to access Gmail account, during the entry of password *wont let me enter password confirmation. *I can't sync Firefox in my Samsung Galaxy S3 mini because it crashes every time when trying to introduce the password.
Comment 26•6 years ago
|
||
Note some interesting data (pasting from "Bugzilla Crash Stop" addon) res_countArrayItems_59 in FennecAndroid — beta Version 57.0b9 57.0b11 57.0b13 57.0b15 58.0b3 58.0b5 58.0b7 58.0b9 58.0b11 58.0b12 Installs 219 192 133 432 0 0 0 0 0 0 Crashes 595 533 316 1107 0 0 0 0 0 0 What changed in 58? (fix or pref flip?)
Assignee | ||
Comment 27•6 years ago
|
||
(In reply to David Bolter [:davidb] (NeedInfo me for attention) from comment #26) > What changed in 58? (fix or pref flip?) Hmm, interesting. Maybe it's due to the compiler change as mentioned in comment #24? If it's not fixed by the compiler change, the signature will change in 59 to res_countArrayItems_60 (ICU update to version ICU60 in bug 1405993).
Flags: needinfo?(andrebargull)
Updated•6 years ago
|
Comment 28•6 years ago
|
||
No res_countArrayItems_60 crashes ever appeared as far as I can see. Still a small trickle of crashes in 58, so I'm going to say this was fixed by the ICU update in 59.
Assignee: nobody → andrebargull
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox60:
? → ---
Depends on: 1405993
Flags: needinfo?(jcheng)
Resolution: --- → FIXED
Target Milestone: --- → mozilla59
Updated•6 years ago
|
status-firefox-esr52:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•