Closed Bug 1547663 Opened 5 years ago Closed 4 years ago

Crash in [@ Java_org_mozilla_gecko_sqlite_SQLiteBridge_closeDatabase]

Categories

(Core :: Audio/Video: Playback, defect)

Product:
Core
Component:
Audio/Video: Playback
Version:
68 Branch
Platform:
Unspecified
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox-esr68 --- wontfix

People

(Reporter: gsvelto, Unassigned)

Details

(Keywords: crash, regression)

Crash Data

This bug is for crash report bp-155df4df-0725-48cd-85be-5dff30190428.

Top 10 frames of crashing thread:

0 libc.so libc.so@0x220e4 
1  @0x865ffffe 
2 libdvm.so libdvm.so@0x1dd8e 
3  @0x865ffffe 
4 data@app@org.mozilla.fennec_aurora-1.apk@classes.dex data@app@org.mozilla.fennec_aurora-1.apk@classes.dex@0x65b46f 
5 dalvik-heap (deleted) dalvik-heap @0x409dfe 
6 data@app@org.mozilla.fennec_aurora-1.apk@classes.dex data@app@org.mozilla.fennec_aurora-1.apk@classes.dex@0x660d54 
7 libdvm.so libdvm.so@0x4e285 
8 data@app@org.mozilla.fennec_aurora-1.apk@classes.dex data@app@org.mozilla.fennec_aurora-1.apk@classes.dex@0x65b46a 
9 libmozglue.so Java_org_mozilla_gecko_sqlite_SQLiteBridge_closeDatabase mozglue/android/SQLiteBridge.cpp

In spite of the signature this doesn't seem to be related to SQLite at all. The stacks on Socorro are terrible but all the crashes are happening in a MediaPDecoder thread. The first buildid this has happened on is 20190331090052.

All these crashed happened after calling mozilla::java::CodecProxy::Input(). Most of them happened on Android API 19 on the Lenovo device, only one crash happened on Android API 17 on the HUAWEI device.

So I guess that those devices are not able to decode the data under certain situations or they didn't have good compatiable with the higher Android API we uses.

Because John is on the PTO, I'm going to NI Nils to see who can help to investigate this bug.

Flags: needinfo?(drno)
status-firefox-esr68: --- → affected
Keywords: regression
Version: unspecified → 68 Branch

Adding ni on John (assuming based on Comment 1 he is back from PTO). John - If you are not the correct person, can you please redirect?
This signature is rising in 68 after having been seen in 68 nightly and beta. Data continues to show only APIs from 17-19 are affected.

Looks as if most of the URLs are video sites, such as:

(45.29% in signature vs 05.80% overall) adapter_device_id = Mali-400 MP [83.61% vs 16.78% if adapter_vendor_id = ARM]

Flags: needinfo?(jolin)

It seems to me that the crashes didn't happen in Java code, for the reports show no MOZ_CRASH() info. The only native code called by Input() that looks suspicious is [1], where memcpy is called to dump the input buffer data to shared memory buffer and could raise SEGV_MAPERR. Unfortuanately, the stack traces are inaccurate so it's hard to verify my theory. Besides, it doesn't actually explain why the crashes only happen on API 17-19 devices.

[1] https://searchfox.org/mozilla-central/source/mozglue/android/SharedMemNatives.cpp#18

Flags: needinfo?(jolin)

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
Flags: needinfo?(drno)
You need to log in before you can comment on or make changes to this bug.