Crash in [@ mozilla::jni::NativeStub<T>::Wrap<T>]
Categories
(GeckoView :: General, defect)
Tracking
(firefox124 affected, firefox125 ?, firefox126 ?)
People
(Reporter: m_kato, Assigned: m_kato)
References
Details
(Keywords: crash, Whiteboard: [geckoview:m114?])
Crash Data
A lot of craches occurs on JNI access of a11y. Could a11y team look this?
Crash report: https://crash-stats.mozilla.org/report/index/f1ee69db-4a52-497f-b3cb-95ae90220705
Reason: SIGSEGV / SEGV_MAPERR
Top 4 frames of crashing thread:
0 libxul.so int mozilla::jni::NativeStub<mozilla::java::SessionAccessibility::NativeProvider::GetNodeClassName_t, mozilla::a11y::SessionAccessibility, mozilla::jni::Args<int> >::Wrap<&mozilla::a11y::SessionAccessibility widget/android/jni/Natives.h:1405
1 base.odex base.odex@0x0000000000214ea4
2 base.odex base.odex@0x0000000000214ea4
3 boot.art] boot.art]@0x00000000000c2364
|
||
Comment 1•3 years ago
|
||
Looks like another shutdown crash.
|
Assignee | |
Updated•2 years ago
|
This crash may be happening right after browser update. The browser could be running at the time of the update. The crash data still has pre-update browser details. Here's one from nightly startup after an update, while installed build is #2015914347.
|
||
Comment 3•2 years ago
•
|
||
This seems to be a general weakref lifecycle bug we are experiencing in other JNI objects, not just SessionAccessibility.
https://crash-stats.mozilla.org/report/index/b05c184f-55dc-434e-b3ca-eaabc0230317
This is also a dup of bug 1811522 that I moved to the GV component. Will do the same here. Peers can decide which one should be folded into what.
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
|
|
Assignee | |
Comment 5•2 years ago
|
||
I suspect GeckoViewSupport::Transfer and SessionAccessibility implementation. If this is a bug in mozilla::jni::NativeStub, this occurs on all JNI objects. But this issue is SessionAccessibility only.
SessionAccessibility is detached then attached immediately in GeckoViewSupport::Transfer. But I guess that it is dangerous. NativeProvider uses recycled object and dispose task is async in SessionAccessibility. so SessionAccessiblity.Detach doesn't detach object immediately. But SessionAccessiblity.Attach is called immediately even if disposer isn't finished. So disposer may be run after attached. So we have to fix SessionAccessibility.SetAttach.
|
|
Assignee | |
Comment 6•2 years ago
|
||
|
||
Comment 7•2 years ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 AArch64 and ARM crashes on release
For more information, please visit BugBot documentation.
|
|
||
Comment 8•2 years ago
|
||
The bug is linked to a topcrash signature, which matches the following criterion:
- Top 10 AArch64 and ARM crashes on release (startup)
For more information, please visit BugBot documentation.
|
|
||
Comment 9•2 years ago
|
||
Based on the topcrash criteria, the crash signatures linked to this bug are not in the topcrash signatures anymore.
For more information, please visit BugBot documentation.
|
|
||
Comment 10•1 year ago
|
||
Based on the topcrash criteria, the crash signatures linked to this bug are not in the topcrash signatures anymore.
For more information, please visit BugBot documentation.
|
||
Comment 11•9 months ago
|
||
This is a generic crash signature. It's hit from a different code paths, such as:
mozilla::widget::GeckoTelemetryDelegate
https://crash-stats.mozilla.org/report/index/e0588501-bd8e-4126-bfdb-01b430240410
mozilla::widget::NPZCSupport
https://crash-stats.mozilla.org/report/index/2f5f0ffc-3a37-43c0-bdbd-063800240412
|
||
Updated•8 months ago
|
Description
•