Last Comment Bug 749917 - crash in mozilla::AndroidBridge::CheckURIVisited
: crash in mozilla::AndroidBridge::CheckURIVisited
Status: RESOLVED FIXED
[native-crash]
: crash, intermittent-failure, qawanted
Product: Core
Classification: Components
Component: Widget: Android (show other bugs)
: Trunk
: ARM Android
: -- critical (vote)
: mozilla16
Assigned To: Brad Lassey [:blassey] (use needinfo?)
:
Mentors:
Depends on: 741222 741315 748531
Blocks: 438871 747787
  Show dependency treegraph
 
Reported: 2012-04-28 01:09 PDT by Scoobidiver (away)
Modified: 2013-12-10 10:00 PST (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch to check for the exception (911 bytes, patch)
2012-07-02 10:55 PDT, Brad Lassey [:blassey] (use needinfo?)
bugmail.mozilla: review+
Details | Diff | Review

Description Scoobidiver (away) 2012-04-28 01:09:24 PDT
There's one crash in 15.0a1/20120427.

Signature 	_JNIEnv::NewString More Reports Search
UUID	f0505ef0-67c8-4796-8a08-801202120428
Date Processed	2012-04-28 07:39:04
Uptime	3125
Last Crash	52.1 minutes before submission
Install Age	1.0 hours since version was first installed.
Install Time	2012-04-28 06:33:40
Product	FennecAndroid
Version	15.0a1
Build ID	20120427030500
Release Channel	nightly
OS	Linux
OS Version	0.0.0 Linux 2.6.36.3 #1 SMP PREEMPT Thu Dec 1 06:02:53 KST 2011 armv7l
Build Architecture	arm
Build Architecture Info	
Crash Reason	SIGSEGV
Crash Address	0xdeadd00d
App Notes 	
EGL? EGL+ AdapterVendorID: lu6500, AdapterDeviceID: LG-LU6500.
AdapterDescription: 'Android, Model: 'LG-LU6500', Product: 'lge_bssq', Manufacturer: 'LGE', Hardware: 'lu6500''.
GL Context? GL Context+ GL Layers? GL Layers+ 
LGE LG-LU6500
lge/lge_bssq/bssq_450-06:2.3.4/GRJ22/LG-LU6500-26_00.4247ef37:user/release-keys
EMCheckCompatibility	True

Frame 	Module 	Signature 	Source
0 	libdvm.so 	libdvm.so@0x464c4 	
1 	dalvik-heap (deleted) 	dalvik-heap @0x54eae6 	
2 	libdvm.so 	libdvm.so@0x4a8d1 	
3 	dalvik-heap (deleted) 	dalvik-heap @0x54eae6 	
4 	libdvm.so 	libdvm.so@0x4c221 	
5 	libxul.so 	_JNIEnv::NewString 	jni.h:828
6 	libxul.so 	mozilla::AndroidBridge::CheckURIVisited 	widget/android/AndroidBridge.cpp:1551
7 	libxul.so 	nsAndroidHistory::RegisterVisitedCallback 	toolkit/components/places/nsAndroidHistory.cpp:86
8 	libxul.so 	mozilla::dom::Link::LinkState 	content/base/src/Link.cpp:127
9 	libxul.so 	EnumeratePendingLinkUpdates 	content/base/src/nsDocument.cpp:8087
10 	libxul.so 	nsTHashtable<nsPtrHashKey<mozilla::dom::Link> >::s_EnumStub 	nsTHashtable.h:500
11 	libxul.so 	PL_DHashTableEnumerate 	obj-firefox/xpcom/build/pldhash.cpp:750
12 	libxul.so 	nsIDocument::FlushPendingLinkUpdates 	nsTHashtable.h:251
13 	libxul.so 	nsCSSFrameConstructor::ResolveStyleContext 	layout/base/nsCSSFrameConstructor.cpp:4551
14 	libxul.so 	nsCSSFrameConstructor::ResolveStyleContext 	layout/base/nsCSSFrameConstructor.cpp:4542
15 	libxul.so 	nsCSSFrameConstructor::AddFrameConstructionItems 	layout/base/nsCSSFrameConstructor.cpp:4995
16 	libxul.so 	nsCSSFrameConstructor::ContentAppended 	layout/base/nsCSSFrameConstructor.cpp:6581
17 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6272
18 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
19 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
20 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
21 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
22 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
23 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
24 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
25 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
26 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6282
27 	libxul.so 	nsCSSFrameConstructor::CreateNeededFrames 	layout/base/nsCSSFrameConstructor.cpp:6297
28 	libxul.so 	PresShell::FlushPendingNotifications 	layout/base/nsPresShell.cpp:3969
29 	libxul.so 	nsDocument::FlushPendingNotifications 	content/base/src/nsDocument.cpp:6383
30 	libxul.so 	nsGenericElement::GetPrimaryFrame 	content/base/src/nsGenericElement.cpp:3963
31 	libxul.so 	nsGenericElement::GetStyledFrame 	content/base/src/nsGenericElement.cpp:2047
32 	libxul.so 	nsGenericElement::GetScrollFrame 	content/base/src/nsGenericElement.cpp:2087
33 	libxul.so 	nsGenericElement::GetScrollTop 	content/base/src/nsGenericElement.cpp:2123
34 	libxul.so 	nsIDOMElement_GetScrollTop 	obj-firefox/js/xpconnect/src/dom_quickstubs.cpp:4443
35 	libxul.so 	js_GetProperty 	js/src/jscntxtinlines.h:364
36 	libxul.so 	JSObject::getGeneric 	js/src/jsobjinlines.h:194
37 	libxul.so 	js::Interpret 	js/src/jsobjinlines.h:209
38 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:475
39 	libxul.so 	js::InvokeKernel 	js/src/jsinterp.cpp:535
40 	libxul.so 	js_fun_apply 	js/src/jsinterp.h:172
41 	libxul.so 	js::Interpret 	js/src/jscntxtinlines.h:314
42 	libxul.so 	js::RunScript 	js/src/jsinterp.cpp:475
43 	libxul.so 	js::Invoke 	js/src/jsinterp.cpp:535
44 	libxul.so 	JS_CallFunctionValue 	js/src/jsapi.cpp:5416
...

More reports at:
https://crash-stats.mozilla.com/report/list?signature=_JNIEnv%3A%3ANewString
Comment 1 Scoobidiver (away) 2012-05-18 03:39:16 PDT
Those crashes appeared again in 15.0a1/20120517. The related regression range is:
http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=c00a9c1940c5&tochange=762e95608da3
Comment 2 Kartikaya Gupta (email:kats@mozilla.com) 2012-05-18 13:14:56 PDT
This appears to be the same issue as bug 749687, even though the crash stack is slightly different. In both cases it's the call to JNIEnv::NewString that's failing, and in both cases there's a URI stored in the JSON-serialized data. I looked at the nsPromiseFlatString stuff and it looks ok to me, so I don't think that's the problem. My guess is that perhaps the actual string data sent by gecko doesn't line up with the version of unicode that dalvik is using.

qawanted to try to reliably reproduce this problem. My guess is that it may happen if you visit pages with weird unicode characters in the URL. It may also depend on the version of android being used, so best to try reproducing on the same device/version that these crashes were seen on.
Comment 8 Brad Lassey [:blassey] (use needinfo?) 2012-07-02 10:47:43 PDT
Relevant part of the log:
06-26 04:38:44.206 E/dalvikvm-heap( 1952): Out of memory on a 924472-byte allocation.
06-26 04:38:44.206 W/GeckoGlobalHistory( 1952): Rebuilding visited link set...
06-26 04:38:44.206 W/dalvikvm( 1952): JNI WARNING: JNI method called with exception raised
06-26 04:38:44.206 W/dalvikvm( 1952):              in Lorg/mozilla/gecko/GeckoAppShell;.nativeRun (Ljava/lang/String;)V (CallStaticVoidMethodV)
06-26 04:38:44.206 W/dalvikvm( 1952): Pending exception is:
06-26 04:38:44.206 E/dalvikvm( 1952): VM aborting
Comment 9 Brad Lassey [:blassey] (use needinfo?) 2012-07-02 10:55:32 PDT
Created attachment 638416 [details] [diff] [review]
patch to check for the exception
Comment 10 Brad Lassey [:blassey] (use needinfo?) 2012-07-03 11:06:53 PDT
https://hg.mozilla.org/integration/mozilla-inbound/rev/4524c3a94a3c
Comment 11 Ryan VanderMeulen [:RyanVM] 2012-07-03 16:07:02 PDT
https://hg.mozilla.org/mozilla-central/rev/4524c3a94a3c

Note You need to log in before you can comment on or make changes to this bug.