Closed
Bug 759677
Opened 12 years ago
Closed 12 years ago
Crash when playing some HTML5 videos with cubeb
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
mozilla15
People
(Reporter: gooyozh, Assigned: kinetik)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
1.17 KB,
patch
|
cajbir
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/15.0 Firefox/15.0a1 Build ID: 20120529052711 Steps to reproduce: Open page with video, for example: http://www.mozilla.org/projects/firefox/prerelease.html http://www.youtube.com/watch?v=3T1c7GkzRQQ http://www.youtube.com/watch?v=fHC05_9b0gw Start playing video if it's not started automatically. Actual results: Firefox shuts down. This started to happen about 2-4 weeks ago, before that Nightly was OK. Expected results: No crash. If I go to http://www.youtube.com/html5?hl=en and click "Leave the HTML5 Trial" then videos that previously crashed are being played OK. Also the weird thing is that Firefox does not crash when playing the last video within the playlist: http://www.youtube.com/watch?v=fHC05_9b0gw&list=PL9120FAB23501BFF9&index=1&feature=plpp_video Does not crash: http://vimeo.com/22918371 http://www.dailymotion.com/video/xctwtv_radiohead-no-surprises_music http://www.funnyordie.com/videos/d7ef733b1d/radiohead-no-surprises-literal-video-version-from-kfk
|
||
Comment 1•12 years ago
|
||
For me, Firefox doesn't crash on these videos. Make sure you use the latest Flash version: http://www.mozilla.org/plugincheck/ Can you provide the crash ID (bp-...) from about:crashes?
|
Reporter | |
Comment 2•12 years ago
|
||
The latest version of flash installed but this problem happens also when no flash plugin installed at all. And about:crashes contains none of these crashes, only a couple of other ones. If Firefox is started from command line I can see "Segmentation fault" message thrown on crash and that's all.
|
|
||
Comment 3•12 years ago
|
||
Please provide a stacktrace using a debugger. See https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report#Alternative_ways_to_get_a_stacktrace
|
|
Reporter | |
Comment 4•12 years ago
|
||
#0 0xab516bf5 in ?? () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #1 0xab5178dd in alsa_lib_resampler_process_int () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #2 0xab517af4 in alsa_lib_resampler_process_interleaved_int () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #3 0xab515f6e in ?? () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #4 0xb5e66392 in ?? () from /usr/lib/libasound.so.2 #5 0xb5e667d1 in ?? () from /usr/lib/libasound.so.2 #6 0xb5e668c7 in ?? () from /usr/lib/libasound.so.2 #7 0xb5e669a4 in ?? () from /usr/lib/libasound.so.2 #8 0xb5e4b988 in snd_pcm_mmap_commit () from /usr/lib/libasound.so.2 #9 0xb5e5a5ec in ?? () from /usr/lib/libasound.so.2 #10 0xb5e4bfd1 in ?? () from /usr/lib/libasound.so.2 #11 0xb5e5b059 in ?? () from /usr/lib/libasound.so.2 #12 0xb5e44bf4 in snd_pcm_writei () from /usr/lib/libasound.so.2 #13 0xb7181e6b in cubeb_run_thread () from /home/yozh/apps/firefox-13/libxul.so #14 0x00000000 in ?? () I've also tried debug version of Nightly and it triggered a slightly different result: #0 0xa8abdbb3 in ?? () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #1 0xa8abe8dd in alsa_lib_resampler_process_int () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #2 0xa8abeaf4 in alsa_lib_resampler_process_interleaved_int () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #3 0xa8abcf6e in ?? () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #4 0xb56df392 in ?? () from /usr/lib/libasound.so.2 #5 0xb56df7d1 in ?? () from /usr/lib/libasound.so.2 #6 0xb56df8c7 in ?? () from /usr/lib/libasound.so.2 #7 0xb56df9a4 in ?? () from /usr/lib/libasound.so.2 #8 0xb56c4988 in snd_pcm_mmap_commit () from /usr/lib/libasound.so.2 #9 0xb56d35ec in ?? () from /usr/lib/libasound.so.2 #10 0xb56c4fd1 in ?? () from /usr/lib/libasound.so.2 #11 0xb56d4059 in ?? () from /usr/lib/libasound.so.2 #12 0xb56bdbf4 in snd_pcm_writei () from /usr/lib/libasound.so.2 #13 0xb6bd337f in vp8_idct_dequant_dc_full_2x_sse2 () from /home/yozh/apps/firefox-nightly-debug/libxul.so #14 0xb7fabb25 in start_thread () from /lib/libpthread.so.0 #15 0xb7dc646e in clone () from /lib/libc.so.6
|
|
||
Comment 5•12 years ago
|
||
Debug symbols are missing in the above stacktraces.
|
|
Reporter | |
Comment 6•12 years ago
|
||
Yes, they are. Debug version does not contain them, as I understand. Do you know where to get version with debug symbols? I tried downloading them as described here https://developer.mozilla.org/en/Using_the_Mozilla_symbol_server with the following output: yozh@linux-yozh:~/pro/mozilla/symbols-script> ./fetch-symbols.py /home/yozh/apps/firefox-nightly-debug/ http://symbols.mozilla.org/firefox nightly-symbols Fetching symbol index http://symbols.mozilla.org/firefox/firefox-15.0a1-Linux-20120530012752-symbols.txt HTTP error 404 retrieving http://symbols.mozilla.org/firefox/firefox-15.0a1-Linux-20120530012752-symbols.txt
|
|
||
Comment 7•12 years ago
|
||
(In reply to Artem Karpenko from comment #6) > Yes, they are. Debug version does not contain them, as I understand. Do you > know where to get version with debug symbols? Maybe there: ftp://ftp.mozilla.org/pub/firefox/nightly/2012-05-30-mozilla-central-debug/
|
|
Reporter | |
Comment 8•12 years ago
|
||
Nope, this is the one I already tried. Anyway, I've built Firefox manually using central mercurial repository with debug symbols enabled and reproduced error. Here is backtrace: #0 0xae5318c0 in alsa_lib_resampler_process_int () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #1 0xae531af4 in alsa_lib_resampler_process_interleaved_int () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #2 0xae52ff6e in ?? () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so #3 0xb44ac392 in ?? () from /usr/lib/libasound.so.2 #4 0xb44ac7d1 in ?? () from /usr/lib/libasound.so.2 #5 0xb44ac8c7 in ?? () from /usr/lib/libasound.so.2 #6 0xb44ac9a4 in ?? () from /usr/lib/libasound.so.2 #7 0xb4491988 in snd_pcm_mmap_commit () from /usr/lib/libasound.so.2 #8 0xb44a05ec in ?? () from /usr/lib/libasound.so.2 #9 0xb4491fd1 in ?? () from /usr/lib/libasound.so.2 #10 0xb44a1059 in ?? () from /usr/lib/libasound.so.2 #11 0xb448abf4 in snd_pcm_writei () from /usr/lib/libasound.so.2 #12 0xb67ab9e1 in cubeb_refill_stream (stm=0xa6765980) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:300 #13 0xb67abd24 in cubeb_run (ctx=0xa40ff000) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:374 #14 0xb67abe71 in cubeb_run_thread (context=0xa40ff000) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:406 #15 0xb7fabb25 in start_thread () from /lib/libpthread.so.0 #16 0xb7dc646e in clone () from /lib/libc.so.6
|
|
Reporter | |
Comment 9•12 years ago
|
||
And after updating ALSA from 1.0.23 to 1.0.25:
#0 0xaf5058c0 in alsa_lib_resampler_process_int () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so
#1 0xaf505af4 in alsa_lib_resampler_process_interleaved_int () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so
#2 0xaf503f6e in ?? () from /usr/lib/alsa-lib/libasound_module_rate_speexrate.so
#3 0xb44a3d92 in do_convert (dst_areas=0xa6bf6500, dst_offset=0, dst_frames=1024, src_areas=0xa6bf6720, src_offset=0, src_frames=940, channels=2, rate=0xa30218e0)
at pcm_rate.c:528
#4 0xb44a41d1 in snd_pcm_rate_write_areas1 (pcm=0xa3248cf0, rate=0xa30218e0, appl_offset=0, size=940, slave_size=1024) at pcm_rate.c:546
#5 snd_pcm_rate_commit_area (pcm=0xa3248cf0, rate=0xa30218e0, appl_offset=0, size=940, slave_size=1024) at pcm_rate.c:745
#6 0xb44a42c7 in snd_pcm_rate_commit_next_period (pcm=0xa3248cf0, appl_ptr=<value optimized out>) at pcm_rate.c:835
#7 snd_pcm_rate_sync_playback_area (pcm=0xa3248cf0, appl_ptr=<value optimized out>) at pcm_rate.c:961
#8 0xb44a43a4 in snd_pcm_rate_mmap_commit (pcm=0xa3248cf0, offset=0, size=4704) at pcm_rate.c:985
#9 0xb4488f98 in snd_pcm_mmap_commit (pcm=0xa3248cf0, offset=0, frames=4704) at pcm.c:6584
#10 0xb4497cdc in snd_pcm_plugin_write_areas (pcm=0xa3248e00, areas=0xa6c6b220, offset=<value optimized out>, size=4704) at pcm_plugin.c:284
#11 0xb44895e1 in snd1_pcm_write_areas (pcm=0xa3248e00, areas=0xa6c6b220, offset=<value optimized out>, size=<value optimized out>, func=
0xb4497c40 <snd_pcm_plugin_write_areas>) at pcm.c:6759
#12 0xb44986f9 in snd_pcm_plugin_writei (pcm=0xa3248e00, buffer=0xa36f2000, size=4704) at pcm_plugin.c:355
#13 0xb4481f44 in _snd_pcm_writei (pcm=0xa3248be0, buffer=0xa36f2000, size=4704) at pcm_local.h:521
#14 snd_pcm_writei (pcm=0xa3248be0, buffer=0xa36f2000, size=4704) at pcm.c:1255
#15 0xb67ab9e1 in cubeb_refill_stream (stm=0xa31eae20) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:300
#16 0xb67abd24 in cubeb_run (ctx=0xa3513800) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:374
#17 0xb67abe71 in cubeb_run_thread (context=0xa3513800) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:406
#18 0xb7fabb25 in start_thread () from /lib/libpthread.so.0
#19 0xb7dc646e in clone () from /lib/libc.so.6
Also, I found a somewhat similar bug: https://bugs.launchpad.net/alsa-plugins/+bug/367279. That one also was found using Firefox but addressed to ALSA devs.|
|
||
Updated•12 years ago
|
Severity: normal → critical
Crash Signature: [@ cubeb_refill_stream]
Component: Untriaged → Video/Audio
Keywords: crash
Product: Firefox → Core
QA Contact: untriaged → video.audio
See Also: → https://launchpad.net/bugs/367279
|
Assignee | |
Comment 10•12 years ago
|
||
What Linux distribution and version are you running? Please also supply your kernel and ALSA version, and the output of aplay -l -L. Can you also try the old audio backend by opening about:config, creating a boolean pref called "media.use_cubeb", setting it to false, and reproducing the crash? Once you've finished testing, please reset the pref by right clicking on it and selecting "reset".
Blocks: cubeb
|
|
Reporter | |
Comment 11•12 years ago
|
||
Distribution: OpenSUSE 11.3 i586.
From alsa-info.sh:
!!ALSA Version
!!------------
Driver version: 1.0.22.1
Library version: 1.0.25
Utilities version: 1.0.25
All ALSA packages are updated to 1.0.25.
yozh@linux-yozh:~> uname -a
Linux linux-yozh 2.6.34-12-default #1 SMP 2010-06-29 02:39:08 +0200 i686 i686 i386 GNU/Linux
yozh@linux-yozh:~> aplay -l -L
null
Discard all samples (playback) or generate zero samples (capture)
pulse
PulseAudio Sound Server
default:CARD=Intel
HDA Intel, ALC662 rev1 Analog
Default Audio Device
sysdefault:CARD=Intel
HDA Intel, ALC662 rev1 Analog
Default Audio Device
front:CARD=Intel,DEV=0
HDA Intel, ALC662 rev1 Analog
Front speakers
surround40:CARD=Intel,DEV=0
HDA Intel, ALC662 rev1 Analog
4.0 Surround output to Front and Rear speakers
surround41:CARD=Intel,DEV=0
HDA Intel, ALC662 rev1 Analog
4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=Intel,DEV=0
HDA Intel, ALC662 rev1 Analog
5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=Intel,DEV=0
HDA Intel, ALC662 rev1 Analog
5.1 Surround output to Front, Center, Rear and Subwoofer speakers
surround71:CARD=Intel,DEV=0
HDA Intel, ALC662 rev1 Analog
7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
iec958:CARD=Intel,DEV=0
HDA Intel, ALC662 rev1 Digital
IEC958 (S/PDIF) Digital Audio Output
hdmi:CARD=HDMI,DEV=0
HDA ATI HDMI, ATI HDMI
HDMI Audio Output
**** List of PLAYBACK Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC662 rev1 Analog [ALC662 rev1 Analog]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 0: Intel [HDA Intel], device 1: ALC662 rev1 Digital [ALC662 rev1 Digital]
Subdevices: 1/1
Subdevice #0: subdevice #0
card 1: HDMI [HDA ATI HDMI], device 3: ATI HDMI [ATI HDMI]
Subdevices: 1/1
Subdevice #0: subdevice #0
When "media.use_cubeb" is set to false crash is not reproduced and playback is OK.|
|
||
Updated•12 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Crash when playing some (HTML5?) videos → Crash when playing some HTML5 videos with cubeb
|
|
Assignee | |
Comment 12•12 years ago
|
||
Thanks, I'll set that environment up in a VM and see if I can reproduce and debug.
|
|
Assignee | |
Comment 13•12 years ago
|
||
I can easily reproduce this in an openSUSE 11.3 i586 VM by running cubeb's testsuite--test_sanity crashes while running test_stream_position with a very similar stack to comment 9. I crash in speex_resampler_process_native: Dump of assembler code for function speex_resampler_process_native: 0xb7d11b9d <+13>: mov 0x1c(%edi),%esi 0xb7d11ba0 <+16>: movl $0x0,0x5c(%esp) 0xb7d11ba8 <+24>: mov 0x74(%esp),%ebp 0xb7d11bac <+28>: movl $0x1,0x34(%edi) => 0xb7d11bb3 <+35>: mov %eax,0x3c(%esp) 0xb7d11bb7 <+39>: mov 0x40(%edi),%eax 0xb7d11bba <+42>: shl $0x2,%esi 0xb7d11bbd <+45>: imul %edx,%esi 0xb7d11bc0 <+48>: lea 0x0(,%edx,4),%edx Note that it's crashing while trying to write to the stack. cubeb's cubeb_run_thread runs with a very small stack (PTHREAD_STACK_MIN, which is 16kB in this case), and this call path requires more stack than has been allocated. I've pushed a fix to cubeb that increases the thread's stack size to 256kB: https://github.com/kinetiknz/cubeb/commit/6a6ed2607e3c457768659495532c58480df1e40d
Assignee: nobody → kinetik
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 14•12 years ago
|
||
Attachment #629424 -
Flags: review?(chris.double)
|
||
Updated•12 years ago
|
Attachment #629424 -
Flags: review?(chris.double) → review+
|
|
Assignee | |
Comment 15•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/766d3249625b
Target Milestone: --- → mozilla15
|
|
Reporter | |
Comment 16•12 years ago
|
||
Latest inbound build fixes problem for me. Thanks!
|
|
Assignee | |
Comment 17•12 years ago
|
||
Thanks for reporting the bug, and confirming that the patch solved the issue. Much appreciated!
|
||
Comment 18•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/766d3249625b
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•