Crash when playing some HTML5 videos with cubeb

RESOLVED FIXED in mozilla15



5 years ago
5 years ago


(Reporter: Artem Karpenko, Assigned: kinetik)



15 Branch

Firefox Tracking Flags

(Not tracked)


(crash signature)


(1 attachment)



5 years ago
User Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/15.0 Firefox/15.0a1
Build ID: 20120529052711

Steps to reproduce:

Open page with video, for example:

Start playing video if it's not started automatically.

Actual results:

Firefox shuts down.

This started to happen about 2-4 weeks ago, before that Nightly was OK.

Expected results:

No crash.

If I go to and click "Leave the HTML5 Trial" then videos that previously crashed are being played OK.

Also the weird thing is that Firefox does not crash when playing the last video within the playlist:

Does not crash:

Comment 1

5 years ago
For me, Firefox doesn't crash on these videos.
Make sure you use the latest Flash version:
Can you provide the crash ID (bp-...) from about:crashes?

Comment 2

5 years ago
The latest version of flash installed but this problem happens also when no flash plugin installed at all.
And about:crashes contains none of these crashes, only a couple of other ones. If Firefox is started from command line I can see "Segmentation fault" message thrown on crash and that's all.

Comment 3

5 years ago
Please provide a stacktrace using a debugger. See

Comment 4

5 years ago
#0  0xab516bf5 in ?? () from /usr/lib/alsa-lib/
#1  0xab5178dd in alsa_lib_resampler_process_int () from /usr/lib/alsa-lib/
#2  0xab517af4 in alsa_lib_resampler_process_interleaved_int () from /usr/lib/alsa-lib/
#3  0xab515f6e in ?? () from /usr/lib/alsa-lib/
#4  0xb5e66392 in ?? () from /usr/lib/
#5  0xb5e667d1 in ?? () from /usr/lib/
#6  0xb5e668c7 in ?? () from /usr/lib/
#7  0xb5e669a4 in ?? () from /usr/lib/
#8  0xb5e4b988 in snd_pcm_mmap_commit () from /usr/lib/
#9  0xb5e5a5ec in ?? () from /usr/lib/
#10 0xb5e4bfd1 in ?? () from /usr/lib/
#11 0xb5e5b059 in ?? () from /usr/lib/
#12 0xb5e44bf4 in snd_pcm_writei () from /usr/lib/
#13 0xb7181e6b in cubeb_run_thread () from /home/yozh/apps/firefox-13/
#14 0x00000000 in ?? ()

I've also tried debug version of Nightly and it triggered a slightly different result:

#0  0xa8abdbb3 in ?? () from /usr/lib/alsa-lib/
#1  0xa8abe8dd in alsa_lib_resampler_process_int () from /usr/lib/alsa-lib/
#2  0xa8abeaf4 in alsa_lib_resampler_process_interleaved_int () from /usr/lib/alsa-lib/
#3  0xa8abcf6e in ?? () from /usr/lib/alsa-lib/
#4  0xb56df392 in ?? () from /usr/lib/
#5  0xb56df7d1 in ?? () from /usr/lib/
#6  0xb56df8c7 in ?? () from /usr/lib/
#7  0xb56df9a4 in ?? () from /usr/lib/
#8  0xb56c4988 in snd_pcm_mmap_commit () from /usr/lib/
#9  0xb56d35ec in ?? () from /usr/lib/
#10 0xb56c4fd1 in ?? () from /usr/lib/
#11 0xb56d4059 in ?? () from /usr/lib/
#12 0xb56bdbf4 in snd_pcm_writei () from /usr/lib/
#13 0xb6bd337f in vp8_idct_dequant_dc_full_2x_sse2 () from /home/yozh/apps/firefox-nightly-debug/
#14 0xb7fabb25 in start_thread () from /lib/
#15 0xb7dc646e in clone () from /lib/

Comment 5

5 years ago
Debug symbols are missing in the above stacktraces.

Comment 6

5 years ago
Yes, they are. Debug version does not contain them, as I understand. Do you know where to get version with debug symbols?

I tried downloading them as described here with the following output:

yozh@linux-yozh:~/pro/mozilla/symbols-script> ./  /home/yozh/apps/firefox-nightly-debug/ nightly-symbols
Fetching symbol index
HTTP error 404 retrieving

Comment 7

5 years ago
(In reply to Artem Karpenko from comment #6)
> Yes, they are. Debug version does not contain them, as I understand. Do you
> know where to get version with debug symbols?
Maybe there:

Comment 8

5 years ago
Nope, this is the one I already tried.
Anyway, I've built Firefox manually using central mercurial repository with debug symbols enabled and reproduced error. Here is backtrace:

#0  0xae5318c0 in alsa_lib_resampler_process_int () from /usr/lib/alsa-lib/
#1  0xae531af4 in alsa_lib_resampler_process_interleaved_int () from /usr/lib/alsa-lib/
#2  0xae52ff6e in ?? () from /usr/lib/alsa-lib/
#3  0xb44ac392 in ?? () from /usr/lib/
#4  0xb44ac7d1 in ?? () from /usr/lib/
#5  0xb44ac8c7 in ?? () from /usr/lib/
#6  0xb44ac9a4 in ?? () from /usr/lib/
#7  0xb4491988 in snd_pcm_mmap_commit () from /usr/lib/
#8  0xb44a05ec in ?? () from /usr/lib/
#9  0xb4491fd1 in ?? () from /usr/lib/
#10 0xb44a1059 in ?? () from /usr/lib/
#11 0xb448abf4 in snd_pcm_writei () from /usr/lib/
#12 0xb67ab9e1 in cubeb_refill_stream (stm=0xa6765980) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:300
#13 0xb67abd24 in cubeb_run (ctx=0xa40ff000) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:374
#14 0xb67abe71 in cubeb_run_thread (context=0xa40ff000) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:406
#15 0xb7fabb25 in start_thread () from /lib/
#16 0xb7dc646e in clone () from /lib/

Comment 9

5 years ago
And after updating ALSA from 1.0.23 to 1.0.25:

#0  0xaf5058c0 in alsa_lib_resampler_process_int () from /usr/lib/alsa-lib/
#1  0xaf505af4 in alsa_lib_resampler_process_interleaved_int () from /usr/lib/alsa-lib/
#2  0xaf503f6e in ?? () from /usr/lib/alsa-lib/
#3  0xb44a3d92 in do_convert (dst_areas=0xa6bf6500, dst_offset=0, dst_frames=1024, src_areas=0xa6bf6720, src_offset=0, src_frames=940, channels=2, rate=0xa30218e0)
    at pcm_rate.c:528
#4  0xb44a41d1 in snd_pcm_rate_write_areas1 (pcm=0xa3248cf0, rate=0xa30218e0, appl_offset=0, size=940, slave_size=1024) at pcm_rate.c:546
#5  snd_pcm_rate_commit_area (pcm=0xa3248cf0, rate=0xa30218e0, appl_offset=0, size=940, slave_size=1024) at pcm_rate.c:745
#6  0xb44a42c7 in snd_pcm_rate_commit_next_period (pcm=0xa3248cf0, appl_ptr=<value optimized out>) at pcm_rate.c:835
#7  snd_pcm_rate_sync_playback_area (pcm=0xa3248cf0, appl_ptr=<value optimized out>) at pcm_rate.c:961
#8  0xb44a43a4 in snd_pcm_rate_mmap_commit (pcm=0xa3248cf0, offset=0, size=4704) at pcm_rate.c:985
#9  0xb4488f98 in snd_pcm_mmap_commit (pcm=0xa3248cf0, offset=0, frames=4704) at pcm.c:6584
#10 0xb4497cdc in snd_pcm_plugin_write_areas (pcm=0xa3248e00, areas=0xa6c6b220, offset=<value optimized out>, size=4704) at pcm_plugin.c:284
#11 0xb44895e1 in snd1_pcm_write_areas (pcm=0xa3248e00, areas=0xa6c6b220, offset=<value optimized out>, size=<value optimized out>, func=
    0xb4497c40 <snd_pcm_plugin_write_areas>) at pcm.c:6759
#12 0xb44986f9 in snd_pcm_plugin_writei (pcm=0xa3248e00, buffer=0xa36f2000, size=4704) at pcm_plugin.c:355
#13 0xb4481f44 in _snd_pcm_writei (pcm=0xa3248be0, buffer=0xa36f2000, size=4704) at pcm_local.h:521
#14 snd_pcm_writei (pcm=0xa3248be0, buffer=0xa36f2000, size=4704) at pcm.c:1255
#15 0xb67ab9e1 in cubeb_refill_stream (stm=0xa31eae20) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:300
#16 0xb67abd24 in cubeb_run (ctx=0xa3513800) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:374
#17 0xb67abe71 in cubeb_run_thread (context=0xa3513800) at /home/yozh/pro/mozilla/central/media/libcubeb/src/cubeb_alsa.c:406
#18 0xb7fabb25 in start_thread () from /lib/
#19 0xb7dc646e in clone () from /lib/

Also, I found a somewhat similar bug: That one also was found using Firefox but addressed to ALSA devs.


5 years ago
Severity: normal → critical
Crash Signature: [@ cubeb_refill_stream]
Component: Untriaged → Video/Audio
Keywords: crash
Product: Firefox → Core
QA Contact: untriaged →

Comment 10

5 years ago
What Linux distribution and version are you running?  Please also supply your kernel and ALSA version, and the output of aplay -l -L.  Can you also try the old audio backend by opening about:config, creating a boolean pref called "media.use_cubeb", setting it to false, and reproducing the crash?  Once you've finished testing, please reset the pref by right clicking on it and selecting "reset".
Blocks: 623444

Comment 11

5 years ago
Distribution: OpenSUSE 11.3 i586.


!!ALSA Version

Driver version:
Library version:    1.0.25
Utilities version:  1.0.25

All ALSA packages are updated to 1.0.25.

yozh@linux-yozh:~> uname -a
Linux linux-yozh 2.6.34-12-default #1 SMP 2010-06-29 02:39:08 +0200 i686 i686 i386 GNU/Linux

yozh@linux-yozh:~> aplay -l -L
    Discard all samples (playback) or generate zero samples (capture)
    PulseAudio Sound Server
    HDA Intel, ALC662 rev1 Analog                                                                                                                                    
    Default Audio Device                                                                                                                                             
    HDA Intel, ALC662 rev1 Analog                                                                                                                                    
    Default Audio Device                                                                                                                                             
    HDA Intel, ALC662 rev1 Analog                                                                                                                                    
    Front speakers                                                                                                                                                   
    HDA Intel, ALC662 rev1 Analog                                                                                                                                    
    4.0 Surround output to Front and Rear speakers                                                                                                                   
    HDA Intel, ALC662 rev1 Analog                                                                                                                                    
    4.1 Surround output to Front, Rear and Subwoofer speakers
    HDA Intel, ALC662 rev1 Analog
    5.0 Surround output to Front, Center and Rear speakers
    HDA Intel, ALC662 rev1 Analog
    5.1 Surround output to Front, Center, Rear and Subwoofer speakers
    HDA Intel, ALC662 rev1 Analog
    7.1 Surround output to Front, Center, Side, Rear and Woofer speakers
    HDA Intel, ALC662 rev1 Digital
    IEC958 (S/PDIF) Digital Audio Output
    HDMI Audio Output
**** List of PLAYBACK Hardware Devices ****
card 0: Intel [HDA Intel], device 0: ALC662 rev1 Analog [ALC662 rev1 Analog]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 0: Intel [HDA Intel], device 1: ALC662 rev1 Digital [ALC662 rev1 Digital]
  Subdevices: 1/1
  Subdevice #0: subdevice #0
card 1: HDMI [HDA ATI HDMI], device 3: ATI HDMI [ATI HDMI]
  Subdevices: 1/1
  Subdevice #0: subdevice #0

When "media.use_cubeb" is set to false crash is not reproduced and playback is OK.


5 years ago
Ever confirmed: true
Summary: Crash when playing some (HTML5?) videos → Crash when playing some HTML5 videos with cubeb

Comment 12

5 years ago
Thanks, I'll set that environment up in a VM and see if I can reproduce and debug.

Comment 13

5 years ago
I can easily reproduce this in an openSUSE 11.3 i586 VM by running cubeb's testsuite--test_sanity crashes while running test_stream_position with a very similar stack to comment 9.

I crash in speex_resampler_process_native:

Dump of assembler code for function speex_resampler_process_native:
   0xb7d11b9d <+13>:    mov    0x1c(%edi),%esi
   0xb7d11ba0 <+16>:    movl   $0x0,0x5c(%esp)
   0xb7d11ba8 <+24>:    mov    0x74(%esp),%ebp
   0xb7d11bac <+28>:    movl   $0x1,0x34(%edi)
=> 0xb7d11bb3 <+35>:    mov    %eax,0x3c(%esp)
   0xb7d11bb7 <+39>:    mov    0x40(%edi),%eax
   0xb7d11bba <+42>:    shl    $0x2,%esi
   0xb7d11bbd <+45>:    imul   %edx,%esi
   0xb7d11bc0 <+48>:    lea    0x0(,%edx,4),%edx

Note that it's crashing while trying to write to the stack.  cubeb's cubeb_run_thread runs with a very small stack (PTHREAD_STACK_MIN, which is 16kB in this case), and this call path requires more stack than has been allocated.

I've pushed a fix to cubeb that increases the thread's stack size to 256kB:
Assignee: nobody → kinetik

Comment 14

5 years ago
Created attachment 629424 [details] [diff] [review]
patch v0
Attachment #629424 - Flags: review?(chris.double)


5 years ago
Attachment #629424 - Flags: review?(chris.double) → review+

Comment 15

5 years ago
Target Milestone: --- → mozilla15

Comment 16

5 years ago
Latest inbound build fixes problem for me. Thanks!

Comment 17

5 years ago
Thanks for reporting the bug, and confirming that the patch solved the issue.  Much appreciated!
Last Resolved: 5 years ago
Resolution: --- → FIXED


5 years ago
No longer blocks: 623444


5 years ago
Blocks: 623444
You need to log in before you can comment on or make changes to this bug.