Closed Bug 845729 Opened 12 years ago Closed 5 years ago

crash in mozilla::MediaPluginReader::DecodeVideoFrame @ libstagefright.so@0x1... on Samsung Galaxy SII and Note with qcom hw running ICS

Categories

(Core :: Audio/Video: Playback, defect, P5)

20 Branch
ARM
Android
defect

Tracking

()

RESOLVED WORKSFORME
Tracking Status
firefox19 --- unaffected
firefox20 + wontfix
firefox21 + verified
firefox22 --- verified
firefox23 --- verified
fennec + ---

People

(Reporter: scoobidiver, Unassigned)

References

()

Details

(Keywords: crash, regression, reproducible, Whiteboard: [native-crash][leave open])

Crash Data

Attachments

(4 files)

With combined signatures, it's #5 top crasher in the first day of 20.0b1. It occurs on: * Samsung SGH-T989 = Galaxy SII * Samsung SGH-I717 = Galaxy Note * Samsung SGH-I727 = Galaxy SII Signature libstagefright.so@0x160f61 More Reports Search UUID c86e514b-98ab-4c4c-8686-aa0b02130227 Date Processed 2013-02-27 04:29:14 Uptime 17 Last Crash 25 seconds before submission Install Age 10.8 hours since version was first installed. Install Time 2013-02-26 17:38:39 Product FennecAndroid Version 20.0 Build ID 20130222123731 Release Channel beta OS Android OS Version 0.0.0 Linux 3.0.8-perf-1190554 #1 SMP PREEMPT Mon Jan 14 23:03:19 KST 2013 armv7l samsung/SGH-T989/SGH-T989:4.0.4/IMM76D/UVLI4:user/release-keys Build Architecture arm Build Architecture Info Crash Reason SIGSEGV Crash Address 0xdeadbaad App Notes AdapterDescription: 'Qualcomm -- Adreno (TM) 220 -- OpenGL ES 2.0 2184622 -- Model: SGH-T989, Product: SGH-T989, Manufacturer: samsung, Hardware: qcom' EGL? EGL+ GL Context? GL Context+ GL Layers? GL Layers+ Stagefright? Stagefright+ samsung SGH-T989 samsung/SGH-T989/SGH-T989:4.0.4/IMM76D/UVLI4:user/release-keys Processor Notes sp-processor09.phx1.mozilla.com_9484:2008; exploitablity tool: ERROR: unable to analyze dump EMCheckCompatibility True Adapter Vendor ID Qualcomm Adapter Device ID Adreno (TM) 220 Device samsung SGH-T989 Android API Version 15 (REL) Android CPU ABI armeabi-v7a Frame Module Signature Source 0 libc.so libc.so@0x17d18 1 libstagefright.so libstagefright.so@0x160f61 2 libstagefright.so libstagefright.so@0x160f61 3 libstagefright.so libstagefright.so@0x160f61 4 libcutils.so libcutils.so@0x3f3f 5 libxul.so _cairo_gstate_init gfx/cairo/cairo/src/cairo-gstate.c:102 6 @0x6e6f6971 7 OMXCodec (deleted) OMXCodec @0x4aa21f 8 libbinder.so libbinder.so@0x20165 9 libbinder.so libbinder.so@0x1b825 10 libbinder.so libbinder.so@0x1bba1 11 libnativehelper.so TimeZones_getZoneStringsImpl libcore_icu_TimeZones.cpp:204 12 libutils.so libutils.so@0x19f2b ... 49 libc.so libc.so@0x129ce 50 libmozglue.so arena_dalloc memory/mozjemalloc/jemalloc.c:4667 51 libxul.so mozilla::layers::ImageContainerChild::AllocUnsafeShmemSync ReentrantMonitor.h:59 52 libstagefright.so libstagefright.so@0xa3941 53 libstagefright.so libstagefright.so@0x160f70 54 OMXCodec (deleted) OMXCodec @0x3ffffe 55 @0x6893dffe 56 libomxplugin.so OmxPlugin::OmxDecoder::ToVideoFrame_ColorConverter media/omx-plugin/OmxPlugin.cpp:739 57 libomxplugin.so OmxPlugin::OmxDecoder::ToVideoFrame media/omx-plugin/OmxPlugin.cpp:774 58 libomxplugin.so OmxPlugin::OmxDecoder::ReadVideo media/omx-plugin/OmxPlugin.cpp:831 59 libxul.so mozilla::MediaPluginReader::DecodeVideoFrame content/media/plugins/MediaPluginReader.cpp:138 60 libxul.so mozilla::MediaDecoderReader::DecodeToFirstVideoData content/media/MediaDecoderReader.cpp:377 61 libxul.so mozilla::MediaDecoderReader::FindStartTime content/media/MediaDecoderReader.cpp:411 62 libxul.so mozilla::MediaDecoderStateMachine::FindStartTime content/media/MediaDecoderStateMachine.cpp:2456 63 libxul.so mozilla::MediaDecoderStateMachine::DecodeMetadata content/media/MediaDecoderStateMachine.cpp:1799 64 libxul.so mozilla::MediaDecoderStateMachine::DecodeThreadRun content/media/MediaDecoderStateMachine.cpp:477 65 libxul.so nsRunnableMethodImpl<tag_nsresult 66 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627 67 libxul.so NS_ProcessNextEvent_P obj-firefox/xpcom/build/nsThreadUtils.cpp:238 68 libxul.so nsThread::ThreadFunc xpcom/threads/nsThread.cpp:265 69 libnspr4.so _pt_root nsprpub/pr/src/pthreads/ptthread.c:156 70 libc.so libc.so@0x1327e 71 libc.so libc.so@0x12dd2 More reports at: https://crash-stats.mozilla.com/query/query?product=FennecAndroid&query_search=signature&query_type=contains&query=libstagefright.so%400x16&do_query=1
Summary: crash in OmxPlugin::OmxDecoder::ToVideoFrame_ColorConverter @ libstagefright.so@0x160f61 on Samsung Galaxy SII and Note running ICS → crash in OmxPlugin::OmxDecoder::ToVideoFrame_ColorConverter @ libstagefright.so@0x160... on Samsung Galaxy SII and Note running ICS
(In reply to Scoobidiver from comment #0) > It occurs on: > * Samsung SGH-T989 = Galaxy SII > * Samsung SGH-I717 = Galaxy Note > * Samsung SGH-I727 = Galaxy SII Just a note that these appear to be the qualcom chipset variants of the S2 and Note (US only?), not the Exynos chipsets verisions (available in NZ and internationally). This may affect ability to reproduce if people are trying the different chipset.
With combined signatures, it's #5 top crasher in 20.0b2 and #7 in 21.0a2.
Crash Signature: [@ libstagefright.so@0x160f61 ] [@ libstagefright.so@0x160e0d ] [@ libstagefright.so@0x160ea5 ] → [@ libstagefright.so@0x160f61 ] [@ libstagefright.so@0x160e0d ] [@ libstagefright.so@0x160ea5 ] [@ libstagefright.so@0x160f58 ] [@ libstagefright.so@0x166559 ] [@ libstagefright.so@0x161c87 ]
Keywords: regression, topcrash
Summary: crash in OmxPlugin::OmxDecoder::ToVideoFrame_ColorConverter @ libstagefright.so@0x160... on Samsung Galaxy SII and Note running ICS → crash in OmxPlugin::OmxDecoder::ToVideoFrame_ColorConverter @ libstagefright.so@0x160... on Samsung Galaxy SII and Note with qcom hw running ICS
Crash Signature: [@ libstagefright.so@0x160f61 ] [@ libstagefright.so@0x160e0d ] [@ libstagefright.so@0x160ea5 ] [@ libstagefright.so@0x160f58 ] [@ libstagefright.so@0x166559 ] [@ libstagefright.so@0x161c87 ] → [@ libstagefright.so@0x160f61 ] [@ libstagefright.so@0x160e0d ] [@ libstagefright.so@0x160ea5 ] [@ libstagefright.so@0x160f58 ] [@ libstagefright.so@0x166559 ] [@ libstagefright.so@0x161c87 ] [@ libstagefright.so@0x15c089 ] [@ libstagefright.so@0x1…
Summary: crash in OmxPlugin::OmxDecoder::ToVideoFrame_ColorConverter @ libstagefright.so@0x160... on Samsung Galaxy SII and Note with qcom hw running ICS → crash in OmxPlugin::OmxDecoder::ToVideoFrame_ColorConverter @ libstagefright.so@0x1... on Samsung Galaxy SII and Note with qcom hw running ICS
Given comment 1, kbrosnan will be in the best position to try to repro. Would also be great to get clarification around whether we actually believe this is a single issue, or just a bucket. Chris?
Flags: needinfo?(chris.double)
QA Contact: kbrosnan
(In reply to Alex Keybl [:akeybl] from comment #3) > Would also be great to get clarification around whether we actually believe > this is a single issue, or just a bucket. Chris? It's not possible to know without being able to reproduce and investigate, sorry.
Flags: needinfo?(chris.double)
tracking-fennec: --- → ?
No luck on any of those URLs using the non-Qualcomm variant devices (SII/Note). This seems specific to those Samsung variants.
(In reply to Aaron Train [:aaronmt] from comment #6) > No luck on any of those URLs using the non-Qualcomm variant devices > (SII/Note). This seems specific to those Samsung variants. Do we have qcom variant devices to try on? I was under the impression that Kevin did have such a device. If we can get this repro'd on a qcom chipset then that can be handed off to Chris for further investigation.
Nope. We ordered an North American SIII but that was shipped to Chris Double before I could look at it.
(In reply to Kevin Brosnan [:kbrosnan] from comment #8) > Nope. We ordered an North American SIII but that was shipped to Chris Double > before I could look at it. That was running Jellybean and there is a reproducible crash (bug 812881) that it's being used to create a fix for.
tracking-fennec: ? → +
Checked trunk and Beta on DeviceAnywere using their i727 and i717 unfortunately their phones are running Android 2.3. Was able to get STR for bug 766816. Placed order with Desktop for a SII that meets the requirements for this bug. REQ0014187
Looks like this is going to be a miss for FF20, wontfixing.
Summary: crash in OmxPlugin::OmxDecoder::ToVideoFrame_ColorConverter @ libstagefright.so@0x1... on Samsung Galaxy SII and Note with qcom hw running ICS → crash in mozilla::MediaPluginReader::DecodeVideoFrame @ libstagefright.so@0x1... on Samsung Galaxy SII and Note with qcom hw running ICS
Crash Signature: libstagefright.so@0x15bff7 ] → libstagefright.so@0x15bff7 ] [@ libstagefright.so@0x160fe8 ] [@ libstagefright.so@0x161e22 ] [@ libstagefright.so@0x161a17 ] [@ libstagefright.so@0x1617ef ] [@ libstagefright.so@0x1632c1 ] [@ libstagefright.so@0x161a71 ] [@ libstagefright.so@0x15b…
Kevin - have you received the device now? Any progress?
I have not. Elancaster poked IT last week.
Samsung skyrocket arrived in MV today. the device battery is dead and Firefox Beta was just pulled from Play for the l10n issue. i'll leave this on kevin's desk to get to on monday.
Attached file logcat
confirmed crash on Fx20b1. Logcat attached. Repro: 1) install Fx20.0 beta 1 on Samsung Skyrocket S2 - SGH-I727 2) open browser, goto http://www.canon.com/news/2013/mar04e.html 3) scroll down, and click play on the embedded video in the page 4) browser crashes and crash reporter appears. https://crash-stats.mozilla.com/report/index/bp-b014a12b-e427-411f-a248-a81742130412
Attached file logcat 2 - fx21b1
one more full logcat, same STR as above, but this time on Firefox 21 b1. Crash report: https://crash-stats.mozilla.com/report/index/bp-1edde3de-4857-4298-b3b2-ee2b72130412
(In reply to Chris Double (:doublec) from comment #4) > (In reply to Alex Keybl [:akeybl] from comment #3) > > Would also be great to get clarification around whether we actually believe > > this is a single issue, or just a bucket. Chris? > > It's not possible to know without being able to reproduce and investigate, > sorry. Chris, we have the device now and the latest logcat and STR from QA are attached in this bug . Do we need anything more that can help speed-up with your investigation here given we have a device handy-now and trying to resolve this in Fx21 time frame.
Looks like it's using a video color format we don't support. We'll probably need to blocklist these devices unless bug 860599 fixes it.
Passing on to Chris to help with blocklist if bug 860599 is not resolved in Fx21 timeframe.
Assignee: nobody → chris.double
Attached patch BlocklistSplinter Review
Attachment #739407 - Flags: review?(bjacob)
Depends on: 860599
Whiteboard: [native-crash] → [native-crash][leave open]
Attachment #739407 - Flags: review?(bjacob) → review+
Keywords: verifyme
It's not fixed because the Equals operator is used to compare model names for the blocklist and also because I757 is missing: Samsung SGH-I717M Samsung SGH-I717 Samsung SGH-I717R Samsung SGH-I727 Samsung SGH-I757M Samsung SGH-T989
(In reply to Scoobidiver from comment #25) > Samsung SGH-I717M > Samsung SGH-I717 > Samsung SGH-I717R > Samsung SGH-I727 > Samsung SGH-I757M > Samsung SGH-T989 So is this the complete list and exact strings I need to block to fix this bug?
Flags: needinfo?(scoobidiver)
Thanks for the keeping a close-eye on these blocklist's . If we do not see any landing in a couple of hours then this should get addressed on m-c/aurora asap and make sure the patch we uplift in final-beta addresses all concerns.
(In reply to Scoobidiver from comment #25) > It's not fixed because the Equals operator is used to compare model names > for the blocklist I'm confused what you mean by this. Can you expand? Looking at: https://crash-stats.mozilla.com/report/index/c86e514b-98ab-4c4c-8686-aa0b02130227 I see the model name is "SGH-T989" which is what is checked in the bug. What is the exact list of model names you'd like blocked if that is not it?
(In reply to Chris Double (:doublec) from comment #28) > (In reply to Scoobidiver from comment #25) > > It's not fixed because the Equals operator is used to compare model names > > for the blocklist > I'm confused what you mean by this. Can you expand? bp-e1e99b1c-24c4-4a8d-9f34-2e4672130501 is a good example. cModel is equal to SAMSUNG-SGH-I717 (Model field) and not to SGH-I717 (Product field). (In reply to Chris Double (:doublec) from comment #26) > (In reply to Scoobidiver from comment #25) > > Samsung SGH-I717M > > Samsung SGH-I717 > > Samsung SGH-I717R > > Samsung SGH-I727 > > Samsung SGH-I757M > > Samsung SGH-T989 > So is this the complete list and exact strings I need to block to fix this > bug? If think you should use something like cModel.Contains (I don't know string operators) for the following models: SGH-I717 SGH-I727 SGH-I757 SGH-T989
Flags: needinfo?(scoobidiver)
(In reply to Scoobidiver from comment #29) > bp-e1e99b1c-24c4-4a8d-9f34-2e4672130501 is a good example. cModel is equal > to SAMSUNG-SGH-I717 (Model field) and not to SGH-I717 (Product field). Ugh, that's annoying, thanks. I'll adjust the patch.
Also, when you do another patch, you probably should correct the comment to say "Samsung" instead of "Samsing" ;-)
Chris can you please help with landing the needed revised patch on m-c ,aurora asap, so QA can verify it and we can uplift before Friday EOD PT in preparation for our final beta? Thanks !
Attached patch FixSplinter Review
Attachment #744437 - Flags: review?(bjacob)
Attachment #744437 - Flags: review?(bjacob) → review+
I can look at this when i get back into town next monday. the device is in MV.
taking
QA Contact: kbrosnan → tchung
I was just told by relmgmt that this patch is landing tomorrow's m-c, but they'd like to take this patch for beta once verified. Kevin, i'll reassign to you since you're in MV. this should hold higher priority over the LG Optimus crash (bug 856445) Steps to verify: 1) download m-c build from may 3rd on skyrocket 2) goto URL in comment 15, and click play. verify it shouldnt play nor crash. 3) set the blocklist off for the device (stagefright.force-enabled = true) 4) repeat step 2, this time confirm video plays and crashes (as expected)
Keywords: checkin-needed
QA Contact: tchung
QA Contact: kbrosnan
Comment on attachment 744437 [details] [diff] [review] Fix [Approval Request Comment] Bug caused by (feature/regressing bug #): Phones crashing. User impact if declined: Popular devices will crash playing h.264 videos Testing completed (on m-c, etc.): Unable to test due to lack of devices in question Risk to taking this patch (and alternatives if risky): Phones that don't crash might be blocked from playing h.264 video String or IDL/UUID changes made by this patch: None
Attachment #744437 - Flags: approval-mozilla-aurora?
Comment on attachment 744437 [details] [diff] [review] Fix [Approval Request Comment] Bug caused by (feature/regressing bug #): Phones crashing. User impact if declined: Popular devices will crash playing h.264 videos Testing completed (on m-c, etc.): Unable to test due to lack of devices in question Risk to taking this patch (and alternatives if risky): Phones that don't crash might be blocked from playing h.264 video String or IDL/UUID changes made by this patch: None
Attachment #744437 - Flags: approval-mozilla-beta?
Attachment #744437 - Flags: approval-mozilla-beta?
Attachment #744437 - Flags: approval-mozilla-beta+
Attachment #744437 - Flags: approval-mozilla-aurora?
Attachment #744437 - Flags: approval-mozilla-aurora+
Requesting some exploratory QA testing on popular Samsung devices to make sure we are just blocklisting the needed devices given the risk in comment# 39 .
FWIW, I have one of the Note affected with ICS: SGH-717M (it is my personal Phablet) If you ever need.
Verified on a inbound build. This did not make the cutoff for today's nightly. Using the "Video for everybody" the SII falls back to webm.
(In reply to Kevin Brosnan [:kbrosnan] from comment #46) > Verified on a inbound build. This did not make the cutoff for today's > nightly. Using the "Video for everybody" the SII falls back to webm. Thanks Kevin ! Adding back verifyme to do some testing on our final beta build as a part of final beta sign-off.
Keywords: verifyme
Verified Firefox 21 and 22.
It's #24 crasher in 21.0 and #53 in 22.0b1.
Keywords: topcrash
What's the status of this?
I still get crashes when playing .mp4 videos with Firefox 30.0 on a T-Mobile Samsung Galaxy S II. (SGH-T989, with Qualcomm Adreno 220) I'm using my carrier's build of Android 4.0.4. WebM video, Ogg audio, and MP3 audio all play fine. Here's a crash report matching one of the signatures in this bug. https://crash-stats.mozilla.com/report/index/a1b1aaf3-9891-48ad-8158-cf00f2140627 I'd be happy to help out with debugging or testing on my phone.
I did some more debugging, results and a preliminary patch are in follow-up bug 1032059.
filter on [mass-p5]
Priority: -- → P5
Assignee: cajbir.bugzilla → nobody
Depends on: 1032059
Component: Audio/Video → Audio/Video: Playback

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: