Startup crash on LG Optimus Black (LG P970)

VERIFIED FIXED in Firefox 22

Status

()

Firefox for Android
Graphics, Panning and Zooming
--
critical
VERIFIED FIXED
4 years ago
10 months ago

People

(Reporter: Greg Karz, Assigned: blassey)

Tracking

({crash, reproducible})

Trunk
Firefox 24
ARM
Android
crash, reproducible
Points:
---

Firefox Tracking Flags

(firefox19 wontfix, firefox20+ wontfix, firefox21+ wontfix, firefox22+ fixed, firefox23 fixed, firefox24 verified, relnote-firefox 22+, fennec+)

Details

(Whiteboard: [native-crash], crash signature)

Attachments

(2 attachments)

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; LG-P970 Build/IMM76L) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

Steps to reproduce:

Release, beta, nigtly channel tested and are all effected.
Firefox closes after I start it on lg p970 optimus black. No crash report dialog or any notification indicating that it was a crash appears, it just closes. Google play comments confirm the issue on this device. Android 4.0.4
Can you capture and attach to this bug a log capturing the sequence of events from when you tap the Firefox icon to launch the browser all the way to the crash? You can use aLogCat (https://play.google.com/store/apps/details?id=org.jtb.alogcat) to see the log and can email it to yourself; best to clear the log first prior to launching Firefox.
(Reporter)

Comment 2

4 years ago
Logging events only and filter for "firefox"

I/am_create_activity( 1507): [1098290272,59,org.mozilla.firefox/.App,android.intent.action.MAIN,NULL,NULL,270532608]
I/am_proc_start( 1507): [28802,10034,org.mozilla.firefox,activity,org.mozilla.firefox/.App]
I/am_proc_bound( 1507): [28802,org.mozilla.firefox]
I/am_restart_activity( 1507): [1098290272,59,org.mozilla.firefox/.App]
I/am_on_resume_called(28802): org.mozilla.firefox.App
I/activity_launch_time( 1507): [1098290272,org.mozilla.firefox/.App,1394,1394]
I/am_create_service( 1507): [1112834416,org.mozilla.firefox/org.mozilla.gecko.background.announcements.AnnouncementsBroadcastService,act=org.mozilla.firefox.ANNOUNCEMENTS_PREF,28802]
I/am_destroy_service( 1507): [1112834416,org.mozilla.firefox/org.mozilla.gecko.background.announcements.AnnouncementsBroadcastService,28802]
I/am_proc_died( 1507): [28802,org.mozilla.firefox]
I/am_finish_activity( 1507): [1098290272,59,org.mozilla.firefox/.App,proc died without state saved]
(Reporter)

Comment 3

4 years ago
Logging main buffer, raw data and filter for "firefox"

[Launcher.java:4117:startActivityForResult()]start Activity for result: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=org.mozilla.firefox/.App }
START {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=org.mozilla.firefox/.App} from pid 13194
Start proc org.mozilla.firefox for activity org.mozilla.firefox/.App: pid=29524 uid=10034 gids={3003, 1015, 1006}
Pub org.mozilla.firefox.db.tabs: org.mozilla.firefox.db.TabsProvider
Pub org.mozilla.firefox.db.formhistory: org.mozilla.firefox.db.FormHistoryProvider
Pub org.mozilla.firefox.db.browser: org.mozilla.firefox.db.BrowserProvider
Found profile dir: /data/data/org.mozilla.firefox/files/mozilla/ceeyfemy.default
Trying to load lib /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8
Added shared lib /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8
No JNI_OnLoad found in /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8, skipping init
Focus entered window: Window{4241b638 org.mozilla.firefox/org.mozilla.firefox.App paused=false}
Displayed org.mozilla.firefox/.App: +2s38ms
Broadcast: org.mozilla.firefox.ANNOUNCEMENTS_PREF, android.not_a_preference.privacy.announcements.enabled, GeckoApp, true
Trying to load lib /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8
Shared lib '/data/data/org.mozilla.firefox/lib/libmozglue.so' already loaded in same CL 0x4174f1f8
/data/app/org.mozilla.firefox-1.apk!/libmozsqlite3.so: Warning: relocation to NULL @0x00054d18
/data/app/org.mozilla.firefox-1.apk!/libmozsqlite3.so: Warning: relocation to NULL @0x00054c14 for symbol "__cxa_begin_cleanup"
/data/app/org.mozilla.firefox-1.apk!/libmozsqlite3.so: Warning: relocation to NULL @0x00054c80 for symbol "__cxa_type_match"
Trying to load lib /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8
Shared lib '/data/data/org.mozilla.firefox/lib/libmozglue.so' already loaded in same CL 0x4174f1f8
/data/app/org.mozilla.firefox-1.apk!/libnspr4.so: Warning: relocation to NULL @0x00020fe8
/data/app/org.mozilla.firefox-1.apk!/libnspr4.so: Warning: relocation to NULL @0x00020d9c for symbol "__cxa_begin_cleanup"
/data/app/org.mozilla.firefox-1.apk!/libnspr4.so: Warning: relocation to NULL @0x00020eb8 for symbol "__cxa_type_match"
firefox :: AnnounceBrSvc :: Registering announcements broadcast receiver...
firefox :: AnnounceBrSvc :: Setting inexact repeating alarm for interval 43200000
/data/app/org.mozilla.firefox-1.apk!/libmozalloc.so: Warning: relocation to NULL @0x00003da8
/data/app/org.mozilla.firefox-1.apk!/libmozalloc.so: Warning: relocation to NULL @0x00003d3c for symbol "__cxa_begin_cleanup"
/data/app/org.mozilla.firefox-1.apk!/libmozalloc.so: Warning: relocation to NULL @0x00003d64 for symbol "__cxa_type_match"
pid: 29524, tid: 29558  >>> org.mozilla.firefox <<<
    52dffb7c  51aa045b  /data/data/org.mozilla.firefox/lib/libmozglue.so
Process org.mozilla.firefox (pid 29524) has died.
Force removing ActivityRecord{4177fbb0 org.mozilla.firefox/.App}: app died, no saved state
Focus left window: Window{4241b638 org.mozilla.firefox/org.mozilla.firefox.App paused=false}
WIN DEATH: Window{4241b638 org.mozilla.firefox/org.mozilla.firefox.App paused=false}
Thanks. Do you mind attaching (as an attachment) the whole thing (there might be other things missing)?

Updated

4 years ago
Severity: normal → critical
Keywords: crash, stackwanted
OS: Linux → Android
Hardware: Other → ARM
Summary: crash after few seconds of start → Startup crash on LG Optimus Black (LG P970)
Whiteboard: [native-crash]
(Reporter)

Comment 5

4 years ago
Created attachment 731776 [details]
the whole thing
java.lang.NoClassDefFoundError: android/view/Surface
	at org.mozilla.gecko.GeckoAppShell.nativeInit(Native Method)
	at org.mozilla.gecko.GeckoAppShell.nativeInit(Native Method)
	at org.mozilla.gecko.GeckoAppShell.runGecko(GeckoAppShell.java:542)
	at org.mozilla.gecko.GeckoThread.run(GeckoThread.java:82)
Caused by: java.lang.NoClassDefFoundError: com/google/android/gles_jni/EGLDisplayImpl
	... 4 more

I'm guessing that's going to be an issue.
Status: UNCONFIRMED → NEW
Component: General → Graphics, Panning and Zooming
Ever confirmed: true

Updated

4 years ago
status-firefox19: --- → affected
status-firefox20: --- → affected
status-firefox21: --- → affected
status-firefox22: --- → affected
So what can be done here?
See Also: → bug 844289
Actually I don't think this is related to bug 844289. At least not directly. It looks like trying to load android.view.Surface itself is failing because those com/google/android/gles_jni classes aren't present.

Greg, are you running a stock android image, or something like cyanogenmod?
(Reporter)

Comment 9

4 years ago
It's all official lg-modified android software. I only followed instructions given with the device to update from 2.3.4 to 4.0.4
Mountain View office has ordered one for investigation.

Updated

4 years ago
tracking-firefox20: --- → ?
tracking-firefox20: ? → +
tracking-firefox21: --- → +
tracking-firefox22: --- → +

Updated

4 years ago
Crash Signature: [@ java.lang.NoClassDefFoundError: android/view/Surface at org.mozilla.gecko.GeckoAppShell.nativeInit(Native Method)]
Keywords: stackwanted
QA Contact: kbrosnan
ETA for device is next week. Sorry it's taken quite a bit but it was on back order, FYI.
Pinged Erin to get an update as she helped raise the Desktop request on the needed device .
Phone arrived in MTV yesterday. Just needs whomever is going to repro this to pick it up from desktop.
(In reply to Erin Lancaster [:elancaster] from comment #13)
> Phone arrived in MTV yesterday. Just needs whomever is going to repro this
> to pick it up from desktop.

Thanks Erin, I've just handed over the device to :kbrosnan to help reproduce this.
I looked at the device. On Android 2.2 I don't see any crash using all current builds 23 - 20. Checked for an update, did not receive an OTA.
(Reporter)

Comment 16

4 years ago
http://www.android.gs/update-lg-optimus-black-p970-official-android-4-0-ics/
"The official Android 4.0 ICS flavor is finally available for the LG Optimus Black P970 users,"

http://en.wikipedia.org/wiki/LG_Optimus_Black
"As of 4 January 2013 an update to Android 4.0.4 is available using LGMobile Support Tool, which can be downloaded from the manufacturer's website."

The update does exist, and I didn't see any crash on android 2.3.4 either.
The software update to 4.0.4 does not work OTA.
You need the updater from here:
http://www.lg.com/uk/support-mobile/lg-LGP970#software_panel
The update steps are described in detail.
See bug 864503 for a possibly related crash bug with logcat that occured after an update to LG Andoird 4.0.4 on an Optimus Black.

Updated

4 years ago
Duplicate of this bug: 864503
Needinfo on kbrosnan to test using the available flash from https://bugzilla.mozilla.org/show_bug.cgi?id=856445#c16
Flags: needinfo?(kbrosnan)

Updated

4 years ago
tracking-fennec: --- → ?
Version: unspecified → Trunk

Updated

4 years ago
Duplicate of this bug: 866409
Emailed Kevin, re: comment 20, will check in again at tomorrow's channel meeting.
What seems to be the problem here
Assignee: nobody → kbrosnan

Updated

4 years ago
Flags: needinfo?(tchung)
(we know this isn't a top crash, but want to get the engineering investigation kicked off in case people start getting OTA updates)
I've talked to kevin about this, and there was originally questions on how much time should have been spent testing this work since it isnt:
1) top crash
2) un-conventional workaround to get OTAs on this device (need to root, and download from another server)

that said, kevin said he'll take a look at this request within 24 hours.
Flags: needinfo?(tchung)
Flags: needinfo?(kbrosnan)
(In reply to Tony Chung [:tchung] from comment #25)
> 2) un-conventional workaround to get OTAs on this device (need to root, and
> download from another server)

You do not need root and you do not need to download an image from some random server.
Simply use the official LG Update software on a windows system as described in comment 17.
http://www.lg.com/au/support-mobile/lg-Optimus-Black-P970 update via the Windows software
Assignee: kbrosnan → nobody
I can confirm this crash on the Optimus Black running Android 4.0.4. I tested it running Android 2.3 and 2.2. and Firefox started with out issue.

I tested Firefox 14 on the device running 4.0.4 and it crashes on startup as well. Does not appear to be a regression range other than the native rewrite. Firefox 10 XUL does start on the device.

Updated

4 years ago
Keywords: reproducible
Over to mfinkle to reassign the engineering investigation (preferably in MV, given we can repro there).
Assignee: nobody → mark.finkle
Brian, get the phone from Kevin and have a look when you get a chance. Once you've got a stack, we can see if you're the right person to fix it.
Assignee: mark.finkle → bnicholson
tracking-fennec: ? → +
Backtrace:

#0  0x408bea16 in ?? () from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#1  0x5a9a9da8 in _JNIEnv::GetStaticMethodID (this=0x1c5c998, clazz=0x0, name=0x5cc3d1e0 "start", 
    sig=0x5cc3d050 "(II)V") at /home/brian/android-ndk-r8e/platforms/android-9/arch-arm/usr/include/jni.h:749
#2  0x5ae89de4 in mozilla::AndroidBridge::Init (this=0x51f46400, jEnv=0x1c5c998, jGeckoAppShellClass=0x21500001)
    at /data/mozilla/central/widget/android/AndroidBridge.cpp:182
#3  0x5ae894ba in mozilla::AndroidBridge::ConstructBridge (jEnv=0x1c5c998, jGeckoAppShellClass=0x21500001)
    at /data/mozilla/central/widget/android/AndroidBridge.cpp:78
#4  0x5ae92172 in Java_org_mozilla_gecko_GeckoAppShell_nativeInit (jenv=0x1c5c998, jc=0x21500001)
    at /data/mozilla/central/widget/android/AndroidJNI.cpp:59
#5  0x4d01cd86 in Java_org_mozilla_gecko_GeckoAppShell_nativeInit (arg0=0x1c5c998, arg1=0x21500001)
    at /data/mozilla/central/mozglue/android/jni-stubs.inc:13
#6  0x40886db4 in dvmPlatformInvoke ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#7  0x408c0e82 in dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*) ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#8  0x408c2bb2 in dvmResolveNativeMethod(unsigned int const*, JValue*, Method const*, Thread*) ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#9  0x40898bd0 in dvmJitToInterpNoChain ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#10 0x40898bd0 in dvmJitToInterpNoChain ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

I assume the crash is a NPE from clazz being null, where clazz is the "org/mozilla/gecko/GeckoJavaSampler" class.
I saw this error in my logcat: "Caused by: java.lang.SecurityException: Requires READ_PHONE_STATE: Neither user 10034 nor current process has android.permission.READ_PHONE_STATE.", and this error appears in Greg's logcat posted above. After adding the READ_PHONE_STATE permission to AndroidManifest.xml, Fennec starts fine without crashing.
(Reporter)

Comment 33

4 years ago
Easy fix? Who is in charge of this type of problem? How can I be of help? (I'm sorry, I don't have the build environment currently setup)
(In reply to Greg Karz from comment #33)
> Easy fix? Who is in charge of this type of problem? How can I be of help?
> (I'm sorry, I don't have the build environment currently setup)

READ_PHONE_STATE is a permission that reveals personal information (such as your phone number), so we don't want to include it in Fennec. Something related to SmsMessage profiling is causing the crash, but we don't have enough info from the logcat posted here to see what triggers this code. The relevant part is:

Caused by: java.lang.SecurityException: Requires READ_PHONE_STATE: Neither user 10034 nor current process has android.permission.READ_PHONE_STATE.
	at android.os.Parcel.readException(Parcel.java:1327)
	at android.os.Parcel.readException(Parcel.java:1281)
	at com.android.internal.telephony.IPhoneSubInfo$Stub$Proxy.getSubscriberId(IPhoneSubInfo.java:223)
	at android.telephony.TelephonyManager.getSubscriberId(TelephonyManager.java:720)
	at com.android.internal.telephony.lgeAutoProfiling.getInstanceSimInfo(lgeAutoProfiling.java:449)
	at com.android.internal.telephony.lgeAutoProfiling.StartProfiling(lgeAutoProfiling.java:542)
	at com.android.internal.telephony.lgeAutoProfiling.getValue(lgeAutoProfiling.java:495)
	at com.android.internal.telephony.lgeAutoProfiling.getInteger(lgeAutoProfiling.java:325)
	at android.telephony.SmsMessage.<clinit>(SmsMessage.java:218)
	... 4 more

I'll have an Optimus Black in-hand again tomorrow, so I'll try to get the full stack then.
Stack trace running under Eclipse debugger:

    Thread [<13> Gecko] (Suspended (exception SecurityException))   
            <VM does not provide monitor information>       
            IPhoneSubInfo$Stub$Proxy.getSubscriberId() line: 228   
            TelephonyManager.getSubscriberId() line: 720   
            lgeAutoProfiling.getInstanceSimInfo() line: 449 
            lgeAutoProfiling.StartProfiling(boolean) line: 542     
            lgeAutoProfiling.getValue(String, boolean) line: 495   
            lgeAutoProfiling.getInteger(Context, String, boolean) line: 325 
            SmsMessage.<clinit>() line: 218 
            GeckoAppShell.nativeInit() line: not available [native method] 
            GeckoAppShell.nativeInit() line: not available [native method] 
            GeckoAppShell.runGecko(String, String, String, String) line: 268       
            GeckoThread.run() line: 104 

I suspected that the JNI code accessing android/telephony/SmsMessage in AndroidBridge::Init were the culprit. After commenting out the three lines in that file that use jAndroidSmsMessageClass, Fennec starts without crashing.

So my best guess is that there's some custom LG profiling code triggered via a static initializer in SmsMessage, and they weren't careful about the permissions the code uses.
Can we hide some of this stuff behind the MOZ_WEBSMS_BACKEND ifdef?
(In reply to Kartikaya Gupta (email:kats@mozilla.com) from comment #36)
> Can we hide some of this stuff behind the MOZ_WEBSMS_BACKEND ifdef?

I think that's the right solution
Created attachment 755187 [details] [diff] [review]
patch

Brian, does this fix the crash for you?
Assignee: bnicholson → blassey.bugs
Attachment #755187 - Flags: review?(bnicholson)
Comment on attachment 755187 [details] [diff] [review]
patch

Yep, this fixes the crash.
Attachment #755187 - Flags: review?(bnicholson) → review+
https://hg.mozilla.org/mozilla-central/rev/136b751cffc7
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 24
Hey Greg, feel free to let us know if tomorrow's Nightly build works on your device.
Flags: needinfo?(greg.karz)
Thanks, this is fixed for me (author of duplicate bug 864503).
Nominating for a possible relnote. We may want to uplift this patch as far as possible.

This fixes a startup crash on the LG Optimus Black (LG P790) that have been upgraded to Android 4.0 (Ice Cream Sandwich)
relnote-firefox: --- → ?
Flags: needinfo?(greg.karz)
(In reply to Kevin Brosnan [:kbrosnan] from comment #43)
> Nominating for a possible relnote. We may want to uplift this patch as far
> as possible.
> 
> This fixes a startup crash on the LG Optimus Black (LG P790) that have been
> upgraded to Android 4.0 (Ice Cream Sandwich)

Hopefully we can take an uplift in time for FF22b4, going to build on Tuesday.
(Reporter)

Comment 45

4 years ago
Works like a charm! Great work everyone! Million thanks!

Comment 46

4 years ago
Uplift to Aurora and Beta as the tracking flags suggest?
Brad uplift?
Flags: needinfo?(blassey.bugs)
Comment on attachment 755187 [details] [diff] [review]
patch

sure, why not

[Approval Request Comment]
Bug caused by (feature/regressing bug #): WebSMS landing, not entirely contained by its kill switch (though only seeing the crash with the new Optimus Black ROM)
User impact if declined: Optimus users will crash on start up
Testing completed (on m-c, etc.): on m-c
Risk to taking this patch (and alternatives if risky): pretty risk-free 
String or IDL/UUID changes made by this patch: none
Attachment #755187 - Flags: approval-mozilla-beta?
Attachment #755187 - Flags: approval-mozilla-aurora?
(Assignee)

Updated

4 years ago
Flags: needinfo?(blassey.bugs)
Comment on attachment 755187 [details] [diff] [review]
patch

Thanks for driving this in!
Attachment #755187 - Flags: approval-mozilla-beta?
Attachment #755187 - Flags: approval-mozilla-beta+
Attachment #755187 - Flags: approval-mozilla-aurora?
Attachment #755187 - Flags: approval-mozilla-aurora+
https://hg.mozilla.org/releases/mozilla-aurora/rev/555b2dc7ce28
https://hg.mozilla.org/releases/mozilla-beta/rev/08be9e70f4b1
status-firefox19: affected → wontfix
status-firefox20: affected → wontfix
status-firefox21: affected → wontfix
status-firefox22: affected → fixed
status-firefox23: --- → fixed
status-firefox24: --- → fixed
Verified on today's trunk v24.
status-firefox24: fixed → verified

Updated

4 years ago
Status: RESOLVED → VERIFIED

Updated

4 years ago
relnote-firefox: ? → 22+
You need to log in before you can comment on or make changes to this bug.