Last Comment Bug 856445 - Startup crash on LG Optimus Black (LG P970)
: Startup crash on LG Optimus Black (LG P970)
Status: VERIFIED FIXED
[native-crash]
: crash, reproducible
Product: Firefox for Android
Classification: Client Software
Component: Graphics, Panning and Zooming (show other bugs)
: Trunk
: ARM Android
: -- critical with 2 votes (vote)
: Firefox 24
Assigned To: Brad Lassey [:blassey] (use needinfo?)
: Kevin Brosnan [:kbrosnan]
: Kartikaya Gupta (email:kats@mozilla.com)
Mentors:
: 864503 866409 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-31 11:27 PDT by Greg Karz
Modified: 2016-07-29 14:32 PDT (History)
17 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
wontfix
+
wontfix
+
wontfix
+
fixed
fixed
verified
22+
+


Attachments
the whole thing (26.79 KB, text/plain)
2013-04-01 00:04 PDT, Greg Karz
no flags Details
patch (2.35 KB, patch)
2013-05-28 21:53 PDT, Brad Lassey [:blassey] (use needinfo?)
bnicholson: review+
akeybl: approval‑mozilla‑aurora+
akeybl: approval‑mozilla‑beta+
Details | Diff | Splinter Review

Description Greg Karz 2013-03-31 11:27:48 PDT
User Agent: Mozilla/5.0 (Linux; U; Android 4.0.4; en-us; LG-P970 Build/IMM76L) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30

Steps to reproduce:

Release, beta, nigtly channel tested and are all effected.
Firefox closes after I start it on lg p970 optimus black. No crash report dialog or any notification indicating that it was a crash appears, it just closes. Google play comments confirm the issue on this device. Android 4.0.4
Comment 1 Aaron Train [:aaronmt] 2013-03-31 11:54:56 PDT
Can you capture and attach to this bug a log capturing the sequence of events from when you tap the Firefox icon to launch the browser all the way to the crash? You can use aLogCat (https://play.google.com/store/apps/details?id=org.jtb.alogcat) to see the log and can email it to yourself; best to clear the log first prior to launching Firefox.
Comment 2 Greg Karz 2013-03-31 12:56:07 PDT
Logging events only and filter for "firefox"

I/am_create_activity( 1507): [1098290272,59,org.mozilla.firefox/.App,android.intent.action.MAIN,NULL,NULL,270532608]
I/am_proc_start( 1507): [28802,10034,org.mozilla.firefox,activity,org.mozilla.firefox/.App]
I/am_proc_bound( 1507): [28802,org.mozilla.firefox]
I/am_restart_activity( 1507): [1098290272,59,org.mozilla.firefox/.App]
I/am_on_resume_called(28802): org.mozilla.firefox.App
I/activity_launch_time( 1507): [1098290272,org.mozilla.firefox/.App,1394,1394]
I/am_create_service( 1507): [1112834416,org.mozilla.firefox/org.mozilla.gecko.background.announcements.AnnouncementsBroadcastService,act=org.mozilla.firefox.ANNOUNCEMENTS_PREF,28802]
I/am_destroy_service( 1507): [1112834416,org.mozilla.firefox/org.mozilla.gecko.background.announcements.AnnouncementsBroadcastService,28802]
I/am_proc_died( 1507): [28802,org.mozilla.firefox]
I/am_finish_activity( 1507): [1098290272,59,org.mozilla.firefox/.App,proc died without state saved]
Comment 3 Greg Karz 2013-03-31 13:05:06 PDT
Logging main buffer, raw data and filter for "firefox"

[Launcher.java:4117:startActivityForResult()]start Activity for result: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=org.mozilla.firefox/.App }
START {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=org.mozilla.firefox/.App} from pid 13194
Start proc org.mozilla.firefox for activity org.mozilla.firefox/.App: pid=29524 uid=10034 gids={3003, 1015, 1006}
Pub org.mozilla.firefox.db.tabs: org.mozilla.firefox.db.TabsProvider
Pub org.mozilla.firefox.db.formhistory: org.mozilla.firefox.db.FormHistoryProvider
Pub org.mozilla.firefox.db.browser: org.mozilla.firefox.db.BrowserProvider
Found profile dir: /data/data/org.mozilla.firefox/files/mozilla/ceeyfemy.default
Trying to load lib /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8
Added shared lib /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8
No JNI_OnLoad found in /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8, skipping init
Focus entered window: Window{4241b638 org.mozilla.firefox/org.mozilla.firefox.App paused=false}
Displayed org.mozilla.firefox/.App: +2s38ms
Broadcast: org.mozilla.firefox.ANNOUNCEMENTS_PREF, android.not_a_preference.privacy.announcements.enabled, GeckoApp, true
Trying to load lib /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8
Shared lib '/data/data/org.mozilla.firefox/lib/libmozglue.so' already loaded in same CL 0x4174f1f8
/data/app/org.mozilla.firefox-1.apk!/libmozsqlite3.so: Warning: relocation to NULL @0x00054d18
/data/app/org.mozilla.firefox-1.apk!/libmozsqlite3.so: Warning: relocation to NULL @0x00054c14 for symbol "__cxa_begin_cleanup"
/data/app/org.mozilla.firefox-1.apk!/libmozsqlite3.so: Warning: relocation to NULL @0x00054c80 for symbol "__cxa_type_match"
Trying to load lib /data/data/org.mozilla.firefox/lib/libmozglue.so 0x4174f1f8
Shared lib '/data/data/org.mozilla.firefox/lib/libmozglue.so' already loaded in same CL 0x4174f1f8
/data/app/org.mozilla.firefox-1.apk!/libnspr4.so: Warning: relocation to NULL @0x00020fe8
/data/app/org.mozilla.firefox-1.apk!/libnspr4.so: Warning: relocation to NULL @0x00020d9c for symbol "__cxa_begin_cleanup"
/data/app/org.mozilla.firefox-1.apk!/libnspr4.so: Warning: relocation to NULL @0x00020eb8 for symbol "__cxa_type_match"
firefox :: AnnounceBrSvc :: Registering announcements broadcast receiver...
firefox :: AnnounceBrSvc :: Setting inexact repeating alarm for interval 43200000
/data/app/org.mozilla.firefox-1.apk!/libmozalloc.so: Warning: relocation to NULL @0x00003da8
/data/app/org.mozilla.firefox-1.apk!/libmozalloc.so: Warning: relocation to NULL @0x00003d3c for symbol "__cxa_begin_cleanup"
/data/app/org.mozilla.firefox-1.apk!/libmozalloc.so: Warning: relocation to NULL @0x00003d64 for symbol "__cxa_type_match"
pid: 29524, tid: 29558  >>> org.mozilla.firefox <<<
    52dffb7c  51aa045b  /data/data/org.mozilla.firefox/lib/libmozglue.so
Process org.mozilla.firefox (pid 29524) has died.
Force removing ActivityRecord{4177fbb0 org.mozilla.firefox/.App}: app died, no saved state
Focus left window: Window{4241b638 org.mozilla.firefox/org.mozilla.firefox.App paused=false}
WIN DEATH: Window{4241b638 org.mozilla.firefox/org.mozilla.firefox.App paused=false}
Comment 4 Aaron Train [:aaronmt] 2013-03-31 16:35:51 PDT
Thanks. Do you mind attaching (as an attachment) the whole thing (there might be other things missing)?
Comment 5 Greg Karz 2013-04-01 00:04:21 PDT
Created attachment 731776 [details]
the whole thing
Comment 6 Aaron Train [:aaronmt] 2013-04-01 07:02:57 PDT
java.lang.NoClassDefFoundError: android/view/Surface
	at org.mozilla.gecko.GeckoAppShell.nativeInit(Native Method)
	at org.mozilla.gecko.GeckoAppShell.nativeInit(Native Method)
	at org.mozilla.gecko.GeckoAppShell.runGecko(GeckoAppShell.java:542)
	at org.mozilla.gecko.GeckoThread.run(GeckoThread.java:82)
Caused by: java.lang.NoClassDefFoundError: com/google/android/gles_jni/EGLDisplayImpl
	... 4 more

I'm guessing that's going to be an issue.
Comment 7 Aaron Train [:aaronmt] 2013-04-01 10:39:14 PDT
So what can be done here?
Comment 8 Kartikaya Gupta (email:kats@mozilla.com) 2013-04-01 14:20:46 PDT
Actually I don't think this is related to bug 844289. At least not directly. It looks like trying to load android.view.Surface itself is failing because those com/google/android/gles_jni classes aren't present.

Greg, are you running a stock android image, or something like cyanogenmod?
Comment 9 Greg Karz 2013-04-02 01:04:01 PDT
It's all official lg-modified android software. I only followed instructions given with the device to update from 2.3.4 to 4.0.4
Comment 10 Aaron Train [:aaronmt] 2013-04-02 06:51:25 PDT
Mountain View office has ordered one for investigation.
Comment 11 Erin Lancaster [:elan] 2013-04-10 13:44:18 PDT
ETA for device is next week. Sorry it's taken quite a bit but it was on back order, FYI.
Comment 12 bhavana bajaj [:bajaj] 2013-04-18 11:22:58 PDT
Pinged Erin to get an update as she helped raise the Desktop request on the needed device .
Comment 13 Erin Lancaster [:elan] 2013-04-18 12:40:46 PDT
Phone arrived in MTV yesterday. Just needs whomever is going to repro this to pick it up from desktop.
Comment 14 bhavana bajaj [:bajaj] 2013-04-18 16:06:40 PDT
(In reply to Erin Lancaster [:elancaster] from comment #13)
> Phone arrived in MTV yesterday. Just needs whomever is going to repro this
> to pick it up from desktop.

Thanks Erin, I've just handed over the device to :kbrosnan to help reproduce this.
Comment 15 Kevin Brosnan [:kbrosnan] 2013-04-18 17:03:56 PDT
I looked at the device. On Android 2.2 I don't see any crash using all current builds 23 - 20. Checked for an update, did not receive an OTA.
Comment 16 Greg Karz 2013-04-19 07:41:17 PDT
http://www.android.gs/update-lg-optimus-black-p970-official-android-4-0-ics/
"The official Android 4.0 ICS flavor is finally available for the LG Optimus Black P970 users,"

http://en.wikipedia.org/wiki/LG_Optimus_Black
"As of 4 January 2013 an update to Android 4.0.4 is available using LGMobile Support Tool, which can be downloaded from the manufacturer's website."

The update does exist, and I didn't see any crash on android 2.3.4 either.
Comment 17 Stefan Fleiter (:sfleiter) 2013-04-22 14:17:55 PDT
The software update to 4.0.4 does not work OTA.
You need the updater from here:
http://www.lg.com/uk/support-mobile/lg-LGP970#software_panel
The update steps are described in detail.
Comment 18 Stefan Fleiter (:sfleiter) 2013-04-22 14:21:50 PDT
See bug 864503 for a possibly related crash bug with logcat that occured after an update to LG Andoird 4.0.4 on an Optimus Black.
Comment 19 Aaron Train [:aaronmt] 2013-04-22 14:28:04 PDT
*** Bug 864503 has been marked as a duplicate of this bug. ***
Comment 20 Alex Keybl [:akeybl] 2013-04-22 15:18:09 PDT
Needinfo on kbrosnan to test using the available flash from https://bugzilla.mozilla.org/show_bug.cgi?id=856445#c16
Comment 21 Scoobidiver (away) 2013-04-27 07:34:30 PDT
*** Bug 866409 has been marked as a duplicate of this bug. ***
Comment 22 Lukas Blakk [:lsblakk] use ?needinfo 2013-04-29 15:55:10 PDT
Emailed Kevin, re: comment 20, will check in again at tomorrow's channel meeting.
Comment 23 Alex Keybl [:akeybl] 2013-05-01 12:58:24 PDT
What seems to be the problem here
Comment 24 Alex Keybl [:akeybl] 2013-05-01 13:00:45 PDT
(we know this isn't a top crash, but want to get the engineering investigation kicked off in case people start getting OTA updates)
Comment 25 Tony Chung [:tchung] 2013-05-01 16:25:06 PDT
I've talked to kevin about this, and there was originally questions on how much time should have been spent testing this work since it isnt:
1) top crash
2) un-conventional workaround to get OTAs on this device (need to root, and download from another server)

that said, kevin said he'll take a look at this request within 24 hours.
Comment 26 Stefan Fleiter (:sfleiter) 2013-05-02 04:13:59 PDT
(In reply to Tony Chung [:tchung] from comment #25)
> 2) un-conventional workaround to get OTAs on this device (need to root, and
> download from another server)

You do not need root and you do not need to download an image from some random server.
Simply use the official LG Update software on a windows system as described in comment 17.
Comment 27 Aaron Train [:aaronmt] 2013-05-02 06:01:41 PDT
http://www.lg.com/au/support-mobile/lg-Optimus-Black-P970 update via the Windows software
Comment 28 Kevin Brosnan [:kbrosnan] 2013-05-02 19:03:59 PDT
I can confirm this crash on the Optimus Black running Android 4.0.4. I tested it running Android 2.3 and 2.2. and Firefox started with out issue.

I tested Firefox 14 on the device running 4.0.4 and it crashes on startup as well. Does not appear to be a regression range other than the native rewrite. Firefox 10 XUL does start on the device.
Comment 29 Alex Keybl [:akeybl] 2013-05-06 16:21:31 PDT
Over to mfinkle to reassign the engineering investigation (preferably in MV, given we can repro there).
Comment 30 Brad Lassey [:blassey] (use needinfo?) 2013-05-09 10:11:55 PDT
Brian, get the phone from Kevin and have a look when you get a chance. Once you've got a stack, we can see if you're the right person to fix it.
Comment 31 Brian Nicholson (:bnicholson) 2013-05-13 16:29:02 PDT
Backtrace:

#0  0x408bea16 in ?? () from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#1  0x5a9a9da8 in _JNIEnv::GetStaticMethodID (this=0x1c5c998, clazz=0x0, name=0x5cc3d1e0 "start", 
    sig=0x5cc3d050 "(II)V") at /home/brian/android-ndk-r8e/platforms/android-9/arch-arm/usr/include/jni.h:749
#2  0x5ae89de4 in mozilla::AndroidBridge::Init (this=0x51f46400, jEnv=0x1c5c998, jGeckoAppShellClass=0x21500001)
    at /data/mozilla/central/widget/android/AndroidBridge.cpp:182
#3  0x5ae894ba in mozilla::AndroidBridge::ConstructBridge (jEnv=0x1c5c998, jGeckoAppShellClass=0x21500001)
    at /data/mozilla/central/widget/android/AndroidBridge.cpp:78
#4  0x5ae92172 in Java_org_mozilla_gecko_GeckoAppShell_nativeInit (jenv=0x1c5c998, jc=0x21500001)
    at /data/mozilla/central/widget/android/AndroidJNI.cpp:59
#5  0x4d01cd86 in Java_org_mozilla_gecko_GeckoAppShell_nativeInit (arg0=0x1c5c998, arg1=0x21500001)
    at /data/mozilla/central/mozglue/android/jni-stubs.inc:13
#6  0x40886db4 in dvmPlatformInvoke ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#7  0x408c0e82 in dvmCallJNIMethod(unsigned int const*, JValue*, Method const*, Thread*) ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#8  0x408c2bb2 in dvmResolveNativeMethod(unsigned int const*, JValue*, Method const*, Thread*) ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#9  0x40898bd0 in dvmJitToInterpNoChain ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
#10 0x40898bd0 in dvmJitToInterpNoChain ()
   from /home/brian/gdb/moz-gdb/lib/0FC200029FF80000015F4AFD06016008/system/lib/libdvm.so
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

I assume the crash is a NPE from clazz being null, where clazz is the "org/mozilla/gecko/GeckoJavaSampler" class.
Comment 32 Brian Nicholson (:bnicholson) 2013-05-13 16:53:52 PDT
I saw this error in my logcat: "Caused by: java.lang.SecurityException: Requires READ_PHONE_STATE: Neither user 10034 nor current process has android.permission.READ_PHONE_STATE.", and this error appears in Greg's logcat posted above. After adding the READ_PHONE_STATE permission to AndroidManifest.xml, Fennec starts fine without crashing.
Comment 33 Greg Karz 2013-05-16 06:23:48 PDT
Easy fix? Who is in charge of this type of problem? How can I be of help? (I'm sorry, I don't have the build environment currently setup)
Comment 34 Brian Nicholson (:bnicholson) 2013-05-16 11:04:02 PDT
(In reply to Greg Karz from comment #33)
> Easy fix? Who is in charge of this type of problem? How can I be of help?
> (I'm sorry, I don't have the build environment currently setup)

READ_PHONE_STATE is a permission that reveals personal information (such as your phone number), so we don't want to include it in Fennec. Something related to SmsMessage profiling is causing the crash, but we don't have enough info from the logcat posted here to see what triggers this code. The relevant part is:

Caused by: java.lang.SecurityException: Requires READ_PHONE_STATE: Neither user 10034 nor current process has android.permission.READ_PHONE_STATE.
	at android.os.Parcel.readException(Parcel.java:1327)
	at android.os.Parcel.readException(Parcel.java:1281)
	at com.android.internal.telephony.IPhoneSubInfo$Stub$Proxy.getSubscriberId(IPhoneSubInfo.java:223)
	at android.telephony.TelephonyManager.getSubscriberId(TelephonyManager.java:720)
	at com.android.internal.telephony.lgeAutoProfiling.getInstanceSimInfo(lgeAutoProfiling.java:449)
	at com.android.internal.telephony.lgeAutoProfiling.StartProfiling(lgeAutoProfiling.java:542)
	at com.android.internal.telephony.lgeAutoProfiling.getValue(lgeAutoProfiling.java:495)
	at com.android.internal.telephony.lgeAutoProfiling.getInteger(lgeAutoProfiling.java:325)
	at android.telephony.SmsMessage.<clinit>(SmsMessage.java:218)
	... 4 more

I'll have an Optimus Black in-hand again tomorrow, so I'll try to get the full stack then.
Comment 35 Brian Nicholson (:bnicholson) 2013-05-17 13:26:25 PDT
Stack trace running under Eclipse debugger:

    Thread [<13> Gecko] (Suspended (exception SecurityException))   
            <VM does not provide monitor information>       
            IPhoneSubInfo$Stub$Proxy.getSubscriberId() line: 228   
            TelephonyManager.getSubscriberId() line: 720   
            lgeAutoProfiling.getInstanceSimInfo() line: 449 
            lgeAutoProfiling.StartProfiling(boolean) line: 542     
            lgeAutoProfiling.getValue(String, boolean) line: 495   
            lgeAutoProfiling.getInteger(Context, String, boolean) line: 325 
            SmsMessage.<clinit>() line: 218 
            GeckoAppShell.nativeInit() line: not available [native method] 
            GeckoAppShell.nativeInit() line: not available [native method] 
            GeckoAppShell.runGecko(String, String, String, String) line: 268       
            GeckoThread.run() line: 104 

I suspected that the JNI code accessing android/telephony/SmsMessage in AndroidBridge::Init were the culprit. After commenting out the three lines in that file that use jAndroidSmsMessageClass, Fennec starts without crashing.

So my best guess is that there's some custom LG profiling code triggered via a static initializer in SmsMessage, and they weren't careful about the permissions the code uses.
Comment 36 Kartikaya Gupta (email:kats@mozilla.com) 2013-05-21 08:19:48 PDT
Can we hide some of this stuff behind the MOZ_WEBSMS_BACKEND ifdef?
Comment 37 Brad Lassey [:blassey] (use needinfo?) 2013-05-22 10:15:30 PDT
(In reply to Kartikaya Gupta (email:kats@mozilla.com) from comment #36)
> Can we hide some of this stuff behind the MOZ_WEBSMS_BACKEND ifdef?

I think that's the right solution
Comment 38 Brad Lassey [:blassey] (use needinfo?) 2013-05-28 21:53:34 PDT
Created attachment 755187 [details] [diff] [review]
patch

Brian, does this fix the crash for you?
Comment 39 Brian Nicholson (:bnicholson) 2013-05-29 09:29:10 PDT
Comment on attachment 755187 [details] [diff] [review]
patch

Yep, this fixes the crash.
Comment 40 Ryan VanderMeulen [:RyanVM] 2013-05-30 09:15:23 PDT
https://hg.mozilla.org/mozilla-central/rev/136b751cffc7
Comment 41 Aaron Train [:aaronmt] 2013-05-30 12:15:30 PDT
Hey Greg, feel free to let us know if tomorrow's Nightly build works on your device.
Comment 42 Stefan Fleiter (:sfleiter) 2013-05-31 06:05:13 PDT
Thanks, this is fixed for me (author of duplicate bug 864503).
Comment 43 Kevin Brosnan [:kbrosnan] 2013-05-31 09:01:20 PDT
Nominating for a possible relnote. We may want to uplift this patch as far as possible.

This fixes a startup crash on the LG Optimus Black (LG P790) that have been upgraded to Android 4.0 (Ice Cream Sandwich)
Comment 44 Alex Keybl [:akeybl] 2013-05-31 09:49:45 PDT
(In reply to Kevin Brosnan [:kbrosnan] from comment #43)
> Nominating for a possible relnote. We may want to uplift this patch as far
> as possible.
> 
> This fixes a startup crash on the LG Optimus Black (LG P790) that have been
> upgraded to Android 4.0 (Ice Cream Sandwich)

Hopefully we can take an uplift in time for FF22b4, going to build on Tuesday.
Comment 45 Greg Karz 2013-05-31 12:27:28 PDT
Works like a charm! Great work everyone! Million thanks!
Comment 46 Scoobidiver (away) 2013-06-10 09:06:27 PDT
Uplift to Aurora and Beta as the tracking flags suggest?
Comment 47 Kevin Brosnan [:kbrosnan] 2013-06-10 10:53:18 PDT
Brad uplift?
Comment 48 Brad Lassey [:blassey] (use needinfo?) 2013-06-10 16:38:46 PDT
Comment on attachment 755187 [details] [diff] [review]
patch

sure, why not

[Approval Request Comment]
Bug caused by (feature/regressing bug #): WebSMS landing, not entirely contained by its kill switch (though only seeing the crash with the new Optimus Black ROM)
User impact if declined: Optimus users will crash on start up
Testing completed (on m-c, etc.): on m-c
Risk to taking this patch (and alternatives if risky): pretty risk-free 
String or IDL/UUID changes made by this patch: none
Comment 49 Alex Keybl [:akeybl] 2013-06-11 09:19:46 PDT
Comment on attachment 755187 [details] [diff] [review]
patch

Thanks for driving this in!
Comment 51 Kevin Brosnan [:kbrosnan] 2013-06-11 13:30:19 PDT
Verified on today's trunk v24.

Note You need to log in before you can comment on or make changes to this bug.