[Fennec] Crash in ACodec (deleted)@0x7e

RESOLVED DUPLICATE of bug 1341360

Status

()

defect
P1
critical
RESOLVED DUPLICATE of bug 1341360
3 years ago
3 years ago

People

(Reporter: marcia, Assigned: jhlin)

Tracking

({crash, topcrash})

51 Branch
Unspecified
Android
Points:
---

Firefox Tracking Flags

(firefox51 affected, firefox52- affected, firefox53- affected)

Details

(crash signature)

This bug was filed from the Socorro interface and is 
report bp-a16c8d82-9503-4e34-9497-27fa12170210.
=============================================================

Seen while looking at release crash stats: http://bit.ly/2ktD4aE. There are two signatures at the top of crash stats which account for almost 6K crashes. They currently sit at #4 and #5 in the 51.0.3 crash list.
snorp: any ideas regarding this crash?
Flags: needinfo?(snorp)
Thread 13 has:
0 	libxul.so 	nsIFrame::IsTransformed 	layout/generic/nsFrame.cpp:1140
1 	libxul.so 	nsDisplayListBuilder::IsAnimatedGeometryRoot 	layout/base/nsDisplayList.cpp:1215
2 	libxul.so 	nsDisplayListBuilder::AutoBuildingDisplayList::AutoBuildingDisplayList 	layout/base/nsDisplayList.h:728
3 	libxul.so 	nsIFrame::BuildDisplayListForChild 	layout/generic/nsFrame.cpp:2785
4 	libxul.so 	mozilla::ScrollFrameHelper::BuildDisplayList 	layout/generic/nsGfxScrollFrame.cpp:3501
5 	libxul.so 	nsIFrame::BuildDisplayListForChild 	layout/generic/nsFrame.cpp:2877
The crash URLs point to porn websites https://www.xnxx.com/ and http://www.xvideos.com/ video playback?
Yeah, ACodec is part of the Android media stack. This will be mitigated by the out-of-process decoding in 54. Blake, maybe you folks can see if there's something we can do about this crash in the mean time?
Flags: needinfo?(snorp) → needinfo?(bwu)
The patch was uplifted on 02-02 (bug 1333323 comment 9) so aurora builds before that could still see ACodec crashes.
I'll check the reports and see if we can do something about it.
Flags: needinfo?(jolin)
Found a suspect in logcat [1]:

02-15 11:37:22.683 20090 22877 F ACodec  : frameworks/av/media/libstagefright/ACodec.cpp:1780 CHECK_EQ( metaData->eType,kMetadataBufferTypeGrallocSource) failed: 0 vs. 1

The assertion is [2] and exists in Lollipop only.

FWICT, the value of eType is set by OMXNodeInstance::updateGraphicBufferInMeta [3], which is called at few lines above the assertion [4]. This check should never fail unless chip vendors (almost all crashes are on MTK, few are on Samsung) don't heavily modify their code.

[1] https://crash-stats.mozilla.com/rawdumps/4e5cee31-ad0f-4387-ba20-fe18a2170215.json
[2] http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/ACodec.cpp#977
[3] http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/omx/OMXNodeInstance.cpp#694
[4] http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/ACodec.cpp#970
Oops, I meant '... unless chip vendors heavily modify their code'.
Crash Signature: [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] → [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e]
Tracking as a top crash in 52.
Marking as blocker for 52, we should find a mitigation for this crash.
Crash Signature: [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e] → [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e] [@ ACodec (deleted)@0x3e] [@ ACodec (deleted)@0x5e] [@ ACodec (deleted)@0x11e] [@ ACodec (deleted)@0x13e] [@ ACodec (deleted)@0xde] [@ ACodec (deleted)@0xbe] [@ ACodec…
signatures starting with ACodec* were accounting for 1.8% of crash reports on fennec in the 51.0b cycle, but are now 10.8% of crashes in 52.0b6.
Assignee: nobody → jolin
Status: NEW → ASSIGNED
Component: General → Audio/Video
Summary: Crash in ACodec (deleted)@0x7e → [Fennec] Crash in ACodec (deleted)@0x7e
See Also: → 1341360
Removing the release blocker status for the reason given in bug 1341360 comment 18 (those two bugs look related).
John,
IIUC, this bug is similar to bug 1341360. Should we set one of them duplicate?
Flags: needinfo?(jolin)
Priority: -- → P1
Yes and done.
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Flags: needinfo?(jolin)
Resolution: --- → DUPLICATE
Duplicate of bug: 1341360
Tracked in the duplicate bug.
You need to log in before you can comment on or make changes to this bug.