Closed
Bug 1339496
Opened 8 years ago
Closed 8 years ago
[Fennec] Crash in ACodec (deleted)@0x7e
Categories
(Firefox for Android Graveyard :: Audio/Video, defect, P1)
Tracking
(firefox51 affected, firefox52- affected, firefox53- affected)
RESOLVED
DUPLICATE
of bug 1341360
People
(Reporter: marcia, Assigned: jhlin)
References
Details
(Keywords: crash, topcrash)
Crash Data
This bug was filed from the Socorro interface and is
report bp-a16c8d82-9503-4e34-9497-27fa12170210.
=============================================================
Seen while looking at release crash stats: http://bit.ly/2ktD4aE. There are two signatures at the top of crash stats which account for almost 6K crashes. They currently sit at #4 and #5 in the 51.0.3 crash list.
Thread 13 has:
0 libxul.so nsIFrame::IsTransformed layout/generic/nsFrame.cpp:1140
1 libxul.so nsDisplayListBuilder::IsAnimatedGeometryRoot layout/base/nsDisplayList.cpp:1215
2 libxul.so nsDisplayListBuilder::AutoBuildingDisplayList::AutoBuildingDisplayList layout/base/nsDisplayList.h:728
3 libxul.so nsIFrame::BuildDisplayListForChild layout/generic/nsFrame.cpp:2785
4 libxul.so mozilla::ScrollFrameHelper::BuildDisplayList layout/generic/nsGfxScrollFrame.cpp:3501
5 libxul.so nsIFrame::BuildDisplayListForChild layout/generic/nsFrame.cpp:2877
|
||
Comment 3•8 years ago
|
||
The crash URLs point to porn websites https://www.xnxx.com/ and http://www.xvideos.com/ video playback?
Yeah, ACodec is part of the Android media stack. This will be mitigated by the out-of-process decoding in 54. Blake, maybe you folks can see if there's something we can do about this crash in the mean time?
Flags: needinfo?(snorp) → needinfo?(bwu)
|
||
Comment 5•8 years ago
|
||
John,
From crash report, I can see this crash still happen in the builds[1] after we turned on OOP decoding.
Could you check it?
[1]https://crash-stats.mozilla.com/search/?signature=~ACodec%20%28deleted%29%400x7e&signature=~ACodec%20%28deleted%29%400x15e&date=%3E%3D2017-01-15T05%3A25%3A58.000Z&date=%3C2017-02-15T05%3A25%3A58.000Z&_sort=-version&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
Flags: needinfo?(bwu) → needinfo?(jolin)
|
|
||
Comment 6•8 years ago
|
||
https://crash-stats.mozilla.com/signature/?product=FennecAndroid&signature=ACodec%20%28deleted%29%400x15e&date=%3E%3D2017-02-08T05%3A52%3A00.000Z&date=%3C2017-02-15T05%3A52%3A00.000Z#aggregations
It looks like those crashes only happen on Android version 21 and 22.
|
Assignee | |
Comment 7•8 years ago
|
||
The patch was uplifted on 02-02 (bug 1333323 comment 9) so aurora builds before that could still see ACodec crashes.
I'll check the reports and see if we can do something about it.
Flags: needinfo?(jolin)
|
|
Assignee | |
Comment 8•8 years ago
|
||
Found a suspect in logcat [1]:
02-15 11:37:22.683 20090 22877 F ACodec : frameworks/av/media/libstagefright/ACodec.cpp:1780 CHECK_EQ( metaData->eType,kMetadataBufferTypeGrallocSource) failed: 0 vs. 1
The assertion is [2] and exists in Lollipop only.
FWICT, the value of eType is set by OMXNodeInstance::updateGraphicBufferInMeta [3], which is called at few lines above the assertion [4]. This check should never fail unless chip vendors (almost all crashes are on MTK, few are on Samsung) don't heavily modify their code.
[1] https://crash-stats.mozilla.com/rawdumps/4e5cee31-ad0f-4387-ba20-fe18a2170215.json
[2] http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/ACodec.cpp#977
[3] http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/omx/OMXNodeInstance.cpp#694
[4] http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/ACodec.cpp#970
|
|
Assignee | |
Comment 9•8 years ago
|
||
Oops, I meant '... unless chip vendors heavily modify their code'.
|
Reporter | |
Updated•8 years ago
|
Crash Signature: [@ ACodec (deleted)@0x7e]
[@ ACodec (deleted)@0x15e] → [@ ACodec (deleted)@0x7e]
[@ ACodec (deleted)@0x15e]
[@ ACodec (deleted)@0x1e]
|
||
Comment 11•8 years ago
|
||
Marking as blocker for 52, we should find a mitigation for this crash.
|
||
Updated•8 years ago
|
Crash Signature: [@ ACodec (deleted)@0x7e]
[@ ACodec (deleted)@0x15e]
[@ ACodec (deleted)@0x1e] → [@ ACodec (deleted)@0x7e]
[@ ACodec (deleted)@0x15e]
[@ ACodec (deleted)@0x1e]
[@ ACodec (deleted)@0x3e]
[@ ACodec (deleted)@0x5e]
[@ ACodec (deleted)@0x11e]
[@ ACodec (deleted)@0x13e]
[@ ACodec (deleted)@0xde]
[@ ACodec (deleted)@0xbe]
[@ ACodec…
|
|
||
Comment 12•8 years ago
|
||
signatures starting with ACodec* were accounting for 1.8% of crash reports on fennec in the 51.0b cycle, but are now 10.8% of crashes in 52.0b6.
Assignee: nobody → jolin
|
||
Updated•8 years ago
|
Status: NEW → ASSIGNED
Component: General → Audio/Video
Summary: Crash in ACodec (deleted)@0x7e → [Fennec] Crash in ACodec (deleted)@0x7e
|
|
||
Comment 13•8 years ago
|
||
Removing the release blocker status for the reason given in bug 1341360 comment 18 (those two bugs look related).
tracking-firefox53:
--- → +
|
|
||
Comment 14•8 years ago
|
||
John,
IIUC, this bug is similar to bug 1341360. Should we set one of them duplicate?
Flags: needinfo?(jolin)
Priority: -- → P1
|
|
Assignee | |
Comment 15•8 years ago
|
||
Yes and done.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Flags: needinfo?(jolin)
Resolution: --- → DUPLICATE
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•