This bug was filed from the Socorro interface and is report bp-a16c8d82-9503-4e34-9497-27fa12170210. ============================================================= Seen while looking at release crash stats: http://bit.ly/2ktD4aE. There are two signatures at the top of crash stats which account for almost 6K crashes. They currently sit at #4 and #5 in the 51.0.3 crash list.
snorp: any ideas regarding this crash?
Thread 13 has: 0 libxul.so nsIFrame::IsTransformed layout/generic/nsFrame.cpp:1140 1 libxul.so nsDisplayListBuilder::IsAnimatedGeometryRoot layout/base/nsDisplayList.cpp:1215 2 libxul.so nsDisplayListBuilder::AutoBuildingDisplayList::AutoBuildingDisplayList layout/base/nsDisplayList.h:728 3 libxul.so nsIFrame::BuildDisplayListForChild layout/generic/nsFrame.cpp:2785 4 libxul.so mozilla::ScrollFrameHelper::BuildDisplayList layout/generic/nsGfxScrollFrame.cpp:3501 5 libxul.so nsIFrame::BuildDisplayListForChild layout/generic/nsFrame.cpp:2877
The crash URLs point to porn websites https://www.xnxx.com/ and http://www.xvideos.com/ video playback?
Yeah, ACodec is part of the Android media stack. This will be mitigated by the out-of-process decoding in 54. Blake, maybe you folks can see if there's something we can do about this crash in the mean time?
Flags: needinfo?(snorp) → needinfo?(bwu)
John, From crash report, I can see this crash still happen in the builds after we turned on OOP decoding. Could you check it? https://crash-stats.mozilla.com/search/?signature=~ACodec%20%28deleted%29%400x7e&signature=~ACodec%20%28deleted%29%400x15e&date=%3E%3D2017-01-15T05%3A25%3A58.000Z&date=%3C2017-02-15T05%3A25%3A58.000Z&_sort=-version&_sort=-date&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
Flags: needinfo?(bwu) → needinfo?(jolin)
https://crash-stats.mozilla.com/signature/?product=FennecAndroid&signature=ACodec%20%28deleted%29%400x15e&date=%3E%3D2017-02-08T05%3A52%3A00.000Z&date=%3C2017-02-15T05%3A52%3A00.000Z#aggregations It looks like those crashes only happen on Android version 21 and 22.
The patch was uplifted on 02-02 (bug 1333323 comment 9) so aurora builds before that could still see ACodec crashes. I'll check the reports and see if we can do something about it.
Found a suspect in logcat : 02-15 11:37:22.683 20090 22877 F ACodec : frameworks/av/media/libstagefright/ACodec.cpp:1780 CHECK_EQ( metaData->eType,kMetadataBufferTypeGrallocSource) failed: 0 vs. 1 The assertion is  and exists in Lollipop only. FWICT, the value of eType is set by OMXNodeInstance::updateGraphicBufferInMeta , which is called at few lines above the assertion . This check should never fail unless chip vendors (almost all crashes are on MTK, few are on Samsung) don't heavily modify their code.  https://crash-stats.mozilla.com/rawdumps/4e5cee31-ad0f-4387-ba20-fe18a2170215.json  http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/ACodec.cpp#977  http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/omx/OMXNodeInstance.cpp#694  http://androidxref.com/5.0.0_r2/xref/frameworks/av/media/libstagefright/ACodec.cpp#970
Oops, I meant '... unless chip vendors heavily modify their code'.
Crash Signature: [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] → [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e]
Marking as blocker for 52, we should find a mitigation for this crash.
Crash Signature: [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e] → [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e] [@ ACodec (deleted)@0x3e] [@ ACodec (deleted)@0x5e] [@ ACodec (deleted)@0x11e] [@ ACodec (deleted)@0x13e] [@ ACodec (deleted)@0xde] [@ ACodec (deleted)@0xbe] [@ ACodec…
signatures starting with ACodec* were accounting for 1.8% of crash reports on fennec in the 51.0b cycle, but are now 10.8% of crashes in 52.0b6.
Assignee: nobody → jolin
Status: NEW → ASSIGNED
Component: General → Audio/Video
Summary: Crash in ACodec (deleted)@0x7e → [Fennec] Crash in ACodec (deleted)@0x7e
Removing the release blocker status for the reason given in bug 1341360 comment 18 (those two bugs look related).
John, IIUC, this bug is similar to bug 1341360. Should we set one of them duplicate?
Priority: -- → P1
Yes and done.
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1341360
You need to log in before you can comment on or make changes to this bug.