Closed Bug 1339496 Opened 6 years ago Closed 6 years ago

[Fennec] Crash in ACodec (deleted)@0x7e


(Firefox for Android Graveyard :: Audio/Video, defect, P1)

51 Branch


(firefox51 affected, firefox52- affected, firefox53- affected)

Tracking Status
firefox51 --- affected
firefox52 - affected
firefox53 - affected


(Reporter: marcia, Assigned: jhlin)



(Keywords: crash, topcrash)

Crash Data

This bug was filed from the Socorro interface and is 
report bp-a16c8d82-9503-4e34-9497-27fa12170210.

Seen while looking at release crash stats: There are two signatures at the top of crash stats which account for almost 6K crashes. They currently sit at #4 and #5 in the 51.0.3 crash list.
snorp: any ideas regarding this crash?
Flags: needinfo?(snorp)
Thread 13 has:
0 	nsIFrame::IsTransformed 	layout/generic/nsFrame.cpp:1140
1 	nsDisplayListBuilder::IsAnimatedGeometryRoot 	layout/base/nsDisplayList.cpp:1215
2 	nsDisplayListBuilder::AutoBuildingDisplayList::AutoBuildingDisplayList 	layout/base/nsDisplayList.h:728
3 	nsIFrame::BuildDisplayListForChild 	layout/generic/nsFrame.cpp:2785
4 	mozilla::ScrollFrameHelper::BuildDisplayList 	layout/generic/nsGfxScrollFrame.cpp:3501
5 	nsIFrame::BuildDisplayListForChild 	layout/generic/nsFrame.cpp:2877
The crash URLs point to porn websites and video playback?
Yeah, ACodec is part of the Android media stack. This will be mitigated by the out-of-process decoding in 54. Blake, maybe you folks can see if there's something we can do about this crash in the mean time?
Flags: needinfo?(snorp) → needinfo?(bwu)
The patch was uplifted on 02-02 (bug 1333323 comment 9) so aurora builds before that could still see ACodec crashes.
I'll check the reports and see if we can do something about it.
Flags: needinfo?(jolin)
Found a suspect in logcat [1]:

02-15 11:37:22.683 20090 22877 F ACodec  : frameworks/av/media/libstagefright/ACodec.cpp:1780 CHECK_EQ( metaData->eType,kMetadataBufferTypeGrallocSource) failed: 0 vs. 1

The assertion is [2] and exists in Lollipop only.

FWICT, the value of eType is set by OMXNodeInstance::updateGraphicBufferInMeta [3], which is called at few lines above the assertion [4]. This check should never fail unless chip vendors (almost all crashes are on MTK, few are on Samsung) don't heavily modify their code.

Oops, I meant '... unless chip vendors heavily modify their code'.
Crash Signature: [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] → [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e]
Tracking as a top crash in 52.
Marking as blocker for 52, we should find a mitigation for this crash.
Crash Signature: [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e] → [@ ACodec (deleted)@0x7e] [@ ACodec (deleted)@0x15e] [@ ACodec (deleted)@0x1e] [@ ACodec (deleted)@0x3e] [@ ACodec (deleted)@0x5e] [@ ACodec (deleted)@0x11e] [@ ACodec (deleted)@0x13e] [@ ACodec (deleted)@0xde] [@ ACodec (deleted)@0xbe] [@ ACodec…
signatures starting with ACodec* were accounting for 1.8% of crash reports on fennec in the 51.0b cycle, but are now 10.8% of crashes in 52.0b6.
Assignee: nobody → jolin
Component: General → Audio/Video
Summary: Crash in ACodec (deleted)@0x7e → [Fennec] Crash in ACodec (deleted)@0x7e
See Also: → 1341360
Removing the release blocker status for the reason given in bug 1341360 comment 18 (those two bugs look related).
IIUC, this bug is similar to bug 1341360. Should we set one of them duplicate?
Flags: needinfo?(jolin)
Priority: -- → P1
Yes and done.
Closed: 6 years ago
Flags: needinfo?(jolin)
Resolution: --- → DUPLICATE
Duplicate of bug: 1341360
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.