Closed Bug 1493611 Opened Last year Closed 9 months ago

Crash in aom_lpf_vertical_4_neon


(Core :: Audio/Video: Playback, defect, P1, critical)




Tracking Status
firefox-esr60 --- unaffected
firefox62 --- unaffected
firefox63 --- unaffected
firefox64 --- disabled
firefox65 --- disabled
firefox66 --- disabled
firefox67 blocking verified
firefox68 --- verified


(Reporter: gsvelto, Assigned: TD-Linux)


(Blocks 2 open bugs)


(Keywords: crash, regression, topcrash)

Crash Data


(3 files)

This bug was filed from the Socorro interface and is
report bp-8d0918ff-0cb3-45c4-8bd2-0481f0180924.

Top 10 frames of crashing thread:

0 aom_lpf_vertical_4_neon third_party/aom/aom_dsp/arm/loopfilter_neon.c:797
1 av1_filter_block_plane_vert third_party/aom/av1/common/av1_loopfilter.c
2 loop_filter_row_worker third_party/aom/av1/common/thread_common.c:278
3 execute third_party/aom/aom_util/aom_thread.c:135
4 av1_loop_filter_frame_mt third_party/aom/av1/common/thread_common.c:355
5 av1_decode_tg_tiles_and_wrapup third_party/aom/av1/decoder/decodeframe.c:5487
6 aom_decode_frame_from_obus third_party/aom/av1/decoder/obu.c:342
7 av1_receive_compressed_data third_party/aom/av1/decoder/decoder.c:499
8 frame_worker_hook third_party/aom/av1/av1_dx_iface.c:357
9 execute third_party/aom/aom_util/aom_thread.c:135


New crash, seem to have started with buildid 20180921100234. Here's a couple of crashing URLs:
There are 14 crashes (from 7 installations) in nightly 64 starting with buildid 20180921100234. In analyzing the backtrace, the regression may have been introduced by patch [1] to fix bug 1489285.
:TD-Linux, could you investigate please ?

Blocks: clouseau, 1489285
Flags: needinfo?(tdaede)
Keywords: regression
I can take a look. Note this code path is only available behind a pref, and the crashes were likely during the IBC demo.
Flags: needinfo?(tdaede)
Hardware: Unspecified → ARM
Blocks: AV1
Priority: -- → P2
Assignee: nobody → tdaede
Duplicate of this bug: 1500220
This may be fixed:

commit 4561597da4d76b39f758c8b9672ee6bf801caddd
Author: Cherma Rajan A <>
Date:   Tue Oct 23 16:25:51 2018 +0530

    Fix unaligned read/write in lpf_vertical_4_neon
    Address of src buffer can only be 2-bytes aligned. Hence
    replacing the operations by unaligned load/store functions.
    Change-Id: Id56bbc1ff8ba533652c2668cbf4f4356a95d8495

Doesn't crash anymore on Nightly 67 2019-02-20
With and without dav1d.

Closed: 9 months ago
Resolution: --- → FIXED

Reopening and tracking for 67, we had a big spike yesterday on Nightly with this signature

Resolution: FIXED → ---

Almost all of the URLs are, or which was identified in the original comment as crashing (in addition to being identified in the dupe Bug 1500220).

We don't have the commit from comment 4 in central. AFAICT we haven't updated our copy of libaom since September.

Flags: needinfo?(tdaede)
Attached file logcatBug1493611.txt

I was able to reproduce this on Firefox Beta 67.0b3 - device Xiaomi Mi4i(Android 5.0.2).


  1. Go to
  2. Play a video.
    Result: Firefox crashes.

Reproducible 5/5 times.

Also reproducible 5/5 times on Google Pixel C (Android 8.0.0) on Firefox Beta 67.0b3 with the same stesp as Sorina mentioned above.

I was able to reproduce this issue 5 out of 5 times on the latest Nightly built 68.0a1(19/03/2019) with Google Pixel 3 XL(Android P) with the steps from the Comment 9.
For more details please see the logcat.

I believe this is happening because pref "media.av1.enabled" has been turned on accidentally probably with Bug 1534814.

Pushed by
Exclude Android from Linux platform check. r=mjf

Mission Control rates also spiked due to this bug (unsurprisingly)

See Also: → 1537874
Closed: 9 months ago9 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

Thomas, could you please request an uplift to beta? Thanks

Comment on attachment 9052828 [details]
Bug 1493611 - Exclude Android from Linux platform check on beta. r?mjf

Beta/Release Uplift Approval Request

  • Feature/Bug causing the regression: Bug 1534814
  • User impact if declined: Crashes on android on some (AV1) YouTube video.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): AV1 was accidentally on Android and we turn it off again. The fix has been verified on Nightly.
  • String changes made/needed:
  • Do you want to request approval of these patches as well?: on
Attachment #9052828 - Flags: approval-mozilla-beta?

Hi all,

I cannot reproduce the crash, but now the behavior is: the video is continuously loading.
I can reproduce only on Beta 67.0b4, on these devices:

  • Motorola Nexus 6 (Android 7.1.1),
  • Huawei MediaPad M2 (Android 5.1.1),
  • OnePlus 3 (Android 6.0.1),
  • Nexus 9 (Android 7.1.1).

Tested on latest Nightly build (03/22) and we weren't able to reproduce the crash on affected devices:

  • Xiaomi Mi4i (Android 5.0.2)
  • Pixel 3XL (Android 9)
  • HTC 10 (Android 8.0)
  • Huawei P9 Lite (Android 6.0)

I will mark firefox68:verified.
Note that we are able to reproduce the crash and also the behavior described by Mira, on the latest Beta build (67.0b4).

Keywords: crashtopcrash

Comment on attachment 9052828 [details]
Bug 1493611 - Exclude Android from Linux platform check on beta. r?mjf

Disable AV1 on Fennec which was accidentally turned on and caused a top crasher, verified on Nightly, approved for 67 beta 5, thanks!

Attachment #9052828 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Flags: qe-verify+
Priority: P2 → P1
QA Whiteboard: [qa-triaged]
Keywords: crash

Verified as fixed on Firefox 67.0b5.

  • Xiaomi Mi4i (Android 5.0.2)
  • Google Pixel(Android 9)
  • Huawei P9 Lite (Android 6.0)
  • Motorola Nexus 6 (Android 7.1.1)
  • Sony Xperia Z5 Premium (Android 7.1.1)
  • Samsung Galaxy Note 8 (Android 9)
QA Whiteboard: [qa-triaged]
Flags: qe-verify+
Flags: needinfo?(tdaede)
You need to log in before you can comment on or make changes to this bug.