Closed
Bug 1149358
Opened 9 years ago
Closed 9 years ago
Asynchronous Plugin Init crashes due to invalid NPStreams
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox38 disabled, firefox39+ fixed, firefox40 fixed)
RESOLVED
FIXED
mozilla40
People
(Reporter: guijoselito, Assigned: bugzilla)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
4.79 KB,
patch
|
jimm
:
review+
lizzard
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-7dfd0e4b-6116-4cd9-96d1-70ca92150330. ============================================================= I don't have STR, unfortunately. Another crash report is https://crash-stats.mozilla.com/report/index/aefc121d-d46e-455d-8c60-4f5cc2150328 Both happened after I turned dom.ipc.plugins.asyncInit to true - I'm on Nightly but have e10s off.
|
Assignee | |
Comment 1•9 years ago
|
||
I'm going to move this to be a catch-all bug for a bunch of crash signatures that I'm seeing. They all point to the same thing: The PluginAsyncSurrogate is referencing NPStreams that are not longer valid.
Assignee: nobody → aklotz
Blocks: asyncplugininit
Status: NEW → ASSIGNED
Crash Signature: [@ mozilla::plugins::BrowserStreamParent::BrowserStreamParent(mozilla::plugins::PluginInstanceParent*, _NPStream*)] → [@ mozilla::plugins::BrowserStreamParent::BrowserStreamParent(mozilla::plugins::PluginInstanceParent*, _NPStream*)]
[@ mozilla::plugins::PluginAsyncSurrogate::NotifyAsyncInitFailed()]
[@ mozilla::plugins::PluginAsyncSurrogate::DestroyAsyncStream(_NPStre…
status-firefox38:
--- → disabled
status-firefox39:
--- → affected
status-firefox40:
--- → affected
OS: Windows 7 → All
Hardware: x86 → All
Version: Trunk → 39 Branch
|
|
Assignee | |
Comment 2•9 years ago
|
||
From all of those crash signatures, I am seeing either: 1) NPP_Destroy is pending, so it doesn't make sense to send deferred NPP_NewStreams or to call back into the browser to destroy them; or 2) The plugin instance owner is gone, so NPP_Destroy hasn't been called yet but it is pending. Again, we should not try anything since the streams are being destroyed by the browser anyway.
Attachment #8587050 -
Flags: review?(jmathies)
|
||
Updated•9 years ago
|
Attachment #8587050 -
Flags: review?(jmathies) → review+
|
|
Assignee | |
Updated•9 years ago
|
Summary: crash in mozilla::plugins::BrowserStreamParent::BrowserStreamParent(mozilla::plugins::PluginInstanceParent*, _NPStream*) → Asynchronous Plugin Init crashes due to invalid NPStreams
|
|
Assignee | |
Comment 3•9 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/62bb8ecd5237
|
|
Assignee | |
Comment 4•9 years ago
|
||
Comment on attachment 8587050 [details] [diff] [review] Don't manipulate plugin streams when destruction is imminent Approval Request Comment [Feature/regressing bug #]: async plugin init [User impact if declined]: crashes when plugin teardown overlaps with async init [Describe test coverage new/current, TreeHerder]: Locally [Risks and why]: Low, trivial fixes for a well understood problem [String/UUID change made/needed]: None
Attachment #8587050 -
Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/62bb8ecd5237
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla40
|
|
||
Comment 6•9 years ago
|
||
[Tracking Requested - why for this release]: Crashes with the signatures on this bug are killing us on 39 Dev Edition right now (and plugin crashes and hangs have been rising a lot as well since 39 was shipped to that channel). Can this patch please be uplifted? Or is there something else we need there?
tracking-firefox39:
--- → ?
|
|
||
Comment 7•9 years ago
|
||
"are killing us right now" means that 60% of all 39 Dev Edition crashes are in those signatures at this time.
|
||
Comment 8•9 years ago
|
||
Comment on attachment 8587050 [details] [diff] [review] Don't manipulate plugin streams when destruction is imminent Approving for 39 since this has been stable on m-c for days and is a high impact crash.
Attachment #8587050 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Updated•9 years ago
|
|
|
Assignee | |
Comment 9•9 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/e8ed559c3ebe
|
||
Comment 10•9 years ago
|
||
Is the fix effective in 39 because the crash rate doesn't seem to go down in aurora.
|
|
||
Comment 11•9 years ago
|
||
There's still crashes with this signature in the builds after this landed, including the builds from yesterday and today.
|
|
||
Comment 12•9 years ago
|
||
Aaron, should we get a new bug on file for what still exists with this signature or should we reopen this one?
Flags: needinfo?(aklotz)
|
|
Assignee | |
Comment 13•9 years ago
|
||
There are other bugs being worked on for asynchronous initialization of plugin streams. Bug 1152890 only landed in Aurora yesterday so its effects are not being observed yet on crashstats. There is also bug 1151804 which is currently under review. Both of those patches will indirectly affect those signatures, so I'd like to hold off on doing anything until bug 1151804 is uplifted.
Flags: needinfo?(aklotz)
|
||
Comment 14•9 years ago
|
||
[Tracking Requested - why for this release]:Nope problem is on FF latest 38beta. Crash was on site http://www.mmoga.com/advanced_search.php?keywords=diablo&x=0&y=0¤cy=EUR This site use Adobe Flash. Crash report: https://crash-stats.mozilla.com/report/index/32d6ac8d-5f32-4cbf-93f7-d53bf2150417 My settings: accessibility.typeaheadfind.flashBar 0 browser.cache.disk_cache_ssl false browser.cache.disk.capacity 358400 browser.cache.disk.filesystem_reported 1 browser.cache.disk.parent_directory F:\.Mozilla FF Cache BK-201 browser.cache.disk.smart_size.first_run false browser.cache.disk.smart_size.use_old_max false browser.cache.frecency_experiment 1 browser.cache.memory.capacity -1 browser.cache.use_new_backend 1 browser.download.importedFromSqlite true browser.download.useDownloadDir false browser.places.smartBookmarksVersion 7 browser.search.useDBForOrder true browser.sessionstore.upgradeBackup.latestBuildID 20150416143048 browser.startup.homepage https://www.google.pl/ browser.startup.homepage_override.buildID 20150416143048 browser.startup.homepage_override.mstone 38.0 browser.tabs.animate false browser.tabs.closeWindowWithLastTab false browser.urlbar.delay 70 browser.urlbar.trimURLs false dom.disable_open_during_load false dom.ipc.plugins.asyncInit true dom.ipc.plugins.flash.disable-protected-mode true dom.ipc.plugins.hangUIMinDisplaySecs 15 dom.ipc.plugins.hangUITimeoutSecs 16 dom.ipc.plugins.sandbox-level.flash 1 dom.ipc.plugins.sandbox-level.java 1 dom.ipc.plugins.sandbox-level.npdeployjava 1 dom.ipc.plugins.sandbox-level.nppl 1 dom.ipc.plugins.sandbox-level.nprndlhtml5videoshim 1 dom.ipc.plugins.sandbox-level.nprpplugin 1 dom.ipc.plugins.sandbox-level.npvlc 1 dom.max_chrome_script_run_time 60 dom.max_script_run_time 30 dom.mozApps.used true dom.mozBrowserFramesEnabled true dom.mozTCPSocket.enabled true dom.secureelement.enabled true dom.serviceWorkers.enabled true dom.w3c_pointer_events.enabled true extensions.lastAppVersion 38.0 font.language.group x-unicode gfx.direct2d.disabled true gfx.direct3d.last_used_feature_level_idx 0 gfx.font_rendering.cleartype_params.rendering_mode 3 gfx.font_rendering.directwrite.enabled true layers.d3d11.disable-warp true media.fragmented-mp4.gonk.enabled true media.gmp-eme-adobe.autoupdate true media.gmp-eme-adobe.hidden false media.gmp-eme-adobe.lastUpdate 1429117872 media.gmp-eme-adobe.version 8 media.gmp-gmpopenh264.autoupdate false media.gmp-gmpopenh264.enabled true media.gmp-gmpopenh264.lastUpdate 1429257802 media.gmp-gmpopenh264.provider.enabled true media.gmp-gmpopenh264.version 1.4 media.gmp-manager.buildID 20150416143048 media.gmp-manager.lastCheck 1429271410 media.gmp.insecure.allow true media.hardware-video-decoding.enabled true media.mediasource.eviction_threshold 78643200 media.mediasource.webm.enabled true media.mediasource.whitelist false media.peerconnection.identity.enabled true media.peerconnection.video.h264_enabled true media.track.enabled true media.webspeech.recognition.enable true media.webspeech.synth.enabled true media.windows-media-foundation.play-stand-alone false media.windows-media-foundation.use-dxva false network.cookie.prefsMigrated true network.predictor.cleaned-up true places.database.lastMaintenance 1429258144 places.history.expiration.transient_current_max_pages 104858 plugin.allow.asyncdrawing true plugin.disable_full_page_plugin_for_types application/pdf plugin.importedState true plugin.state.java 2 plugin.state.np-mswmp 1 plugin.state.np32dsw 1 plugin.state.npadobeaamdetect 0 plugin.state.npadobeexmandetectx 0 plugin.state.nparcpluginff 1 plugin.state.npbattlelog 1 plugin.state.npbrowserplugin 0 plugin.state.npctrl 2 plugin.state.npdeployjava 1 plugin.state.npdivx 1 plugin.state.npgeplugin 1 plugin.state.npgoogletalk 2 plugin.state.npgoogleupdate 2 plugin.state.npmigfpi 0 plugin.state.npo1d 2 plugin.state.npovshelper 1 plugin.state.nppdf 0 plugin.state.nppl 0 plugin.state.npqtplugin 1 plugin.state.nprndlhtml5videoshim 0 plugin.state.nprpplugin 0 plugin.state.npvlc 2 plugin.state.npwachk 0 plugin.state.npwatweb 1 plugin.state.npwlpg 1 plugins.load_appdir_plugins true print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_bgcolor false print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_bgimages false print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_colorspace print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_command print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_downloadfonts false print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_duplex 1515870810 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_edge_bottom 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_edge_left 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_edge_right 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_edge_top 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_evenpages true print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_footercenter print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_footerleft &PT print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_footerright &D print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_headercenter print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_headerleft &T print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_headerright &U print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_in_color true print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_margin_bottom 0.5 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_margin_left 0.5 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_margin_right 0.5 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_margin_top 0.5 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_oddpages true print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_orientation 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_page_delay 50 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_paper_data 9 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_paper_height 11,00 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_paper_name print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_paper_size_type 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_paper_size_unit 1 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_paper_width 8,50 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_plex_name print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_resolution 1515870810 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_resolution_name print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_reversed false print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_scaling 1,00 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_shrink_to_fit true print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_to_file false print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_unwriteable_margin_bottom 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_unwriteable_margin_left 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_unwriteable_margin_right 0 print.printer_\\MARIANW7-PC\Canon_Inkjet_MP540_series.print_unwriteable_margin_top 0 privacy.cpd.extensions-dta true privacy.cpd.offlineApps true privacy.cpd.siteSettings true privacy.donottrackheader.enabled true privacy.sanitize.migrateFx3Prefs true privacy.sanitize.timeSpan 0 privacy.trackingprotection.enabled true storage.vacuum.last.index 1 storage.vacuum.last.places.sqlite 1428622611
status-firefox38:
disabled → ---
tracking-firefox38:
--- → ?
|
|
||
Comment 15•9 years ago
|
||
Really? I just checked in crash stats and the crash seems to have fallen off radar in 39 and neither i see it in 38.
|
|
Assignee | |
Comment 16•9 years ago
|
||
(In reply to mkdante381 from comment #14) > [Tracking Requested - why for this release]:Nope problem is on FF latest > 38beta. Crash was on site > http://www.mmoga.com/advanced_search. > php?keywords=diablo&x=0&y=0¤cy=EUR This site use Adobe Flash. > > Crash report: > https://crash-stats.mozilla.com/report/index/32d6ac8d-5f32-4cbf-93f7- > d53bf2150417 > > My settings: snip > dom.ipc.plugins.asyncInit true Async plugin init is disabled by default on Beta 38 and is not a supported configuration at this time. The fixes being made to this bug and others are not being uplifted to Beta.
tracking-firefox38:
? → ---
|
|
Assignee | |
Updated•9 years ago
|
status-firefox38:
--- → disabled
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•