Closed
Bug 1205979
Opened 9 years ago
Closed 8 years ago
Java plugin crash in mozilla::plugins::AssertPluginThread()
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(firefox42 affected, firefox43 affected, firefox48 wontfix, firefox49+ wontfix, firefox51+ wontfix)
People
(Reporter: ananuti, Unassigned)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
1.09 KB,
text/plain
|
Details |
This bug was filed from the Socorro interface and is report bp-580ba68d-13d8-42c1-855f-0bdc72150918. ============================================================= STR: 1. Run java https://www.java.com/verify 2. Closed tab 3. Open about:crashes. you'll see 3 reports in there. Plugin works fine, fake reports maybe? Cannot reproduce in Beta.
Flags: needinfo?(benjamin)
Comment 1•9 years ago
|
||
This is a real plugin-process crash which happens when tearing down a plugin instance. It's caused by a threading error in the Java plugin, and we recently became more strict about crashing on these threading bugs instead of ignoring them and hoping everything works out. If you had multiple Java tabs open, you'd see the Java in the second tab crash when you closed the first tab. Mozilla is not going to "fix" this bug: you need to report it to Oracle and they need to fix it within the Java plugin.
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(benjamin)
Resolution: --- → WONTFIX
Comment 2•8 years ago
|
||
These are substantially higher under e10s. 6.78% of total crash volume compared to 0.99%. All are under Java. https://crash-stats.mozilla.com/search/?product=Firefox&version=47.0b3&version=47.0b4&version=47.0b5&dom_ipc_enabled=!__null__&process_type=plugin&signature=~AssertPluginThread&_facets=signature&_facets=plugin_name&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#facet-plugin_name
Blocks: e10s-plugincrashes
Comment 3•8 years ago
|
||
bsmedberg, these AssertPluginThread() Java crashes seem to have recently spiked in Nightly 50 (rank #3) and Aurora 49 (rank #5), but don't show up in the top 50 crashes for Beta 48 or Firefox 47. Bug 1222036 comment 15 says Oracle has fixed this _releaseobject thread bug. Should we blocklist older unfixed Java versions? https://bugs.openjdk.java.net/browse/JDK-8133523 e.g. bp-eea8c897-2523-4717-89b8-067882160624
Flags: needinfo?(benjamin)
Summary: crash in mozilla::plugins::AssertPluginThread() → Java plugin crash in mozilla::plugins::AssertPluginThread()
Comment 4•8 years ago
|
||
In general we should blocklist all known-insecure versions of Java. Do you have a proposed minimum Java version we should target? My understanding is that this was fixed in Java 9, but there are still supported versions of Java 8 that we typically would not blocklist. Perhaps though we should encourage upgrade for affected users using Shield.
Updated•8 years ago
|
Flags: needinfo?(benjamin)
Comment 5•8 years ago
|
||
Oracle fixed this bug in Java 8 Update 66 according to bug 1140616 comment 84 and OpenJDK bug JDK-8133523 [1]. According to AMO [2] and bug 1259458, we block (click-to-play) Java 8 Update 76 and below. The latest version of Java 8 is Update 92. Do we already have a mechanism in Shield to encourage people to update their plugins? How do we do that? [1] https://bugs.openjdk.java.net/browse/JDK-8133523 [2] https://addons.mozilla.org/en-US/firefox/blocked/p1144
Comment 6•8 years ago
|
||
No, but if we've already issued a plugin block there is very little we can do. And we also care not-at-all.
Comment 8•8 years ago
|
||
Benjamin, with the last beta or 48 and 49.0b1, this is causing a huge spike in term of startup crashes: https://crash-analysis.mozilla.com/rkaiser/crash-report-tools/longtermgraph/?fxbeta-bcat Is there anything we can do here? It seems that it is impacting VLC & the JVM
Status: RESOLVED → REOPENED
Flags: needinfo?(benjamin)
Resolution: WONTFIX → ---
Comment 9•8 years ago
|
||
All of the crashes seem to point the same release assert in NPN_ReleaseObject. We could just change that one release assert to a debug assert and return from the function early. Leaking an object is preferable to crashing. https://hg.mozilla.org/integration/mozilla-inbound/annotate/51377a641589/dom/plugins/ipc/PluginModuleChild.cpp#l2300
Comment 10•8 years ago
|
||
Tracking this for 49 at least. Is this really a startup crash ? How can we tell?
Comment 11•8 years ago
|
||
From discussion on IRC it sounds like the uptime is process uptime, so this may be the plugin process. Is there some change in how we are counting plugin crashes in crash-stats? i.e. we catch these in crash stats now when we failed to in the past?
Comment 12•8 years ago
|
||
This is not a "startup crash" according to our standard definition. It's a plugin-process crash. I do not believe that leaking is preferable to crashing in this case: leaking means gradual slowdown while crashes are immediate and provide feedback. I strongly believe we should not make any Firefox changes here. If this is happening in current versions of Oracle Java, we should reach out to them: old versions are already blocklisted so there's not a lot we can do if users keep choosing to use those versions. As for VLC, you could reach out to the developers but we'd reach the point of diminishing returns very quickly.
Status: REOPENED → RESOLVED
Closed: 9 years ago → 8 years ago
Flags: needinfo?(benjamin)
Resolution: --- → WONTFIX
Comment 13•8 years ago
|
||
Are we seeing the spike in crash-stats move from nightly to aurora to beta to release, because of some change in how plugin crashes are reported, then?
Comment 14•8 years ago
|
||
Benjamin, can we completely disallow (not just "This plugin is vulnerable" soft block that still allows click-to-play [1]) Java versions older than the known-fixed version? Or can we reset everyone's Java "Allow and Remember" setting? According to bug 1140616 comment 84, Oracle says fixed this bug in Java 8 Update 66. I looked at a dozen of these Java crash reports and the most recent crashing version appears to be 8.0.650.17, which looks like a version right before the fixed Java 8 Update 66. We already soft block (click-to-play) Java 8 Update 76 and below (bug 1259458), so users are manually activating and crashing old plugins or they set Java's click-to-play setting as "Allow and Remember". [1] https://support.mozilla.org/en-US/kb/why-do-i-have-click-activate-plugins#w_how-click-to-activate-works
Flags: needinfo?(benjamin)
Comment 15•8 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #14) > Benjamin, can we completely disallow (not just "This plugin is vulnerable" > soft block that still allows click-to-play [1]) Java versions older than the > known-fixed version? We can but we shouldn't. Enterprise Java deployments are very slow to update, and only a minority of users/Java applets are affected by this bug.
Flags: needinfo?(benjamin)
Comment 16•8 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #15) > We can but we shouldn't. Enterprise Java deployments are very slow to > update, and only a minority of users/Java applets are affected by this bug. This is our #1 topcrash in Beta 49. I think some external change has triggered this spike. When I search for the number of AssertPluginThread crashes in Beta versions *restricted to their six-week release cycle dates*: Beta 46 = 3110 Beta 47 = 1232 Beta 48 = 1458 https://is.gd/pl7KGZ Beta 49 = 25557 in just one week! https://is.gd/hyABIl And laggards still running Beta 48 over the last week = 139163 crashes! https://is.gd/ChqUC6
OS: Windows 10 → Windows
Comment 17•8 years ago
|
||
i think bug 1269998 landing in 49.0b triggered the spike, since 99.8% of these reports are currently coming from the infobar submission mechanism.
Comment 18•8 years ago
|
||
Philipp, you are suggesting that we had this bug for a long time and the implementation of bug 1269998 increased the submission rate?
Comment 19•8 years ago
|
||
yes, if you just look at the reports submitted through the normal crash reporting process (by excluding crashes submitted from the infobar), the numbers for 49.0b are not out of the ordinary and in line with what we have seen in older versions as well: http://bit.ly/2aK1eZA
Comment 20•8 years ago
|
||
Off topic but maybe, if we can, we should annotate these crashes to know that we didn't get them much in the past and that they are now pushed thanks to bug 1269998
Comment 21•8 years ago
|
||
A relatively small number of users (e.g. 1560 installations on 49.0b1) is generating a huge number of crash reports (e.g. 29620 reports on 49.0b1)
Crash Signature: [@ mozilla::plugins::AssertPluginThread()] → [@ mozilla::plugins::AssertPluginThread()]
[@ mozilla::plugins::AssertPluginThread]
Comment 22•8 years ago
|
||
Looks like now we won't get those (for beta 2) because we turned off the submission interface for beta and release channels, post beta 1 in bug 1291277.
Comment 23•8 years ago
|
||
Note also Marco is checking these reports to see the versions of Java used.
Comment 24•8 years ago
|
||
Comment 25•8 years ago
|
||
Jorge, how can I tell which versions of Java we have blocklisted already? Marco's list above shows the versions that are currently showing up as crashing most often. So if we haven't blocklisted the worst offenders there, maybe we should do that now.
Flags: needinfo?(jorge)
Comment 26•8 years ago
|
||
Are these even real crashes a user might notice? The other crashes that bug 1269998 has tended to get reports generated for are slow shutdown issues that don't even look like crashes. It seems bad to block somebody from using Java for an issue they aren't even noticing.
Comment 27•8 years ago
|
||
The full list of blocked add-ons and plugins can be found here: https://addons.mozilla.org/en-US/firefox/blocked/ For Java, we should be blocking Java Plugin 8 update 76 and lower, and Java Plugin 7 update 97 and lower. I don't know how those map to the extended version numbers in comment #24.
Flags: needinfo?(jorge)
Comment 28•8 years ago
|
||
(In reply to Jorge Villalobos [:jorgev] from comment #27) > The full list of blocked add-ons and plugins can be found here: > https://addons.mozilla.org/en-US/firefox/blocked/ > > For Java, we should be blocking Java Plugin 8 update 76 and lower, and Java > Plugin 7 update 97 and lower. I don't know how those map to the extended > version numbers in comment #24. There do seem to be versions in the list that are supposedly blocked. For example, 7.0.510.13 (7U51) is the top one with ~4000 crashes. There are also versions starting with 6. If it works like I think it works (MAJOR.0.UPDATE0.??? or MAJOR.0.UPDATE.???), then all those versions should be blocked.
Comment 29•8 years ago
|
||
That's not surprising. Users can override the plugin blocks, and it's amazingly common for enterprises to never update their Java.
Comment 30•8 years ago
|
||
(In reply to Benjamin Smedberg [:bsmedberg] from comment #29) > That's not surprising. Users can override the plugin blocks, and it's > amazingly common for enterprises to never update their Java. It is interesting though that most crashes with this signature are coming from Aurora (from a small number of installations).
Comment 31•8 years ago
|
||
These are definitely a lot of enterprise apps. Many of the non-empty crash URLs are intranet IP addresses, file:/// URLs, and various countries' .gov sites. Benjamin said in comment 12 that crashing immediately is better than a leak leading to a gradual slowdown. But the crash stops the user from completing their enterprise task, while the leak would be limited to the plugin process, which is reaped when the plugin is no longer in use. That seems like a reasonable trade-off to me. To minimize the slowdown issue, we could also reap unused Java plugin processes more frequently than other plugin processes.
Comment 32•8 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #31) > These are definitely a lot of enterprise apps. Many of the non-empty crash > URLs are intranet IP addresses, file:/// URLs, and various countries' .gov > sites. > > Benjamin said in comment 12 that crashing immediately is better than a leak > leading to a gradual slowdown. But the crash stops the user from completing > their enterprise task, while the leak would be limited to the plugin > process, which is reaped when the plugin is no longer in use. That seems > like a reasonable trade-off to me. To minimize the slowdown issue, we could > also reap unused Java plugin processes more frequently than other plugin > processes. ~98% of the crashes have an empty URL (in Aurora ~100% of the crashes). It still seems very strange to me that this crash has been #1 in the top crashers list for Aurora for a while, since I wouldn't expect enterprise users to use Aurora. I've noticed this crash was not a top-crasher before we had the infobar to submit crashes, and indeed basically all crashes with this signature on Aurora have submitted_from_infobar=true.
Comment 33•8 years ago
|
||
(In reply to Marco Castelluccio [:marco] from comment #32) > I've noticed this crash was not a top-crasher before we had the infobar > to submit crashes, and indeed basically all crashes with this signature > on Aurora have submitted_from_infobar=true. Oh, philipp already noticed this before (comment 19).
[Tracking Requested - why for this release]: This was mentioned as a top crasher in the channel meeting today.
status-firefox51:
--- → affected
tracking-firefox51:
--- → ?
Comment 36•8 years ago
|
||
Mark 51 fix-optional as the volume of installation of the crash is low.
Updated•8 years ago
|
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•