[10.6] Crash [@ JVM_Lseek ] triggered by bad interaction between JEP and Silverlight -- Apple and Microsoft bugs

RESOLVED FIXED

Status

()

Core
Plug-ins
--
critical
RESOLVED FIXED
8 years ago
6 years ago

People

(Reporter: marcia, Assigned: smichaud)

Tracking

({crash})

1.9.1 Branch
x86
Mac OS X
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [crashkill], crash signature, URL)

Attachments

(1 attachment)

Seen while running Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5

STR:
1. Load site in a tab and then select it.
2. Crash

http://tinyurl.com/yzzmwat is a list of the the crashes in this stack. This bug occurs using 3.0.x, 3.5.x and 3.6 builds.

http://crash-stats.mozilla.com/report/index/bp-938d66c1-d12a-4861-99f4-0662f2091204 is my crash report using 10.6.
Many of the comments in this bug mention using the Blackboard eLearning system, and I have seen mention of crashes on Twitter as well that involved Blackboard. So fixing this bug might mean the experience for those using Blackboard would be vastly improved.
Version: unspecified → 1.9.1 Branch
I forgot to add that the site in the URL crashes for me 100% of the time using 10.6.2.

Comment 3

8 years ago
orrelation to releases

checking --- 20091203-crashdata.csv VM_Lseek
release total-crashes
              VM_Lseek crashes
                         pct.
all     227654  73      0.000320662
3.0.15  46823   4       0.000000000...
3.5.5   120949  54      0.000446469
3.6b4   18432   10      0.000542535
3.6b3   1579            0
3.6b2   1255            0
3.6b1   2924            0

os breakdown
60      0.821918        Mac OS X10.6.2 10C540
9       0.123288        Mac OS X10.6.1 10B504
4       0.0547945       Mac OS X10.6.0 10A432

Comment 4

8 years ago
In addition to this blackboard app platform that seems to be in wide use at a number of education instititions we also seem to be hitting this on bank sites.

domains of sites
   2 https://www2.bancobrasil.com.br
   2 https://mycourses.mcgill.ca
   2 http://www.facebook.com
   1 https://www2.webvista.umn.edu
   1 https://www2.sparebank1.no
   1 https://www1.gotomeeting.com
   1 https://www.netbank.nordea.dk
   1 https://www.lind-waldock.com
   1 https://wia-s-macbook-wwenyboqhn.app05.logmein.com
   1 https://webct.unr.edu
   1 https://webcourses.ucf.edu
   1 https://webcampus.nevada.edu
   1 https://vistaserver.ncsu.edu
   1 https://vista.sheridaninstitute.ca
   1 https://remote.thedacare.org
   1 https://ramct.colostate.edu
   1 https://nettbanken.nordea.no
   1 https://nettbank.edb.com
   1 https://myasucourses.asu.edu
   1 https://lms.tamu.edu
   1 https://learn.uh.edu
   1 https://infinitecampus.fayette.kyschools.us
   1 https://hb.quiubi.it
   1 https://halite.scasd.org:8081
   1 https://fronter.com
   1 https://dell-pc-qmkgpivpcn.app01-08.logmein.com
   1 https://dell-hitfndgdym.app03.logmein.com
   1 https://culearn.colorado.edu
   1 https://ce6.howardcc.edu
   1 https://campus.fsu.edu
   1 https://blackboard.missouri.edu
   1 https://bb.pdx.edu
   1 https://archlabvdm.corp.emc.com
   1 https://205.160.181.242
   1 http://wwwin-cts.cisco.com:8053
   1 http://www167.pair.com
   1 http://www.wdsoftware.com
   1 http://www.waterone.org
   1 http://www.universalsports.com
   1 http://www.soccermanager.com
   1 http://www.sigmaaldrich.com
   1 http://www.runescape.com
   1 http://www.intern.facebook.com
   1 http://www.higginsbeachproperties.com
   1 http://www.google.ca
   1 http://www.cnn.com
   1 http://www.brookfieldwashington.com
   1 http://www.break.com
   1 http://www.bing.com
   1 http://www.77chat.com
   1 http://searchcloudcomputing.techtarget.com
   1 http://pages.cpsc.ucalgary.ca
   1 http://online.wilife.com
   1 http://messages.finance.yahoo.com
   1 http://lms.uconn.edu
   1 http://iex.nl
   1 http://educause.mediasite.com
   1 http://abc.go.com

Comment 5

8 years ago
mary/jay,  is there a match on any campus reps and the .edu's listed above?

if there are can we get them to help in diagnosing?

Comment 6

8 years ago
if we do the bank testing outreach program we should also get testers to watch for this bug as well.

Comment 7

8 years ago
Hey guys:  I'll be honest - I don't completely understand this bug :)  We have a Faebook group for beta testers now.  Is there something you want people to specifically look into?

http://www.facebook.com/#/group.php?gid=173578463110&ref=ts

Comment 8

8 years ago
we could also try some outreach to http://www.blackboard.com/Support/Overview.aspx to see if they can provide a test case showing how the app tickles bugs in java and/or firefox.
So this is 10.6 only? Which version of Java is causing this crash? Sadly we do not have any version information in the modules list.
This does seem to be 10.6 only.

Unfortunately JVM_Lseek is almost certainly a spurious symbol:  I often see it in Java crash stacks, in places where it makes no sense to be.

So crashes with this stack are likely to be caused by several, unrelated bugs.
crashes with this stack -> crashes with this signature
(In reply to comment #0)

> 1. Load site in a tab and then select it.

What does this mean?

I don't see any crashes just loading http://neryc.com/ and playing around with it.

Comment 13

8 years ago
So, typically a symbol like this is one of a very small number of publicly exported functions, and is therefore picked by the stack walkers in an act of desperation.
Summary: Crash in [ @ JVM_Lseek ] when loading site → Crash in [@ JVM_Lseek ] when loading site
Steven: If you come down to the lab while you are here I can reproduce it for you live!
Summary: Crash in [@ JVM_Lseek ] when loading site → Crash in [ @ JVM_Lseek ] when loading site
Summary: Crash in [ @ JVM_Lseek ] when loading site → Crash in [@ JVM_Lseek ] when loading site
These crashes are 100% correlated with the Silverlight plugin (coreclr
and agcore) -- even though http://neryc.com/ doesn't contain any
Silverlight plugins.  (See the "interesting-modules" files at
http://people.mozilla.com/crash_analysis/.)

Marcia, please try to reproduce this bug's crashes with and without a
Silverlight plugin in another tab (in the same window).

Here's an example Silverlight plugin (from bug 520312 comment #19):

http://silverlight.services.live.com/invoke/99030/ControlsDemo/iframe.html
> Marcia, please try to reproduce this bug's crashes with and without
> a Silverlight plugin in another tab (in the same window).

I haven't been able to reproduce the crashes, with or without a
Silverlight plugin in another tab.

I tested with FF 3.5.5 on OS X 10.6.2.

When I was at MV Marcia showed me her STR (though it didn't crash at
the time).  Here's more detailed STR, based on what I saw her do:

1) Make sure the following Tabs preference is unchecked (as it is by
   default):

   When I open a link in a new tab, switch to it immediately.

2) Right-click on http://neryc.com/ and choose "Open link in new tab".

3) Quickly select the new tab (click on it with the mouse), before
   it's finished loading.
> http://silverlight.services.live.com/invoke/99030/ControlsDemo/iframe.html

It's possible this bug is triggered by specific Silverlight plugins, and not just by any Silverlight plugin.
This bug's crashes are also 100% correlated with the Flash plugin.
Steven: Using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2b6pre) Gecko/20100104 Namoroka/3.6b6pre, I can easily repro the crash.

STR:
1. load http://neryc.com/ in a new tab by right clicking on a link and selecting open in new tab.
2. load http://silverlight.services.live.com/invoke/99030/ControlsDemo/iframe.html in a new tab by right clicking on the link and selecting open in new tab.
3. Move your mouse to the first tab and select.
4. Crash.

http://crash-stats.mozilla.com/report/index/bp-64121a91-51b2-4611-ab72-cf5ef2100104
Created attachment 419960 [details]
Gdb stack trace for comment #19 STR (1.9.2 branch)

(In reply to comment #19)

Thanks, Marcia!

I also crash with your latest STR.

Note that my modules list doesn't include Flash.  I'm going to try to
reduce the STR further.

I tested using a current 1.9.2-branch opt build with debug symbols.
Forgot to post my own Breakpad crash report:

bp-866ee1b0-b8e3-4c1e-874d-6df5e2100104
I've now found several ways to trigger this bug's crash, none of which
require that the "When I open a link in a new tab, switch to it
immediately" setting be turned off.

It seems all you have to do is load a Java applet before you've loaded
any Silverlight plugins.  Then you'll crash after you've loaded a
Silverlight plugin and another Java applet.  These plugins/applets
don't have to be loaded in the same window (or tab).  Previously
loaded ones don't need still to be loaded.

You don't ever crash (at least not this bug's crash) if your first
Silverlight plugin is loaded before your first Java applet.

So, for example, the following steps always crash on OS X 10.6.2:

1) Start Firefox (3.0.X, 3.5.X, or 3.6) and visit the following URL:

   http://java.sun.com/applets/jdk/1.4/demo/applets/Clock/example1.html

   (Close this window or keep it open, as you choose.)

2) Open a new window and visit
   http://silverlight.services.live.com/invoke/99030/ControlsDemo/iframe.html.

   (Close this window or keep it open, as you choose.)

3) Open a new window and visit
   http://java.sun.com/applets/jdk/1.4/demo/applets/Clock/example1.html.

   At this point you should crash.

You don't crash if you skip step 1.

This is probably an Apple bug ... but it's unlikely I'll be able to
track it down.  It doesn't help that Apple's JVMs and the Silverlight
plugin both have most of their symbols stripped.

I do have a hunch about how I might be able to change the JEP to get
around this bug.  But it may be a few days before I get a chance to
try it out.
Summary: Crash in [@ JVM_Lseek ] when loading site → [10.6] Crash in [@ JVM_Lseek ] caused by bad interaction between JEP and Silverlight -- probable Apple bug
(Assignee)

Updated

8 years ago
Summary: [10.6] Crash in [@ JVM_Lseek ] caused by bad interaction between JEP and Silverlight -- probable Apple bug → [10.6] Crash [@ JVM_Lseek ] caused by bad interaction between JEP and Silverlight -- probable Apple bug
(Assignee)

Updated

8 years ago
Assignee: nobody → smichaud
(Assignee)

Updated

8 years ago
Summary: [10.6] Crash [@ JVM_Lseek ] caused by bad interaction between JEP and Silverlight -- probable Apple bug → [10.6] Crash [@ JVM_Lseek ] triggered by bad interaction between JEP and Silverlight -- probable Apple bug
Comment #22's STR cause different crashes on OS X 10.5, for which I've opened bug 540640.
I've got an explanation of these crashes at bug 540640 comment #3 and
following.
Summary: [10.6] Crash [@ JVM_Lseek ] triggered by bad interaction between JEP and Silverlight -- probable Apple bug → [10.6] Crash [@ JVM_Lseek ] triggered by bad interaction between JEP and Silverlight -- Apple and Microsoft bugs
I've got this bug fixed in my "current" version of the Java Embedding
Plugin (what will become JEP 0.9.7.3).  Or more precisely, I've worked
around the Apple and Microsoft bugs that cause this bug's crashes.

For more info see bug 540640.
(Assignee)

Updated

8 years ago
Depends on: 551327
I've just released a new version of the Java Embedding Plugin
(0.9.7.3) that fixes this bug (by working around it).  For more
information see bug 551327.
JEP 0.9.7.3 has now landed on the 1.9.2 and 1.9.1 branches, and should
be in tomorrow's Firefox 3.6.3pre and 3.1.10pre nightlies (at
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/).

Please test with them and let us know your results.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Crash Signature: [@ JVM_Lseek ]
You need to log in before you can comment on or make changes to this bug.