Closed Bug 572134 Opened 15 years ago Closed 14 years ago

[OOPP] Plugin-container crashes[@FlashPlayer-10.6@0x4d6879][@FlashPlayer-10.6@0x654702][@FlashPlayer-10.6@0x4cf5e9][@FlashPlayer-10.6@0x64ca42][@FlashPlayer-10.6@0x4b6df9][@FlashPlayer-10.6@0x626082][@FlashPlayer-10.6@0x4b4b39][@FlashPlayer-10.6@0x621592]

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(blocking2.0 betaN+)

Status:
VERIFIED FIXED
Milestone:
mozilla2.0b10
Tracking Flags:
Tracking Status
blocking2.0 --- betaN+

People

(Reporter: illusionmist62442, Assigned: cjones)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [hardblocker])

Crash Data

Attachments

(2 files, 1 obsolete file)

"Undefer" the in-call that lost a race at stack-depth 1, if there is one, when RPCChannel code leaves the C++ stack, so that the in-call can be processed if there is an immediately following out-call
4.75 KB, patch
benjamin
: review+
Details | Diff | Splinter Review
Test
7.01 KB, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.3a6pre) Gecko/20100615 Minefield/3.7a6pre Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.3a6pre) Gecko/20100615 Minefield/3.7a6pre After I watched some YouTube clip, I go on and select another related movie in the same page. After a few plays plugin-container started and kept crashing. Reproducible: Always Steps to Reproduce: 1. Go to YouTube, click on any random clip. Make sure there's only one YouTube tab. 2. Play another random clip in the same tab or simply refresh the tab. 3. Repeat the above and within no more than a few times, Boooom. Actual Results: Plugin-container crashed, and under Mac OS users are still unable to send crash reports. Expected Results: Play. If there were still other tabs playing, or I opened new clips in new tabs then it seems to be just fine. My guess is that things go wrong when Flash gets reloaded too frequently.
I just found that it might have something to do with YouTube's new player If you just refresh the tab or browse through movies that still use old YouTube player then most likely you'll be fine, but once you try the steps on the new ones it just goes on and becomes this: playing fine, (refresh), crash, (refresh), fine, (refresh), crash, (refresh), fine, (refresh), crash... Just for reference you may try this as one of the "old" ones: http://www.youtube.com/watch?v=KRGRf2V9q_E And this as one of the "new" ones: http://www.youtube.com/watch?v=-VoFbH8jTzE Simply refresh the tab for a few times and you'll see what I mean.
Summary: [OOPP] Plugin-container crashes easily when Flash is reloaded → [OOPP] Plugin-container crashes easily with new YouTube player
Component: General → Plug-ins
Product: Firefox → Core
Version: unspecified → Trunk
Oops. Followed what's suggested in that article I tried with safe mode and there seems to be no problem! So it's about incompatible addons then?
OK. Seems to be a problem with FlashBlock. Although with it disabled or in safe mode I still get plugin-container crashes every now and then... Still no crash report functionality in Mac OS build, will get it manually and post here later.
QA Contact: general → plugins
I'm assuming you aren't using a 64bit version of firefox....
Severity: normal → critical
Keywords: stackwanted
Hardware: x86_64 → x86
Summary: [OOPP] Plugin-container crashes easily with new YouTube player → [OOPP][adblock?] Plugin-container crashes easily with new YouTube player
Yeah my bad... I just reproduced one, and here's what I copied from system Console: Process: plugin-container [9953] Path: /Applications/Minefield.app/Contents/MacOS/plugin-container Identifier: org.mozilla.minefield Version: 3.7a6pre (3.7a6pre) Code Type: X86 (Native) Parent Process: firefox-bin [9893] Date/Time: 2010-06-18 01:59:21.631 +0800 OS Version: Mac OS X 10.6.3 (10D573) Report Version: 6 Interval Since Last Report: 4370713 sec Crashes Since Last Report: 252 Per-App Interval Since Last Report: 305173 sec Per-App Crashes Since Last Report: 75 Anonymous UUID: 189C2B65-F71D-470E-8D26-4559D426BDA2 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000044c Crashed Thread: 0 Dispatch queue: com.apple.main-thread Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 ...dia.FlashPlayer-10.6.plugin 0x1620a9e9 main + 3241 1 ...dia.FlashPlayer-10.6.plugin 0x1621606e main + 49966 2 ...dia.FlashPlayer-10.6.plugin 0x161f621c unregister_ShockwaveFlash + 426332 3 ...dia.FlashPlayer-10.6.plugin 0x1613c80a 0x15d55000 + 4093962 4 ...dia.FlashPlayer-10.6.plugin 0x1613e5fe 0x15d55000 + 4101630 5 ...dia.FlashPlayer-10.6.plugin 0x161023c0 0x15d55000 + 3855296 6 ...dia.FlashPlayer-10.6.plugin 0x160acee2 0x15d55000 + 3505890 7 ...dia.FlashPlayer-10.6.plugin 0x160b5559 0x15d55000 + 3540313 8 ...dia.FlashPlayer-10.6.plugin 0x1620db07 main + 15815 9 com.apple.CoreFoundation 0x95cbc15b __CFRunLoopDoSources0 + 1563 10 com.apple.CoreFoundation 0x95cb9c1f __CFRunLoopRun + 1071 11 com.apple.CoreFoundation 0x95cb90f4 CFRunLoopRunSpecific + 452 12 com.apple.CoreFoundation 0x95cb8f21 CFRunLoopRunInMode + 97 13 com.apple.HIToolbox 0x966d80fc RunCurrentEventLoopInMode + 392 14 com.apple.HIToolbox 0x966d7eb1 ReceiveNextEventCommon + 354 15 com.apple.HIToolbox 0x966d7d36 BlockUntilNextEventMatchingListInMode + 81 16 com.apple.AppKit 0x9443a135 _DPSNextEvent + 847 17 com.apple.AppKit 0x94439976 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 156 18 com.apple.AppKit 0x943fbbef -[NSApplication run] + 821 19 XUL 0x00ca2eed base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 109 20 XUL 0x00ca2566 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 70 21 XUL 0x00c90f94 MessageLoop::Run() + 68 22 XUL 0x0001ec2e XRE_InitChildProcess + 606 23 plugin-container 0x00001fef main + 47 24 plugin-container 0x00001f96 start + 54 Thread 1: Dispatch queue: com.apple.libdispatch-manager 0 libSystem.B.dylib 0x94273b42 kevent + 10 1 libSystem.B.dylib 0x9427425c _dispatch_mgr_invoke + 215 2 libSystem.B.dylib 0x94273719 _dispatch_queue_invoke + 163 3 libSystem.B.dylib 0x942734be _dispatch_worker_thread2 + 240 4 libSystem.B.dylib 0x94272f41 _pthread_wqthread + 390 5 libSystem.B.dylib 0x94272d86 start_wqthread + 30 Thread 2: 0 libSystem.B.dylib 0x9424d32a semaphore_signal_thread_trap + 10 1 libSystem.B.dylib 0x942826eb pthread_cond_signal_thread_np + 342 2 libSystem.B.dylib 0x94282593 pthread_cond_signal + 25 3 libnspr4.dylib 0x02186d78 pt_PostNotifies + 200 4 libnspr4.dylib 0x02186fba PR_Unlock + 90 5 XUL 0x00be3c0c mozilla::ipc::RPCChannel::OnMessageReceived(IPC::Message const&) + 188 6 XUL 0x00c9f2aa IPC::Channel::ChannelImpl::ProcessIncomingMessages() + 1258 7 XUL 0x00c9fc1f IPC::Channel::ChannelImpl::OnFileCanReadWithoutBlocking(int) + 255 8 XUL 0x00c88d7e event_base_loop + 798 9 XUL 0x00c9ba3e base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) + 190 10 XUL 0x00c90f94 MessageLoop::Run() + 68 11 XUL 0x00c96ead base::Thread::ThreadMain() + 109 12 XUL 0x00c9c1b1 ThreadFunc(void*) + 17 13 libSystem.B.dylib 0x9427aa19 _pthread_start + 345 14 libSystem.B.dylib 0x9427a89e thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x9427b262 __semwait_signal + 10 1 libSystem.B.dylib 0x9427af1e _pthread_cond_wait + 1191 2 libSystem.B.dylib 0x9427cbb8 pthread_cond_wait$UNIX2003 + 73 3 ...dia.FlashPlayer-10.6.plugin 0x1619933f unregister_ShockwaveFlash + 45695 4 ...dia.FlashPlayer-10.6.plugin 0x15d6d884 0x15d55000 + 100484 5 ...dia.FlashPlayer-10.6.plugin 0x1619943e unregister_ShockwaveFlash + 45950 6 ...dia.FlashPlayer-10.6.plugin 0x16199575 unregister_ShockwaveFlash + 46261 7 libSystem.B.dylib 0x9427aa19 _pthread_start + 345 8 libSystem.B.dylib 0x9427a89e thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x9427b262 __semwait_signal + 10 1 libSystem.B.dylib 0x9427af1e _pthread_cond_wait + 1191 2 libSystem.B.dylib 0x9427cbb8 pthread_cond_wait$UNIX2003 + 73 3 ...dia.FlashPlayer-10.6.plugin 0x1619933f unregister_ShockwaveFlash + 45695 4 ...dia.FlashPlayer-10.6.plugin 0x15d6d884 0x15d55000 + 100484 5 ...dia.FlashPlayer-10.6.plugin 0x1619943e unregister_ShockwaveFlash + 45950 6 ...dia.FlashPlayer-10.6.plugin 0x16199575 unregister_ShockwaveFlash + 46261 7 libSystem.B.dylib 0x9427aa19 _pthread_start + 345 8 libSystem.B.dylib 0x9427a89e thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x9424d35a semaphore_timedwait_signal_trap + 10 1 libSystem.B.dylib 0x9427aea1 _pthread_cond_wait + 1066 2 libSystem.B.dylib 0x942a9a28 pthread_cond_timedwait_relative_np + 47 3 com.apple.audio.CoreAudio 0x93b52965 CAGuard::WaitFor(unsigned long long) + 219 4 com.apple.audio.CoreAudio 0x93b55997 CAGuard::WaitUntil(unsigned long long) + 289 5 com.apple.audio.CoreAudio 0x93b53294 HP_IOThread::WorkLoop() + 1892 6 com.apple.audio.CoreAudio 0x93b52b2b HP_IOThread::ThreadEntry(HP_IOThread*) + 17 7 com.apple.audio.CoreAudio 0x93b52a42 CAPThread::Entry(CAPThread*) + 140 8 libSystem.B.dylib 0x9427aa19 _pthread_start + 345 9 libSystem.B.dylib 0x9427a89e thread_start + 34 Thread 6: 0 libSystem.B.dylib 0x94272bd2 __workq_kernreturn + 10 1 libSystem.B.dylib 0x94273168 _pthread_wqthread + 941 2 libSystem.B.dylib 0x94272d86 start_wqthread + 30 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x19e36000 ebx: 0x1ed155e0 ecx: 0x00000000 edx: 0x000fc080 edi: 0x19e36000 esi: 0x1ed4e000 ebp: 0xbfffd2b8 esp: 0xbfffd2b8 ss: 0x00000023 efl: 0x00010246 eip: 0x1620a9e9 cs: 0x0000001b ds: 0x00000023 es: 0x00000023 fs: 0x00000000 gs: 0x0000000f cr2: 0x0000044c Binary Images: 0x1000 - 0x1ffe +plugin-container ??? (???) <8998AAA0-01F6-CD1A-778B-A30F198851C0> /Applications/Minefield.app/Contents/MacOS/plugin-container 0x5000 - 0x5ff6 +libxpcom.dylib ??? (???) <742EBD3F-EF81-C339-321F-DAF586BCBEC5> /Applications/Minefield.app/Contents/MacOS/libxpcom.dylib 0xb000 - 0xbff0 +libmozalloc.dylib ??? (???) <69334B67-E45F-4EC6-20A9-3709EC9BA45D> /Applications/Minefield.app/Contents/MacOS/libmozalloc.dylib 0xf000 - 0xf52fff +XUL ??? (???) <1B5BFA83-041D-E23A-C9D4-173DC2C8AB49> /Applications/Minefield.app/Contents/MacOS/XUL 0x2151000 - 0x2156ff7 +libplds4.dylib ??? (???) <BE851094-F1AE-1B9D-B246-06ACF3860AAF> /Applications/Minefield.app/Contents/MacOS/libplds4.dylib 0x215e000 - 0x2164fef +libplc4.dylib ??? (???) <ADED5040-FB5B-DC6B-AC6A-327F187E93B0> /Applications/Minefield.app/Contents/MacOS/libplc4.dylib 0x216d000 - 0x2196fef +libnspr4.dylib ??? (???) <5049CC5E-3B8D-8911-1D46-F80E011E4198> /Applications/Minefield.app/Contents/MacOS/libnspr4.dylib 0x21b9000 - 0x222afef +libmozsqlite3.dylib ??? (???) <7A274168-9143-EFA1-6998-ACFBE6685D1A> /Applications/Minefield.app/Contents/MacOS/libmozsqlite3.dylib 0x2251000 - 0x23edfe3 +libmozjs.dylib ??? (???) <8C550536-2172-C14D-FD99-A48041D7CA26> /Applications/Minefield.app/Contents/MacOS/libmozjs.dylib 0x2474000 - 0x2489ffc +libsmime3.dylib ??? (???) <0B1AED4B-03E4-E031-5E23-4D9CEE7A191B> /Applications/Minefield.app/Contents/MacOS/libsmime3.dylib 0x24a3000 - 0x24ceffb +libssl3.dylib ??? (???) <99921D37-6A5E-1E8D-3636-FD3D3D357092> /Applications/Minefield.app/Contents/MacOS/libssl3.dylib 0x24e8000 - 0x25a3fff +libnss3.dylib ??? (???) <D70E442B-C87D-FD29-51EE-556968420A4E> /Applications/Minefield.app/Contents/MacOS/libnss3.dylib 0x2621000 - 0x262efff +libnssutil3.dylib ??? (???) <CDF2C3E4-D3C8-5C92-16DF-A70A39885E21> /Applications/Minefield.app/Contents/MacOS/libnssutil3.dylib 0x2643000 - 0x26f8fe7 libcrypto.0.9.7.dylib 0.9.7 (compatibility 0.9.7) <0B69B1F5-3440-B0BF-957F-E0ADD49F13CB> /usr/lib/libcrypto.0.9.7.dylib 0x27af000 - 0x27b2ff2 +com.macromedia.Flash Player.plugin 10.1.53.64 (10.1.53.64) <4FE0EBB4-DD56-E42E-1792-6466E720365F> /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player 0x27d4000 - 0x27d4ff7 +net.sourceforge.SafariAdBlockLoader 0.4.0 RC3 (0.4.0 RC3) <8E9A6641-9CE7-5416-DC84-883DB8BAFDDA> /Library/InputManagers/Safari AdBlock/Safari AdBlock Loader.bundle/Contents/MacOS/Safari AdBlock Loader 0x2cdb000 - 0x2cdefef com.apple.LiveType.component 2.1.3 (2.1.3) /Library/QuickTime/LiveType.component/Contents/MacOS/LiveType 0x2ce3000 - 0x2ce7ff3 com.apple.audio.AudioIPCPlugIn 1.1.2 (1.1.2) <C36F9194-6DB6-0AA8-4839-71191EEBAC65> /System/Library/Extensions/AudioIPCDriver.kext/Contents/Resources/AudioIPCPlugIn.bundle/Contents/MacOS/AudioIPCPlugIn 0x15d55000 - 0x16720fd3 +com.macromedia.FlashPlayer-10.6.plugin 10.1.53.64 (10.1.53.64) <28AEE5D0-CE3E-55DB-5AE5-787143EC0F96> /Library/Internet Plug-Ins/Flash Player.plugin/Contents/PlugIns/FlashPlayer-10.6.plugin/Contents/MacOS/FlashPlayer-10.6 0x167f3000 - 0x16858fde com.apple.LiveType.framework 2.1.3 (2.1.3) /System/Library/PrivateFrameworks/LiveType.framework/Versions/A/LiveType 0x18837000 - 0x189aafe7 GLEngine ??? (???) <F0181B85-962E-508D-4912-056D87F8E96E> /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine 0x189dc000 - 0x18da0fff com.apple.ATIRadeonX2000GLDriver 1.6.10 (6.1.0) <9B57C8E6-B6F7-24F4-0DC8-8CBC61F5306B> /System/Library/Extensions/ATIRadeonX2000GLDriver.bundle/Contents/MacOS/ATIRadeonX2000GLDriver 0x18dcd000 - 0x18df0fe7 GLRendererFloat ??? (???) <65E1E174-28E0-3FA9-E391-504891B69818> /System/Library/Frameworks/OpenGL.framework/Resources/GLRendererFloat.bundle/GLRendererFloat 0x18fcf000 - 0x18fddfe7 libSimplifiedChineseConverter.dylib 49.0.0 (compatibility 1.0.0) <4C9CC2D9-2F13-4465-5447-2516FCD9255B> /System/Library/CoreServices/Encodings/libSimplifiedChineseConverter.dylib 0x1a0c4000 - 0x1a0d6ff7 libTraditionalChineseConverter.dylib 49.0.0 (compatibility 1.0.0) <C4E0D62B-4D1A-8DAD-D10B-2C055AA0479C> /System/Library/CoreServices/Encodings/libTraditionalChineseConverter.dylib 0x70000000 - 0x700caffb com.apple.audio.units.Components 1.6.1 (1.6.1) <AEC44B68-A209-4093-36B0-7B740361249B> /System/Library/Components/CoreAudio.component/Contents/MacOS/CoreAudio 0x8fe00000 - 0x8fe4162b dyld 132.1 (???) <211AF0DD-42D9-79C8-BB6A-1F4BEEF4B4AB> /usr/lib/dyld 0x90003000 - 0x90105fef com.apple.MeshKitIO 1.1 (49.2) <34322CDD-E67E-318A-F03A-A3DD05201046> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/Frameworks/MeshKitIO.framework/Versions/A/MeshKitIO 0x90106000 - 0x9010fff7 com.apple.DiskArbitration 2.3 (2.3) <E9C40767-DA6A-6CCB-8B00-2D5706753000> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x901d9000 - 0x901deff7 com.apple.OpenDirectory 10.6 (10.6) <92582807-E8F3-3DD9-EB42-4195CFB754A1> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory 0x901df000 - 0x9021dff7 com.apple.CoreMedia 0.484.5 (484.5) <35725D22-4549-5568-8E8C-62E0AD0E90F7> /System/Library/PrivateFrameworks/CoreMedia.framework/Versions/A/CoreMedia 0x90233000 - 0x90233ff7 com.apple.CoreServices 44 (44) <AC35D112-5FB9-9C8C-6189-5F5945072375> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90234000 - 0x9023fff7 com.apple.CrashReporterSupport 10.6.3 (250) <E2835962-67A2-CA10-4016-467175851348> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x90240000 - 0x9041bff3 libType1Scaler.dylib ??? (???) <944F686E-9CC2-03F0-A139-8F322F0AC49F> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libType1Scaler.dylib 0x9041c000 - 0x9059efe7 libicucore.A.dylib 40.0.0 (compatibility 1.0.0) <96A45E03-2B29-83EB-0FC6-2C932E398722> /usr/lib/libicucore.A.dylib 0x9059f000 - 0x905e1ff7 libvDSP.dylib 268.0.1 (compatibility 1.0.0) <3F0ED200-741B-4E27-B89F-634B131F5E9E> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x905e2000 - 0x905e4ff7 libRadiance.dylib ??? (???) <9358E1EF-F802-B76E-8E23-2D0695787CFB> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x90607000 - 0x90678ff7 com.apple.AppleVAFramework 4.8.11 (4.8.11) <BDDDFA36-4B53-4B57-B3D4-427DA8226A80> /System/Library/PrivateFrameworks/AppleVA.framework/Versions/A/AppleVA 0x90679000 - 0x90e68537 com.apple.CoreGraphics 1.543.33 (???) <C57E2964-80AF-6346-6D3E-23AED9D26977> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x90e69000 - 0x90eb9ff7 com.apple.framework.familycontrols 2.0.1 (2010) <50E74916-19A5-F2FC-AB57-76F2C8DDF0A7> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls 0x90f86000 - 0x90f88ff7 com.apple.securityhi 4.0 (36638) <962C66FB-5BE9-634E-0810-036CB340C059> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x90f89000 - 0x90fbdff7 libssl.0.9.8.dylib 0.9.8 (compatibility 0.9.8) <5FEC74CA-1D3C-B6E3-E046-3970095C44BC> /usr/lib/libssl.0.9.8.dylib 0x90fbe000 - 0x9133dff3 com.apple.RawCamera.bundle 3.0.2 (527) <981AB834-6C34-6FA5-F886-01DF06C56609> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x91362000 - 0x913d1ff7 libvMisc.dylib 268.0.1 (compatibility 1.0.0) <2FC2178F-FEF9-6E3F-3289-A6307B1A154C> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x913d2000 - 0x91416ff3 com.apple.coreui 2 (114) <29F8F1A4-1C96-6A0F-4CC2-9B85CF83209F> /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x91435000 - 0x91697ff3 com.apple.security 6.1.1 (37594) <1AC07F75-7E27-9662-21DA-B05DFF047B26> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x91698000 - 0x91854ff3 com.apple.ImageIO.framework 3.0.2 (3.0.1) <CB39B067-58B8-70DB-3E40-160604664A6D> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91855000 - 0x9190efe7 libsqlite3.dylib 9.6.0 (compatibility 9.0.0) <16CEF8E8-8C9A-94CD-EF5D-05477844C005> /usr/lib/libsqlite3.dylib 0x9190f000 - 0x9191fff7 libsasl2.2.dylib 3.15.0 (compatibility 3.0.0) <C8744EA3-0AB7-CD03-E639-C4F2B910BE5D> /usr/lib/libsasl2.2.dylib 0x91921000 - 0x919d1ff3 com.apple.ColorSync 4.6.3 (4.6.3) <68B6A1B9-86CF-0C5A-7D63-56ED4BB2EB5B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x919d2000 - 0x91aafff7 com.apple.vImage 4.0 (4.0) <64597E4B-F144-DBB3-F428-0EC3D9A1219E> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91b24000 - 0x91b57ff7 com.apple.AE 496.4 (496.4) <7F34EC47-8429-3077-8158-54F5EA908C66> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91b58000 - 0x91b6dfff com.apple.ImageCapture 6.0 (6.0) <3F31833A-38A9-444E-02B7-17619CA6F2A0> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x91b6e000 - 0x91b7cff7 com.apple.opengl 1.6.7 (1.6.7) <3C529790-DEE9-AC27-A879-806E4C23323C> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x91b8c000 - 0x91c3aff3 com.apple.ink.framework 1.3.3 (107) <57B54F6F-CE35-D546-C7EC-DBC5FDC79938> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x91c3b000 - 0x91c3eff7 libCoreVMClient.dylib ??? (???) <98CB96B1-85FE-25AF-AB19-ED061912FC3E> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreVMClient.dylib 0x91c3f000 - 0x91cdcfe3 com.apple.LaunchServices 362.1 (362.1) <885D8567-9E40-0105-20BC-42C7FF657583> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x91e6b000 - 0x91e6fff7 IOSurface ??? (???) <4B825ADA-8DBE-6BA2-1AB3-307D2C3AFCA8> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface 0x91e70000 - 0x91e96fff com.apple.DictionaryServices 1.1.1 (1.1.1) <02709230-9B37-C743-6E27-3FCFD18211F8> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x91e97000 - 0x91edaff7 com.apple.NavigationServices 3.5.4 (182) <753B8906-06C0-3AE0-3D6A-8FF5AC18ED12> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x91f08000 - 0x91f4bff7 libGLU.dylib ??? (???) <CE02968E-930D-E63B-7B21-B87205F8B19A> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x91f4c000 - 0x91f4fffb com.apple.help 1.3.1 (41) <67F1F424-3983-7A2A-EC21-867BE838E90B> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x91f50000 - 0x91f50ff7 liblangid.dylib ??? (???) <B99607FC-5646-32C8-2C16-AFB5EA9097C2> /usr/lib/liblangid.dylib 0x91f51000 - 0x91f95fe7 com.apple.Metadata 10.6.3 (507.8) <53BB360A-1813-170D-827F-C1863EF15537> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x91fd7000 - 0x91febffb com.apple.speech.synthesis.framework 3.10.35 (3.10.35) <57DD5458-4F24-DA7D-0927-C3321A65D743> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x91fec000 - 0x91ffdff7 com.apple.LangAnalysis 1.6.6 (1.6.6) <7A3862F7-3730-8F6E-A5DE-8E2CCEA979EF> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x92014000 - 0x92028fe7 libbsm.0.dylib ??? (???) <14CB053A-7C47-96DA-E415-0906BA1B78C9> /usr/lib/libbsm.0.dylib 0x92029000 - 0x92093fe7 libstdc++.6.dylib 7.9.0 (compatibility 7.0.0) <411D87F4-B7E1-44EB-F201-F8B4F9227213> /usr/lib/libstdc++.6.dylib 0x92094000 - 0x921c0fff com.apple.audio.toolbox.AudioToolbox 1.6.3 (1.6.3) <F0D7256E-0914-8E77-E37B-9720430422AB> /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x921c1000 - 0x921ceff7 com.apple.NetFS 3.2.1 (3.2.1) <5E61A00B-FA16-9D99-A064-47BDC5BC9A2B> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS 0x921cf000 - 0x9268cffb com.apple.VideoToolbox 0.484.5 (484.5) <DA9B4FA8-B91C-43AC-1D84-0BFF46BB5BCE> /System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/VideoToolbox 0x9268d000 - 0x92697ffb com.apple.speech.recognition.framework 3.11.1 (3.11.1) <EC0E69C8-A121-70E8-43CF-E6FC4C7779EC> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92698000 - 0x92698ff7 com.apple.quartzframework 1.5 (1.5) <CEB78F00-C5B2-3B3F-BF70-DD6D578719C0> /System/Library/Frameworks/Quartz.framework/Versions/A/Quartz 0x92699000 - 0x926abff7 com.apple.MultitouchSupport.framework 204.12.1 (204.12.1) <6BB58E90-21FA-C491-F0E4-54B69CCDBBC0> /System/Library/PrivateFrameworks/MultitouchSupport.framework/Versions/A/MultitouchSupport 0x927e4000 - 0x927e5ff7 com.apple.MonitorPanelFramework 1.3.0 (1.3.0) <0EC4EEFF-477E-908E-6F21-ED2C973846A4> /System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPanel 0x927e6000 - 0x92825ff7 com.apple.ImageCaptureCore 1.0.1 (1.0.1) <A03C5D7E-54CD-D56D-E120-9B35EBC9D8F1> /System/Library/Frameworks/ImageCaptureCore.framework/Versions/A/ImageCaptureCore 0x92826000 - 0x9282cff7 com.apple.DisplayServicesFW 2.2.2 (251) <D8BB3A1F-29C7-A957-C781-794CC9550525> /System/Library/PrivateFrameworks/DisplayServices.framework/Versions/A/DisplayServices 0x9282d000 - 0x928c5fe7 edu.mit.Kerberos 6.5.9 (6.5.9) <73EC847F-FF44-D542-2AD5-97F6C8D48F0B> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x928c6000 - 0x92946feb com.apple.SearchKit 1.3.0 (1.3.0) <9E18AEA5-F4B4-8BE5-EEA9-818FC4F46FD9> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x9294c000 - 0x929c5ff7 com.apple.PDFKit 2.5.1 (2.5.1) <CEF13510-F08D-3177-7504-7F8853906DE6> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit 0x929c6000 - 0x929e7fe7 com.apple.opencl 12.1 (12.1) <1BCA4F60-E612-5C1B-EF50-A810D70CDF05> /System/Library/Frameworks/OpenCL.framework/Versions/A/OpenCL 0x929e8000 - 0x92ae9fe7 libxml2.2.dylib 10.3.0 (compatibility 10.0.0) <B4C5CD68-405D-0F1B-59CA-5193D463D0EF> /usr/lib/libxml2.2.dylib 0x92aea000 - 0x92de3fef com.apple.QuickTime 7.6.6 (1729) <4C99ED7D-5A4B-E41E-602D-2D01A99168CD> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x92e19000 - 0x92ee3fef com.apple.CoreServices.OSServices 357 (357) <764872C3-AE30-7F54-494D-4BA3CE4F4DFB> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x92ee4000 - 0x92f8dff7 com.apple.CFNetwork 454.9.4 (454.9.4) <2F8B5BA5-099F-6CDA-F500-4CA188BBCDBC> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x93026000 - 0x930ceffb com.apple.QD 3.35 (???) <B80B64BC-958B-DA9E-50F9-D7E8333CC5A2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x9315c000 - 0x93387ff3 com.apple.QuartzComposer 4.1 (156.13) <FE0BF06B-8D32-C712-7CCD-63D8918B8B6D> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer 0x933a1000 - 0x93493ff7 libcrypto.0.9.8.dylib 0.9.8 (compatibility 0.9.8) <7482933B-4AF6-ED55-AD72-4FBD1E134958> /usr/lib/libcrypto.0.9.8.dylib 0x937d9000 - 0x93809ff7 com.apple.MeshKit 1.1 (49.2) <ECFBD794-5D36-4405-6184-5568BFF29BF3> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/MeshKit 0x939b1000 - 0x93adffe7 com.apple.CoreData 102.1 (251) <E6A457F0-A0A3-32CD-6C69-6286E7C0F063> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93ae0000 - 0x93b31ff7 com.apple.HIServices 1.8.0 (???) <10C85B88-C6AF-91DB-2546-34661BA35AC5> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x93b32000 - 0x93bacfef com.apple.audio.CoreAudio 3.2.2 (3.2.2) <1F97B48A-327B-89CC-7C01-3865179716E0> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x93be4000 - 0x93c5bff3 com.apple.backup.framework 1.2.2 (1.2.2) <FE4C6311-EA63-15F4-2CF7-04CF7734F434> /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x93c5c000 - 0x93c60ff7 libGFXShared.dylib ??? (???) <286F466C-2856-B579-B87F-4E9A35C80263> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.dylib 0x93c80000 - 0x93e86feb com.apple.AddressBook.framework 5.0.1 (868) <2CCD7801-F3B8-CED3-D5D7-096AF8DC004D> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x93e87000 - 0x941eeff7 com.apple.QuartzCore 1.6.1 (227.18) <8A65F233-4C77-BA7C-5DDA-2423F5C1B7A1> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x941ef000 - 0x941faff7 libCSync.A.dylib 543.33.0 (compatibility 64.0.0) <F914F427-98EA-98BC-923D-47274A90D441> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x9424c000 - 0x943f1feb libSystem.B.dylib 125.0.1 (compatibility 1.0.0) <06A5336A-A6F6-4E62-F55F-4909A64631C2> /usr/lib/libSystem.B.dylib 0x943f2000 - 0x94cd1ff7 com.apple.AppKit 6.6.5 (1038.29) <E76A05A6-27C6-DA02-0961-5C8EEDC5F0A7> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x94df5000 - 0x94e11fe3 com.apple.openscripting 1.3.1 (???) <DA16DE48-59F4-C94B-EBE3-7FAF772211A2> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x94e12000 - 0x94e12ff7 com.apple.vecLib 3.6 (vecLib 3.6) <7362077A-890F-3AEF-A8AB-22247B10E106> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x94e13000 - 0x94e59ff7 libauto.dylib ??? (???) <85670A64-3B67-8162-D441-D8E0BE15CA94> /usr/lib/libauto.dylib 0x94e5a000 - 0x94ec8ff7 com.apple.QuickLookUIFramework 2.2 (327.4) <5B6A066B-B867-D3A3-BDEE-3D68FA5385B4> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/QuickLookUI 0x94ec9000 - 0x94f0aff7 libRIP.A.dylib 543.33.0 (compatibility 64.0.0) <C6E50C7E-EBEE-32AF-FF07-8E325E21A838> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94f0b000 - 0x94f0bff7 com.apple.Accelerate 1.6 (Accelerate 1.6) <BC501C9F-7C20-961A-B135-0A457667D03C> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x94f0c000 - 0x94f67ff7 com.apple.framework.IOKit 2.0 (???) <69E4FE93-376C-565E-650F-04FAD213AA24> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x9516a000 - 0x9519fff7 libcups.2.dylib 2.8.0 (compatibility 2.0.0) <458E819A-4E3F-333E-28CE-671281B318D3> /usr/lib/libcups.2.dylib 0x951a0000 - 0x951f8fe7 com.apple.datadetectorscore 2.0 (80.7) <A40AA74A-9D13-2A6C-5440-B50905923251> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDetectorsCore 0x951f9000 - 0x95214ff7 libPng.dylib ??? (???) <929FE8EE-277D-F6EB-D672-E6F4CEBF1504> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x9522e000 - 0x95284ff7 com.apple.MeshKitRuntime 1.1 (49.2) <F1EAE9EC-2DA3-BAFD-0A8C-6A3FFC96D728> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/Frameworks/MeshKitRuntime.framework/Versions/A/MeshKitRuntime 0x95285000 - 0x952cefe7 libTIFF.dylib ??? (???) <E45B169E-253E-E865-1501-97777D2702F2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x952cf000 - 0x952d5fff com.apple.CommonPanels 1.2.4 (91) <2438AF5D-067B-B9FD-1248-2C9987F360BA> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x952d6000 - 0x952d6ff7 com.apple.Carbon 150 (152) <608A04AB-F35D-D2EB-6629-16B88FB32074> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x952d7000 - 0x95312feb libFontRegistry.dylib ??? (???) <F50A60E1-3757-D007-A20D-A5504C17334C> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontRegistry.dylib 0x95327000 - 0x95365ff7 com.apple.QuickLookFramework 2.2 (327.4) <88A59C42-A200-FCB6-23EC-E848D0E14963> /System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook 0x95475000 - 0x956e5ffb com.apple.Foundation 6.6.2 (751.21) <DA7A173A-4435-ECD6-F4AF-977D722FD2F7> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x9575a000 - 0x957dcffb SecurityFoundation 36840.0.0 (compatibility 1.0.0) <29C27E0E-B2B3-BF6B-B1F8-5783B8B01535> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x9589d000 - 0x958e3ffb com.apple.CoreMediaIOServices 130.0 (1035) <397101F4-BA80-C8C2-F816-E2FBE5E15D4F> /System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/CoreMediaIOServices 0x958e4000 - 0x95c04feb com.apple.CoreServices.CarbonCore 861.6 (861.6) <D3D5D9F1-01ED-DCAD-6AA9-4ABE60C7A112> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x95c05000 - 0x95c09ff7 libGIF.dylib ??? (???) <03880BA1-7A86-0F2B-617A-C66B1D05DD70> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x95c0a000 - 0x95c3bff3 libTrueTypeScaler.dylib ??? (???) <F6A32C01-CD82-54F6-218E-0406D40D1D9A> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libTrueTypeScaler.dylib 0x95c3c000 - 0x95c7cff3 com.apple.securityinterface 4.0.1 (37214) <BBC88C96-8827-91DC-0CF6-7CB639183395> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x95c7d000 - 0x95df6ffb com.apple.CoreFoundation 6.6.1 (550.19) <1E97FB1E-9E42-B8EB-E463-5C75315FDA31> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x95df7000 - 0x95e1fff7 libxslt.1.dylib 3.24.0 (compatibility 3.0.0) <769EF4B2-C1AD-73D5-AAAD-1564DAEA77AF> /usr/lib/libxslt.1.dylib 0x95e20000 - 0x96236ff7 libBLAS.dylib 219.0.0 (compatibility 1.0.0) <C4FB303A-DB4D-F9E8-181C-129585E59603> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x96237000 - 0x963b7feb com.apple.MediaToolbox 0.484.5 (484.5) <6996E5E1-18B6-C734-8335-FE43670C1F9C> /System/Library/PrivateFrameworks/MediaToolbox.framework/Versions/A/MediaToolbox 0x963b8000 - 0x96453ff7 com.apple.ApplicationServices.ATS 4.2 (???) <3BEB7210-4C85-7309-B22D-695765526524> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9655b000 - 0x9657fff7 libJPEG.dylib ??? (???) <EDA86712-F49C-760C-BE55-9B899A4A5D1B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x96580000 - 0x965cdfeb com.apple.DirectoryService.PasswordServerFramework 6.0 (6.0) <BF66BA5D-BBC8-78A5-DBE2-F9DE3DD1D775> /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordServer 0x965ce000 - 0x965deff7 com.apple.DSObjCWrappers.Framework 10.6 (134) <81A0B409-3906-A98F-CA9B-A49E75007495> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x965f5000 - 0x966a2fe7 libobjc.A.dylib 227.0.0 (compatibility 1.0.0) <DF8E4CFA-3719-3415-0BF1-E8C5E561C3B1> /usr/lib/libobjc.A.dylib 0x966a3000 - 0x969c7fef com.apple.HIToolbox 1.6.2 (???) <F5F99E78-5377-DD54-6138-9FC84467F938> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x969c8000 - 0x969d2fe7 com.apple.audio.SoundManager 3.9.3 (3.9.3) <5F494955-7290-2D91-DA94-44B590191771> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x969fe000 - 0x96a36ff7 com.apple.LDAPFramework 2.0 (120.1) <001A70A8-3984-8E19-77A8-758893CC128C> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x96a37000 - 0x96b79fe3 com.apple.QTKit 7.6.6 (1729) <1EC021FB-AB8F-F8BF-0434-78C0A7B78EB2> /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit 0x96c66000 - 0x96d41fe7 com.apple.DesktopServices 1.5.5 (1.5.5) <ECEDFDF2-C40E-8DF0-F8FC-249CCA762E62> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x96d42000 - 0x96d43ff7 com.apple.audio.units.AudioUnit 1.6.3 (1.6.3) <959DFFAE-A06B-7FF6-B713-B2076893EBBD> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x96d44000 - 0x96d64fe7 libresolv.9.dylib 40.0.0 (compatibility 1.0.0) <03019DD7-993D-AC88-6636-179F92F315C4> /usr/lib/libresolv.9.dylib 0x96dcc000 - 0x96ed8ff7 libGLProgrammability.dylib ??? (???) <CA0A975B-2BEE-44E7-CFA6-8105CFE6FE00> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x96ed9000 - 0x96f6bfe3 com.apple.print.framework.PrintCore 6.2 (312.5) <7729B4D7-D661-D669-FA7E-510F93F685A6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x96f6c000 - 0x96f6cff7 com.apple.Cocoa 6.6 (???) <EA27B428-5904-B00B-397A-185588698BCC> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x96f6d000 - 0x96f78ff7 libGL.dylib ??? (???) <EAD85409-9036-831B-C378-E50780305DA6> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x96f79000 - 0x973aeff7 libLAPACK.dylib 219.0.0 (compatibility 1.0.0) <5E2D2283-57DE-9A49-1DB0-CD027FEFA6C2> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x973ba000 - 0x9759cfff com.apple.imageKit 2.0.3 (1.0) <56AE34CD-4406-8AA2-DDBF-DBF902BD0E0A> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/ImageKit.framework/Versions/A/ImageKit 0x975eb000 - 0x9761cff7 libGLImage.dylib ??? (???) <AF110892-B10A-5B61-F898-21FB2BCE63BF> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x97792000 - 0x97799ff3 com.apple.print.framework.Print 6.1 (237.1) <97AB70B6-C653-212F-CFD3-E3816D0F5C22> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x9779a000 - 0x9779aff7 com.apple.ApplicationServices 38 (38) <8012B504-3D83-BFBB-DA65-065E061CFE03> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x986ed000 - 0x986f4ff7 com.apple.agl 3.0.12 (AGL-3.0.12) <6BF89127-C18C-27A9-F94A-981836A822FE> /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x986f5000 - 0x98717fef com.apple.DirectoryService.Framework 3.6 (621.3) <05FFDBDB-F16B-8AC0-DB42-986965FCBD95> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x98738000 - 0x98738ff7 com.apple.Accelerate.vecLib 3.6 (vecLib 3.6) <1DEC639C-173D-F808-DE0D-4070CC6F5BC7> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x98739000 - 0x98745ff7 libkxld.dylib ??? (???) <13F26BB6-C2F7-9D74-933E-09AD8B509ECD> /usr/lib/system/libkxld.dylib 0x98746000 - 0x98749ff7 libCGXType.A.dylib 543.33.0 (compatibility 64.0.0) <69BE578C-A364-A150-35E3-53EE00F56F05> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXType.A.dylib 0x98750000 - 0x987b1fe7 com.apple.CoreText 3.1.0 (???) <1372DABE-F183-DD03-03C2-64B2464A4FD5> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x987b2000 - 0x98883fe3 ColorSyncDeprecated.dylib 4.6.0 (compatibility 1.0.0) <0A608513-31AD-D533-8386-10245FD62057> /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ColorSync.framework/Versions/A/Resources/ColorSyncDeprecated.dylib 0x98884000 - 0x988a2ff7 com.apple.CoreVideo 1.6.1 (45.4) <E0DF044D-BF31-42CE-B690-FD1FCE07E64A> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x988a3000 - 0x988a5fe7 com.apple.ExceptionHandling 1.5 (10) <21F37A49-E63B-121E-D406-1BBC94BEC762> /System/Library/Frameworks/ExceptionHandling.framework/Versions/A/ExceptionHandling 0x988a6000 - 0x988e3ff7 com.apple.SystemConfiguration 1.10.2 (1.10.2) <830FED9E-3E24-004C-35D5-2C1273F79734> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x988e4000 - 0x988fcff7 com.apple.CFOpenDirectory 10.6 (10.6) <1537FB4F-C112-5D12-1E5D-3B1002A4038F> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory 0x98931000 - 0x98b26fe3 com.apple.JavaScriptCore 6533 (6533.13) <B6AF9DFD-138F-975C-F989-80E272265C8B> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x98c0b000 - 0x98c19fe7 libz.1.dylib 1.2.3 (compatibility 1.0.0) <82B2C254-6F8D-7BEA-4C18-038E90CAE19B> /usr/lib/libz.1.dylib 0x98c1a000 - 0x98cd0fff libFontParser.dylib ??? (???) <5935E105-1E45-886C-6420-C1CCA886C375> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontParser.dylib 0x98cd1000 - 0x98d35ffb com.apple.htmlrendering 72 (1.1.4) <4D451A35-FAB6-1288-71F6-F24A4B6E2371> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x98d36000 - 0x98d5dff7 com.apple.quartzfilters 1.6.0 (1.6.0) <879A3B93-87A6-88FE-305D-DF1EAED04756> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzFilters.framework/Versions/A/QuartzFilters 0x98d5e000 - 0x98d5fff7 com.apple.TrustEvaluationAgent 1.1 (1) <6C04C4C5-667E-2EBE-EB96-5B67BD4B2185> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent 0x99911000 - 0x9996bfe7 com.apple.CorePDF 1.1 (1.1) <E4608FF6-A27D-7DFC-5620-D86762502AC0> /System/Library/PrivateFrameworks/CorePDF.framework/Versions/A/CorePDF 0x9996c000 - 0x9996ffe7 libmathCommon.A.dylib 315.0.0 (compatibility 1.0.0) <1622A54F-1A98-2CBE-B6A4-2122981A500E> /usr/lib/system/libmathCommon.A.dylib 0xba900000 - 0xba916ff7 libJapaneseConverter.dylib 49.0.0 (compatibility 1.0.0) <4FB5CEEB-8D3E-8C57-1718-81D7CAFBFE69> /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0xbab00000 - 0xbab21fe7 libKoreanConverter.dylib 49.0.0 (compatibility 1.0.0) <A23F9980-5CC8-A44D-6FD6-DBFCBFF4FF28> /System/Library/CoreServices/Encodings/libKoreanConverter.dylib 0xffff0000 - 0xffff1fff libSystem.B.dylib ??? (???) <06A5336A-A6F6-4E62-F55F-4909A64631C2> /usr/lib/libSystem.B.dylib
...well, or I should just put them in a txt file. http://cl.ly/d67f941aa0c91ee0752a
in the future, please use the 'Add an attachment' link in the bug :)
Component: Plug-ins → Flash (Adobe)
Product: Core → Plugins
QA Contact: plugins → adobe-flash
Version: Trunk → 10.x
Missed that :P
Summary: [OOPP][adblock?] Plugin-container crashes easily with new YouTube player → [OOPP][flashblock?] Plugin-container crashes easily with new YouTube player
Doesn't Adobe have a public symbol server for their flash plugin these days?
afaiu, they've merely delivered symbols to mozilla, but i think that's only for winodws, not certain.
Well since the crash reporting for OOPP landed today, http://crash-stats.mozilla.com/report/index/62d61422-a6ae-4bc1-aedf-d85992100817
So is this a Flash plugin problem or a OOPP problem? 0|0|FlashPlayer-10.6||||0x621592 0|1|FlashPlayer-10.6||||0x61ce45 0|2|FlashPlayer-10.6||||0x61db1b 0|3|FlashPlayer-10.6||||0x3603d6 0|4|FlashPlayer-10.6||||0x4b83c0 0|5|FlashPlayer-10.6||||0x4c06f4 0|6|FlashPlayer-10.6||||0x4c047c 0|7|FlashPlayer-10.6||||0x43310a 0|8|XUL|mozilla::plugins::PluginInstanceChild::AnswerNPP_Destroy|hg:hg.mozilla.org/mozilla-central:dom/plugins/PluginModuleChild.h:116f2046b9ef|315|0x16 0|9|XUL|mozilla::plugins::PPluginInstanceChild::OnCallReceived|PPluginInstanceChild.cpp|1603|0x10 0|10|XUL|mozilla::plugins::PPluginModuleChild::OnCallReceived|PPluginModuleChild.cpp|546|0x14 0|11|XUL|mozilla::ipc::RPCChannel::DispatchIncall|hg:hg.mozilla.org/mozilla-central:ipc/glue/RPCChannel.cpp:116f2046b9ef|510|0x15 0|12|XUL|mozilla::ipc::RPCChannel::Call|hg:hg.mozilla.org/mozilla-central:ipc/glue/RPCChannel.cpp:116f2046b9ef|310|0x70 0|13|XUL|mozilla::plugins::PPluginInstanceChild::CallNPN_ConvertPoint|PPluginInstanceChild.cpp|1006|0x18 0|14|XUL|mozilla::plugins::child::_convertpoint|hg:hg.mozilla.org/mozilla-central:dom/plugins/PluginModuleChild.cpp:116f2046b9ef|1603|0x4c 0|15|FlashPlayer-10.6||||0x4b39d0 0|16|FlashPlayer-10.6||||0x4c013c 0|17|FlashPlayer-10.6||||0x4a034b 0|18|FlashPlayer-10.6||||0x3e65c0 0|19|FlashPlayer-10.6||||0x3e83bb 0|20|FlashPlayer-10.6||||0x3ac40f 0|21|FlashPlayer-10.6||||0x356601 0|22|FlashPlayer-10.6||||0x35f428 0|23|FlashPlayer-10.6||||0x4b7c36 0|24|CoreFoundation|__CFRunLoopDoSources0|||0x61a 0|25|CoreFoundation|__CFRunLoopRun|||0x42e 0|26|CoreFoundation|CFRunLoopRunSpecific|||0x1c3 0|27|CoreFoundation|CFRunLoopRunInMode|||0x60 0|28|HIToolbox|RunCurrentEventLoopInMode|||0x187 0|29|HIToolbox|ReceiveNextEventCommon|||0x161 0|30|HIToolbox|BlockUntilNextEventMatchingListInMode|||0x50 0|31|AppKit|_DPSNextEvent|||0x34e 0|32|AppKit|-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]|||0x9b 0|33|AppKit|-[NSApplication run]|||0x334 0|34|XUL|base::MessagePumpNSApplication::DoRun|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_pump_mac.mm:116f2046b9ef|677|0x19 0|35|XUL|base::MessagePumpCFRunLoopBase::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_pump_mac.mm:116f2046b9ef|213|0xb 0|36|XUL|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:116f2046b9ef|219|0xb 0|37|XUL|XRE_InitChildProcess|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:116f2046b9ef|432|0xd 0|38|plugin-container|main|hg:hg.mozilla.org/mozilla-central:ipc/app/MozillaRuntimeMain.cpp:116f2046b9ef|87|0x16 0|39|plugin-container||||0xf05 0|40|||||0x4
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
Summary: [OOPP][flashblock?] Plugin-container crashes easily with new YouTube player → [OOPP][@FlashPlayer-10.6@0x621592 ][flashblock?] Plugin-container crashes easily with new YouTube player
We have symbols for Adobe's Windows builds available to crash-stats, but that's it.
We're happy to provide stats for Mac and Linux as well. My apologies if this didn't happen.
Ted: Do we still need symbols for Mac and Linux? (In reply to comment #15) > We're happy to provide stats for Mac and Linux as well. My apologies if this > didn't happen.
We do not have any Mac or Linux flash player symbols.
Looking at the stacktrace we don't need Adobe's symboles. The problem is we're trying to destroy the plug-in while the plugin is expecting an answer to mozilla::plugins::PPluginInstanceChild::CallNPN_ConvertPoint.
In general plugin calls "win" RPC races, so the only way this should reasonably happen is if we actually called NPP_DestroyPlugin from within the NPN_ConvertPoint implementation, which seems unlikely. Can we reproduce this and get the browser-side stack at the time of the crash?
Assignee: nobody → b56girard
I'm assigning this to myself, I'll take a look at this tonight.
I traced through the code and couldn't find where in AnswerNPN_ConvertPoint the Destroy function would be called. It tried with the debugger but the bug does not appear to reproduce with the debugger. I did find that the Destroy function is invoked through a timer. Is it possible that at some point the IPC mechanism processes events? Example of nsTimer invoking Destroy: #0 mozilla::plugins::PluginInstanceParent::Destroy (this=0x24bf2160) at /Users/mozilla/mozilla/mozilla-central/dom/plugins/PluginInstanceParent.cpp:176 #1 0x0148c0ff in mozilla::plugins::PluginModuleParent::NPP_Destroy (instance=0x1cc9d19c) at /Users/mozilla/mozilla/mozilla-central/dom/plugins/PluginModuleParent.cpp:412 #2 0x011cdae4 in nsNPAPIPluginInstance::Stop (this=0x1cc9d190) at /Users/mozilla/mozilla/mozilla-central/modules/plugin/base/src/nsNPAPIPluginInstance.cpp:213 #3 0x0042c993 in DoStopPlugin (aInstanceOwner=0x24db4290, aDelayedStop=0) at /Users/mozilla/mozilla/mozilla-central/layout/generic/nsObjectFrame.cpp:2467 #4 0x0042d7c8 in nsStopPluginRunnable::Run (this=0x1bedcb00) at /Users/mozilla/mozilla/mozilla-central/layout/generic/nsObjectFrame.cpp:2516 #5 0x0041fb20 in nsStopPluginRunnable::Notify (this=0x1bedcb00, aTimer=0x24eb90f0) at /Users/mozilla/mozilla/mozilla-central/layout/generic/nsObjectFrame.cpp:2485 #6 0x016c47d4 in nsTimerImpl::Fire (this=0x24eb90f0) at /Users/mozilla/mozilla/mozilla-central/xpcom/threads/nsTimerImpl.cpp:428 #7 0x016c4a2b in nsTimerEvent::Run (this=0x1cca8970) at /Users/mozilla/mozilla/mozilla-central/xpcom/threads/nsTimerImpl.cpp:517 #8 0x016bd82e in nsThread::ProcessNextEvent (this=0x4e00ea0, mayWait=0, result=0xbfffc4d4) at /Users/mozilla/mozilla/mozilla-central/xpcom/threads/nsThread.cpp:609 #9 0x01643cd7 in NS_ProcessPendingEvents_P (thread=0x4e00ea0, timeout=20) at nsThreadUtils.cpp:200 #10 0x013ed435 in nsBaseAppShell::NativeEventCallback (this=0x4d46de0) at /Users/mozilla/mozilla/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:131 #11 0x0139e2dd in nsAppShell::ProcessGeckoEvents (aInfo=0x4d46de0) at /Users/mozilla/mozilla/mozilla-central/widget/src/cocoa/nsAppShell.mm:399
This might be triggered by bug 590955 where the stack above AnswerNPP_Destroy is very similar to the other bug. Here's a list of crash signatures and their corresponding version/release: [@ FlashPlayer-10.6@0x64ca42 ] 10.2.151.49 nov 30 [@ FlashPlayer-10.6@0x626082 ] 10.1.102.64 nov 4 [@ FlashPlayer-10.6@0x621592 ] 10.1.85.3 sep 20 [@ FlashPlayer-10.6@0x621592 ] 10.1.82.76 aug 10 [@ FlashPlayer-10.6@0x622292 ] 10.1.53.64? jun 10
Depends on: 590955
Summary: [OOPP][@FlashPlayer-10.6@0x621592 ][flashblock?] Plugin-container crashes easily with new YouTube player → [OOPP][flashblock?] Plugin-container crashes easily with new YouTube player [@ FlashPlayer-10.6@0x64ca42 ] [@ FlashPlayer-10.6@0x626082 ] [@ FlashPlayer-10.6@0x621592 ] [@ FlashPlayer-10.6@0x622292 ]
Blocks: 617469
Assignee: b56girard → nobody
Component: Flash (Adobe) → Plug-ins
Product: Plugins → Core
QA Contact: adobe-flash → plugins
Version: 10.x → Trunk
I can debug this now! As we navigate from youtube to w3.org, I'm seeing the following assertions: ###!!! ASSERTION: Must have a native view to convert coordiates.: 'inView', file ... nsPluginUtilsOSX.mm, line 160 Then the crash of the plugin process.
Assignee: nobody → benjamin
blocking2.0: --- → final+
The child stack made me suspect weird race resolution, so I added some debugging to MediateRace: [time:1294353096264985][PPluginInstanceChild] Sending Msg_NPN_ConvertPoint([TODO]) --DOCSHELL 0x22470c00 == 8 --DOCSHELL 0x1c846c00 == 7 --DOCSHELL 0x5606200 == 6 [time:1294353096390022][PPluginInstanceParent] Received Msg_NPN_ConvertPoint([TODO]) ###!!! ASSERTION: Must have a native view to convert coordinates.: 'inView', file ../../../src/layout/generic/nsPluginUtilsOSX.mm, line 160 [time:1294353096390548][PPluginInstanceParent] Sending reply Reply_NPN_ConvertPoint([TODO]) [time:1294353096391052][PPluginInstanceChild] Received reply Reply_NPN_ConvertPoint([TODO]) [time:1294353096393228][PPluginInstanceChild] Sending Msg_NPN_ConvertPoint([TODO]) [time:1294353096402865][PPluginInstanceParent] Sending Msg_NPP_SetWindow([TODO]) MediateRace(parent=0x1c283220/PPluginInstance::Msg_NPP_SetWindow, child=0xbfffda8c/???) (parent won, so we're deferring) MediateRace(parent=0xbfffcc2c/???, child=0x4f0df50/PPluginInstance::Msg_NPN_ConvertPoint) (parent won, so we're not deferring) [time:1294353096403040][PPluginInstanceChild] Received Msg_NPP_SetWindow([TODO]) [time:1294353096403845][PPluginInstanceChild] Sending reply Reply_NPP_SetWindow([TODO]) [time:1294353096404201][PPluginInstanceParent] Received reply Reply_NPP_SetWindow([TODO]) [time:1294353096404373][PPluginInstanceParent] Sending Msg_NPP_Destroy([TODO]) [time:1294353096404582][PPluginInstanceChild] Received Msg_NPP_Destroy([TODO]) I need to expand the ???, but it looks like the parent is sending two messages in rapid succession: NPP_SetWindow (which wins race resolution) an then NPP_Destroy (which should not win race resolution). cjones, is it possible that the IPC mechanism is delivering the NPP_Destroy message within the nested RPC message anyway?
From the trace in comment 26, if there was nothing else on the RPC stack when the parent sent SetWindow, then it appears this is happening P C --------- ----------- <-ConvertPoint reply CP-> SetWindow-> <-ConvertPoint (defer CP) (process SW) <-reply SW Destroy-> <-reply Destroy [spin event loop] process CP What would happen if we processed the ConvertPoint after NPP_Destroy? Sounds bad. Would it also be bad if we processed the ConvertPoint after the last SetWindow there, which presumably does SetWindow(null-thing)? Some relatively simple solutions for FF4 come to mind - defer the NPP_Destroy to a later event-loop iteration. - create a special message for SetWindow(null-thing), say DestroyWindow(), that *does not* win races with the plugin process. We would need to be sure that this DestroyWindow() message isn't sent during painting, obviously. Should be possible to write a deterministic test for this bug.
According to normal IPDL rules, shouldn't we be processing ConvertPoint after SetWindow? Why are we replying to Destroy while CP is on the stack still? I think that processing CP after the last SetWindow is something we have to make work (and probably works right now, although gives a bogus/failing answer).
(In reply to comment #29) > According to normal IPDL rules, shouldn't we be processing ConvertPoint after > SetWindow? Why are we replying to Destroy while CP is on the stack still? > No. Messages deferred by races when the RPC stack has depth 0 are processed in another event-loop iteration, because that was, ah, the least bad of alternatives. > I think that processing CP after the last SetWindow is something we have to > make work (and probably works right now, although gives a bogus/failing > answer). Yes, definitely. I'm more concerned about CP after NPP_Destroy though, I think we need to fix that.
cjones says that fixing the race resolution is probably not easy or safe at this point in the cycle. I'm looking at changing the race resolution of NPP_SetWindow for mac.
Attachment #501982 - Flags: review?(joshmoz)
Attachment #501982 - Flags: review?(jones.chris.g)
Comment on attachment 501982 [details] [diff] [review] Change the race resolution of NPP_SetWindow with a null window, rev. 1 This will fix the bad race condition here. r+ conditional on assurance that we only use SetWindow(null) for geometry updates and "about to NPP_Destroy", from safe contexts. (bsmedberg posted a stack that indicates the former is OK.)
Attachment #501982 - Flags: review?(jones.chris.g) → review+
This is not sufficient. Here is a new case of the same basic bug: IPC log: [time:1294420051100144][PPluginInstanceParent] Sending Msg_NPP_HandleEvent_IOSurface([TODO]) MediateRace(parent=0x2161ede0/PPluginInstance::Msg_NPP_HandleEvent_IOSurface, child=0xbfffb84c/???) (parent won, so we're deferring) MediateRace(parent=0xbfffcc2c/???, child=0x6001820/PPluginInstance::Msg_NPN_ConvertPoint) (parent won, so we're not deferring) [time:1294420051100960][PPluginInstanceChild] Received Msg_NPP_HandleEvent_IOSurface([TODO]) [time:1294420051112382][PPluginInstanceChild] Sending reply Reply_NPP_HandleEvent_IOSurface([TODO]) [time:1294420051112800][PPluginInstanceParent] Received reply Reply_NPP_HandleEvent_IOSurface([TODO]) [time:1294420051160940][PPluginInstanceParent] Sending Msg_NPP_SetWindow_NULL([TODO]) [time:1294420051161124][PPluginInstanceChild] Received Msg_NPP_SetWindow_NULL([TODO]) [time:1294420051161338][PPluginInstanceChild] Sending reply Reply_NPP_SetWindow_NULL([TODO]) [time:1294420051161475][PPluginInstanceParent] Received reply Reply_NPP_SetWindow_NULL([TODO]) [time:1294420051161514][PBrowserStreamParent] Sending Msg_NPP_DestroyStream([TODO]) [time:1294420051161543][PStreamNotifyParent] Sending Msg___delete__([TODO]) [time:1294420051161580][PBrowserStreamParent] Sending Msg_NPP_DestroyStream([TODO]) [time:1294420051161629][PStreamNotifyParent] Sending Msg___delete__([TODO]) [time:1294420051161661][PPluginInstanceParent] Sending Msg_NPP_Destroy([TODO]) [time:1294420051161820][PBrowserStreamChild] Received Msg_NPP_DestroyStream([TODO]) [time:1294420051161958][PStreamNotifyChild] Received Msg___delete__([TODO]) [time:1294420051162047][PBrowserStreamChild] Received Msg_NPP_DestroyStream([TODO]) [time:1294420051162099][PStreamNotifyChild] Received Msg___delete__([TODO]) [time:1294420051162127][PPluginInstanceChild] Received Msg_NPP_Destroy([TODO]) [time:1294420051313556][PPluginScriptableObjectChild] Sending Msg_Unprotect([TODO]) [time:1294420051313639][PPluginInstanceChild] Sending reply Reply_NPP_Destroy([TODO]) [time:1294420051315684][PPluginScriptableObjectParent] Received Msg_Unprotect([TODO]) [time:1294420051315703][PPluginScriptableObjectParent] Sending Msg___delete__([TODO]) [time:1294420051315863][PPluginInstanceParent] Received reply Reply_NPP_Destroy([TODO]) [time:1294420051315878][PPluginInstanceParent] Sending Msg___delete__([TODO]) [time:1294420051315983][PPluginScriptableObjectChild] Received Msg___delete__([TODO]) [time:1294420051316069][PPluginInstanceChild] Received Msg___delete__([TODO]) [time:1294420051319683][PPluginInstanceChild] Sending reply Reply___delete__([TODO]) (processing deferred in-call) Parent stack: Breakpoint 1, mozilla::ipc::AsyncChannel::MaybeHandleError (this=0x5daba08, code=mozilla::ipc::HasResultCodes::MsgRouteError, channelName=0x1fa596a "RPCChannel") at ../../../src/ipc/glue/AsyncChannel.cpp:378 378 switch (code) { (gdb) bt #0 mozilla::ipc::AsyncChannel::MaybeHandleError (this=0x5daba08, code=mozilla::ipc::HasResultCodes::MsgRouteError, channelName=0x1fa596a "RPCChannel") at ../../../src/ipc/glue/AsyncChannel.cpp:378 #1 0x0154cbf3 in mozilla::ipc::RPCChannel::DispatchIncall (this=0x5daba08, call=@0xbfffdbcc) at ../../../src/ipc/glue/RPCChannel.cpp:520 #2 0x0154cf7a in mozilla::ipc::RPCChannel::Incall (this=0x5daba08, call=@0xbfffdbcc, stackDepth=0) at ../../../src/ipc/glue/RPCChannel.cpp:503 #3 0x0154d4f9 in mozilla::ipc::RPCChannel::MaybeProcessDeferredIncall (this=0x5daba08) at ../../../src/ipc/glue/RPCChannel.cpp:350 #4 0x0154d5ed in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x5daba08) at ../../../src/ipc/glue/RPCChannel.cpp:415 #5 0x01550485 in DispatchToMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)()> (obj=0x5daba08, method={__pfn = 0x154d52e <mozilla::ipc::RPCChannel::OnMaybeDequeueOne()>, __delta = 0}, arg=@0x2161e94c) at tuple.h:383 #6 0x015504c1 in RunnableMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)(), Tuple0>::Run (this=0x2161e930) at task.h:307 #7 0x0154ed5a in mozilla::ipc::RPCChannel::RefCountedTask::Run (this=0x2161eb60) at RPCChannel.h:450 #8 0x0155053a in mozilla::ipc::RPCChannel::DequeueTask::Run (this=0x1de55860) at RPCChannel.h:475 #9 0x017f59ab in MessageLoop::RunTask (this=0x4f13e10, task=0x1de55860) at ../../../src/ipc/chromium/src/base/message_loop.cc:343 #10 0x017f60e1 in MessageLoop::DeferOrRunPendingTask (this=0x4f13e10, pending_task=@0xbfffddbc) at ../../../src/ipc/chromium/src/base/message_loop.cc:351 #11 0x017f666b in MessageLoop::DoWork (this=0x4f13e10) at ../../../src/ipc/chromium/src/base/message_loop.cc:451 #12 0x0154af82 in mozilla::ipc::DoWorkRunnable::Run (this=0x4f130a0) at ../../../src/ipc/glue/MessagePump.cpp:70 #13 0x0178ab91 in nsThread::ProcessNextEvent (this=0x4f14750, mayWait=0, result=0xbfffdee4) at ../../../src/xpcom/threads/nsThread.cpp:633 #14 0x017103ff in NS_ProcessPendingEvents_P (thread=0x4f14750, timeout=20) at nsThreadUtils.cpp:200 #15 0x0148392d in nsBaseAppShell::NativeEventCallback (this=0x4f39ba0) at ../../../../src/widget/src/xpwidgets/nsBaseAppShell.cpp:132 #16 0x01432ed9 in nsAppShell::ProcessGeckoEvents (aInfo=0x4f39ba0) at ../../../../src/widget/src/cocoa/nsAppShell.mm:399 #17 0x9565d0fb in __CFRunLoopDoSources0 () #18 0x9565abbf in __CFRunLoopRun () child stack (bogus once you hit Flash): #0 0x91f99066 in __semwait_signal () #1 0x91f98d22 in _pthread_cond_wait () #2 0x91f9a9b8 in pthread_cond_wait$UNIX2003 () #3 0x049f58f5 in PR_WaitCondVar (cvar=0x6001390, timeout=4294967295) at ../../../../../src/nsprpub/pr/src/pthreads/ptsynch.c:417 #4 0x01715b0e in mozilla::CondVar::Wait (this=0x5009a3c, interval=4294967295) at BlockingResourceBase.cpp:373 #5 0x01559b7c in mozilla::ipc::SyncChannel::WaitForNotify (this=0x5009a20) at ../../../src/ipc/glue/SyncChannel.cpp:298 #6 0x01551bfa in mozilla::ipc::RPCChannel::Call (this=0x5009a20, msg=0x6098610, reply=0xbfffcd10) at ../../../src/ipc/glue/RPCChannel.cpp:201 #7 0x0165724d in mozilla::plugins::PPluginInstanceChild::CallNPN_ConvertPoint (this=0x4fac6f0, sourceX=@0xbfffcda8, ignoreDestX=@0xbfffcdcf, sourceY=@0xbfffcda0, ignoreDestY=@0xbfffcdce, sourceSpace=@0xbfffcdf4, destSpace=@0xbfffce00, destX=0xbfffcdc0, destY=0xbfffcdb8, result=0xbfffcdcd) at PPluginInstanceChild.cpp:1055 #8 0x0152bdcb in mozilla::plugins::child::_convertpoint (instance=0x4fac71c, sourceX=320, sourceY=180, sourceSpace=NPCoordinateSpacePlugin, destX=0x22f97980, destY=0x22f97988, destSpace=NPCoordinateSpaceFlippedScreen) at ../../../src/dom/plugins/PluginModuleChild.cpp:1640 #9 0x18680c91 in unregister_ShockwaveFlash () #10 0x1868d3fd in main () Here we're really painting another plugin instance, the paint must win the race. As a side effect of this, the convertpoint call is deferred incorrectly. cjones, I don't think we have any choice but to fix the RPC race issue such that convertpoint is delivered before subsequent incoming calls. It could be any RPC message, not just convertpoint, although CP is the most common message to be receiving while a video is playing.
Attachment #501982 - Flags: review?(joshmoz) → review-
I'd prefer to try the second workaround, defer NPP_Destroy.
One other thing that comes to mind ... why do we forward ConvertPoint? Can't we do a ConvertPoint(0, 0) when the relevant browser state changes and forward that mapping to the plugin? That'd be a perf win and incidentally work around this bug. (May be a fundamental reason we can't do that, I dunno.)
(s/work around/mitigate/ in comment 36. Would probably still want another patch.)
That will only take care of the particular case of this happening during instance destruction. I believe this is likely to also happen when paints race with regular NPRuntime calls, or streams, etc... I don't think that anything except the general case will solve the problem effectively.
Wait wait wait. I'm starting to get lost. Are you replying to comment 35 or comment 36/comment 37?
Comment 35. It may be worthwhile to pre-forward the convertpoint calls (although it won't be easy), but that won't deal with cases where we nest some RPC call (convertpoint, stream, or NPRuntime) the wrong way with a parent call.
(In reply to comment #38) > I believe this is likely to also happen when paints race > with regular NPRuntime calls, or streams, etc... Is there a reason why this issue is Mac specific? Are other platforms potentially affected and if not how do they work around the issue?
I don't think this is mac-specific. It just happens much more often on mac because of the apparent frequency of calls to ConvertPoint. Do we know why Flash is calling ConvertPoint thousands of times?
(In reply to comment #42) > I don't think this is mac-specific. It just happens much more often on mac > because of the apparent frequency of calls to ConvertPoint. > > Do we know why Flash is calling ConvertPoint thousands of times? I'm not sure, perhaps Josh would know? (In reply to comment #36) > One other thing that comes to mind ... why do we forward ConvertPoint? Can't > we do a ConvertPoint(0, 0) when the relevant browser state changes and forward > that mapping to the plugin? That'd be a perf win and incidentally work around > this bug. (May be a fundamental reason we can't do that, I dunno.) Judging from the documentation we could forward the origin, size and rotation so I think it is possible (Assuming the coordinate system is always linear): http://developer.apple.com/library/mac/#documentation/Cocoa/Reference/ApplicationKit/Classes/NSView_Class/Reference/NSView.html Since we don't want to use this as a fix to the bug, would be perf win justify the optimization? I'm not sure how expensive sending a few redundant RPCs call a second. Perhaps we could spin off this discussion in a different bug since it's not related to the fix.
> (In reply to comment #36) > Since we don't want to use this as a fix to the bug, would be perf win justify > the optimization? I'm not sure how expensive sending a few redundant RPCs call > a second. Perhaps we could spin off this discussion in a different bug since > it's not related to the fix. Depends on how few "a few" is. The overhead of RPCs compared to what I imagine Apple's impl of ConvertPoint's is is huge, everyone wins by not forwarding it. In general RPCs are relatively cheap (not free though) but they block the plugin on FF's event queue and that can make perf look bad for both plugin/FF. Separate bug sounds good.
(In reply to comment #40) > Comment 35. It may be worthwhile to pre-forward the convertpoint calls > (although it won't be easy), but that won't deal with cases where we nest some > RPC call (convertpoint, stream, or NPRuntime) the wrong way with a parent call. Let's ignore forwarding CP for now, it's orthogonal except as a mitigating factor. What we know so far is that NPP_Destroy re-entering CP causes a crash, which isn't all that surprising. Having NPP_Destroy re-enter plugin calls probably isn't prudent. (Surprising we've been getting away with it on windows/linux for this long.) We can fix that re-entry without changing race-resolution semantics, which has unknown risk. I propose that we fix the NPP_Destroy re-entry and see where we are after that.
Ugh, mid-aired Benoit and didn't notice, then mid-aired myself. Comment 45 and comment 44 should be read in reverse order.
We cannot naively delay NPP_Destroy with a runnable, because it's the synchronization point for so much other activity: __delete__ is sent immediately after NPP_Destroy, and then all sorts of actors (streams and npruntime stuff) become invalid. Do you have a proposal for delaying NPP_Destroy more sanely? I really think that fixing the RPC race would be simpler than delaying NPP_Destroy across an event iteration.
(In reply to comment #48) > We cannot naively delay NPP_Destroy with a runnable, because it's the > synchronization point for so much other activity: __delete__ is sent > immediately after NPP_Destroy, and then all sorts of actors (streams and > npruntime stuff) become invalid. How would delaying NPP_Destroy with a runnable make cleaning these up any harder? > I really think that fixing the RPC race would be > simpler than delaying NPP_Destroy across an event iteration. The only problem we *know* about is messages re-entering NPP_Destroy. Delaying it with a runnable prevents re-entry. Changing the deferred-message delivery semantics is way riskier IMHO, and doesn't seem warranted based on evidence since we haven't seemed to have seen these problems on windows/linux even though they should be susceptible.
Flash will undoubtedly make calls against the plugin instance while the parent thinks it is already destroyed, and even __delete__d. There are potentially many input events queued up in between the current callsite of AnswerNPP_Destroy and where the runnable would actually execute.
Flash can make any number of NPAPI calls in between the last call FF makes and FF sending NPP_Destroy, even if they're in the same task wrt event loop. Input events shouldn't be a problem on FF side because we're ready to NPP_Destroy the instance anyway and presumably wouldn't detect that it's a target for input any longer.
I must not be clear: Browser: Plugin: NPP_Handle(paint) wins race NPN_ConvertPoint (deferred) NPP_Destroy() NPN_Destroy received inside NPN_ConvertPoint stack (bug), sends runnable __delete__() instance is destroyed (runnable pointing to instance still valid?) Receives NPN_ConvertPoint on deleted actor. Bad! But even if it weren't a deleted actor, Firefox couldn't handle this call. Queued method (say NPN_AsyncCall, or something on an internal message window) calls NPN_GetUserAgent instance is already dead, crash.
Whiteboard: [hardblocker]
Summary: [OOPP][flashblock?] Plugin-container crashes easily with new YouTube player [@ FlashPlayer-10.6@0x64ca42 ] [@ FlashPlayer-10.6@0x626082 ] [@ FlashPlayer-10.6@0x621592 ] [@ FlashPlayer-10.6@0x622292 ] → Fla [OOPP] Plugin-container crashes easily with new YouTube player [@ FlashPlayer-10.6@0x4cf5e9 ] [@ FlashPlayer-10.6@0x64ca42 ] [@ FlashPlayer-10.6@0x4b6df9 ] [@ FlashPlayer-10.6@0x626082 ] [@ FlashPlayer-10.6@0x4b4b39 ] [@ FlashPlayer-10.6@0x621592 ] [@
(In reply to comment #52) > I must not be clear: No misunderstanding; that's the "naive" impl I thought comment 48 referred to. But, although avoiding that problem is simple, the "less naive" impl I had in mind (two-hop delayed NPP_Destroy runnable) doesn't work in general, because it's possible to build an arbitrarily large deferred-message queue by pushing the right buttons. So, looks like we're out of reasonable workarounds. The change to race-resolution semantics is OK by me, but I really really really would like to field-check it in another beta. Re-requesting blocking triage because I think this should block "betaN".
Assignee: benjamin → jones.chris.g
blocking2.0: final+ → ?
blocking2.0: ? → betaN+
Comment on attachment 502631 [details] [diff] [review] "Undefer" the in-call that lost a race at stack-depth 1, if there is one, when RPCChannel code leaves the C++ stack, so that the in-call can be processed if there is an immediately following out-call How simple! ;-)
Attachment #502631 - Flags: review?(benjamin) → review+
Does anyone who could repro the flash crash mind checking that the patch indeed fixes it?
I'm able to reproduce this bug easily. So if anyone is able to produce a build with this patch I'll test it.
I can test it too if someone can kindly provide a test build.
I could not reproduce any crash on a local build with the patch.
It's definitely better than since the regression from 10/29 per bug 623108. I'm still able to crash, but it's *much* harder to trigger. And it crashes at a different address anyway, so I would be happy to verify this fixed. http://crash-stats.mozilla.com/report/index/6935efc9-b084-4da5-97c5-406672110111 http://crash-stats.mozilla.com/report/index/f1fc98ea-8b69-4698-b32e-59f302110111 crash-stats reports that the crash address @0x0 | FlashPlayer-10.6@0x466cca isn't new, so the fix here isn't regressing.
No crashing here. Looks good! :D
http://hg.mozilla.org/mozilla-central/rev/68cec48a94a4 http://hg.mozilla.org/mozilla-central/rev/bdd489ff6f4a The bug here appears fixed, but comment 66 probably points at other bugs this one has been partially hiding.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
I'm not sure what's the process of nominating/triaging bugs fixed in b10pre for landing on b9. But this bug has been really bad in the last 2 betas (bug 604734 was b7+). Does the fix seem safe enough? How many days of crash-stats need to be collected to see if there's regressions/enough improvements?
Target Milestone: --- → mozilla2.0b10
(In reply to comment #69) > I'm not sure what's the process of nominating/triaging bugs fixed in b10pre for > landing on b9. But this bug has been really bad in the last 2 betas (bug > 604734 was b7+). not much of a formal process, other than to e-mail clegnetto. christian, we should look at picking this up if there is a need to respin b9. the rational is strong though... "flash is too crashy for me to use the beta" is a common theme in some of the feedback. that problem has several contributors so where ever we can know part of the problem down it will help. > > Does the fix seem safe enough? cjones? > How many days of crash-stats need to be > collected to see if there's regressions/enough improvements? probably about 3 days or so to get certain confirmation, since we will need to get a good user population ramped up on b10pre.
(In reply to comment #70) > > > > Does the fix seem safe enough? > > cjones? I wouldn't call this patch "safe", but I do know that - it's unlikely to affect windows in normal browsing with plugins, except possibly to reduce crashes there from this same bug that are apparently part of the long tail on windows. It *does* have the potential to increase crashes on windows in edge cases with modal dialogs and things of that nature. (Which is why this bug was moved to blocking:betaN.) - it's unlikely to affect linux except possibly to reduce crashes there from this same bug that are apparently part of the long tail on linux My vote would be to take this in a respin. The unknown, likely slim increased risk on windows is outweighed IMHO by having a more usable flash on mac, and getting reports from other crashes there that have likely been masked by this bug.
looks like the total number of crashes per day on the combined set of signatures in the title is running at around 161-307 per day, and that wouldn't reflect the opinion of I've heard where mac users just say they have to turn off flash to use firefox 4. here are crash counts from a few recent days on the combined set of signatures. we can watch these numbers for confirmation. 20110107-crashdata.csv 235 135 4.0b8 76 4.0b9pre 17 4.0b6 4 4.0b7 3 4.0b4 20110108-crashdata.csv 268 154 4.0b8 65 4.0b9pre 32 4.0b7 15 4.0b6 1 4.0b5 1 3.0b1 20110109-crashdata.csv 307 232 4.0b8 47 4.0b9pre 13 4.0b6 12 4.0b7 2 4.0b5 1 3.0b2 20110110-crashdata.csv 161 109 4.0b8 42 4.0b9pre 5 4.0b7 5 4.0b6 20110111-crashdata.csv 203 129 4.0b8 36 4.0b9pre 23 4.0b10pre 9 4.0b6 4 4.0b9 1 4.0b7 1 4.0b4
I always have had this crash the last couple of weeks. Now with Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b10pre) Gecko/20110112 Firefox/4.0b10pre ID:20110112033217 and Flash 10.1.102.64 no crash occurs anymore. I will continue to test all the different sites beside YouTube.
With today's build I haven't been able to crash the Flash plugin. I'm pretty sure there will be a significant drop in crash reports starting today. I can see why some OS X users think you need to disable to make Firefox 4 usable, as this bug is quite annoying, but it's possible to work around it (for the most part) by pausing any video that is currently playing before navigating away from the page.
Using Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b10pre) Gecko/20110112 Firefox/4.0b10pre and the RC version of Flash I can reproduce this crash on youtube.com by popping out a HD video. http://crash-stats.mozilla.com/report/index/bp-8dc619bd-7c1b-4281-8569-afe3c2110112 http://crash-stats.mozilla.com/report/index/fead41af-2684-4e55-97d8-c07cc2110112 (Driver crash) Should I open a new bug to track this?
Yes, that is different.
(In reply to comment #72) > looks like the total number of crashes per day on the combined set of > signatures in the title is running at around 161-307 per day, and that wouldn't > reflect the opinion of I've heard where mac users just say they have to turn > off flash to use firefox 4. Only trunk users (since ~dec 20) and people that switched Firefox to run in 32-bit more are able to send crash reports. The crash stats are highly under-reported as beta users get the "no report to submit" message. I suppose one benefit of not shipping this fix for beta 9 will show how bad this really has been on crash-stats.
I'm running 4.0b9 en-US that I just downloaded on Mac OS X 10.6.6. I produced this crash (according to crash-stats) with a completely fresh profile that I created ~1 minute before crashing OOP Flash. Crash report: http://crash-stats.mozilla.com/report/index/bp-433f23d5-add3-406c-915c-51b402110114 1. Go to YouTube, open between 5 and 10 YouTube clips, each in a new tab (e.g. Cmd+click) and let them play all at once. 2. Close one tab at a time while the clip is playing. This is enough to crash OOP Flash for me. It shouldn't take more than a few tab closes to make it crash. This happens mainly on YouTube when I close a tab with a video clip still playing. I've had this issue since 4.0b7. My completely unscientific estimation is that 1/4 YouTube clips crash this way. Please let me know if I can give you any more information about this.
The fix for this bug didn't make it into beta9. If you want to you can try the latest nightly build to see if the problem is fixed for you. Alternatively you can wait for the next beta.
There's a new version of flash 10.2 rc that came out a few days ago, so adding its crash addresses: [@ FlashPlayer-10.6@0x4d6879 ] [@ FlashPlayer-10.6@0x654702 ] 10.2.152.14 jan 11 [@ FlashPlayer-10.6@0x4cf5e9 ] [@ FlashPlayer-10.6@0x64ca42 ] 10.2.151.49 nov 30 [@ FlashPlayer-10.6@0x4b6df9 ] [@ FlashPlayer-10.6@0x626082 ] 10.1.102.64 nov 4 [@ FlashPlayer-10.6@0x4b4b39 ] [@ FlashPlayer-10.6@0x621592 ] 10.1.85.3 sep 20 [@ FlashPlayer-10.6@0x4b4b19 ] [@ FlashPlayer-10.6@0x621592 ] 10.1.82.76 aug 10 [@ FlashPlayer-10.6@0x4b59e9 ] [@ FlashPlayer-10.6@0x622292 ] 10.1.53.64 jun 10 Checking the crash stats of the most common flash version right now (10.1.102), the last (and only) build id for 4.0b10pre is 20110111030357. Marking VERIFIED.
Status: RESOLVED → VERIFIED
Summary: Fla [OOPP] Plugin-container crashes easily with new YouTube player [@ FlashPlayer-10.6@0x4cf5e9 ] [@ FlashPlayer-10.6@0x64ca42 ] [@ FlashPlayer-10.6@0x4b6df9 ] [@ FlashPlayer-10.6@0x626082 ] [@ FlashPlayer-10.6@0x4b4b39 ] [@ FlashPlayer-10.6@0x621592 ] [@ → 10.6@0x4b4b19][@FlashPlayer-10.6@0x621592][@FlashPlayer-10.6@0x4b59e9][@FlashPlayer-10.6@0x622292] [@FlashPlayer-10.6@0x4d6879][@FlashPlayer-10.6@0x654702][@FlashPlayer-10.6@0x4cf5e9][@FlashPlayer-10.6@0x64ca42][@FlashPlayer-10.6@0x4b6df9][@FlashPlayer-10…
Summary: 10.6@0x4b4b19][@F [@FlashPlayer-10.6@0x4d6879][@FlashPlayer-10.6@0x654702][@FlashPlayer-10.6@0x4cf5e9][@FlashPlayer-10.6@0x64ca42][@FlashPlayer-10.6@0x4b6df9][@FlashPlayer-10.6@0x626082][@FlashPlayer-10.6@0x4b4b39][@FlashPlayer-10.6@0x621592][@FlashPlayer- → crashes[@FlashPlayer-10.6@0x4d6879][@FlashPlayer-10.6@0x654702][@FlashPlayer-10.6@0x4cf5e9][@FlashPlayer-10.6@0x64ca42][@FlashPlayer-10.6@0x4b6df9][@FlashPlayer-10.6@0x626082][@FlashPlayer-10.6@0x4b4b39][@FlashPlayer-10.6@0x621592] [OOPP] Plugin-container
I think someone should get an award! :) (Assuming I'm reading this "Top Crashers for Firefox 4.0b9; Last 3 Days; By Signature" page correctly.) http://crash-stats.mozilla.com/topcrasher/byversion/Firefox/4.0b9/3/all This one fix will remove ~16% of _all_ Firefox 4 Beta 9 crashes (across platforms and crash type) when it reaches users in Beta 10. Or just looking at the mac crashes on that page, 5950 of 6867 crashes removed. 87% fewer crashes. Or perhaps better reported as "7.5 times more stable"? 6867/(6867-5950) ? [I always forget which way to calculate it.]
"7.5 times more stable" is the way to go. A nice quoteable soundbite for the tech media when the marketing team pushes out PR to the news wires.
Just double checking as we go through the b10 testing cycle. I was able to reproduce the problem as reported in earlier betas, by loading the youtube video and clicking on reload a few times. On the build candidates for beta 10 I can't reproduce the problem. Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b10) Gecko/20100101 Firefox/4.0b10
Using the steps from comment 79 (a.k.a. surfing YouTube) I'm still seeing this or something like it in 4.0b10 and a trunk build (definitely has this patch) from today. Right before plugin-container crashes I see: ###!!! ASSERTION: Must have a native view to convert coordinates.: 'inView', file /Users/jag/moz-hg/mozilla/mozilla/layout/generic/nsPluginUtilsOSX.mm, line 160 a few times. With GDB hooked up to plugin-container: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000076 0x00000076 in ?? () (gdb) bt #0 0x00000076 in ?? () Cannot access memory at address 0x76 #1 0x17beaccb in unregister_ShockwaveFlash () #2 0x17a0e4b9 in dyld_stub_sprintf () #3 0x17bec60f in unregister_ShockwaveFlash () #4 0x17bd4960 in unregister_ShockwaveFlash () #5 0x17bdafa5 in unregister_ShockwaveFlash () #6 0x17dcf6b7 in main () #7 0x17dc8502 in main () #8 0x17dcc1e1 in main () #9 0x17dcdac7 in main () #10 0x17af7437 in dyld_stub_sprintf () #11 0x17c56fa1 in main () #12 0x17c61235 in main () #13 0x17c5f13d in main () #14 0x17bcc06b in FlashPlayer_10_2_151_49_FlashPlayer () #15 0x01534f8e in mozilla::plugins::PluginModuleChild::NPP_Destroy (this=0x581f218, instance=0x5078630) at PluginModuleChild.h:359 #16 0x01534809 in mozilla::plugins::PluginInstanceChild::AnswerNPP_Destroy (this=0x5078630, aResult=0xbfffc9c0) at /Users/jag/moz-hg/mozilla/mozilla/dom/plugins/PluginInstanceChild.cpp:3152 #17 0x0166e5a0 in mozilla::plugins::PPluginInstanceChild::OnCallReceived (this=0x5078630, __msg=@0xbfffcbfc, __reply=@0xbfffcb5c) at PPluginInstanceChild.cpp:1750 #18 0x01660cb3 in mozilla::plugins::PPluginModuleChild::OnCallReceived (this=0x581f218, __msg=@0xbfffcbfc, __reply=@0xbfffcb5c) at PPluginModuleChild.cpp:574 #19 0x0156113d in mozilla::ipc::RPCChannel::DispatchIncall (this=0x581f220, call=@0xbfffcbfc) at /Users/jag/moz-hg/mozilla/mozilla/ipc/glue/RPCChannel.cpp:512 #20 0x0156151e in mozilla::ipc::RPCChannel::Incall (this=0x581f220, call=@0xbfffcbfc, stackDepth=0) at /Users/jag/moz-hg/mozilla/mozilla/ipc/glue/RPCChannel.cpp:498 #21 0x01561ae7 in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x581f220) at /Users/jag/moz-hg/mozilla/mozilla/ipc/glue/RPCChannel.cpp:429 #22 0x01564be9 in DispatchToMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)()> (obj=0x581f220, method={__pfn = 0x15618ec <mozilla::ipc::RPCChannel::OnMaybeDequeueOne()>, __delta = 0}, arg=@0x500e5ec) at tuple.h:383 #23 0x01564c25 in RunnableMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)(), Tuple0>::Run (this=0x500e5d0) at task.h:307 ... Reopen this one? New bug?
That does not appear to be this bug.
Ah. I'll file a new one then.
As of the April 17th build, I'm still getting this crash. See bp-316b6544-4a12-48bd-8612-d51a12110418 for an example.
(In reply to comment #89) > As of the April 17th build, I'm still getting this crash. See > bp-316b6544-4a12-48bd-8612-d51a12110418 for an example. Which looks like bug 629909 and has been fixed in Flash 10.2.152.33. Make sure you have at least this version installed. No need to comment more on this bug.
Crash Signature: [@FlashPlayer-10.6@0x4d6879] [@FlashPlayer-10.6@0x654702] [@FlashPlayer-10.6@0x4cf5e9] [@FlashPlayer-10.6@0x64ca42] [@FlashPlayer-10.6@0x4b6df9] [@FlashPlayer-10.6@0x626082] [@FlashPlayer-10.6@0x4b4b39] [@FlashPlayer-10.6@0x621592]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: