If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

[OOPP] Plugin-container crashes[@FlashPlayer-10.6@0x4d6879][@FlashPlayer-10.6@0x654702][@FlashPlayer-10.6@0x4cf5e9][@FlashPlayer-10.6@0x64ca42][@FlashPlayer-10.6@0x4b6df9][@FlashPlayer-10.6@0x626082][@FlashPlayer-10.6@0x4b4b39][@FlashPlayer-10.6@0x621592]

VERIFIED FIXED in mozilla2.0b10

Status

()

Core
Plug-ins
--
critical
VERIFIED FIXED
7 years ago
6 years ago

People

(Reporter: David Hsu, Assigned: cjones)

Tracking

({crash})

Trunk
mozilla2.0b10
x86
Mac OS X
crash
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(blocking2.0 betaN+)

Details

(Whiteboard: [hardblocker], crash signature, URL)

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.3a6pre) Gecko/20100615 Minefield/3.7a6pre
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.3a6pre) Gecko/20100615 Minefield/3.7a6pre

After I watched some YouTube clip, I go on and select another related movie in the same page. After a few plays plugin-container started and kept crashing.

Reproducible: Always

Steps to Reproduce:
1. Go to YouTube, click on any random clip. Make sure there's only one YouTube tab.
2. Play another random clip in the same tab or simply refresh the tab.
3. Repeat the above and within no more than a few times, Boooom.
Actual Results:  
Plugin-container crashed, and under Mac OS users are still unable to send crash reports.

Expected Results:  
Play.

If there were still other tabs playing, or I opened new clips in new tabs then it seems to be just fine.
My guess is that things go wrong when Flash gets reloaded too frequently.
(Reporter)

Comment 1

7 years ago
I just found that it might have something to do with YouTube's new player

If you just refresh the tab or browse through movies that still use old YouTube player then most likely you'll be fine, but once you try the steps on the new ones it just goes on and becomes this: playing fine, (refresh), crash, (refresh), fine, (refresh), crash, (refresh), fine, (refresh), crash...

Just for reference you may try this as one of the "old" ones:
http://www.youtube.com/watch?v=KRGRf2V9q_E

And this as one of the "new" ones:
http://www.youtube.com/watch?v=-VoFbH8jTzE

Simply refresh the tab for a few times and you'll see what I mean.
(Reporter)

Updated

7 years ago
Summary: [OOPP] Plugin-container crashes easily when Flash is reloaded → [OOPP] Plugin-container crashes easily with new YouTube player
(Reporter)

Updated

7 years ago
Component: General → Plug-ins
Product: Firefox → Core
Version: unspecified → Trunk

Comment 2

7 years ago
https://developer.mozilla.org/En/How_to_get_a_stacktrace_for_a_bug_report
(Reporter)

Comment 3

7 years ago
Oops. Followed what's suggested in that article I tried with safe mode and there seems to be no problem!

So it's about incompatible addons then?
(Reporter)

Comment 4

7 years ago
OK. Seems to be a problem with FlashBlock.
Although with it disabled or in safe mode I still get plugin-container crashes every now and then...

Still no crash report functionality in Mac OS build, will get it manually and post here later.
QA Contact: general → plugins

Comment 5

7 years ago
I'm assuming you aren't using a 64bit version of firefox....
Severity: normal → critical
Keywords: stackwanted
Hardware: x86_64 → x86
Summary: [OOPP] Plugin-container crashes easily with new YouTube player → [OOPP][adblock?] Plugin-container crashes easily with new YouTube player
(Reporter)

Comment 6

7 years ago
Yeah my bad...

I just reproduced one, and here's what I copied from system Console:

Process:         plugin-container [9953]
Path:            /Applications/Minefield.app/Contents/MacOS/plugin-container
Identifier:      org.mozilla.minefield
Version:         3.7a6pre (3.7a6pre)
Code Type:       X86 (Native)
Parent Process:  firefox-bin [9893]

Date/Time:       2010-06-18 01:59:21.631 +0800
OS Version:      Mac OS X 10.6.3 (10D573)
Report Version:  6

Interval Since Last Report:          4370713 sec
Crashes Since Last Report:           252
Per-App Interval Since Last Report:  305173 sec
Per-App Crashes Since Last Report:   75
Anonymous UUID:                      189C2B65-F71D-470E-8D26-4559D426BDA2

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000044c
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   ...dia.FlashPlayer-10.6.plugin	0x1620a9e9 main + 3241
1   ...dia.FlashPlayer-10.6.plugin	0x1621606e main + 49966
2   ...dia.FlashPlayer-10.6.plugin	0x161f621c unregister_ShockwaveFlash + 426332
3   ...dia.FlashPlayer-10.6.plugin	0x1613c80a 0x15d55000 + 4093962
4   ...dia.FlashPlayer-10.6.plugin	0x1613e5fe 0x15d55000 + 4101630
5   ...dia.FlashPlayer-10.6.plugin	0x161023c0 0x15d55000 + 3855296
6   ...dia.FlashPlayer-10.6.plugin	0x160acee2 0x15d55000 + 3505890
7   ...dia.FlashPlayer-10.6.plugin	0x160b5559 0x15d55000 + 3540313
8   ...dia.FlashPlayer-10.6.plugin	0x1620db07 main + 15815
9   com.apple.CoreFoundation      	0x95cbc15b __CFRunLoopDoSources0 + 1563
10  com.apple.CoreFoundation      	0x95cb9c1f __CFRunLoopRun + 1071
11  com.apple.CoreFoundation      	0x95cb90f4 CFRunLoopRunSpecific + 452
12  com.apple.CoreFoundation      	0x95cb8f21 CFRunLoopRunInMode + 97
13  com.apple.HIToolbox           	0x966d80fc RunCurrentEventLoopInMode + 392
14  com.apple.HIToolbox           	0x966d7eb1 ReceiveNextEventCommon + 354
15  com.apple.HIToolbox           	0x966d7d36 BlockUntilNextEventMatchingListInMode + 81
16  com.apple.AppKit              	0x9443a135 _DPSNextEvent + 847
17  com.apple.AppKit              	0x94439976 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 156
18  com.apple.AppKit              	0x943fbbef -[NSApplication run] + 821
19  XUL                           	0x00ca2eed base::MessagePumpNSApplication::DoRun(base::MessagePump::Delegate*) + 109
20  XUL                           	0x00ca2566 base::MessagePumpCFRunLoopBase::Run(base::MessagePump::Delegate*) + 70
21  XUL                           	0x00c90f94 MessageLoop::Run() + 68
22  XUL                           	0x0001ec2e XRE_InitChildProcess + 606
23  plugin-container              	0x00001fef main + 47
24  plugin-container              	0x00001f96 start + 54

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x94273b42 kevent + 10
1   libSystem.B.dylib             	0x9427425c _dispatch_mgr_invoke + 215
2   libSystem.B.dylib             	0x94273719 _dispatch_queue_invoke + 163
3   libSystem.B.dylib             	0x942734be _dispatch_worker_thread2 + 240
4   libSystem.B.dylib             	0x94272f41 _pthread_wqthread + 390
5   libSystem.B.dylib             	0x94272d86 start_wqthread + 30

Thread 2:
0   libSystem.B.dylib             	0x9424d32a semaphore_signal_thread_trap + 10
1   libSystem.B.dylib             	0x942826eb pthread_cond_signal_thread_np + 342
2   libSystem.B.dylib             	0x94282593 pthread_cond_signal + 25
3   libnspr4.dylib                	0x02186d78 pt_PostNotifies + 200
4   libnspr4.dylib                	0x02186fba PR_Unlock + 90
5   XUL                           	0x00be3c0c mozilla::ipc::RPCChannel::OnMessageReceived(IPC::Message const&) + 188
6   XUL                           	0x00c9f2aa IPC::Channel::ChannelImpl::ProcessIncomingMessages() + 1258
7   XUL                           	0x00c9fc1f IPC::Channel::ChannelImpl::OnFileCanReadWithoutBlocking(int) + 255
8   XUL                           	0x00c88d7e event_base_loop + 798
9   XUL                           	0x00c9ba3e base::MessagePumpLibevent::Run(base::MessagePump::Delegate*) + 190
10  XUL                           	0x00c90f94 MessageLoop::Run() + 68
11  XUL                           	0x00c96ead base::Thread::ThreadMain() + 109
12  XUL                           	0x00c9c1b1 ThreadFunc(void*) + 17
13  libSystem.B.dylib             	0x9427aa19 _pthread_start + 345
14  libSystem.B.dylib             	0x9427a89e thread_start + 34

Thread 3:
0   libSystem.B.dylib             	0x9427b262 __semwait_signal + 10
1   libSystem.B.dylib             	0x9427af1e _pthread_cond_wait + 1191
2   libSystem.B.dylib             	0x9427cbb8 pthread_cond_wait$UNIX2003 + 73
3   ...dia.FlashPlayer-10.6.plugin	0x1619933f unregister_ShockwaveFlash + 45695
4   ...dia.FlashPlayer-10.6.plugin	0x15d6d884 0x15d55000 + 100484
5   ...dia.FlashPlayer-10.6.plugin	0x1619943e unregister_ShockwaveFlash + 45950
6   ...dia.FlashPlayer-10.6.plugin	0x16199575 unregister_ShockwaveFlash + 46261
7   libSystem.B.dylib             	0x9427aa19 _pthread_start + 345
8   libSystem.B.dylib             	0x9427a89e thread_start + 34

Thread 4:
0   libSystem.B.dylib             	0x9427b262 __semwait_signal + 10
1   libSystem.B.dylib             	0x9427af1e _pthread_cond_wait + 1191
2   libSystem.B.dylib             	0x9427cbb8 pthread_cond_wait$UNIX2003 + 73
3   ...dia.FlashPlayer-10.6.plugin	0x1619933f unregister_ShockwaveFlash + 45695
4   ...dia.FlashPlayer-10.6.plugin	0x15d6d884 0x15d55000 + 100484
5   ...dia.FlashPlayer-10.6.plugin	0x1619943e unregister_ShockwaveFlash + 45950
6   ...dia.FlashPlayer-10.6.plugin	0x16199575 unregister_ShockwaveFlash + 46261
7   libSystem.B.dylib             	0x9427aa19 _pthread_start + 345
8   libSystem.B.dylib             	0x9427a89e thread_start + 34

Thread 5:
0   libSystem.B.dylib             	0x9424d35a semaphore_timedwait_signal_trap + 10
1   libSystem.B.dylib             	0x9427aea1 _pthread_cond_wait + 1066
2   libSystem.B.dylib             	0x942a9a28 pthread_cond_timedwait_relative_np + 47
3   com.apple.audio.CoreAudio     	0x93b52965 CAGuard::WaitFor(unsigned long long) + 219
4   com.apple.audio.CoreAudio     	0x93b55997 CAGuard::WaitUntil(unsigned long long) + 289
5   com.apple.audio.CoreAudio     	0x93b53294 HP_IOThread::WorkLoop() + 1892
6   com.apple.audio.CoreAudio     	0x93b52b2b HP_IOThread::ThreadEntry(HP_IOThread*) + 17
7   com.apple.audio.CoreAudio     	0x93b52a42 CAPThread::Entry(CAPThread*) + 140
8   libSystem.B.dylib             	0x9427aa19 _pthread_start + 345
9   libSystem.B.dylib             	0x9427a89e thread_start + 34

Thread 6:
0   libSystem.B.dylib             	0x94272bd2 __workq_kernreturn + 10
1   libSystem.B.dylib             	0x94273168 _pthread_wqthread + 941
2   libSystem.B.dylib             	0x94272d86 start_wqthread + 30

Thread 0 crashed with X86 Thread State (32-bit):
  eax: 0x19e36000  ebx: 0x1ed155e0  ecx: 0x00000000  edx: 0x000fc080
  edi: 0x19e36000  esi: 0x1ed4e000  ebp: 0xbfffd2b8  esp: 0xbfffd2b8
   ss: 0x00000023  efl: 0x00010246  eip: 0x1620a9e9   cs: 0x0000001b
   ds: 0x00000023   es: 0x00000023   fs: 0x00000000   gs: 0x0000000f
  cr2: 0x0000044c

Binary Images:
    0x1000 -     0x1ffe +plugin-container ??? (???) <8998AAA0-01F6-CD1A-778B-A30F198851C0> /Applications/Minefield.app/Contents/MacOS/plugin-container
    0x5000 -     0x5ff6 +libxpcom.dylib ??? (???) <742EBD3F-EF81-C339-321F-DAF586BCBEC5> /Applications/Minefield.app/Contents/MacOS/libxpcom.dylib
    0xb000 -     0xbff0 +libmozalloc.dylib ??? (???) <69334B67-E45F-4EC6-20A9-3709EC9BA45D> /Applications/Minefield.app/Contents/MacOS/libmozalloc.dylib
    0xf000 -   0xf52fff +XUL ??? (???) <1B5BFA83-041D-E23A-C9D4-173DC2C8AB49> /Applications/Minefield.app/Contents/MacOS/XUL
 0x2151000 -  0x2156ff7 +libplds4.dylib ??? (???) <BE851094-F1AE-1B9D-B246-06ACF3860AAF> /Applications/Minefield.app/Contents/MacOS/libplds4.dylib
 0x215e000 -  0x2164fef +libplc4.dylib ??? (???) <ADED5040-FB5B-DC6B-AC6A-327F187E93B0> /Applications/Minefield.app/Contents/MacOS/libplc4.dylib
 0x216d000 -  0x2196fef +libnspr4.dylib ??? (???) <5049CC5E-3B8D-8911-1D46-F80E011E4198> /Applications/Minefield.app/Contents/MacOS/libnspr4.dylib
 0x21b9000 -  0x222afef +libmozsqlite3.dylib ??? (???) <7A274168-9143-EFA1-6998-ACFBE6685D1A> /Applications/Minefield.app/Contents/MacOS/libmozsqlite3.dylib
 0x2251000 -  0x23edfe3 +libmozjs.dylib ??? (???) <8C550536-2172-C14D-FD99-A48041D7CA26> /Applications/Minefield.app/Contents/MacOS/libmozjs.dylib
 0x2474000 -  0x2489ffc +libsmime3.dylib ??? (???) <0B1AED4B-03E4-E031-5E23-4D9CEE7A191B> /Applications/Minefield.app/Contents/MacOS/libsmime3.dylib
 0x24a3000 -  0x24ceffb +libssl3.dylib ??? (???) <99921D37-6A5E-1E8D-3636-FD3D3D357092> /Applications/Minefield.app/Contents/MacOS/libssl3.dylib
 0x24e8000 -  0x25a3fff +libnss3.dylib ??? (???) <D70E442B-C87D-FD29-51EE-556968420A4E> /Applications/Minefield.app/Contents/MacOS/libnss3.dylib
 0x2621000 -  0x262efff +libnssutil3.dylib ??? (???) <CDF2C3E4-D3C8-5C92-16DF-A70A39885E21> /Applications/Minefield.app/Contents/MacOS/libnssutil3.dylib
 0x2643000 -  0x26f8fe7  libcrypto.0.9.7.dylib 0.9.7 (compatibility 0.9.7) <0B69B1F5-3440-B0BF-957F-E0ADD49F13CB> /usr/lib/libcrypto.0.9.7.dylib
 0x27af000 -  0x27b2ff2 +com.macromedia.Flash Player.plugin 10.1.53.64 (10.1.53.64) <4FE0EBB4-DD56-E42E-1792-6466E720365F> /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player
 0x27d4000 -  0x27d4ff7 +net.sourceforge.SafariAdBlockLoader 0.4.0 RC3 (0.4.0 RC3) <8E9A6641-9CE7-5416-DC84-883DB8BAFDDA> /Library/InputManagers/Safari AdBlock/Safari AdBlock Loader.bundle/Contents/MacOS/Safari AdBlock Loader
 0x2cdb000 -  0x2cdefef  com.apple.LiveType.component 2.1.3 (2.1.3) /Library/QuickTime/LiveType.component/Contents/MacOS/LiveType
 0x2ce3000 -  0x2ce7ff3  com.apple.audio.AudioIPCPlugIn 1.1.2 (1.1.2) <C36F9194-6DB6-0AA8-4839-71191EEBAC65> /System/Library/Extensions/AudioIPCDriver.kext/Contents/Resources/AudioIPCPlugIn.bundle/Contents/MacOS/AudioIPCPlugIn
0x15d55000 - 0x16720fd3 +com.macromedia.FlashPlayer-10.6.plugin 10.1.53.64 (10.1.53.64) <28AEE5D0-CE3E-55DB-5AE5-787143EC0F96> /Library/Internet Plug-Ins/Flash Player.plugin/Contents/PlugIns/FlashPlayer-10.6.plugin/Contents/MacOS/FlashPlayer-10.6
0x167f3000 - 0x16858fde  com.apple.LiveType.framework 2.1.3 (2.1.3) /System/Library/PrivateFrameworks/LiveType.framework/Versions/A/LiveType
0x18837000 - 0x189aafe7  GLEngine ??? (???) <F0181B85-962E-508D-4912-056D87F8E96E> /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine
0x189dc000 - 0x18da0fff  com.apple.ATIRadeonX2000GLDriver 1.6.10 (6.1.0) <9B57C8E6-B6F7-24F4-0DC8-8CBC61F5306B> /System/Library/Extensions/ATIRadeonX2000GLDriver.bundle/Contents/MacOS/ATIRadeonX2000GLDriver
0x18dcd000 - 0x18df0fe7  GLRendererFloat ??? (???) <65E1E174-28E0-3FA9-E391-504891B69818> /System/Library/Frameworks/OpenGL.framework/Resources/GLRendererFloat.bundle/GLRendererFloat
0x18fcf000 - 0x18fddfe7  libSimplifiedChineseConverter.dylib 49.0.0 (compatibility 1.0.0) <4C9CC2D9-2F13-4465-5447-2516FCD9255B> /System/Library/CoreServices/Encodings/libSimplifiedChineseConverter.dylib
0x1a0c4000 - 0x1a0d6ff7  libTraditionalChineseConverter.dylib 49.0.0 (compatibility 1.0.0) <C4E0D62B-4D1A-8DAD-D10B-2C055AA0479C> /System/Library/CoreServices/Encodings/libTraditionalChineseConverter.dylib
0x70000000 - 0x700caffb  com.apple.audio.units.Components 1.6.1 (1.6.1) <AEC44B68-A209-4093-36B0-7B740361249B> /System/Library/Components/CoreAudio.component/Contents/MacOS/CoreAudio
0x8fe00000 - 0x8fe4162b  dyld 132.1 (???) <211AF0DD-42D9-79C8-BB6A-1F4BEEF4B4AB> /usr/lib/dyld
0x90003000 - 0x90105fef  com.apple.MeshKitIO 1.1 (49.2) <34322CDD-E67E-318A-F03A-A3DD05201046> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/Frameworks/MeshKitIO.framework/Versions/A/MeshKitIO
0x90106000 - 0x9010fff7  com.apple.DiskArbitration 2.3 (2.3) <E9C40767-DA6A-6CCB-8B00-2D5706753000> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x901d9000 - 0x901deff7  com.apple.OpenDirectory 10.6 (10.6) <92582807-E8F3-3DD9-EB42-4195CFB754A1> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory
0x901df000 - 0x9021dff7  com.apple.CoreMedia 0.484.5 (484.5) <35725D22-4549-5568-8E8C-62E0AD0E90F7> /System/Library/PrivateFrameworks/CoreMedia.framework/Versions/A/CoreMedia
0x90233000 - 0x90233ff7  com.apple.CoreServices 44 (44) <AC35D112-5FB9-9C8C-6189-5F5945072375> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x90234000 - 0x9023fff7  com.apple.CrashReporterSupport 10.6.3 (250) <E2835962-67A2-CA10-4016-467175851348> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport
0x90240000 - 0x9041bff3  libType1Scaler.dylib ??? (???) <944F686E-9CC2-03F0-A139-8F322F0AC49F> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libType1Scaler.dylib
0x9041c000 - 0x9059efe7  libicucore.A.dylib 40.0.0 (compatibility 1.0.0) <96A45E03-2B29-83EB-0FC6-2C932E398722> /usr/lib/libicucore.A.dylib
0x9059f000 - 0x905e1ff7  libvDSP.dylib 268.0.1 (compatibility 1.0.0) <3F0ED200-741B-4E27-B89F-634B131F5E9E> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x905e2000 - 0x905e4ff7  libRadiance.dylib ??? (???) <9358E1EF-F802-B76E-8E23-2D0695787CFB> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x90607000 - 0x90678ff7  com.apple.AppleVAFramework 4.8.11 (4.8.11) <BDDDFA36-4B53-4B57-B3D4-427DA8226A80> /System/Library/PrivateFrameworks/AppleVA.framework/Versions/A/AppleVA
0x90679000 - 0x90e68537  com.apple.CoreGraphics 1.543.33 (???) <C57E2964-80AF-6346-6D3E-23AED9D26977> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x90e69000 - 0x90eb9ff7  com.apple.framework.familycontrols 2.0.1 (2010) <50E74916-19A5-F2FC-AB57-76F2C8DDF0A7> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls
0x90f86000 - 0x90f88ff7  com.apple.securityhi 4.0 (36638) <962C66FB-5BE9-634E-0810-036CB340C059> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x90f89000 - 0x90fbdff7  libssl.0.9.8.dylib 0.9.8 (compatibility 0.9.8) <5FEC74CA-1D3C-B6E3-E046-3970095C44BC> /usr/lib/libssl.0.9.8.dylib
0x90fbe000 - 0x9133dff3  com.apple.RawCamera.bundle 3.0.2 (527) <981AB834-6C34-6FA5-F886-01DF06C56609> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
0x91362000 - 0x913d1ff7  libvMisc.dylib 268.0.1 (compatibility 1.0.0) <2FC2178F-FEF9-6E3F-3289-A6307B1A154C> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x913d2000 - 0x91416ff3  com.apple.coreui 2 (114) <29F8F1A4-1C96-6A0F-4CC2-9B85CF83209F> /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI
0x91435000 - 0x91697ff3  com.apple.security 6.1.1 (37594) <1AC07F75-7E27-9662-21DA-B05DFF047B26> /System/Library/Frameworks/Security.framework/Versions/A/Security
0x91698000 - 0x91854ff3  com.apple.ImageIO.framework 3.0.2 (3.0.1) <CB39B067-58B8-70DB-3E40-160604664A6D> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x91855000 - 0x9190efe7  libsqlite3.dylib 9.6.0 (compatibility 9.0.0) <16CEF8E8-8C9A-94CD-EF5D-05477844C005> /usr/lib/libsqlite3.dylib
0x9190f000 - 0x9191fff7  libsasl2.2.dylib 3.15.0 (compatibility 3.0.0) <C8744EA3-0AB7-CD03-E639-C4F2B910BE5D> /usr/lib/libsasl2.2.dylib
0x91921000 - 0x919d1ff3  com.apple.ColorSync 4.6.3 (4.6.3) <68B6A1B9-86CF-0C5A-7D63-56ED4BB2EB5B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x919d2000 - 0x91aafff7  com.apple.vImage 4.0 (4.0) <64597E4B-F144-DBB3-F428-0EC3D9A1219E> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91b24000 - 0x91b57ff7  com.apple.AE 496.4 (496.4) <7F34EC47-8429-3077-8158-54F5EA908C66> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x91b58000 - 0x91b6dfff  com.apple.ImageCapture 6.0 (6.0) <3F31833A-38A9-444E-02B7-17619CA6F2A0> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x91b6e000 - 0x91b7cff7  com.apple.opengl 1.6.7 (1.6.7) <3C529790-DEE9-AC27-A879-806E4C23323C> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x91b8c000 - 0x91c3aff3  com.apple.ink.framework 1.3.3 (107) <57B54F6F-CE35-D546-C7EC-DBC5FDC79938> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x91c3b000 - 0x91c3eff7  libCoreVMClient.dylib ??? (???) <98CB96B1-85FE-25AF-AB19-ED061912FC3E> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreVMClient.dylib
0x91c3f000 - 0x91cdcfe3  com.apple.LaunchServices 362.1 (362.1) <885D8567-9E40-0105-20BC-42C7FF657583> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x91e6b000 - 0x91e6fff7  IOSurface ??? (???) <4B825ADA-8DBE-6BA2-1AB3-307D2C3AFCA8> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface
0x91e70000 - 0x91e96fff  com.apple.DictionaryServices 1.1.1 (1.1.1) <02709230-9B37-C743-6E27-3FCFD18211F8> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices
0x91e97000 - 0x91edaff7  com.apple.NavigationServices 3.5.4 (182) <753B8906-06C0-3AE0-3D6A-8FF5AC18ED12> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x91f08000 - 0x91f4bff7  libGLU.dylib ??? (???) <CE02968E-930D-E63B-7B21-B87205F8B19A> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x91f4c000 - 0x91f4fffb  com.apple.help 1.3.1 (41) <67F1F424-3983-7A2A-EC21-867BE838E90B> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x91f50000 - 0x91f50ff7  liblangid.dylib ??? (???) <B99607FC-5646-32C8-2C16-AFB5EA9097C2> /usr/lib/liblangid.dylib
0x91f51000 - 0x91f95fe7  com.apple.Metadata 10.6.3 (507.8) <53BB360A-1813-170D-827F-C1863EF15537> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x91fd7000 - 0x91febffb  com.apple.speech.synthesis.framework 3.10.35 (3.10.35) <57DD5458-4F24-DA7D-0927-C3321A65D743> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x91fec000 - 0x91ffdff7  com.apple.LangAnalysis 1.6.6 (1.6.6) <7A3862F7-3730-8F6E-A5DE-8E2CCEA979EF> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x92014000 - 0x92028fe7  libbsm.0.dylib ??? (???) <14CB053A-7C47-96DA-E415-0906BA1B78C9> /usr/lib/libbsm.0.dylib
0x92029000 - 0x92093fe7  libstdc++.6.dylib 7.9.0 (compatibility 7.0.0) <411D87F4-B7E1-44EB-F201-F8B4F9227213> /usr/lib/libstdc++.6.dylib
0x92094000 - 0x921c0fff  com.apple.audio.toolbox.AudioToolbox 1.6.3 (1.6.3) <F0D7256E-0914-8E77-E37B-9720430422AB> /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x921c1000 - 0x921ceff7  com.apple.NetFS 3.2.1 (3.2.1) <5E61A00B-FA16-9D99-A064-47BDC5BC9A2B> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS
0x921cf000 - 0x9268cffb  com.apple.VideoToolbox 0.484.5 (484.5) <DA9B4FA8-B91C-43AC-1D84-0BFF46BB5BCE> /System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/VideoToolbox
0x9268d000 - 0x92697ffb  com.apple.speech.recognition.framework 3.11.1 (3.11.1) <EC0E69C8-A121-70E8-43CF-E6FC4C7779EC> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92698000 - 0x92698ff7  com.apple.quartzframework 1.5 (1.5) <CEB78F00-C5B2-3B3F-BF70-DD6D578719C0> /System/Library/Frameworks/Quartz.framework/Versions/A/Quartz
0x92699000 - 0x926abff7  com.apple.MultitouchSupport.framework 204.12.1 (204.12.1) <6BB58E90-21FA-C491-F0E4-54B69CCDBBC0> /System/Library/PrivateFrameworks/MultitouchSupport.framework/Versions/A/MultitouchSupport
0x927e4000 - 0x927e5ff7  com.apple.MonitorPanelFramework 1.3.0 (1.3.0) <0EC4EEFF-477E-908E-6F21-ED2C973846A4> /System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPanel
0x927e6000 - 0x92825ff7  com.apple.ImageCaptureCore 1.0.1 (1.0.1) <A03C5D7E-54CD-D56D-E120-9B35EBC9D8F1> /System/Library/Frameworks/ImageCaptureCore.framework/Versions/A/ImageCaptureCore
0x92826000 - 0x9282cff7  com.apple.DisplayServicesFW 2.2.2 (251) <D8BB3A1F-29C7-A957-C781-794CC9550525> /System/Library/PrivateFrameworks/DisplayServices.framework/Versions/A/DisplayServices
0x9282d000 - 0x928c5fe7  edu.mit.Kerberos 6.5.9 (6.5.9) <73EC847F-FF44-D542-2AD5-97F6C8D48F0B> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
0x928c6000 - 0x92946feb  com.apple.SearchKit 1.3.0 (1.3.0) <9E18AEA5-F4B4-8BE5-EEA9-818FC4F46FD9> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x9294c000 - 0x929c5ff7  com.apple.PDFKit 2.5.1 (2.5.1) <CEF13510-F08D-3177-7504-7F8853906DE6> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit
0x929c6000 - 0x929e7fe7  com.apple.opencl 12.1 (12.1) <1BCA4F60-E612-5C1B-EF50-A810D70CDF05> /System/Library/Frameworks/OpenCL.framework/Versions/A/OpenCL
0x929e8000 - 0x92ae9fe7  libxml2.2.dylib 10.3.0 (compatibility 10.0.0) <B4C5CD68-405D-0F1B-59CA-5193D463D0EF> /usr/lib/libxml2.2.dylib
0x92aea000 - 0x92de3fef  com.apple.QuickTime 7.6.6 (1729) <4C99ED7D-5A4B-E41E-602D-2D01A99168CD> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime
0x92e19000 - 0x92ee3fef  com.apple.CoreServices.OSServices 357 (357) <764872C3-AE30-7F54-494D-4BA3CE4F4DFB> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x92ee4000 - 0x92f8dff7  com.apple.CFNetwork 454.9.4 (454.9.4) <2F8B5BA5-099F-6CDA-F500-4CA188BBCDBC> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x93026000 - 0x930ceffb  com.apple.QD 3.35 (???) <B80B64BC-958B-DA9E-50F9-D7E8333CC5A2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x9315c000 - 0x93387ff3  com.apple.QuartzComposer 4.1 (156.13) <FE0BF06B-8D32-C712-7CCD-63D8918B8B6D> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer
0x933a1000 - 0x93493ff7  libcrypto.0.9.8.dylib 0.9.8 (compatibility 0.9.8) <7482933B-4AF6-ED55-AD72-4FBD1E134958> /usr/lib/libcrypto.0.9.8.dylib
0x937d9000 - 0x93809ff7  com.apple.MeshKit 1.1 (49.2) <ECFBD794-5D36-4405-6184-5568BFF29BF3> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/MeshKit
0x939b1000 - 0x93adffe7  com.apple.CoreData 102.1 (251) <E6A457F0-A0A3-32CD-6C69-6286E7C0F063> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x93ae0000 - 0x93b31ff7  com.apple.HIServices 1.8.0 (???) <10C85B88-C6AF-91DB-2546-34661BA35AC5> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x93b32000 - 0x93bacfef  com.apple.audio.CoreAudio 3.2.2 (3.2.2) <1F97B48A-327B-89CC-7C01-3865179716E0> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x93be4000 - 0x93c5bff3  com.apple.backup.framework 1.2.2 (1.2.2) <FE4C6311-EA63-15F4-2CF7-04CF7734F434> /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup
0x93c5c000 - 0x93c60ff7  libGFXShared.dylib ??? (???) <286F466C-2856-B579-B87F-4E9A35C80263> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.dylib
0x93c80000 - 0x93e86feb  com.apple.AddressBook.framework 5.0.1 (868) <2CCD7801-F3B8-CED3-D5D7-096AF8DC004D> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x93e87000 - 0x941eeff7  com.apple.QuartzCore 1.6.1 (227.18) <8A65F233-4C77-BA7C-5DDA-2423F5C1B7A1> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x941ef000 - 0x941faff7  libCSync.A.dylib 543.33.0 (compatibility 64.0.0) <F914F427-98EA-98BC-923D-47274A90D441> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x9424c000 - 0x943f1feb  libSystem.B.dylib 125.0.1 (compatibility 1.0.0) <06A5336A-A6F6-4E62-F55F-4909A64631C2> /usr/lib/libSystem.B.dylib
0x943f2000 - 0x94cd1ff7  com.apple.AppKit 6.6.5 (1038.29) <E76A05A6-27C6-DA02-0961-5C8EEDC5F0A7> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x94df5000 - 0x94e11fe3  com.apple.openscripting 1.3.1 (???) <DA16DE48-59F4-C94B-EBE3-7FAF772211A2> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x94e12000 - 0x94e12ff7  com.apple.vecLib 3.6 (vecLib 3.6) <7362077A-890F-3AEF-A8AB-22247B10E106> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x94e13000 - 0x94e59ff7  libauto.dylib ??? (???) <85670A64-3B67-8162-D441-D8E0BE15CA94> /usr/lib/libauto.dylib
0x94e5a000 - 0x94ec8ff7  com.apple.QuickLookUIFramework 2.2 (327.4) <5B6A066B-B867-D3A3-BDEE-3D68FA5385B4> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/QuickLookUI
0x94ec9000 - 0x94f0aff7  libRIP.A.dylib 543.33.0 (compatibility 64.0.0) <C6E50C7E-EBEE-32AF-FF07-8E325E21A838> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x94f0b000 - 0x94f0bff7  com.apple.Accelerate 1.6 (Accelerate 1.6) <BC501C9F-7C20-961A-B135-0A457667D03C> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x94f0c000 - 0x94f67ff7  com.apple.framework.IOKit 2.0 (???) <69E4FE93-376C-565E-650F-04FAD213AA24> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x9516a000 - 0x9519fff7  libcups.2.dylib 2.8.0 (compatibility 2.0.0) <458E819A-4E3F-333E-28CE-671281B318D3> /usr/lib/libcups.2.dylib
0x951a0000 - 0x951f8fe7  com.apple.datadetectorscore 2.0 (80.7) <A40AA74A-9D13-2A6C-5440-B50905923251> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDetectorsCore
0x951f9000 - 0x95214ff7  libPng.dylib ??? (???) <929FE8EE-277D-F6EB-D672-E6F4CEBF1504> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x9522e000 - 0x95284ff7  com.apple.MeshKitRuntime 1.1 (49.2) <F1EAE9EC-2DA3-BAFD-0A8C-6A3FFC96D728> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/Frameworks/MeshKitRuntime.framework/Versions/A/MeshKitRuntime
0x95285000 - 0x952cefe7  libTIFF.dylib ??? (???) <E45B169E-253E-E865-1501-97777D2702F2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x952cf000 - 0x952d5fff  com.apple.CommonPanels 1.2.4 (91) <2438AF5D-067B-B9FD-1248-2C9987F360BA> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x952d6000 - 0x952d6ff7  com.apple.Carbon 150 (152) <608A04AB-F35D-D2EB-6629-16B88FB32074> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x952d7000 - 0x95312feb  libFontRegistry.dylib ??? (???) <F50A60E1-3757-D007-A20D-A5504C17334C> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontRegistry.dylib
0x95327000 - 0x95365ff7  com.apple.QuickLookFramework 2.2 (327.4) <88A59C42-A200-FCB6-23EC-E848D0E14963> /System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook
0x95475000 - 0x956e5ffb  com.apple.Foundation 6.6.2 (751.21) <DA7A173A-4435-ECD6-F4AF-977D722FD2F7> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x9575a000 - 0x957dcffb  SecurityFoundation 36840.0.0 (compatibility 1.0.0) <29C27E0E-B2B3-BF6B-B1F8-5783B8B01535> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x9589d000 - 0x958e3ffb  com.apple.CoreMediaIOServices 130.0 (1035) <397101F4-BA80-C8C2-F816-E2FBE5E15D4F> /System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/CoreMediaIOServices
0x958e4000 - 0x95c04feb  com.apple.CoreServices.CarbonCore 861.6 (861.6) <D3D5D9F1-01ED-DCAD-6AA9-4ABE60C7A112> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x95c05000 - 0x95c09ff7  libGIF.dylib ??? (???) <03880BA1-7A86-0F2B-617A-C66B1D05DD70> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x95c0a000 - 0x95c3bff3  libTrueTypeScaler.dylib ??? (???) <F6A32C01-CD82-54F6-218E-0406D40D1D9A> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libTrueTypeScaler.dylib
0x95c3c000 - 0x95c7cff3  com.apple.securityinterface 4.0.1 (37214) <BBC88C96-8827-91DC-0CF6-7CB639183395> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x95c7d000 - 0x95df6ffb  com.apple.CoreFoundation 6.6.1 (550.19) <1E97FB1E-9E42-B8EB-E463-5C75315FDA31> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x95df7000 - 0x95e1fff7  libxslt.1.dylib 3.24.0 (compatibility 3.0.0) <769EF4B2-C1AD-73D5-AAAD-1564DAEA77AF> /usr/lib/libxslt.1.dylib
0x95e20000 - 0x96236ff7  libBLAS.dylib 219.0.0 (compatibility 1.0.0) <C4FB303A-DB4D-F9E8-181C-129585E59603> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x96237000 - 0x963b7feb  com.apple.MediaToolbox 0.484.5 (484.5) <6996E5E1-18B6-C734-8335-FE43670C1F9C> /System/Library/PrivateFrameworks/MediaToolbox.framework/Versions/A/MediaToolbox
0x963b8000 - 0x96453ff7  com.apple.ApplicationServices.ATS 4.2 (???) <3BEB7210-4C85-7309-B22D-695765526524> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x9655b000 - 0x9657fff7  libJPEG.dylib ??? (???) <EDA86712-F49C-760C-BE55-9B899A4A5D1B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x96580000 - 0x965cdfeb  com.apple.DirectoryService.PasswordServerFramework 6.0 (6.0) <BF66BA5D-BBC8-78A5-DBE2-F9DE3DD1D775> /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordServer
0x965ce000 - 0x965deff7  com.apple.DSObjCWrappers.Framework 10.6 (134) <81A0B409-3906-A98F-CA9B-A49E75007495> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x965f5000 - 0x966a2fe7  libobjc.A.dylib 227.0.0 (compatibility 1.0.0) <DF8E4CFA-3719-3415-0BF1-E8C5E561C3B1> /usr/lib/libobjc.A.dylib
0x966a3000 - 0x969c7fef  com.apple.HIToolbox 1.6.2 (???) <F5F99E78-5377-DD54-6138-9FC84467F938> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x969c8000 - 0x969d2fe7  com.apple.audio.SoundManager 3.9.3 (3.9.3) <5F494955-7290-2D91-DA94-44B590191771> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x969fe000 - 0x96a36ff7  com.apple.LDAPFramework 2.0 (120.1) <001A70A8-3984-8E19-77A8-758893CC128C> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x96a37000 - 0x96b79fe3  com.apple.QTKit 7.6.6 (1729) <1EC021FB-AB8F-F8BF-0434-78C0A7B78EB2> /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit
0x96c66000 - 0x96d41fe7  com.apple.DesktopServices 1.5.5 (1.5.5) <ECEDFDF2-C40E-8DF0-F8FC-249CCA762E62> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x96d42000 - 0x96d43ff7  com.apple.audio.units.AudioUnit 1.6.3 (1.6.3) <959DFFAE-A06B-7FF6-B713-B2076893EBBD> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x96d44000 - 0x96d64fe7  libresolv.9.dylib 40.0.0 (compatibility 1.0.0) <03019DD7-993D-AC88-6636-179F92F315C4> /usr/lib/libresolv.9.dylib
0x96dcc000 - 0x96ed8ff7  libGLProgrammability.dylib ??? (???) <CA0A975B-2BEE-44E7-CFA6-8105CFE6FE00> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib
0x96ed9000 - 0x96f6bfe3  com.apple.print.framework.PrintCore 6.2 (312.5) <7729B4D7-D661-D669-FA7E-510F93F685A6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x96f6c000 - 0x96f6cff7  com.apple.Cocoa 6.6 (???) <EA27B428-5904-B00B-397A-185588698BCC> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x96f6d000 - 0x96f78ff7  libGL.dylib ??? (???) <EAD85409-9036-831B-C378-E50780305DA6> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x96f79000 - 0x973aeff7  libLAPACK.dylib 219.0.0 (compatibility 1.0.0) <5E2D2283-57DE-9A49-1DB0-CD027FEFA6C2> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x973ba000 - 0x9759cfff  com.apple.imageKit 2.0.3 (1.0) <56AE34CD-4406-8AA2-DDBF-DBF902BD0E0A> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/ImageKit.framework/Versions/A/ImageKit
0x975eb000 - 0x9761cff7  libGLImage.dylib ??? (???) <AF110892-B10A-5B61-F898-21FB2BCE63BF> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x97792000 - 0x97799ff3  com.apple.print.framework.Print 6.1 (237.1) <97AB70B6-C653-212F-CFD3-E3816D0F5C22> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x9779a000 - 0x9779aff7  com.apple.ApplicationServices 38 (38) <8012B504-3D83-BFBB-DA65-065E061CFE03> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x986ed000 - 0x986f4ff7  com.apple.agl 3.0.12 (AGL-3.0.12) <6BF89127-C18C-27A9-F94A-981836A822FE> /System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x986f5000 - 0x98717fef  com.apple.DirectoryService.Framework 3.6 (621.3) <05FFDBDB-F16B-8AC0-DB42-986965FCBD95> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x98738000 - 0x98738ff7  com.apple.Accelerate.vecLib 3.6 (vecLib 3.6) <1DEC639C-173D-F808-DE0D-4070CC6F5BC7> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x98739000 - 0x98745ff7  libkxld.dylib ??? (???) <13F26BB6-C2F7-9D74-933E-09AD8B509ECD> /usr/lib/system/libkxld.dylib
0x98746000 - 0x98749ff7  libCGXType.A.dylib 543.33.0 (compatibility 64.0.0) <69BE578C-A364-A150-35E3-53EE00F56F05> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXType.A.dylib
0x98750000 - 0x987b1fe7  com.apple.CoreText 3.1.0 (???) <1372DABE-F183-DD03-03C2-64B2464A4FD5> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x987b2000 - 0x98883fe3  ColorSyncDeprecated.dylib 4.6.0 (compatibility 1.0.0) <0A608513-31AD-D533-8386-10245FD62057> /System/Library/Frameworks/ApplicationServices.framework/Frameworks/ColorSync.framework/Versions/A/Resources/ColorSyncDeprecated.dylib
0x98884000 - 0x988a2ff7  com.apple.CoreVideo 1.6.1 (45.4) <E0DF044D-BF31-42CE-B690-FD1FCE07E64A> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x988a3000 - 0x988a5fe7  com.apple.ExceptionHandling 1.5 (10) <21F37A49-E63B-121E-D406-1BBC94BEC762> /System/Library/Frameworks/ExceptionHandling.framework/Versions/A/ExceptionHandling
0x988a6000 - 0x988e3ff7  com.apple.SystemConfiguration 1.10.2 (1.10.2) <830FED9E-3E24-004C-35D5-2C1273F79734> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x988e4000 - 0x988fcff7  com.apple.CFOpenDirectory 10.6 (10.6) <1537FB4F-C112-5D12-1E5D-3B1002A4038F> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory
0x98931000 - 0x98b26fe3  com.apple.JavaScriptCore 6533 (6533.13) <B6AF9DFD-138F-975C-F989-80E272265C8B> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
0x98c0b000 - 0x98c19fe7  libz.1.dylib 1.2.3 (compatibility 1.0.0) <82B2C254-6F8D-7BEA-4C18-038E90CAE19B> /usr/lib/libz.1.dylib
0x98c1a000 - 0x98cd0fff  libFontParser.dylib ??? (???) <5935E105-1E45-886C-6420-C1CCA886C375> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontParser.dylib
0x98cd1000 - 0x98d35ffb  com.apple.htmlrendering 72 (1.1.4) <4D451A35-FAB6-1288-71F6-F24A4B6E2371> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x98d36000 - 0x98d5dff7  com.apple.quartzfilters 1.6.0 (1.6.0) <879A3B93-87A6-88FE-305D-DF1EAED04756> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzFilters.framework/Versions/A/QuartzFilters
0x98d5e000 - 0x98d5fff7  com.apple.TrustEvaluationAgent 1.1 (1) <6C04C4C5-667E-2EBE-EB96-5B67BD4B2185> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent
0x99911000 - 0x9996bfe7  com.apple.CorePDF 1.1 (1.1) <E4608FF6-A27D-7DFC-5620-D86762502AC0> /System/Library/PrivateFrameworks/CorePDF.framework/Versions/A/CorePDF
0x9996c000 - 0x9996ffe7  libmathCommon.A.dylib 315.0.0 (compatibility 1.0.0) <1622A54F-1A98-2CBE-B6A4-2122981A500E> /usr/lib/system/libmathCommon.A.dylib
0xba900000 - 0xba916ff7  libJapaneseConverter.dylib 49.0.0 (compatibility 1.0.0) <4FB5CEEB-8D3E-8C57-1718-81D7CAFBFE69> /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib
0xbab00000 - 0xbab21fe7  libKoreanConverter.dylib 49.0.0 (compatibility 1.0.0) <A23F9980-5CC8-A44D-6FD6-DBFCBFF4FF28> /System/Library/CoreServices/Encodings/libKoreanConverter.dylib
0xffff0000 - 0xffff1fff  libSystem.B.dylib ??? (???) <06A5336A-A6F6-4E62-F55F-4909A64631C2> /usr/lib/libSystem.B.dylib
(Reporter)

Comment 7

7 years ago
...well, or I should just put them in a txt file.

http://cl.ly/d67f941aa0c91ee0752a

Comment 8

7 years ago
in the future, please use the 'Add an attachment' link in the bug :)
Component: Plug-ins → Flash (Adobe)
Product: Core → Plugins
QA Contact: plugins → adobe-flash
Version: Trunk → 10.x
(Reporter)

Comment 9

7 years ago
Missed that :P
Summary: [OOPP][adblock?] Plugin-container crashes easily with new YouTube player → [OOPP][flashblock?] Plugin-container crashes easily with new YouTube player

Comment 10

7 years ago
Doesn't Adobe have a public symbol server for their flash plugin these days?

Comment 11

7 years ago
afaiu, they've merely delivered symbols to mozilla, but i think that's only for winodws, not certain.
Keywords: stackwanted
(Reporter)

Comment 12

7 years ago
Well since the crash reporting for OOPP landed today, 
http://crash-stats.mozilla.com/report/index/62d61422-a6ae-4bc1-aedf-d85992100817

Comment 13

7 years ago
So is this a Flash plugin problem or a OOPP problem?

0|0|FlashPlayer-10.6||||0x621592 0|1|FlashPlayer-10.6||||0x61ce45 0|2|FlashPlayer-10.6||||0x61db1b 0|3|FlashPlayer-10.6||||0x3603d6 0|4|FlashPlayer-10.6||||0x4b83c0 0|5|FlashPlayer-10.6||||0x4c06f4 0|6|FlashPlayer-10.6||||0x4c047c 0|7|FlashPlayer-10.6||||0x43310a 0|8|XUL|mozilla::plugins::PluginInstanceChild::AnswerNPP_Destroy|hg:hg.mozilla.org/mozilla-central:dom/plugins/PluginModuleChild.h:116f2046b9ef|315|0x16 0|9|XUL|mozilla::plugins::PPluginInstanceChild::OnCallReceived|PPluginInstanceChild.cpp|1603|0x10 0|10|XUL|mozilla::plugins::PPluginModuleChild::OnCallReceived|PPluginModuleChild.cpp|546|0x14 0|11|XUL|mozilla::ipc::RPCChannel::DispatchIncall|hg:hg.mozilla.org/mozilla-central:ipc/glue/RPCChannel.cpp:116f2046b9ef|510|0x15 0|12|XUL|mozilla::ipc::RPCChannel::Call|hg:hg.mozilla.org/mozilla-central:ipc/glue/RPCChannel.cpp:116f2046b9ef|310|0x70 0|13|XUL|mozilla::plugins::PPluginInstanceChild::CallNPN_ConvertPoint|PPluginInstanceChild.cpp|1006|0x18 0|14|XUL|mozilla::plugins::child::_convertpoint|hg:hg.mozilla.org/mozilla-central:dom/plugins/PluginModuleChild.cpp:116f2046b9ef|1603|0x4c 0|15|FlashPlayer-10.6||||0x4b39d0 0|16|FlashPlayer-10.6||||0x4c013c 0|17|FlashPlayer-10.6||||0x4a034b 0|18|FlashPlayer-10.6||||0x3e65c0 0|19|FlashPlayer-10.6||||0x3e83bb 0|20|FlashPlayer-10.6||||0x3ac40f 0|21|FlashPlayer-10.6||||0x356601 0|22|FlashPlayer-10.6||||0x35f428 0|23|FlashPlayer-10.6||||0x4b7c36 0|24|CoreFoundation|__CFRunLoopDoSources0|||0x61a 0|25|CoreFoundation|__CFRunLoopRun|||0x42e 0|26|CoreFoundation|CFRunLoopRunSpecific|||0x1c3 0|27|CoreFoundation|CFRunLoopRunInMode|||0x60 0|28|HIToolbox|RunCurrentEventLoopInMode|||0x187 0|29|HIToolbox|ReceiveNextEventCommon|||0x161 0|30|HIToolbox|BlockUntilNextEventMatchingListInMode|||0x50 0|31|AppKit|_DPSNextEvent|||0x34e 0|32|AppKit|-[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]|||0x9b 0|33|AppKit|-[NSApplication run]|||0x334 0|34|XUL|base::MessagePumpNSApplication::DoRun|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_pump_mac.mm:116f2046b9ef|677|0x19 0|35|XUL|base::MessagePumpCFRunLoopBase::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_pump_mac.mm:116f2046b9ef|213|0xb 0|36|XUL|MessageLoop::Run|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:116f2046b9ef|219|0xb 0|37|XUL|XRE_InitChildProcess|hg:hg.mozilla.org/mozilla-central:toolkit/xre/nsEmbedFunctions.cpp:116f2046b9ef|432|0xd 0|38|plugin-container|main|hg:hg.mozilla.org/mozilla-central:ipc/app/MozillaRuntimeMain.cpp:116f2046b9ef|87|0x16 0|39|plugin-container||||0xf05 0|40|||||0x4
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
Summary: [OOPP][flashblock?] Plugin-container crashes easily with new YouTube player → [OOPP][@FlashPlayer-10.6@0x621592 ][flashblock?] Plugin-container crashes easily with new YouTube player
We have symbols for Adobe's Windows builds available to crash-stats, but that's it.

Comment 15

7 years ago
We're happy to provide stats for Mac and Linux as well. My apologies if this didn't happen.
Ted: Do we still need symbols for Mac and Linux?

(In reply to comment #15)
> We're happy to provide stats for Mac and Linux as well. My apologies if this
> didn't happen.
We do not have any Mac or Linux flash player symbols.

Comment 18

7 years ago
The YouTube player has become quite crash happy in the past couple of days:

These ones point to this bug:
http://crash-stats.mozilla.com/report/index/bp-e10d1770-6902-49e0-90da-2820a2101104
http://crash-stats.mozilla.com/report/index/bp-7bbbdad4-8274-4b99-98dd-664f62101104
http://crash-stats.mozilla.com/report/index/bp-ce6d9759-8766-4b1b-b026-da8112101104
http://crash-stats.mozilla.com/report/index/bp-51137f8a-95a4-47d7-b40f-4c0cf2101104

These don't but occurred doing the same thing:
http://crash-stats.mozilla.com/report/index/bp-8da225e6-5116-4901-bc99-707f02101105
http://crash-stats.mozilla.com/report/index/bp-dc1a2e99-a726-4af3-b48d-a457f2101104

To reproduce:
1. Watch any video with the new YouTube player
2. Navigate away from the video page while it is still playing
3. Flash will crash
Looking at the stacktrace we don't need Adobe's symboles. The problem is we're trying to destroy the plug-in while the plugin is expecting an answer to  	mozilla::plugins::PPluginInstanceChild::CallNPN_ConvertPoint.

Comment 20

7 years ago
In general plugin calls "win" RPC races, so the only way this should reasonably happen is if we actually called NPP_DestroyPlugin from within the NPN_ConvertPoint implementation, which seems unlikely.

Can we reproduce this and get the browser-side stack at the time of the crash?

Updated

7 years ago
Assignee: nobody → b56girard
I'm assigning this to myself, I'll take a look at this tonight.
I traced through the code and couldn't find where in AnswerNPN_ConvertPoint the Destroy function would be called. It tried with the debugger but the bug does not appear to reproduce with the debugger.

I did find that the Destroy function is invoked through a timer. Is it possible that at some point the IPC mechanism processes events?

Example of nsTimer invoking Destroy:
#0  mozilla::plugins::PluginInstanceParent::Destroy (this=0x24bf2160) at /Users/mozilla/mozilla/mozilla-central/dom/plugins/PluginInstanceParent.cpp:176
#1  0x0148c0ff in mozilla::plugins::PluginModuleParent::NPP_Destroy (instance=0x1cc9d19c) at /Users/mozilla/mozilla/mozilla-central/dom/plugins/PluginModuleParent.cpp:412
#2  0x011cdae4 in nsNPAPIPluginInstance::Stop (this=0x1cc9d190) at /Users/mozilla/mozilla/mozilla-central/modules/plugin/base/src/nsNPAPIPluginInstance.cpp:213
#3  0x0042c993 in DoStopPlugin (aInstanceOwner=0x24db4290, aDelayedStop=0) at /Users/mozilla/mozilla/mozilla-central/layout/generic/nsObjectFrame.cpp:2467
#4  0x0042d7c8 in nsStopPluginRunnable::Run (this=0x1bedcb00) at /Users/mozilla/mozilla/mozilla-central/layout/generic/nsObjectFrame.cpp:2516
#5  0x0041fb20 in nsStopPluginRunnable::Notify (this=0x1bedcb00, aTimer=0x24eb90f0) at /Users/mozilla/mozilla/mozilla-central/layout/generic/nsObjectFrame.cpp:2485
#6  0x016c47d4 in nsTimerImpl::Fire (this=0x24eb90f0) at /Users/mozilla/mozilla/mozilla-central/xpcom/threads/nsTimerImpl.cpp:428
#7  0x016c4a2b in nsTimerEvent::Run (this=0x1cca8970) at /Users/mozilla/mozilla/mozilla-central/xpcom/threads/nsTimerImpl.cpp:517
#8  0x016bd82e in nsThread::ProcessNextEvent (this=0x4e00ea0, mayWait=0, result=0xbfffc4d4) at /Users/mozilla/mozilla/mozilla-central/xpcom/threads/nsThread.cpp:609
#9  0x01643cd7 in NS_ProcessPendingEvents_P (thread=0x4e00ea0, timeout=20) at nsThreadUtils.cpp:200
#10 0x013ed435 in nsBaseAppShell::NativeEventCallback (this=0x4d46de0) at /Users/mozilla/mozilla/mozilla-central/widget/src/xpwidgets/nsBaseAppShell.cpp:131
#11 0x0139e2dd in nsAppShell::ProcessGeckoEvents (aInfo=0x4d46de0) at /Users/mozilla/mozilla/mozilla-central/widget/src/cocoa/nsAppShell.mm:399

Comment 23

7 years ago
This might be triggered by bug 590955 where the stack above AnswerNPP_Destroy is very similar to the other bug.

Here's a list of crash signatures and their corresponding version/release:
[@ FlashPlayer-10.6@0x64ca42 ] 10.2.151.49 nov 30
[@ FlashPlayer-10.6@0x626082 ] 10.1.102.64 nov 4
[@ FlashPlayer-10.6@0x621592 ] 10.1.85.3 sep 20
[@ FlashPlayer-10.6@0x621592 ] 10.1.82.76 aug 10
[@ FlashPlayer-10.6@0x622292 ] 10.1.53.64? jun 10
Depends on: 590955
Summary: [OOPP][@FlashPlayer-10.6@0x621592 ][flashblock?] Plugin-container crashes easily with new YouTube player → [OOPP][flashblock?] Plugin-container crashes easily with new YouTube player [@ FlashPlayer-10.6@0x64ca42 ] [@ FlashPlayer-10.6@0x626082 ] [@ FlashPlayer-10.6@0x621592 ] [@ FlashPlayer-10.6@0x622292 ]

Updated

7 years ago
Blocks: 617469

Updated

7 years ago
Duplicate of this bug: 616471

Updated

7 years ago
Assignee: b56girard → nobody
Component: Flash (Adobe) → Plug-ins
Product: Plugins → Core
QA Contact: adobe-flash → plugins
Version: 10.x → Trunk

Comment 25

7 years ago
I can debug this now! As we navigate from youtube to w3.org, I'm seeing the following assertions:

###!!! ASSERTION: Must have a native view to convert coordiates.: 'inView', file ... nsPluginUtilsOSX.mm, line 160

Then the crash of the plugin process.
Assignee: nobody → benjamin
blocking2.0: --- → final+

Comment 26

7 years ago
The child stack made me suspect weird race resolution, so I added some debugging to MediateRace:

[time:1294353096264985][PPluginInstanceChild] Sending Msg_NPN_ConvertPoint([TODO])
--DOCSHELL 0x22470c00 == 8
--DOCSHELL 0x1c846c00 == 7
--DOCSHELL 0x5606200 == 6
[time:1294353096390022][PPluginInstanceParent] Received Msg_NPN_ConvertPoint([TODO])
###!!! ASSERTION: Must have a native view to convert coordinates.: 'inView', file ../../../src/layout/generic/nsPluginUtilsOSX.mm, line 160
[time:1294353096390548][PPluginInstanceParent] Sending reply Reply_NPN_ConvertPoint([TODO])
[time:1294353096391052][PPluginInstanceChild] Received reply Reply_NPN_ConvertPoint([TODO])
[time:1294353096393228][PPluginInstanceChild] Sending Msg_NPN_ConvertPoint([TODO])
[time:1294353096402865][PPluginInstanceParent] Sending Msg_NPP_SetWindow([TODO])
MediateRace(parent=0x1c283220/PPluginInstance::Msg_NPP_SetWindow, child=0xbfffda8c/???)
  (parent won, so we're deferring)
MediateRace(parent=0xbfffcc2c/???, child=0x4f0df50/PPluginInstance::Msg_NPN_ConvertPoint)
  (parent won, so we're not deferring)
[time:1294353096403040][PPluginInstanceChild] Received Msg_NPP_SetWindow([TODO])
[time:1294353096403845][PPluginInstanceChild] Sending reply Reply_NPP_SetWindow([TODO])
[time:1294353096404201][PPluginInstanceParent] Received reply Reply_NPP_SetWindow([TODO])
[time:1294353096404373][PPluginInstanceParent] Sending Msg_NPP_Destroy([TODO])
[time:1294353096404582][PPluginInstanceChild] Received Msg_NPP_Destroy([TODO])

I need to expand the ???, but it looks like the parent is sending two messages in rapid succession: NPP_SetWindow (which wins race resolution) an then NPP_Destroy (which should not win race resolution). cjones, is it possible that the IPC mechanism is delivering the NPP_Destroy message within the nested RPC message anyway?
Duplicate of this bug: 623684
From the trace in comment 26, if there was nothing else on the RPC stack when the parent sent SetWindow, then it appears this is happening

 P                    C
---------            -----------
                     <-ConvertPoint
reply CP->
SetWindow->          <-ConvertPoint
  (defer CP)
                       (process SW)
                     <-reply SW
Destroy->
                     <-reply Destroy
  [spin event loop]
process CP


What would happen if we processed the ConvertPoint after NPP_Destroy?  Sounds bad.  Would it also be bad if we processed the ConvertPoint after the last SetWindow there, which presumably does SetWindow(null-thing)?

Some relatively simple solutions for FF4 come to mind
 - defer the NPP_Destroy to a later event-loop iteration.
 - create a special message for SetWindow(null-thing), say DestroyWindow(), that *does not* win races with the plugin process.  We would need to be sure that this DestroyWindow() message isn't sent during painting, obviously.

Should be possible to write a deterministic test for this bug.

Comment 29

7 years ago
According to normal IPDL rules, shouldn't we be processing ConvertPoint after SetWindow? Why are we replying to Destroy while CP is on the stack still?

I think that processing CP after the last SetWindow is something we have to make work (and probably works right now, although gives a bogus/failing answer).
(In reply to comment #29)
> According to normal IPDL rules, shouldn't we be processing ConvertPoint after
> SetWindow? Why are we replying to Destroy while CP is on the stack still?
> 

No.  Messages deferred by races when the RPC stack has depth 0 are processed in another event-loop iteration, because that was, ah, the least bad of alternatives.

> I think that processing CP after the last SetWindow is something we have to
> make work (and probably works right now, although gives a bogus/failing
> answer).

Yes, definitely. I'm more concerned about CP after NPP_Destroy though, I think we need to fix that.

Comment 31

7 years ago
cjones says that fixing the race resolution is probably not easy or safe at this point in the cycle. I'm looking at changing the race resolution of NPP_SetWindow for mac.

Comment 32

7 years ago
Created attachment 501982 [details] [diff] [review]
Change the race resolution of NPP_SetWindow with a null window, rev. 1
Attachment #501982 - Flags: review?(joshmoz)
Attachment #501982 - Flags: review?(jones.chris.g)
Comment on attachment 501982 [details] [diff] [review]
Change the race resolution of NPP_SetWindow with a null window, rev. 1

This will fix the bad race condition here.  r+ conditional on assurance that we only use SetWindow(null) for geometry updates and "about to NPP_Destroy", from safe contexts.  (bsmedberg posted a stack that indicates the former is OK.)
Attachment #501982 - Flags: review?(jones.chris.g) → review+

Comment 34

7 years ago
This is not sufficient. Here is a new case of the same basic bug:

IPC log:

[time:1294420051100144][PPluginInstanceParent] Sending Msg_NPP_HandleEvent_IOSurface([TODO])
MediateRace(parent=0x2161ede0/PPluginInstance::Msg_NPP_HandleEvent_IOSurface, child=0xbfffb84c/???)
  (parent won, so we're deferring)
MediateRace(parent=0xbfffcc2c/???, child=0x6001820/PPluginInstance::Msg_NPN_ConvertPoint)
  (parent won, so we're not deferring)
[time:1294420051100960][PPluginInstanceChild] Received Msg_NPP_HandleEvent_IOSurface([TODO])
[time:1294420051112382][PPluginInstanceChild] Sending reply Reply_NPP_HandleEvent_IOSurface([TODO])
[time:1294420051112800][PPluginInstanceParent] Received reply Reply_NPP_HandleEvent_IOSurface([TODO])
[time:1294420051160940][PPluginInstanceParent] Sending Msg_NPP_SetWindow_NULL([TODO])
[time:1294420051161124][PPluginInstanceChild] Received Msg_NPP_SetWindow_NULL([TODO])
[time:1294420051161338][PPluginInstanceChild] Sending reply Reply_NPP_SetWindow_NULL([TODO])
[time:1294420051161475][PPluginInstanceParent] Received reply Reply_NPP_SetWindow_NULL([TODO])
[time:1294420051161514][PBrowserStreamParent] Sending Msg_NPP_DestroyStream([TODO])
[time:1294420051161543][PStreamNotifyParent] Sending Msg___delete__([TODO])
[time:1294420051161580][PBrowserStreamParent] Sending Msg_NPP_DestroyStream([TODO])
[time:1294420051161629][PStreamNotifyParent] Sending Msg___delete__([TODO])
[time:1294420051161661][PPluginInstanceParent] Sending Msg_NPP_Destroy([TODO])
[time:1294420051161820][PBrowserStreamChild] Received Msg_NPP_DestroyStream([TODO])
[time:1294420051161958][PStreamNotifyChild] Received Msg___delete__([TODO])
[time:1294420051162047][PBrowserStreamChild] Received Msg_NPP_DestroyStream([TODO])
[time:1294420051162099][PStreamNotifyChild] Received Msg___delete__([TODO])
[time:1294420051162127][PPluginInstanceChild] Received Msg_NPP_Destroy([TODO])
[time:1294420051313556][PPluginScriptableObjectChild] Sending Msg_Unprotect([TODO])
[time:1294420051313639][PPluginInstanceChild] Sending reply Reply_NPP_Destroy([TODO])
[time:1294420051315684][PPluginScriptableObjectParent] Received Msg_Unprotect([TODO])
[time:1294420051315703][PPluginScriptableObjectParent] Sending Msg___delete__([TODO])
[time:1294420051315863][PPluginInstanceParent] Received reply Reply_NPP_Destroy([TODO])
[time:1294420051315878][PPluginInstanceParent] Sending Msg___delete__([TODO])
[time:1294420051315983][PPluginScriptableObjectChild] Received Msg___delete__([TODO])
[time:1294420051316069][PPluginInstanceChild] Received Msg___delete__([TODO])
[time:1294420051319683][PPluginInstanceChild] Sending reply Reply___delete__([TODO])
  (processing deferred in-call)

Parent stack:
Breakpoint 1, mozilla::ipc::AsyncChannel::MaybeHandleError (this=0x5daba08, code=mozilla::ipc::HasResultCodes::MsgRouteError, channelName=0x1fa596a "RPCChannel") at ../../../src/ipc/glue/AsyncChannel.cpp:378
378	    switch (code) {
(gdb) bt
#0  mozilla::ipc::AsyncChannel::MaybeHandleError (this=0x5daba08, code=mozilla::ipc::HasResultCodes::MsgRouteError, channelName=0x1fa596a "RPCChannel") at ../../../src/ipc/glue/AsyncChannel.cpp:378
#1  0x0154cbf3 in mozilla::ipc::RPCChannel::DispatchIncall (this=0x5daba08, call=@0xbfffdbcc) at ../../../src/ipc/glue/RPCChannel.cpp:520
#2  0x0154cf7a in mozilla::ipc::RPCChannel::Incall (this=0x5daba08, call=@0xbfffdbcc, stackDepth=0) at ../../../src/ipc/glue/RPCChannel.cpp:503
#3  0x0154d4f9 in mozilla::ipc::RPCChannel::MaybeProcessDeferredIncall (this=0x5daba08) at ../../../src/ipc/glue/RPCChannel.cpp:350
#4  0x0154d5ed in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x5daba08) at ../../../src/ipc/glue/RPCChannel.cpp:415
#5  0x01550485 in DispatchToMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)()> (obj=0x5daba08, method={__pfn = 0x154d52e <mozilla::ipc::RPCChannel::OnMaybeDequeueOne()>, __delta = 0}, arg=@0x2161e94c) at tuple.h:383
#6  0x015504c1 in RunnableMethod<mozilla::ipc::RPCChannel, bool (mozilla::ipc::RPCChannel::*)(), Tuple0>::Run (this=0x2161e930) at task.h:307
#7  0x0154ed5a in mozilla::ipc::RPCChannel::RefCountedTask::Run (this=0x2161eb60) at RPCChannel.h:450
#8  0x0155053a in mozilla::ipc::RPCChannel::DequeueTask::Run (this=0x1de55860) at RPCChannel.h:475
#9  0x017f59ab in MessageLoop::RunTask (this=0x4f13e10, task=0x1de55860) at ../../../src/ipc/chromium/src/base/message_loop.cc:343
#10 0x017f60e1 in MessageLoop::DeferOrRunPendingTask (this=0x4f13e10, pending_task=@0xbfffddbc) at ../../../src/ipc/chromium/src/base/message_loop.cc:351
#11 0x017f666b in MessageLoop::DoWork (this=0x4f13e10) at ../../../src/ipc/chromium/src/base/message_loop.cc:451
#12 0x0154af82 in mozilla::ipc::DoWorkRunnable::Run (this=0x4f130a0) at ../../../src/ipc/glue/MessagePump.cpp:70
#13 0x0178ab91 in nsThread::ProcessNextEvent (this=0x4f14750, mayWait=0, result=0xbfffdee4) at ../../../src/xpcom/threads/nsThread.cpp:633
#14 0x017103ff in NS_ProcessPendingEvents_P (thread=0x4f14750, timeout=20) at nsThreadUtils.cpp:200
#15 0x0148392d in nsBaseAppShell::NativeEventCallback (this=0x4f39ba0) at ../../../../src/widget/src/xpwidgets/nsBaseAppShell.cpp:132
#16 0x01432ed9 in nsAppShell::ProcessGeckoEvents (aInfo=0x4f39ba0) at ../../../../src/widget/src/cocoa/nsAppShell.mm:399
#17 0x9565d0fb in __CFRunLoopDoSources0 ()
#18 0x9565abbf in __CFRunLoopRun ()

child stack (bogus once you hit Flash):
#0  0x91f99066 in __semwait_signal ()
#1  0x91f98d22 in _pthread_cond_wait ()
#2  0x91f9a9b8 in pthread_cond_wait$UNIX2003 ()
#3  0x049f58f5 in PR_WaitCondVar (cvar=0x6001390, timeout=4294967295) at ../../../../../src/nsprpub/pr/src/pthreads/ptsynch.c:417
#4  0x01715b0e in mozilla::CondVar::Wait (this=0x5009a3c, interval=4294967295) at BlockingResourceBase.cpp:373
#5  0x01559b7c in mozilla::ipc::SyncChannel::WaitForNotify (this=0x5009a20) at ../../../src/ipc/glue/SyncChannel.cpp:298
#6  0x01551bfa in mozilla::ipc::RPCChannel::Call (this=0x5009a20, msg=0x6098610, reply=0xbfffcd10) at ../../../src/ipc/glue/RPCChannel.cpp:201
#7  0x0165724d in mozilla::plugins::PPluginInstanceChild::CallNPN_ConvertPoint (this=0x4fac6f0, sourceX=@0xbfffcda8, ignoreDestX=@0xbfffcdcf, sourceY=@0xbfffcda0, ignoreDestY=@0xbfffcdce, sourceSpace=@0xbfffcdf4, destSpace=@0xbfffce00, destX=0xbfffcdc0, destY=0xbfffcdb8, result=0xbfffcdcd) at PPluginInstanceChild.cpp:1055
#8  0x0152bdcb in mozilla::plugins::child::_convertpoint (instance=0x4fac71c, sourceX=320, sourceY=180, sourceSpace=NPCoordinateSpacePlugin, destX=0x22f97980, destY=0x22f97988, destSpace=NPCoordinateSpaceFlippedScreen) at ../../../src/dom/plugins/PluginModuleChild.cpp:1640
#9  0x18680c91 in unregister_ShockwaveFlash ()
#10 0x1868d3fd in main ()

Here we're really painting another plugin instance, the paint must win the race. As a side effect of this, the convertpoint call is deferred incorrectly. cjones, I don't think we have any choice but to fix the RPC race issue such that convertpoint is delivered before subsequent incoming calls. It could be any RPC message, not just convertpoint, although CP is the most common message to be receiving while a video is playing.

Updated

7 years ago
Attachment #501982 - Flags: review?(joshmoz) → review-
I'd prefer to try the second workaround, defer NPP_Destroy.
One other thing that comes to mind ... why do we forward ConvertPoint?  Can't we do a ConvertPoint(0, 0) when the relevant browser state changes and forward that mapping to the plugin?  That'd be a perf win and incidentally work around this bug.  (May be a fundamental reason we can't do that, I dunno.)
(s/work around/mitigate/ in comment 36.  Would probably still want another patch.)

Comment 38

7 years ago
That will only take care of the particular case of this happening during instance destruction. I believe this is likely to also happen when paints race with regular NPRuntime calls, or streams, etc... I don't think that anything except the general case will solve the problem effectively.
Wait wait wait.  I'm starting to get lost.  Are you replying to comment 35 or comment 36/comment 37?

Comment 40

7 years ago
Comment 35. It may be worthwhile to pre-forward the convertpoint calls (although it won't be easy), but that won't deal with cases where we nest some RPC call (convertpoint, stream, or NPRuntime) the wrong way with a parent call.
(In reply to comment #38)
> I believe this is likely to also happen when paints race
> with regular NPRuntime calls, or streams, etc...

Is there a reason why this issue is Mac specific? Are other platforms potentially affected and if not how do they work around the issue?

Comment 42

7 years ago
I don't think this is mac-specific. It just happens much more often on mac because of the apparent frequency of calls to ConvertPoint.

Do we know why Flash is calling ConvertPoint thousands of times?
(In reply to comment #42)
> I don't think this is mac-specific. It just happens much more often on mac
> because of the apparent frequency of calls to ConvertPoint.
> 
> Do we know why Flash is calling ConvertPoint thousands of times?

I'm not sure, perhaps Josh would know?

(In reply to comment #36)
> One other thing that comes to mind ... why do we forward ConvertPoint?  Can't
> we do a ConvertPoint(0, 0) when the relevant browser state changes and forward
> that mapping to the plugin?  That'd be a perf win and incidentally work around
> this bug.  (May be a fundamental reason we can't do that, I dunno.)

Judging from the documentation we could forward the origin, size and rotation so I think it is possible (Assuming the coordinate system is always linear):
http://developer.apple.com/library/mac/#documentation/Cocoa/Reference/ApplicationKit/Classes/NSView_Class/Reference/NSView.html

Since we don't want to use this as a fix to the bug, would be perf win justify the optimization? I'm not sure how expensive sending a few redundant RPCs call a second. Perhaps we could spin off this discussion in a different bug since it's not related to the fix.
> (In reply to comment #36)
> Since we don't want to use this as a fix to the bug, would be perf win justify
> the optimization? I'm not sure how expensive sending a few redundant RPCs call
> a second. Perhaps we could spin off this discussion in a different bug since
> it's not related to the fix.

Depends on how few "a few" is.  The overhead of RPCs compared to what I imagine Apple's impl of ConvertPoint's is is huge, everyone wins by not forwarding it.  In general RPCs are relatively cheap (not free though) but they block the plugin on FF's event queue and that can make perf look bad for both plugin/FF.

Separate bug sounds good.
(In reply to comment #40)
> Comment 35. It may be worthwhile to pre-forward the convertpoint calls
> (although it won't be easy), but that won't deal with cases where we nest some
> RPC call (convertpoint, stream, or NPRuntime) the wrong way with a parent call.

Let's ignore forwarding CP for now, it's orthogonal except as a mitigating factor.

What we know so far is that NPP_Destroy re-entering CP causes a crash, which isn't all that surprising.  Having NPP_Destroy re-enter plugin calls probably isn't prudent.  (Surprising we've been getting away with it on windows/linux for this long.)  We can fix that re-entry without changing race-resolution semantics, which has unknown risk.  I propose that we fix the NPP_Destroy re-entry and see where we are after that.
Ugh, mid-aired Benoit and didn't notice, then mid-aired myself.  Comment 45 and comment 44 should be read in reverse order.

Updated

7 years ago
Duplicate of this bug: 617469

Comment 48

7 years ago
We cannot naively delay NPP_Destroy with a runnable, because it's the synchronization point for so much other activity: __delete__ is sent immediately after NPP_Destroy, and then all sorts of actors (streams and npruntime stuff) become invalid. Do you have a proposal for delaying NPP_Destroy more sanely? I really think that fixing the RPC race would be simpler than delaying NPP_Destroy across an event iteration.
(In reply to comment #48)
> We cannot naively delay NPP_Destroy with a runnable, because it's the
> synchronization point for so much other activity: __delete__ is sent
> immediately after NPP_Destroy, and then all sorts of actors (streams and
> npruntime stuff) become invalid.

How would delaying NPP_Destroy with a runnable make cleaning these up any harder?

> I really think that fixing the RPC race would be
> simpler than delaying NPP_Destroy across an event iteration.

The only problem we *know* about is messages re-entering NPP_Destroy.  Delaying it with a runnable prevents re-entry.  Changing the deferred-message delivery semantics is way riskier IMHO, and doesn't seem warranted based on evidence since we haven't seemed to have seen these problems on windows/linux even though they should be susceptible.

Comment 50

7 years ago
Flash will undoubtedly make calls against the plugin instance while the parent thinks it is already destroyed, and even __delete__d. There are potentially many input events queued up in between the current callsite of AnswerNPP_Destroy and where the runnable would actually execute.
Flash can make any number of NPAPI calls in between the last call FF makes and FF sending NPP_Destroy, even if they're in the same task wrt event loop.  Input events shouldn't be a problem on FF side because we're ready to NPP_Destroy the instance anyway and presumably wouldn't detect that it's a target for input any longer.

Comment 52

7 years ago
I must not be clear:

Browser:                       Plugin:
NPP_Handle(paint) wins race    NPN_ConvertPoint (deferred)

NPP_Destroy()                  NPN_Destroy received inside NPN_ConvertPoint stack (bug), sends runnable
__delete__()                   instance is destroyed (runnable pointing to instance still valid?)

Receives NPN_ConvertPoint on deleted actor. Bad!
But even if it weren't a deleted actor, Firefox couldn't handle this call.
                               Queued method (say NPN_AsyncCall, or something on an internal message window) calls NPN_GetUserAgent
                               instance is already dead, crash.

Updated

7 years ago
Whiteboard: [hardblocker]

Updated

7 years ago
Summary: [OOPP][flashblock?] Plugin-container crashes easily with new YouTube player [@ FlashPlayer-10.6@0x64ca42 ] [@ FlashPlayer-10.6@0x626082 ] [@ FlashPlayer-10.6@0x621592 ] [@ FlashPlayer-10.6@0x622292 ] → Fla [OOPP] Plugin-container crashes easily with new YouTube player [@ FlashPlayer-10.6@0x4cf5e9 ] [@ FlashPlayer-10.6@0x64ca42 ] [@ FlashPlayer-10.6@0x4b6df9 ] [@ FlashPlayer-10.6@0x626082 ] [@ FlashPlayer-10.6@0x4b4b39 ] [@ FlashPlayer-10.6@0x621592 ] [@

Updated

7 years ago
Duplicate of this bug: 590955
(In reply to comment #52)
> I must not be clear:

No misunderstanding; that's the "naive" impl I thought comment 48 referred to.

But, although avoiding that problem is simple, the "less naive" impl I had in mind (two-hop delayed NPP_Destroy runnable) doesn't work in general, because it's possible to build an arbitrarily large deferred-message queue by pushing the right buttons.

So, looks like we're out of reasonable workarounds.  The change to race-resolution semantics is OK by me, but I really really really would like to field-check it in another beta.  Re-requesting blocking triage because I think this should block "betaN".
Assignee: benjamin → jones.chris.g
blocking2.0: final+ → ?

Updated

7 years ago
blocking2.0: ? → betaN+
Created attachment 502631 [details] [diff] [review]
"Undefer" the in-call that lost a race at stack-depth 1, if there is one, when RPCChannel code leaves the C++ stack, so that the in-call can be processed if there is an immediately following out-call
Attachment #501982 - Attachment is obsolete: true
Attachment #502631 - Flags: review?(benjamin)
Created attachment 502632 [details] [diff] [review]
Test

Comment 57

7 years ago
Comment on attachment 502631 [details] [diff] [review]
"Undefer" the in-call that lost a race at stack-depth 1, if there is one, when RPCChannel code leaves the C++ stack, so that the in-call can be processed if there is an immediately following out-call

How simple! ;-)
Attachment #502631 - Flags: review?(benjamin) → review+
Does anyone who could repro the flash crash mind checking that the patch indeed fixes it?

Comment 59

7 years ago
I'm able to reproduce this bug easily. So if anyone is able to produce a build with this patch I'll test it.

Updated

7 years ago
Duplicate of this bug: 624614
(Reporter)

Comment 61

7 years ago
I can test it too if someone can kindly provide a test build.
Sure: a mac x64 will show up at http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/cjones@mozilla.com-16f9612866e8 .
Filed bug 624824 on ConvertPoint.

Comment 64

7 years ago
I could not reproduce any crash on a local build with the patch.
Build is up at http://ftp.mozilla.org/pub/mozilla.org/firefox/tryserver-builds/cjones@mozilla.com-16f9612866e8/try-osx64/.

Comment 66

7 years ago
It's definitely better than since the regression from 10/29 per bug 623108. I'm still able to crash, but it's *much* harder to trigger. And it crashes at a different address anyway, so I would be happy to verify this fixed.

http://crash-stats.mozilla.com/report/index/6935efc9-b084-4da5-97c5-406672110111
http://crash-stats.mozilla.com/report/index/f1fc98ea-8b69-4698-b32e-59f302110111

crash-stats reports that the crash address @0x0 | FlashPlayer-10.6@0x466cca isn't new, so the fix here isn't regressing.
(Reporter)

Comment 67

7 years ago
No crashing here. Looks good! :D
http://hg.mozilla.org/mozilla-central/rev/68cec48a94a4
http://hg.mozilla.org/mozilla-central/rev/bdd489ff6f4a

The bug here appears fixed, but comment 66 probably points at other bugs this one has been partially hiding.
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED

Comment 69

7 years ago
I'm not sure what's the process of nominating/triaging bugs fixed in b10pre for landing on b9. But this bug has been really bad in the last 2 betas (bug 	604734 was b7+).

Does the fix seem safe enough? How many days of crash-stats need to be collected to see if there's regressions/enough improvements?
Target Milestone: --- → mozilla2.0b10

Comment 70

7 years ago
(In reply to comment #69)
> I'm not sure what's the process of nominating/triaging bugs fixed in b10pre for
> landing on b9. But this bug has been really bad in the last 2 betas (bug    
> 604734 was b7+).

not much of a formal process, other than to e-mail clegnetto.  christian, we should look at picking this up if there is a need to respin b9.

the rational is strong though...  "flash is too crashy for me to use the beta" is a common theme in some of the feedback.  that problem has several contributors so where ever we can know part of the problem down it will help.

> 
> Does the fix seem safe enough? 

cjones?

> How many days of crash-stats need to be
> collected to see if there's regressions/enough improvements?

probably about 3 days or so to get certain confirmation, since we will need to get a good user population ramped up on b10pre.
(In reply to comment #70)
> > 
> > Does the fix seem safe enough? 
> 
> cjones?

I wouldn't call this patch "safe", but I do know that

 - it's unlikely to affect windows in normal browsing with plugins, except possibly to reduce crashes there from this same bug that are apparently part of the long tail on windows.  It *does* have the potential to increase crashes on windows in edge cases with modal dialogs and things of that nature.  (Which  is why this bug was moved to blocking:betaN.)

 - it's unlikely to affect linux except possibly to reduce crashes there from this same bug that are apparently part of the long tail on linux

My vote would be to take this in a respin.  The unknown, likely slim increased risk on windows is outweighed IMHO by having a more usable flash on mac, and getting reports from other crashes there that have likely been masked by this bug.

Comment 72

7 years ago
looks like the total number of crashes per day on the combined set of signatures in the title is running at around 161-307 per day, and that wouldn't reflect the opinion of I've heard where mac users just say they have to turn off flash to use firefox 4.

here are crash counts from a few recent days on the combined set of signatures.  we can watch these numbers for confirmation.

20110107-crashdata.csv      235
 135 4.0b8
  76 4.0b9pre
  17 4.0b6
   4 4.0b7
   3 4.0b4

20110108-crashdata.csv      268
 154 4.0b8
  65 4.0b9pre
  32 4.0b7
  15 4.0b6
   1 4.0b5
   1 3.0b1

20110109-crashdata.csv      307
 232 4.0b8
  47 4.0b9pre
  13 4.0b6
  12 4.0b7
   2 4.0b5
   1 3.0b2

20110110-crashdata.csv      161
 109 4.0b8
  42 4.0b9pre
   5 4.0b7
   5 4.0b6

20110111-crashdata.csv      203
 129 4.0b8
  36 4.0b9pre
  23 4.0b10pre
   9 4.0b6
   4 4.0b9
   1 4.0b7
   1 4.0b4
I always have had this crash the last couple of weeks. Now with Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b10pre) Gecko/20110112 Firefox/4.0b10pre ID:20110112033217 and Flash 10.1.102.64 no crash occurs anymore. I will continue to test all the different sites beside YouTube.

Comment 74

7 years ago
With today's build I haven't been able to crash the Flash plugin. I'm pretty sure there will be a significant drop in crash reports starting today. 

I can see why some OS X users think you need to disable to make Firefox 4 usable, as this bug is quite annoying, but it's possible to work around it (for the most part) by pausing any video that is currently playing before navigating away from the page.
Using Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b10pre) Gecko/20110112 Firefox/4.0b10pre and the RC version of Flash I can reproduce this crash on youtube.com by popping out a HD video.

http://crash-stats.mozilla.com/report/index/bp-8dc619bd-7c1b-4281-8569-afe3c2110112 

http://crash-stats.mozilla.com/report/index/fead41af-2684-4e55-97d8-c07cc2110112 (Driver crash)

Should I open a new bug to track this?

Comment 76

7 years ago
Yes, that is different.

Comment 77

7 years ago
(In reply to comment #72)
> looks like the total number of crashes per day on the combined set of
> signatures in the title is running at around 161-307 per day, and that wouldn't
> reflect the opinion of I've heard where mac users just say they have to turn
> off flash to use firefox 4.
Only trunk users (since ~dec 20) and people that switched Firefox to run in 32-bit more are able to send crash reports. The crash stats are highly under-reported as beta users get the "no report to submit" message. I suppose one benefit of not shipping this fix for beta 9 will show how bad this really has been on crash-stats.

Updated

7 years ago
Duplicate of this bug: 593467

Comment 79

7 years ago
I'm running 4.0b9 en-US that I just downloaded on Mac OS X 10.6.6. I produced this crash (according to crash-stats) with a completely fresh profile that I created ~1 minute before crashing OOP Flash. 

Crash report: http://crash-stats.mozilla.com/report/index/bp-433f23d5-add3-406c-915c-51b402110114

1. Go to YouTube, open between 5 and 10 YouTube clips, each in a new tab (e.g. Cmd+click) and let them play all at once.

2. Close one tab at a time while the clip is playing. This is enough to crash OOP Flash for me. It shouldn't take more than a few tab closes to make it crash.

This happens mainly on YouTube when I close a tab with a video clip still playing. I've had this issue since 4.0b7. My completely unscientific estimation is that 1/4 YouTube clips crash this way. 

Please let me know if I can give you any more information about this.
The fix for this bug didn't make it into beta9. If you want to you can try the latest nightly build to see if the problem is fixed for you. Alternatively you can wait for the next beta.

Comment 81

7 years ago
There's a new version of flash 10.2 rc that came out a few days ago, so adding its crash addresses:

[@ FlashPlayer-10.6@0x4d6879 ] [@ FlashPlayer-10.6@0x654702 ] 10.2.152.14 jan 11
[@ FlashPlayer-10.6@0x4cf5e9 ] [@ FlashPlayer-10.6@0x64ca42 ] 10.2.151.49 nov 30
[@ FlashPlayer-10.6@0x4b6df9 ] [@ FlashPlayer-10.6@0x626082 ] 10.1.102.64 nov 4
[@ FlashPlayer-10.6@0x4b4b39 ] [@ FlashPlayer-10.6@0x621592 ] 10.1.85.3 sep 20
[@ FlashPlayer-10.6@0x4b4b19 ] [@ FlashPlayer-10.6@0x621592 ] 10.1.82.76 aug 10
[@ FlashPlayer-10.6@0x4b59e9 ] [@ FlashPlayer-10.6@0x622292 ] 10.1.53.64 jun 10

Checking the crash stats of the most common flash version right now (10.1.102), the last (and only) build id for 4.0b10pre is 20110111030357. Marking VERIFIED.
Status: RESOLVED → VERIFIED
Summary: Fla [OOPP] Plugin-container crashes easily with new YouTube player [@ FlashPlayer-10.6@0x4cf5e9 ] [@ FlashPlayer-10.6@0x64ca42 ] [@ FlashPlayer-10.6@0x4b6df9 ] [@ FlashPlayer-10.6@0x626082 ] [@ FlashPlayer-10.6@0x4b4b39 ] [@ FlashPlayer-10.6@0x621592 ] [@ → 10.6@0x4b4b19][@FlashPlayer-10.6@0x621592][@FlashPlayer-10.6@0x4b59e9][@FlashPlayer-10.6@0x622292] [@FlashPlayer-10.6@0x4d6879][@FlashPlayer-10.6@0x654702][@FlashPlayer-10.6@0x4cf5e9][@FlashPlayer-10.6@0x64ca42][@FlashPlayer-10.6@0x4b6df9][@FlashPl&hellip;

Updated

7 years ago
Summary: 10.6@0x4b4b19][@F [@FlashPlayer-10.6@0x4d6879][@FlashPlayer-10.6@0x654702][@FlashPlayer-10.6@0x4cf5e9][@FlashPlayer-10.6@0x64ca42][@FlashPlayer-10.6@0x4b6df9][@FlashPlayer-10.6@0x626082][@FlashPlayer-10.6@0x4b4b39][@FlashPlayer-10.6@0x621592][@FlashPlayer- → crashes[@FlashPlayer-10.6@0x4d6879][@FlashPlayer-10.6@0x654702][@FlashPlayer-10.6@0x4cf5e9][@FlashPlayer-10.6@0x64ca42][@FlashPlayer-10.6@0x4b6df9][@FlashPlayer-10.6@0x626082][@FlashPlayer-10.6@0x4b4b39][@FlashPlayer-10.6@0x621592] [OOPP] Plugin-container

Comment 82

7 years ago
I think someone should get an award! :) (Assuming I'm reading this "Top Crashers for Firefox 4.0b9; Last 3 Days; By Signature" page correctly.)

http://crash-stats.mozilla.com/topcrasher/byversion/Firefox/4.0b9/3/all

This one fix will remove ~16% of _all_ Firefox 4 Beta 9 crashes (across platforms and crash type) when it reaches users in Beta 10.

Or just looking at the mac crashes on that page, 5950 of 6867 crashes removed. 87% fewer crashes. Or perhaps better reported as "7.5 times more stable"? 6867/(6867-5950) ? [I always forget which way to calculate it.]

Comment 83

7 years ago
"7.5 times more stable" is the way to go. A nice quoteable soundbite for the tech media when the marketing team pushes out PR to the news wires.
Just double checking as we go through the b10 testing cycle. I was able to reproduce the problem as reported in earlier betas, by loading the youtube video and clicking on reload a few times. On the build candidates for beta 10 I can't reproduce the problem.

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b10) Gecko/20100101 Firefox/4.0b10

Comment 85

7 years ago
Using the steps from comment 79 (a.k.a. surfing YouTube) I'm still seeing this or something like it in 4.0b10 and a trunk build (definitely has this patch) from today. Right before plugin-container crashes I see:

###!!! ASSERTION: Must have a native view to convert coordinates.: 'inView',
file /Users/jag/moz-hg/mozilla/mozilla/layout/generic/nsPluginUtilsOSX.mm, line
160

a few times.

With GDB hooked up to plugin-container:

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000076
0x00000076 in ?? ()
(gdb) bt
#0  0x00000076 in ?? ()
Cannot access memory at address 0x76
#1  0x17beaccb in unregister_ShockwaveFlash ()
#2  0x17a0e4b9 in dyld_stub_sprintf ()
#3  0x17bec60f in unregister_ShockwaveFlash ()
#4  0x17bd4960 in unregister_ShockwaveFlash ()
#5  0x17bdafa5 in unregister_ShockwaveFlash ()
#6  0x17dcf6b7 in main ()
#7  0x17dc8502 in main ()
#8  0x17dcc1e1 in main ()
#9  0x17dcdac7 in main ()
#10 0x17af7437 in dyld_stub_sprintf ()
#11 0x17c56fa1 in main ()
#12 0x17c61235 in main ()
#13 0x17c5f13d in main ()
#14 0x17bcc06b in FlashPlayer_10_2_151_49_FlashPlayer ()
#15 0x01534f8e in mozilla::plugins::PluginModuleChild::NPP_Destroy
(this=0x581f218, instance=0x5078630) at PluginModuleChild.h:359
#16 0x01534809 in mozilla::plugins::PluginInstanceChild::AnswerNPP_Destroy
(this=0x5078630, aResult=0xbfffc9c0) at
/Users/jag/moz-hg/mozilla/mozilla/dom/plugins/PluginInstanceChild.cpp:3152
#17 0x0166e5a0 in mozilla::plugins::PPluginInstanceChild::OnCallReceived
(this=0x5078630, __msg=@0xbfffcbfc, __reply=@0xbfffcb5c) at
PPluginInstanceChild.cpp:1750
#18 0x01660cb3 in mozilla::plugins::PPluginModuleChild::OnCallReceived
(this=0x581f218, __msg=@0xbfffcbfc, __reply=@0xbfffcb5c) at
PPluginModuleChild.cpp:574
#19 0x0156113d in mozilla::ipc::RPCChannel::DispatchIncall (this=0x581f220,
call=@0xbfffcbfc) at
/Users/jag/moz-hg/mozilla/mozilla/ipc/glue/RPCChannel.cpp:512
#20 0x0156151e in mozilla::ipc::RPCChannel::Incall (this=0x581f220,
call=@0xbfffcbfc, stackDepth=0) at
/Users/jag/moz-hg/mozilla/mozilla/ipc/glue/RPCChannel.cpp:498
#21 0x01561ae7 in mozilla::ipc::RPCChannel::OnMaybeDequeueOne (this=0x581f220)
at /Users/jag/moz-hg/mozilla/mozilla/ipc/glue/RPCChannel.cpp:429
#22 0x01564be9 in DispatchToMethod<mozilla::ipc::RPCChannel, bool
(mozilla::ipc::RPCChannel::*)()> (obj=0x581f220, method={__pfn = 0x15618ec
<mozilla::ipc::RPCChannel::OnMaybeDequeueOne()>, __delta = 0}, arg=@0x500e5ec)
at tuple.h:383
#23 0x01564c25 in RunnableMethod<mozilla::ipc::RPCChannel, bool
(mozilla::ipc::RPCChannel::*)(), Tuple0>::Run (this=0x500e5d0) at task.h:307
...

Reopen this one? New bug?

Comment 86

7 years ago
That does not appear to be this bug.

Comment 87

7 years ago
Ah. I'll file a new one then.

Comment 88

7 years ago
I still get the crash in the current build:

https://crash-stats.mozilla.com/report/index/4dd16453-d2d7-411c-b5fe-e5a3a2110131

Comment 89

7 years ago
As of the April 17th build, I'm still getting this crash.  See bp-316b6544-4a12-48bd-8612-d51a12110418 for an example.
(In reply to comment #89)
> As of the April 17th build, I'm still getting this crash.  See
> bp-316b6544-4a12-48bd-8612-d51a12110418 for an example.

Which looks like bug 629909 and has been fixed in Flash 10.2.152.33. Make sure you have at least this version installed. No need to comment more on this bug.
Crash Signature: [@FlashPlayer-10.6@0x4d6879] [@FlashPlayer-10.6@0x654702] [@FlashPlayer-10.6@0x4cf5e9] [@FlashPlayer-10.6@0x64ca42] [@FlashPlayer-10.6@0x4b6df9] [@FlashPlayer-10.6@0x626082] [@FlashPlayer-10.6@0x4b4b39] [@FlashPlayer-10.6@0x621592]
You need to log in before you can comment on or make changes to this bug.