Closed Bug 626975 Opened 9 years ago Closed 8 years ago

[OOPP] Google Earth Plugin causes freezes/crashes when activated/switched

Categories

(Core :: Plug-ins, defect)

x86
Windows 7
defect
Not set

Tracking

()

RESOLVED FIXED
mozilla8

People

(Reporter: lh.bennett, Assigned: jimm)

References

()

Details

(Whiteboard: [Input])

Attachments

(4 files)

User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b10pre) Gecko/20110118 Firefox/4.0b10pre
Build Identifier: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b10pre) Gecko/20110118 Firefox/4.0b10pre ID:20110118182519

http://forums.mozillazine.org/viewtopic.php?f=23&t=2078105

The Google Earth Plugin causes issues when activated and or switched in and out with OOPP enabled.

GE Plugin 1.0.0.1

Reproducible: Always

Steps to Reproduce:
1. Navigate to Google Maps
2. Activate Earth
3. Switch to another view
4. Switch back to earth
Actual Results:  
Freezes Minefield.


Some have reported freezes and crashes from just activating the plugin.

Disabling IPC Plugins fixes the issue.
I can reproduce with this STR, too:

1. Navigate to Google Maps
2. Activate Earth
3. drag the view a bit
4. Freezes Minefield
Attached file WinDbg log
Is this a new regression? When was the problem introduced?
I saw it first in 0115 build.
(In reply to comment #3)
> Is this a new regression? When was the problem introduced?
I think this problems exist since the value(dom.ipc.plugins.enabled) of the default was changed,
Bug 531142 - Tracking: turn on OOPP by default
I see the freeze (STR on comment#1)on
http://hg.mozilla.org/mozilla-central/rev/6712bed154ed
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a1pre) Gecko/20100128 Minefield/3.7a1pre ID:20100128051129
and
http://hg.mozilla.org/mozilla-central/rev/ca2c35a64ad1
Mozilla/5.0 (Windows; Windows NT 6.1; WOW64; rv:2.0b3pre) Gecko/20100727 Minefield/4.0b3pre ID:20100728115017
and
http://hg.mozilla.org/mozilla-central/rev/e807269acaa3
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b10pre) Gecko/20110119 Firefox/4.0b10pre ID:20110119030331
Is the symptom that Firefox crashes, or only the plugin?

Firefox:
  	user32.dll!_MsgWaitForMultipleObjects@20() 	
 	xul.dll!mozilla::ipc::RPCChannel::WaitForNotify()  Line 894	C++
 	xul.dll!mozilla::ipc::RPCChannel::Call(msg=0x0a018158, reply=0x0032be80)  Line 201	C++
 	xul.dll!mozilla::plugins::PPluginScriptableObjectParent::CallHasProperty(aId=0x0a264180, aHasProperty=0x0032bec7)  Line 289	C++
 	xul.dll!mozilla::plugins::PluginScriptableObjectParent::ScriptableHasProperty(aObject=0x09c8c7c0, aName=0x04977ce0)  Line 312	C++
 	xul.dll!NPObjWrapper_NewResolve(cx=0x06514fe0, obj=0x0ca8d230, id=0x04977ce0, flags=0x00000001, objp=0x0032bf14)  Line 1649	C++
 	mozjs.dll!CallResolveOp(cx=0x06514fe0, start=0x0d233930, obj=0x0ca8d230, id=0x04977ce0, flags=0x0000ffff, objp=0x0032bf68, propp=0x0032bf6c, recursedp=0x0032bf67)  Line 4789	C++
 	mozjs.dll!js_GetPropertyHelper(cx=0x00000000, obj=0x0d233930, id=0x00000000, getHow=0x00000001, vp=0x0032bfd0)  Line 5347	C++

p-c:
 	xul.dll!mozilla::ipc::RPCChannel::WaitForNotify()  Line 894	C++
 	xul.dll!mozilla::ipc::RPCChannel::Call(msg=0x00702430, reply=0x0023f060)  Line 201	C++
 	xul.dll!mozilla::plugins::PPluginInstanceChild::CallPluginFocusChange(gotFocus=false)  Line 1214	C++
 	xul.dll!mozilla::plugins::PluginInstanceChild::PluginWindowProc(hWnd=0x00880108, message=0x00000008, wParam=0x00000000, lParam=0x00000000)  Line 1182	C++
 	user32.dll!_InternalCallWinProc@20() 	
 	user32.dll!_UserCallWinProcCheckWow@32() 	
 	user32.dll!_CallWindowProcAorW@24() 	
 	user32.dll!_CallWindowProcW@20() 	
 	xul.dll!mozilla::ipc::windows::DeferredSendMessage::Run()  Line 973	C++
 	xul.dll!`anonymous namespace'::DeferredMessageHook(nCode=0x00000000, wParam=0x00000001, lParam=0x0023f294)  Line 159	C++
 	user32.dll!_DispatchHookW@16() 	
 	user32.dll!_CallHookWithSEH@16() 	
 	user32.dll!___fnHkINLPMSG@4() 	
 	ntdll.dll!_KiUserCallbackDispatcher@12() 	
 	user32.dll!_NtUserPeekMessage@20() 	
 	user32.dll!__PeekMessage@24() 	
 	user32.dll!_PeekMessageW@20() 	
 	xul.dll!base::MessagePumpForUI::ProcessNextWindowsMessage()  Line 339	C++
 	xul.dll!base::MessagePumpForUI::DoRunLoop()  Line 209	C++
 	xul.dll!base::MessagePumpWin::RunWithDispatcher(delegate=0x00000000, dispatcher=0x0023f3c0)  Line 54	C++
 	xul.dll!base::MessagePumpWin::Run(delegate=0x0023f868)  Line 78	C++
 	xul.dll!MessageLoop::RunInternal()  Line 219	C++
 	xul.dll!MessageLoop::RunHandler() 	C++
 	xul.dll!MessageLoop::Run()  Line 177	C++
 	xul.dll!XRE_InitChildProcess(aArgc=0x0000000a, aArgv=0x0071c6d0, aProcess=GeckoProcessType_Plugin)  Line 519	C++

I can't see the top of the firefox stack, but I *think* that it may be handling the killfocus event from the plugin and re-entering an RPC call: it's not clear to me why that message is not delivered.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Not crashes, but freezes, the whole firefox. Killing plugin-container stops the freeze
Hmm, per Bug 562051 something worked fine with that Plugin in the past Weeks.
And by that Bug the Plugin shouldn't have worked at all from Build 20100427 onwards untill landing of Bug 582012?!
Thus I don't understand the Ranges in Comment 6.

BTW, this Bug is WFM on Mozilla/5.0 (Windows NT 5.1; rv:2.0b10pre) Gecko/20110119 Firefox/4.0b10pre ID:20110119030331
(In reply to comment #9)
> Hmm, per Bug 562051 something worked fine with that Plugin in the past Weeks.
> And by that Bug the Plugin shouldn't have worked at all from Build 20100427
> onwards untill landing of Bug 582012?!
FYI
You may confused the date of landing Bug 582012 into 1.9.2 ,

Bug 562051 was fixed by Bug 582012 into m-c 
http://hg.mozilla.org/mozilla-central/rev/a1ad34b3cdc2
Mozilla/5.0 (Windows; Windows NT 6.1; WOW64; rv:2.0b3pre) Gecko/20100727 Minefield/4.0b3pre ID:20100728105728
I can still reproduce this bug with 20110128 build.
Reproducible today in FF 4.0 (Release). Clean install / new profile.
...and 4.2a1pre...
I'll try filing a bug on Google's end and hope that someone picks this up.
Hi from the Google Earth plugin team.

I've been trying to debug this from our end.Earth is making a NPN_Invoke call to send the balloon opened notification.  Plugin-container never returns from ipc::RPCChannel::Call.  It seems to be stuck processing messages in a deque that is never empty.  I assume the Firefox process is also waiting for a message from plugin-container.  I've tried debugging into the Mozilla code, but I'm not familiar with it, so I haven't figured out too much at this point.  I'd love to hear from someone familiar with RPCChannel.
Jmathies, this is bug that may be related to your current bug. Can you take a look?
Assignee: nobody → jmathies
(In reply to comment #1)
> I can reproduce with this STR, too:
> 
> 1. Navigate to Google Maps
> 2. Activate Earth
> 3. drag the view a bit
> 4. Freezes Minefield

Is there a trick to reproducing this? I'm not seeing it. 

1) load maps
2) switch to "Earth" mode (plugin loads up)
3) flip tabs, pan, zoom in and out using the mouse wheel, switch back to maps, ..

No freeze up so far.
I was testing in a nightly, testing with 5.0 I see the problem.

This might be fixed. Would everyone who can reproduce try a nightly to see if they experience the same problem? 

http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-mozilla-central/

I'll see if I can track down a regression fix range.
Ok, nevermind that, I managed to get this in a nightly too.
This is a focus deadlock. Interestingly enough I landed a fix for this a while back in bug 648935, but the focus specific patch there got backed out due to focus related problems. I'll see if I can work up a new fix.
The easiest repro for me is to launch a page with Google Earth and click a placemark to pop up a balloon.  Alternatively, you can run Monster Milktruck which will automatically pop open a balloon after a few seconds:

http://earth-api-samples.googlecode.com/svn/trunk/demos/milktruck/index.html

The hang occurs when the plugin tries to NPN_Invoke with the "balloon opened" notification.  The NPN_Invoke never returns.  I have stack traces and some notes that I had sent in another email thread.  I can pass those along to you if you don't already have them and if you think they'd be helpful.

Thanks for looking into this.
(In reply to comment #22)
> The easiest repro for me is to launch a page with Google Earth and click a
> placemark to pop up a balloon.  Alternatively, you can run Monster Milktruck
> which will automatically pop open a balloon after a few seconds:
> 
> http://earth-api-samples.googlecode.com/svn/trunk/demos/milktruck/index.html
> 
> The hang occurs when the plugin tries to NPN_Invoke with the "balloon
> opened" notification.  The NPN_Invoke never returns.  I have stack traces
> and some notes that I had sent in another email thread.  I can pass those
> along to you if you don't already have them and if you think they'd be
> helpful.
> 
> Thanks for looking into this.

We have two separate hangs here, the invoke hang and a focus hang. I randomly hit one or the other while testing. I'm going to make this bug about focus, and we'll create a new bug on the script invoke.
One other thing I've noticed is that there are two google earth instances running in the page. One has a window hierarchy for the view, the other seems hidden. Both are windowed and apparently fight for focus somewhat. Two plugins in the same page obviously shouldn't be an issue, but I'm curious what that hidden instance is trying to do?
Attached file partial child stack
(In reply to comment #22)
> The easiest repro for me is to launch a page with Google Earth and click a
> placemark to pop up a balloon.  Alternatively, you can run Monster Milktruck
> which will automatically pop open a balloon after a few seconds:
> 
> http://earth-api-samples.googlecode.com/svn/trunk/demos/milktruck/index.html
> 
> The hang occurs when the plugin tries to NPN_Invoke with the "balloon
> opened" notification.  The NPN_Invoke never returns.  I have stack traces
> and some notes that I had sent in another email thread.  I can pass those
> along to you if you don't already have them and if you think they'd be
> helpful.
> 
> Thanks for looking into this.

Andy, do you have a stack trace that has a clean stack below the invoke? I don't have symbols for npgeplugin.dll so all I see is trash below it. 

(attached trace)

This is shortly after load, with a single mouse click to the view. 

Also, do you have public symbols someplace I can get at via VS?
Try builds with a potential fix:

http://ftp.mozilla.org/pub/mozilla.org/firefox/try-builds/jmathies@mozilla.com-2b45e28cf39c

These should be up in about four hours.
Attached file assert trace
Attached patch fixSplinter Review
Catch messages destined for the instance that can trigger incalls. Bent, via an email discussion w/Google it's apparent we can't defer these, so we drop them on the floor.
Attachment #548903 - Flags: review?(bent.mozilla)
Comment on attachment 548903 [details] [diff] [review]
fix

Ick. If this works I say go for it :(
Attachment #548903 - Flags: review?(bent.mozilla) → review+
http://hg.mozilla.org/mozilla-central/rev/967794e38c94
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla8
Comment on attachment 548903 [details] [diff] [review]
fix

This is a fairly safe patch that makes Google Earth usable in Firefox. We should consider getting it into Aurora and maybe even Beta. The fix has not been in the wild for very long so beta is questionable but I think an Aurora landing would be OK.
Attachment #548903 - Flags: approval-mozilla-beta?
Attachment #548903 - Flags: approval-mozilla-aurora?
I don't think this is appropriate for beta, but it probably is for aurora.
Comment on attachment 548903 [details] [diff] [review]
fix

This can ride the normal train cycle. It's been around since Firefox 4 and it's not a top plug-in or a top hanger.
Attachment #548903 - Flags: approval-mozilla-beta?
Attachment #548903 - Flags: approval-mozilla-beta-
Attachment #548903 - Flags: approval-mozilla-aurora?
Attachment #548903 - Flags: approval-mozilla-aurora-
After being fixed in the FF8 release, this problem has resurfaced in the FF 9.0.1 release.  How does one re-open the bug report?

Earth plugin works find when running in-process.  When running out-of-process, some combinations of invokes and events causes the plugin-container to hang.  At the time of the hang, no plugin code is on the stack.

The easiest way to reproduce this is to try Monster Milktruck (http://earth-api-samples.googlecode.com/svn/trunk/demos/milktruck/index.html).  Drive for a minute or two until it tries to pop a balloon.  When running with dom.ipc.plugins.enabled = true, the plugin will hang.  When that setting is false, the balloon appears and the plugin continues to run.
(In reply to Adrian McCarthy from comment #35)
> After being fixed in the FF8 release, this problem has resurfaced in the FF
> 9.0.1 release.  How does one re-open the bug report?
> 
> Earth plugin works find when running in-process.  When running
> out-of-process, some combinations of invokes and events causes the
> plugin-container to hang.  At the time of the hang, no plugin code is on the
> stack.
> 
> The easiest way to reproduce this is to try Monster Milktruck
> (http://earth-api-samples.googlecode.com/svn/trunk/demos/milktruck/index.
> html).  Drive for a minute or two until it tries to pop a balloon.  When
> running with dom.ipc.plugins.enabled = true, the plugin will hang.  When
> that setting is false, the balloon appears and the plugin continues to run.

Just file a new bug, cc me (:jimm), and include 1,2,3,.. steps to reproduce and we'll take a look.
Depends on: 1318819
You need to log in before you can comment on or make changes to this bug.