137426 2014-10-04 18:14:39 -0700 [X11] Plugin process crashes in NetscapePlugin::platformPostInitialize() 2014-10-09 09:58:58 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Critical --- 1 mcatanzaro webkit-unassigned cgarcia gustavo pnormand oldest_to_newest 1039556 0 mcatanzaro 2014-10-04 18:14:39 -0700 Here's another crash that's been hit a lot in Fedora, a SIGABRT when (presumably) starting Flash: Downstream report: https://bugzilla.redhat.com/show_bug.cgi?id=1139316 Crash statistics: https://retrace.fedoraproject.org/faf/reports/426221/ Full backtrace: https://bugzilla.redhat.com/attachment.cgi?id=935404 1040303 1 mcatanzaro 2014-10-08 09:14:44 -0700 Probably the same as this crash: https://retrace.fedoraproject.org/faf/reports/444412/ 1040312 2 cgarcia 2014-10-08 09:28:22 -0700 How can I try to reproduce it? Does it happen for any website having flash? 1040362 3 mcatanzaro 2014-10-08 11:44:30 -0700 vrutkovs: mcatanzaro: sorry, no info, it just happened during the day of F21 usage mcatanzaro: vrutkovs: Alas. OK, thanks. vrutkovs: my workstation has been doing lots of background tasks recently so it might be one of these race condition bugs mcatanzaro: Well there's over 900 reports so it's not just you. I'll ask in the downstream bug in case someone else has noticed a pattern. 1040529 4 cgarcia 2014-10-09 06:35:24 -0700 I managed to reproduce this, or at least a similar crash, because here it crashes in NetscapePlugin::initialize, like the bt in comment #2. The thing is that flash in crashing in NPP_GetValue when called with NPPVpluginCancelSrcStream. #0 0x00007f6e52ecb873 in ?? () from /usr/lib/mozilla/plugins/flash-mozilla.so #1 0x00007f6e5306ed1c in ?? () from /usr/lib/mozilla/plugins/flash-mozilla.so #2 0x0000000000b2a2c4 in WebKit::NetscapePlugin::initialize(WebKit::Plugin::Parameters const&) () #3 0x0000000000b015df in WebKit::PluginControllerProxy::initialize(WebKit::PluginCreationParameters const&) () #4 0x0000000000b0569f in WebKit::WebProcessConnection::createPluginInternal(WebKit::PluginCreationParameters const&, bool&, bool&, unsigned int&) () Only adobe can know why, though, but the thing is that it only crashes for windowed plugins, adding wmode=opaque as parameter or not calling NPP_GetValue and always loading the source URL, fixes the crash and the flash thing works perfectly. So, the only thing I can think of is adding a plugin quirk to handle this specific case. 1040534 5 239532 cgarcia 2014-10-09 06:40:36 -0700 Created attachment 239532 Patch 1040581 6 cgarcia 2014-10-09 09:58:58 -0700 Committed r174507: <http://trac.webkit.org/changeset/174507> 239532 2014-10-09 06:40:36 -0700 2014-10-09 09:34:27 -0700 Patch wk2-flash-crash.diff text/plain 3476 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCBhMmUyYjk2Yi4uMTA3OWMxYyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktp dDIvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI1 IEBACisyMDE0LTEwLTA5ICBDYXJsb3MgR2FyY2lhIENhbXBvcyAgPGNnYXJjaWFAaWdhbGlhLmNv bT4KKworICAgICAgICBbWDExXSBQbHVnaW4gcHJvY2VzcyBjcmFzaGVzIGluIE5ldHNjYXBlUGx1 Z2luOjpwbGF0Zm9ybVBvc3RJbml0aWFsaXplKCkKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTEzNzQyNgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIEZvciBzb21lIHJlYXNvbiBmbGFzaCBjcmFzaGVzIHdoZW4g TlBQX0dldFZhbHVlIGlzIGNhbGxlZCB3aXRoCisgICAgICAgIE5QUFZwbHVnaW5DYW5jZWxTcmNT dHJlYW0sIGJ1dCBvbmx5IGluIHdpbmRvd2VkIG1vZGUuIE5vdCBjYWxsaW5nCisgICAgICAgIE5Q UF9HZXRWYWx1ZSBhbmQgdW5jb25kaXRpb25hbGx5IGxvYWRpbmcgdGhlIHNvdXJjZSBVUkwgaW4g dGhlCisgICAgICAgIGJyb3dzZXIgZml4ZXMgdGhlIGNyYXNoIGFuZCBwbHVnaW5zIHdvcmsgbm9y bWFsbHkuIFdlIGNhbiBoYW5kbGUKKyAgICAgICAgdGhpcyBwYXJ0aWN1bGFyIGNhc2Ugd2l0aCBh IG5ldyBxdWlyay4KKworICAgICAgICAqIFNoYXJlZC9QbHVnaW5zL05ldHNjYXBlL3gxMS9OZXRz Y2FwZVBsdWdpbk1vZHVsZVgxMS5jcHA6CisgICAgICAgIChXZWJLaXQ6Ok5ldHNjYXBlUGx1Z2lu TW9kdWxlOjpkZXRlcm1pbmVRdWlya3MpOiBBZGQKKyAgICAgICAgRG9Ob3RDYW5jZWxTcmNTdHJl YW1JbldpbmRvd2VkTW9kZSBxdWlyayBpZiBpdCdzIGZsYXNoIHBsdWdpbi4KKyAgICAgICAgKiBT aGFyZWQvUGx1Z2lucy9QbHVnaW5RdWlya3MuaDogQWRkCisgICAgICAgIERvTm90Q2FuY2VsU3Jj U3RyZWFtSW5XaW5kb3dlZE1vZGUgcXVpcmsuCisgICAgICAgICogV2ViUHJvY2Vzcy9QbHVnaW5z L05ldHNjYXBlL05ldHNjYXBlUGx1Z2luLmNwcDoKKyAgICAgICAgKFdlYktpdDo6TmV0c2NhcGVQ bHVnaW46OnNob3VsZExvYWRTcmNVUkwpOiBSZXR1cm4gZWFybHkgaWYgcGx1Z2luCisgICAgICAg IGlzIHdpbmRvd2VkIGFuZCBEb05vdENhbmNlbFNyY1N0cmVhbUluV2luZG93ZWRNb2RlIHF1aXJr IGlzIHByZXNlbnQuCisKIDIwMTQtMTAtMDggIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNp YUBpZ2FsaWEuY29tPgogCiAgICAgICAgIFtHVEtdIFVzZSB0aGUgUGFnZUxvYWRTdGF0ZSBvYnNl cnZlciBhbHNvIHRvIG1vbml0b3IgdGl0bGUgYW5kIGVzdGltYXRlZCBsb2FkIHByb2dyZXNzCmRp ZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvUGx1Z2lucy9OZXRzY2FwZS94MTEvTmV0 c2NhcGVQbHVnaW5Nb2R1bGVYMTEuY3BwIGIvU291cmNlL1dlYktpdDIvU2hhcmVkL1BsdWdpbnMv TmV0c2NhcGUveDExL05ldHNjYXBlUGx1Z2luTW9kdWxlWDExLmNwcAppbmRleCBlY2VkMDViLi4z NjI3NTM5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvUGx1Z2lucy9OZXRzY2Fw ZS94MTEvTmV0c2NhcGVQbHVnaW5Nb2R1bGVYMTEuY3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1No YXJlZC9QbHVnaW5zL05ldHNjYXBlL3gxMS9OZXRzY2FwZVBsdWdpbk1vZHVsZVgxMS5jcHAKQEAg LTE4OSw2ICsxODksNyBAQCB2b2lkIE5ldHNjYXBlUGx1Z2luTW9kdWxlOjpkZXRlcm1pbmVRdWly a3MoKQogI2lmIFBMQVRGT1JNKEVGTCkKICAgICAgICAgICAgIG1fcGx1Z2luUXVpcmtzLmFkZChQ bHVnaW5RdWlya3M6OkZvcmNlRmxhc2hXaW5kb3dsZXNzTW9kZSk7CiAjZW5kaWYKKyAgICAgICAg ICAgIG1fcGx1Z2luUXVpcmtzLmFkZChQbHVnaW5RdWlya3M6OkRvTm90Q2FuY2VsU3JjU3RyZWFt SW5XaW5kb3dlZE1vZGUpOwogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIH0KICAgICB9CmRp ZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvUGx1Z2lucy9QbHVnaW5RdWlya3MuaCBi L1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9QbHVnaW5zL1BsdWdpblF1aXJrcy5oCmluZGV4IDkyNzQw MTUuLjJjOGRmMjcgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9QbHVnaW5zL1Bs dWdpblF1aXJrcy5oCisrKyBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9QbHVnaW5zL1BsdWdpblF1 aXJrcy5oCkBAIC05Miw2ICs5Miw5IEBAIHB1YmxpYzoKICAgICAgICAgLy8gU29tZSBwb3J0cyBk b24ndCBzdXBwb3J0IHdpbmRvd2VkIHBsdWdpbnMuCiAgICAgICAgIEZvcmNlRmxhc2hXaW5kb3ds ZXNzTW9kZSwKIAorICAgICAgICAvLyBGbGFzaCBjcmFzaGVzIHdoZW4gTlBQX0dldFZhbHVlIGlz IGNhbGxlZCBmb3IgTlBQVnBsdWdpbkNhbmNlbFNyY1N0cmVhbSBpbiB3aW5kb3dlZCBtb2RlLgor ICAgICAgICBEb05vdENhbmNlbFNyY1N0cmVhbUluV2luZG93ZWRNb2RlLAorCiAgICAgICAgIC8v IFdpbmRvd3Mgc3BlY2lmaWMgcXVpcmtzOgogI2VsaWYgUExVR0lOX0FSQ0hJVEVDVFVSRShXSU4p CiAgICAgICAgIC8vIFdoZXRoZXIgTlBOX1VzZXJBZ2VudCBzaG91bGQgYWx3YXlzIHJldHVybiBh IE1vemlsbGEgdXNlciBhZ2VudC4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nl c3MvUGx1Z2lucy9OZXRzY2FwZS9OZXRzY2FwZVBsdWdpbi5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9X ZWJQcm9jZXNzL1BsdWdpbnMvTmV0c2NhcGUvTmV0c2NhcGVQbHVnaW4uY3BwCmluZGV4IGRjMGY5 ODIuLjk0MDVlNTIgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvUGx1Z2lu cy9OZXRzY2FwZS9OZXRzY2FwZVBsdWdpbi5jcHAKKysrIGIvU291cmNlL1dlYktpdDIvV2ViUHJv Y2Vzcy9QbHVnaW5zL05ldHNjYXBlL05ldHNjYXBlUGx1Z2luLmNwcApAQCAtNTA3LDYgKzUwNywx MiBAQCB2b2lkIE5ldHNjYXBlUGx1Z2luOjpjYWxsU2V0V2luZG93SW52aXNpYmxlKCkKIAogYm9v bCBOZXRzY2FwZVBsdWdpbjo6c2hvdWxkTG9hZFNyY1VSTCgpCiB7CisjaWYgUExVR0lOX0FSQ0hJ VEVDVFVSRShYMTEpCisgICAgLy8gRmxhc2ggY3Jhc2hlcyB3aGVuIE5QUF9HZXRWYWx1ZSBpcyBj YWxsZWQgZm9yIE5QUFZwbHVnaW5DYW5jZWxTcmNTdHJlYW0gaW4gd2luZG93ZWQgbW9kZS4KKyAg ICBpZiAobV9pc1dpbmRvd2VkICYmIG1fcGx1Z2luTW9kdWxlLT5wbHVnaW5RdWlya3MoKS5jb250 YWlucyhQbHVnaW5RdWlya3M6OkRvTm90Q2FuY2VsU3JjU3RyZWFtSW5XaW5kb3dlZE1vZGUpKQor ICAgICAgICByZXR1cm4gdHJ1ZTsKKyNlbmRpZgorCiAgICAgLy8gQ2hlY2sgaWYgd2Ugc2hvdWxk IGNhbmNlbCB0aGUgbG9hZAogICAgIE5QQm9vbCBjYW5jZWxTcmNTdHJlYW0gPSBmYWxzZTsKIAo=