#0 0x00463422 in __kernel_vsyscall ()
#1 0x00830b5d in pthread_join () from /lib/tls/i686/cmov/libpthread.so.0
#2 0x01666f32 in PlatformThread::Join (thread_handle=3073375088) at ./src/base/platform_thread_posix.cc:119
#3 0x016546b1 in base::Thread::Stop (this=0xb7601200) at ./src/base/thread.cc:114
#4 0x015ed24b in ~BrowserProcessSubThread (this=0xb7601200, __in_chrg=<value optimized out>) at BrowserProcessSubThread.cpp:89
#5 0x0167c957 in mozilla::ShutdownXPCOM (servMgr=0xb7661344) at nsXPComInit.cpp:979
#6 0x00d3bf54 in ~ScopedXPCOMStartup (this=0xbfd2a75c, __in_chrg=<value optimized out>) at nsAppRunner.cpp:1052
#7 0x00d3fee4 in XRE_main (argc=1, argv=0xbfd2aa14, aAppData=0xb7618380) at nsAppRunner.cpp:3539
#8 0x00ac49e3 in main (argc=1, argv=0xbfd2aa14) at nsBrowserApp.cpp:158
#0 0x006b1422 in __kernel_vsyscall ()
#1 0x17788b86 in poll () from /lib/tls/i686/cmov/libc.so.6
#2 0x00eea8e9 in google_breakpad::CrashGenerationServer::Run (this=0xacfe7310) at crash_generation_server.cc:278
#3 0x00eea94c in google_breakpad::CrashGenerationServer::ThreadMain (arg=0xacfe7310) at crash_generation_server.cc:462
#4 0x00c3a96e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#5 0x17796a4e in clone () from /lib/tls/i686/cmov/libc.so.6
#0 0x006b1422 in __kernel_vsyscall ()
#1 0x00c42e0b in waitpid () from /lib/tls/i686/cmov/libpthread.so.0
#2 0x0180e36f in WaitForChildExit (this=0xab62e130) at ./src/chrome/common/process_watcher_posix_sigchld.cc:112
#3 0x0180e3d4 in KillProcess (this=0xab62e130) at ./src/chrome/common/process_watcher_posix_sigchld.cc:159
#4 0x0180e51a in ~ChildGrimReaper (this=0xab62e130, __in_chrg=<value optimized out>) at ./src/chrome/common/process_watcher_posix_sigchld.cc:134
#5 0x017e5d33 in MessageLoop::DeletePendingTasks (this=0xb71ff1d8) at ./src/base/message_loop.cc:422
#6 0x017e695d in ~MessageLoop (this=0xb71ff1d8, __in_chrg=<value optimized out>) at ./src/base/message_loop.cc:148
#7 0x017f25a0 in base::Thread::ThreadMain (this=0xb7501200) at ./src/base/thread.cc:175
#8 0x01804f0b in ThreadFunc (closure=0xb7501200) at ./src/base/platform_thread_posix.cc:26
#9 0x00c3a96e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#10 0x17796a4e in clone () from /lib/tls/i686/cmov/libc.so.6
I wasn't able to attach to the plugin-container process. gdb says "ptrace: Operation not permitted".
So far I've only been able to reproduce this bug on machines with NVIDIA graphics hardware and Flash 11. All of them have been running the nvidia-current proprietary driver; I haven't had a chance to check nv yet. My laptop with ATi graphics and my Virtualbox VMs don't seem to be affected. We downgraded a lot of workstations to the previous adobe-flashplugin package (10.3) to work around the bug.
pstree:
firefox- bin─┬─plugin- containe─ ──{plugin- contain}
└─ 2*[{firefox- bin}]
backtraces for firefox-bin (3 threads):
#0 0x00463422 in __kernel_vsyscall () i686/cmov/ libpthread. so.0 :Join (thread_ handle= 3073375088) at ./src/base/ platform_ thread_ posix.cc: 119 thread. cc:114 SubThread (this=0xb7601200, __in_chrg=<value optimized out>) at BrowserProcessS ubThread. cpp:89 :ShutdownXPCOM (servMgr= 0xb7661344) at nsXPComInit.cpp:979 cpp:1052 0xb7618380) at nsAppRunner. cpp:3539 cpp:158
#1 0x00830b5d in pthread_join () from /lib/tls/
#2 0x01666f32 in PlatformThread:
#3 0x016546b1 in base::Thread::Stop (this=0xb7601200) at ./src/base/
#4 0x015ed24b in ~BrowserProcess
#5 0x0167c957 in mozilla:
#6 0x00d3bf54 in ~ScopedXPCOMStartup (this=0xbfd2a75c, __in_chrg=<value optimized out>) at nsAppRunner.
#7 0x00d3fee4 in XRE_main (argc=1, argv=0xbfd2aa14, aAppData=
#8 0x00ac49e3 in main (argc=1, argv=0xbfd2aa14) at nsBrowserApp.
#0 0x006b1422 in __kernel_vsyscall () i686/cmov/ libc.so. 6 breakpad: :CrashGeneratio nServer: :Run (this=0xacfe7310) at crash_generatio n_server. cc:278 breakpad: :CrashGeneratio nServer: :ThreadMain (arg=0xacfe7310) at crash_generatio n_server. cc:462 i686/cmov/ libpthread. so.0 i686/cmov/ libc.so. 6
#1 0x17788b86 in poll () from /lib/tls/
#2 0x00eea8e9 in google_
#3 0x00eea94c in google_
#4 0x00c3a96e in start_thread () from /lib/tls/
#5 0x17796a4e in clone () from /lib/tls/
#0 0x006b1422 in __kernel_vsyscall () i686/cmov/ libpthread. so.0 common/ process_ watcher_ posix_sigchld. cc:112 common/ process_ watcher_ posix_sigchld. cc:159 common/ process_ watcher_ posix_sigchld. cc:134 :DeletePendingT asks (this=0xb71ff1d8) at ./src/base/ message_ loop.cc: 422 message_ loop.cc: 148 :ThreadMain (this=0xb7501200) at ./src/base/ thread. cc:175 0xb7501200) at ./src/base/ platform_ thread_ posix.cc: 26 i686/cmov/ libpthread. so.0 i686/cmov/ libc.so. 6
#1 0x00c42e0b in waitpid () from /lib/tls/
#2 0x0180e36f in WaitForChildExit (this=0xab62e130) at ./src/chrome/
#3 0x0180e3d4 in KillProcess (this=0xab62e130) at ./src/chrome/
#4 0x0180e51a in ~ChildGrimReaper (this=0xab62e130, __in_chrg=<value optimized out>) at ./src/chrome/
#5 0x017e5d33 in MessageLoop:
#6 0x017e695d in ~MessageLoop (this=0xb71ff1d8, __in_chrg=<value optimized out>) at ./src/base/
#7 0x017f25a0 in base::Thread:
#8 0x01804f0b in ThreadFunc (closure=
#9 0x00c3a96e in start_thread () from /lib/tls/
#10 0x17796a4e in clone () from /lib/tls/
I wasn't able to attach to the plugin-container process. gdb says "ptrace: Operation not permitted".
So far I've only been able to reproduce this bug on machines with NVIDIA graphics hardware and Flash 11. All of them have been running the nvidia-current proprietary driver; I haven't had a chance to check nv yet. My laptop with ATi graphics and my Virtualbox VMs don't seem to be affected. We downgraded a lot of workstations to the previous adobe-flashplugin package (10.3) to work around the bug.