CrashKill/2009-10-05
From MozillaWiki
Misc
- bug 519585 - Socorro bug links now updated hourly, instead of 2x daily.
- Firefox 3.5.3 top crashes
- bug 519616 - Jeff's crash work.
- dbaron: https://developer.mozilla.org/en/Debugging_a_minidump
- dbaron: http://dbaron.org/mozilla/topcrash-modules
- dbaron: Is trying to correlate dlls to bin-ext/plugins above. We should ask the AMO to simply record DLLs that are associated with what plugins. StopBadware.org probably has this information. We need a way to record this info so that we aren't constantly re-researching correlations.
Bugs
- cooliris19.dll@0x351f2 - jst bug 519039 - Resolved.
- nsCycleCollectingAutoRefCnt::decr(nsISupports*) - dbaron bug 500879 - One of the thread safety need to figure out contacts for each of those extensions and get them to change their ways.
- nsGlobalWindow::cycleCollection::UnmarkPurple(nsISupports*) - dbaron bug 504392 - Same as above.
- nsEventListenerManager::Release() - jst bug 513334 - Same as above.
- UserCallWinProcCheckWow - bug 501429, - jst - No progress there, supposedly caused by the google talk plugin, unable to reproduce.
- _PR_MD_SEND - bug 489533 - Jonas. Status: Nothing new. Timeless seems to know what is going on. Spyware and anti-spyware both hook into a library that causes network connectivity to not work properly. Trying to reproduce with fsecure. I'm worried that it's going to get to blocking spyware. We might consider adding a message after a re-start after a crash that says the crash was caused by a particular piece of malware/spyware. Jonas is still trying to reproduce this one. See also bug 467167
- RtlpWaitForCriticalSection - JST - Flash - bug 511757 - Still investing.
- RtlpWaitOnCriticalSection - JST - Not Flash, something else. bug 511759 - ADR toolbar. We need to reach out to them.
- @0x0 - bug 519616 - jrmuizlar - Need to get the stack unwinder done first.
- nsStyleSet::FileRules(int (*)(nsIStyleRuleProcessor*, void*), RuleProcessorData*) - bug 492675 - Bug is real, dbaron owns. Status: This is correlated with MyWebsearchToolbar, have a patch, reasonably safe, can't guarantee that it fixes this because I can't reproduce it. We'd need to land this on a release before we know if we've actually fixed this. It's been around forever. It has landed on central and 1.9.2. Awaiting 1.9.1 approval.
- _woutput_l - bug 511756 - dolske - Haven't had a lot of time to look at this in-depth. This seems to indicate a smiley malware. This one is correlated with an extension, will update the bug with the info.
- KiFastSystemCallRet bug 514589 - Jonas - Code is written, just needs to be staged.
- NPSWF32.dll@0x77bd0 - Farmtown flash - JST - Adobe has a fix, but we don't know when they will ship it.
- GraphWalker::DoWalk(nsDeque&) bug 500105 - peterv - We're not getting far. Can't reproduce. Dbaron and I have looked at it, but we don't know what's going on. This is not a thread safety issue, and it's not correlated with extensions, it's cross platform, and it was in 3.0. So, this is probably our bug, but we don't know what/where/why. We're not sure if it's a cycle collector or nsDEQ bug. Will think about skidmark for this. We don't know what we can do yet.
- nsWindow::GetParentWindow(int) - bug 470487 - jst
- NPFFAddOn.dll@0x11867 bug 519343 tomcat will file a bug and update this page. We have blocklisted this one, but still, the crashes have gone up. ssidler: I don't think we can block list this. We tried, but this isn't an extesion. We can try to contact antivirus vendors to see if they can remove it.
- RtlpCoalesceFreeBlocks bug 519340 - dolske will file a new bug. - This is our number one top crash right now. Worked with Lars to extract this from the database to get a handle on this problem: This looks likes it's caused by an older version of AVG. The extension that they installed is just called 8.5 (I guess it never changes?), so we can't block list this version.
- memcpy | fillInCell bug 503770 - Fixed in 1.9.4, by upgrading sqlite.
- nsBaseWidget::Destroy() bug 470487, bug 507928, bug 503196 - The first bug is the getParentWindow, which we talked about above. 503296 is fixed in 1.9.4. 507928 is the same as the jimm issue described above.
- GoogleDesktopNetwork3.dll@0x3dfb bug 519344 - Tomcat - Working this and the next one to find steps to reproduce.
- @radhslib.dll@0x3b6f bug 519348 - Tomcat - Working on STR.
- js_Interpret - bug 519363 - dmandelin, see also 517077, 514593, 519129 - I filled a bunch of stuff in the bug, I've figured out a lot of the details on what's causing the crashing, still it's kinda mysterious, and no one seems to have any idea how that could happen. Now, sifting over logged crash reports to get more precise answers on when it came in. Also, might do a patch to record what's happening into a 3.5 release. This was not in 3.5b4, but is in 3.5b99. Need two things: 1) Need urls (jst will help here). 2) I suspect that I might need to do something to create a patch that would help me catch this, there are 7 different cases where this problem could emerge.
- PL_DHashTableOperate - 516113, 503638, 303511 - Need to get this added to the filter list as this is rarely the source. - This is likely not a top crash but a lot of smaller crashes. - Ted needs to add skiplist items. Damon: Need to follow up with Ted here. Some of these are strongly coordinated with extensions (per dbaron).
- Flash Player@0x92160 - bug 520058 Module data would be useful here (i.e., this is flash version X). - Josh Damon: follow-up.
- nsPresContext::Release() - Need create another bug here, dbaron - Same as cycle collector bugs. bc: Flash Player@0x92160 showed up 08/01.
[4:39pm] bc: probably 10.0.32.18, but it could have just been a different address and a different version.
- arena_dalloc_small | arena_dalloc | free | XPT_DestroyArena - bug 519356 - Clint - He spidered 5k pages over the weekend in compat mode, no luck. Any suggestions here? dbaron: thinks these are startup crashes.
- Spidered 5000 pages over the weekend while running in compatibility mode. Unable to reproduce crash. :(
- arena_chunk_init - bug 515211 - dmandelin - Haven't gotten to this yet.
- wcslen bug 519355 and bug 519353 - dolske - 519353 appears to be caused by divx. The next step here is to contact them. dolske will call. bug 508292 - This crashes same signature different stack, it's strongly correlated with turkish sites. This could be malware triggered. Next step: Keep trying to repro.
- objc_msgSend | CanonIJPDE@0x1531e bug 519451 - Tomcat - This seems to be a printer driver crash. Need to track down this driver.
- libobjc.A.dylib@0x15688 | IdleTimerVector] bug 519718 - Tomcat - Steven thinks this is a dupe, this could be the divx issue.
- nsHttpsHandler::GetProtocolFlags(unsigned int*) bug 519729 - Tomcat - Need to get the URLs -- Looks like a startup crash.
- DTToolbarFF.dll@0x4bc19 and related crashes on version 1.0.8.552 bug 512040 - Tomcat - We have blockisted versions of this, so we're looking into this still to see if we need to blocklist this. Need to contact them before we do that.
- nsPluginHostImpl::TrySetUpPluginInstance(char const*, nsIURI*, nsIPluginInstanceOwner*) bug 519752 - Tomcat - I have a VM installed with plugins, if someone could get the urls there, jst will get him the urls.
- nsGlobalChromeWindow::Release() bug 519755 - Tomcat - Need ideas on how to repro here, besides the urls, will continue grinding through them.
- nsXULDocument::ResumeWalk() bug 519767 - Tomcat - dbaron suggested an extension correlation.
- memmove | nsTArray_base::ShiftData(unsigned int, unsigned int, unsigned int, unsigned int) bug 519771 - Tomcat - ShiftData needs to be added to the signature ignore list. Jonas will file a bug to do so.