CrashKill/2009-11-30
From MozillaWiki
Contents
Agenda
- Go through the 3.6beta4 crashes
- Skip list updates applied?
- Out of memory with new shipped top production, was reopened, under development
- Split up js_Interpret goes out Thrs
- Any others? We're watching SkipList with crash kill
Misc
Breakpad & Socorro
- bug 531870 Our addon-correlation data might not be reliable
- bug 531881 Improve crashreporter UI for email address
- 1.2 code freeze EOD Tuesday, Test / Feedback welcome on stage. Deploying Thursday night
3.6b4 Top Crash Bugs
| Rank | Stacks | Bug | Owner | Status |
| 1 | 3RD PARTY NPSWF32.dll@0x136a29 | bug 530989 | Crashes at this signature, and crashes on yoville, are much worse in 3.6 betas than in 3.5. Can we figure out why, and what changed? | |
| 2 | 3RD PARTY FIXED PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) | bug 531290 | jst | Caused by IE Tab extension's plugin. jst has patch to fill in pointer with null so plugins that do null-check don't have uninitialized data |
| 3 | 3RD PARTY UserCallWinProcCheckWow | bug 501429, bug 531551 | jst,damon | Currently about 50% of the UserCallWinProcCheckWow crashes (this 50% is bug 531551 are correlated with old versions of Adobe Acrobat (but not the current version). These crashes were not present in 3.5. Do we know what changed? |
| 4 | (signature unavailable) | bug 528798 | crash-stats report changed to include empty sigs with 1.1; possibly Zone Alarm causes a bunch of these: need to get in contact with someone there | |
| 5 | 3RD PARTY BLOCKLIST RtlpCoalesceFreeBlocks | bug 514612, etc. | damon | Now that the AVG issues are gone (bug 519340), 75% of the RtlpCoalesceFreeBlocks crashes on 3.5 and 90% of them on 3.6 are due to one LSP described in bug 514612. Should we investigate what it is and consider blocklisting? |
| 6 | 3RD PARTY BLOCKLIST ntdll.dll@0x38c39 | bug 527540 | damon | |
| 7 | 3RD PARTY Flash Player-10.6+@0x481904 | bug 532085 | ss | |
| 8 | nsXULTreeAccessible::GetTreeItemAccessible(int, nsIAccessible**) | bug 528311 | surkov | thought it was fixed for beta4, but it's not |
| 9 | 3RD PARTY Flash Player-10.6+@0x4818fb | bug 532085 | ss | |
| 10 | 3RD PARTY NPSWF32.dll@0xca950 | bug 532011 | sicking | crash stopping a flash instance |
| 11 | RtlpWaitForCriticalSection | RtlEnterCriticalSection | bug 511757, bug 520639 | Majority (?) of these are flash crashes, but there are other causes as well. | |
| 12 | FIXED nsCycleCollector::MarkRoots(GCGraphBuilder&) | bug 500105 | peterv, dbaron | peterv landed a fix for a major cause of this for final |
| 13 | 3RD PARTY RtlDeleteCriticalSection | bug 521558 | jst | Crashes while unloading NPSWF32.DLL (in TryUnloadPlugin) |
| 14 | FIXED nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | nsScriptSecurityManager::doGetObjectPrincipal(JSObject*) | bug 530567, bug 519719 | jorendorff | The JS patch that I'd thought would fix this (bug 519719) is a blocker, but somehow didn't get merged in the tracemonkey merge before b4, so we don't know that for sure. |
| 15 | js_Interpret | dmandelin, lars (for splitting signatures) | see 3.5.5 table (but does that cover everything?) | |
| 16 | 3RD PARTY BLOCKLIST KERNELBASE.dll@0xb727 | bug 530518 | chofmann | Some sort of third-party app, perhaps malware. Could somebody take an action to figure out more, and whether we should blocklist? |
| 17 | FIXED nsScriptSecurityManager::doGetObjectPrincipal(JSObject*) | bug 519719 | jorendorff | This actually didn't get fixed for b4 and hasn't yet been merged from tracemonkey into either mozilla-central or mozilla-1.9.2 |
| 18 | @0x0 | @0x10b42bbd | BaseThreadStart | sicking | ||
| 19 | 3RD PARTY NPSWF32.dll@0x139215 | |||
| 20 | 3RD PARTY NPSWF32.dll@0x17ba9f | |||
| 21 | RtlpWaitOnCriticalSection | RtlEqualString | |||
| 22 | npwinext.dll@0x5d8c4 | |||
| 23 | 3RD PARTY Flash Player@0x92160 | |||
| 24 | 3RD PARTY nsDocShell::SetupNewViewer(nsIContentViewer*) | bug 434403 | Can somebody take an action to figure out the top causes and investigate blocklisting? | |
| 25 | 3RD PARTY strchr | bug 530968 | Internet Download Manager | |
| 26 | BLOCKLIST _PR_MD_SEND | bug 467167 | sicking, jimm | blocklist bugs: bug 527125 bug 530898 bug 530914 |
| 38 (was higher earlier) | nsFrame::BoxReflow(nsBoxLayoutState&, nsPresContext*, nsHTMLReflowMetrics&, nsIRenderingContext*, int, int, int, int, int) | This is historically correlated with various types of botched installs. Why is it still happening? |
3.5.5 Bugs (last week's list)
Nothing new in the top 25 in the last week. (List below is from last week, probably not worth updating.)
| Rank | Stacks | Bug | Owner | Status |
| 1 | (signature unavailable) | crash-stats report changed to include empty sigs with 1.1; possibly Zone Alarm causes a bunch of these: need to get in contact with someone there | ||
| 2 | UserCallWinProcCheckWow | bug 501429 | jst | possibly fixed by never unloading plug-ins (bug 500925), fix landed for 1.9.1.6; almost might need to be on the skip list |
| 3 | 3RD PARTY _woutput_l | bug 511756 | dolske | likely TrendMicro toolbar, need to blocklist? |
| 4 | 3RD PARTY nsStyleSet::FileRules(int (*)(nsIStyleRuleProcessor*, void*), RuleProcessorData*) | bug 492675 | dbaron | possible fix landed for 1.9.1.6 but didn't work; looked at WOT code, not their fault, need to investigate more |
| 5 | 3RD PARTY nsGlobalWindow::cycleCollection::UnmarkPurple(nsISupports*) | bug 527339 | dbaron | correlated highly with bit defender; needs a new owner; will determine which version of bit defender |
| 6 | BLOCKLIST _PR_MD_SEND | bug 467167 | sicking, jimm | spin off: malware module detection, bug 523350 |
| 7 | 3RD PARTY Flash Player@0x92160 | bug 520058 | josh | Flash; latest version too |
| 8 | DEBUG GraphWalker::DoWalk(nsDeque&) nsCycleCollector::MarkRoots(GCGraphBuilder&) |
bug 500105 | dbaron, peterv | landed debugging code for b2; investigated, but back to the drawing board |
| 9 | 3RD PARTY RtlpWaitForCriticalSection | bug 511757 | jst | Flash-related |
| 10 | 3RD PARTY NPSWF32.dll@0xca950 | Flash! | ||
| 11 | 3RD PARTY NPSWF32.dll@0x17ba9f | Flash! | ||
| 12 | nsScriptLoader::StartLoad(nsScriptLoadRequest*, nsAString_internal const&) | bug 519886 | jst, mrbkap | unable to reproduce, but likely wallpaper fix in the bug, landed for 1.9.1.6. Correlated with Skype toolbar and hotmail? We'll see in 1.9.1.6. |
| 13 | 3RD PARTY BLOCKLIST RtlpCoalesceFreeBlocks | bug 519340 | dolske | AVG released an updated version; will plan to blocklist old versions (with their approval) on Friday |
| 14 | js_Interpret | bug 519363 | dmandelin | most popular subcrash fixed on trunk and 1.9.2; jorendorff is backporting a stack of 5 patches to 1.9.1. |
| 15 | FIXED nsWindow::GetParentWindow(int) | bug 470487 | jst, jimm | fix landed for 1.9.1.6 |
| 16 | RtlpWaitOnCriticalSection | bug 511759, bug 527540 | jst | probably multiple bugs; bug 514505 to split signatures should be fixed by Nov 24; possible DLL blocklist nominee! |
| 16 | DEBUG nsCycleCollector::MarkRoots(GCGraphBuilder&) | bug 437449 | dbaron, peterv | same as GraphWalker::DoWalk(nsDeque&) |
| 17 | objc_msgSend | IdleTimerVector | bug 509130 | smichaud | caused by webkit (bug filed with Webkit and Radar issue on file); workaround landed for 1.9.2b3 |
| 18 | arena_dalloc_small | arena_dalloc | free | XPT_DestroyArena | bug 519356 | ctalbert | seems related to compatibility mode; need to grab a minidump to investigate |
| 19 | nsXPConnect::Traverse(void*, nsCycleCollectionTraversalCallback&) | bug 500103 | Tomcat | |
| 20 | arena_chunk_init | bug 515211 | dmandelin | fixed on trunk and 1.9.2; waiting for approval for landing to 1.9.1. |
| 21 | BLOCKLIST NPFFAddOn.dll@0x11867 | bug 519343 | tomcat | was able to find this malware and with the help from marcia to extract this dll. AV Vendors are informed and a first one has found a new virus in this :) - Tomcat |
| 22 | 3RD PARTY GoogleDesktopMozilla.dll@0x5512 | bug 401513 | ||
| 23 | js_TraceObject | bug 503772 | Tomcat | taking and investigating |
| 24 | PL_DHashTableOperate | free | nsEventListenerManager::AddEventListenerByType(nsIDOMEventListener*, nsAString_internal const&, int, nsIDOMEventGroup*) | bug 516113 | ? | |
| 25 | RtlpWaitForCriticalSection | RtlEnterCriticalSection | |||
| 32 | HostentBlob_WriteNameOrAlias | bug 508292 | dolske | Windows DNS resolver library crash on Turkish domains. In contact with Microsoft. |
| 44 | FIXED nsXULDocument::ResumeWalk() | bug 519767 | tomcat | fixed in 3.5.6 |
| 47 | objc_msgSend | CanonIJPDE@0x1531e | bug 519451 | tomcat | printer driver issue; seems fixed by new driver; need to test if new cocoa printing dialogs help this -> Josh think this will fix it, if not there is probably nothing we can do (Tomcat) |
| 51 | RaiseException | _CxxThrowException | bug 511758 | (was #24) | |
| 57 | nsPluginHostImpl::TrySetUpPluginInstance(char const*, nsIURI*, nsIPluginInstanceOwner*) | bug 519752 | tomcat | not reproducible so far |
| 58 | 3RD PARTY DTToolbarFF.dll@0x4bc19 | bug 512040 | tomcat | trying to repro, but still not crashing |
| 63 | nsBaseWidget::Destroy() | bug 507928 | jst, jimm | Mac-version fixed in 1.9.1.4; now Windows-only |
| 71 | GoogleDesktopNetwork3.dll@0x3dfb | bug 519344 | tomcat | Google has pushed a update - need to check the crash stats next week if the crashnumber has dropped |
| 74 | RtlAllocateHeap | bug 519340 | was in top 25; moved down | |
| 77 | BLOCKLIST radhslib.dll@0x3b6f | bug 519348 | tomcat | need to blocklist |
| 121 | FIXED nsHttpsHandler::GetProtocolFlags(unsigned int*) | bug 519729 | dolske | correlated with ComputerBild magazine; johnath contacted; out of top 100 now; crashes in the last week |
| xx | NPSWF32.dll@0x77bd0 | bug 516780 | jst | Farmtown flash; need to know when Adobe will ship a fix; no longer in top 100 (crashes in the last week) |
| xx | std::basic_string<unsigned short, std::char_traits<unsigned short>, std::allocator<unsigned short> >::assign(unsigned short const*) | bug 514592 | dolske | Divx associated crash, in contact with DivX folks |
