CrashKill/2009-12-14

From MozillaWiki
Jump to: navigation, search

Agenda

  • Go through the 3.6beta4 crashes
  • Plugin Unloading - Notes: We don't think it requires a full beta cycle at this point. It landed for beta5, but that didn't actually ship.
  • Skip list

Misc

Breakpad & Socorro

  • bug 531870 Our addon-correlation data might not be reliable
  • bug 531881 Improve crashreporter UI for email address
  • We shipped 1.2, working on 1.3 release for 1/2010.

3.6b4 Top Crash Bugs

Rank Stacks Bug Owner Status
1 3RD PARTY NPSWF32.dll@0x136a29 bug 530989 Crashes at this signature, and crashes on yoville, are much worse in 3.6 betas than in 3.5. Can we figure out why, and what changed?
2 3RD PARTY FIXED PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) bug 531290 jst Caused by IE Tab extension's plugin. jst has patch to fill in pointer with null so plugins that do null-check don't have uninitialized data
3 3RD PARTY UserCallWinProcCheckWow bug 501429, bug 531551 jst,damon Currently about 50% of the UserCallWinProcCheckWow crashes (this 50% is bug 531551 are correlated with old versions of Adobe Acrobat (but not the current version). These crashes were not present in 3.5. Do we know what changed?
4 (signature unavailable) bug 528798 crash-stats report changed to include empty sigs with 1.1; possibly Zone Alarm causes a bunch of these: need to get in contact with someone there
5 3RD PARTY BLOCKLIST RtlpCoalesceFreeBlocks bug 514612, etc. damon Now that the AVG issues are gone (bug 519340), 75% of the RtlpCoalesceFreeBlocks crashes on 3.5 and 90% of them on 3.6 are due to one LSP described in bug 514612. Should we investigate what it is and consider blocklisting?
6 3RD PARTY BLOCKLIST ntdll.dll@0x38c39 bug 527540 damon
7 3RD PARTY Flash Player-10.6+@0x481904 bug 532085 ss
8 nsXULTreeAccessible::GetTreeItemAccessible(int, nsIAccessible**) bug 528311 surkov thought it was fixed for beta4, but it's not
9 3RD PARTY Flash Player-10.6+@0x4818fb bug 532085 ss
10 3RD PARTY NPSWF32.dll@0xca950 bug 532011 sicking crash stopping a flash instance
11 RtlpWaitForCriticalSection | RtlEnterCriticalSection bug 511757, bug 520639 Majority (?) of these are flash crashes, but there are other causes as well.
12 FIXED nsCycleCollector::MarkRoots(GCGraphBuilder&) bug 500105 peterv, dbaron peterv landed a fix for a major cause of this for final
13 3RD PARTY RtlDeleteCriticalSection bug 521558 jst Crashes while unloading NPSWF32.DLL (in TryUnloadPlugin)
14 FIXED nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | nsScriptSecurityManager::doGetObjectPrincipal(JSObject*) bug 530567, bug 519719 jorendorff The JS patch that I'd thought would fix this (bug 519719) is a blocker, but somehow didn't get merged in the tracemonkey merge before b4, so we don't know that for sure.
15 js_Interpret dmandelin, lars (for splitting signatures) see 3.5.5 table (but does that cover everything?)
16 3RD PARTY BLOCKLIST KERNELBASE.dll@0xb727 bug 530518 chofmann Some sort of third-party app, perhaps malware. Could somebody take an action to figure out more, and whether we should blocklist?
17 FIXED nsScriptSecurityManager::doGetObjectPrincipal(JSObject*) bug 519719 jorendorff This actually didn't get fixed for b4 and hasn't yet been merged from tracemonkey into either mozilla-central or mozilla-1.9.2
18 @0x0 | @0x10b42bbd | BaseThreadStart sicking
19 3RD PARTY NPSWF32.dll@0x139215
20 3RD PARTY NPSWF32.dll@0x17ba9f
21 RtlpWaitOnCriticalSection | RtlEqualString
22 npwinext.dll@0x5d8c4
23 3RD PARTY Flash Player@0x92160
24 3RD PARTY nsDocShell::SetupNewViewer(nsIContentViewer*) bug 434403 Can somebody take an action to figure out the top causes and investigate blocklisting?
25 3RD PARTY strchr bug 530968 Internet Download Manager
26 BLOCKLIST _PR_MD_SEND bug 467167 sicking, jimm blocklist bugs: bug 527125 bug 530898 bug 530914
38 (was higher earlier) nsFrame::BoxReflow(nsBoxLayoutState&, nsPresContext*, nsHTMLReflowMetrics&, nsIRenderingContext*, int, int, int, int, int) This is historically correlated with various types of botched installs. Why is it still happening?

3.5.5 Bugs (last week's list)

Nothing new in the top 25 in the last week. (List below is from last week, probably not worth updating.)

Rank Stacks Bug Owner Status
1 (signature unavailable) crash-stats report changed to include empty sigs with 1.1; possibly Zone Alarm causes a bunch of these: need to get in contact with someone there
2 UserCallWinProcCheckWow bug 501429 jst possibly fixed by never unloading plug-ins (bug 500925), fix landed for 1.9.1.6; almost might need to be on the skip list
3 3RD PARTY _woutput_l bug 511756 dolske likely TrendMicro toolbar, need to blocklist?
4 3RD PARTY nsStyleSet::FileRules(int (*)(nsIStyleRuleProcessor*, void*), RuleProcessorData*) bug 492675 dbaron possible fix landed for 1.9.1.6 but didn't work; looked at WOT code, not their fault, need to investigate more
5 3RD PARTY nsGlobalWindow::cycleCollection::UnmarkPurple(nsISupports*) bug 527339 dbaron correlated highly with bit defender; needs a new owner; will determine which version of bit defender
6 BLOCKLIST _PR_MD_SEND bug 467167 sicking, jimm spin off: malware module detection, bug 523350
7 3RD PARTY Flash Player@0x92160 bug 520058 josh Flash; latest version too
8 DEBUG GraphWalker::DoWalk(nsDeque&)
nsCycleCollector::MarkRoots(GCGraphBuilder&)
bug 500105 dbaron, peterv landed debugging code for b2; investigated, but back to the drawing board
9 3RD PARTY RtlpWaitForCriticalSection bug 511757 jst Flash-related
10 3RD PARTY NPSWF32.dll@0xca950 Flash!
11 3RD PARTY NPSWF32.dll@0x17ba9f Flash!
12 nsScriptLoader::StartLoad(nsScriptLoadRequest*, nsAString_internal const&) bug 519886 jst, mrbkap unable to reproduce, but likely wallpaper fix in the bug, landed for 1.9.1.6. Correlated with Skype toolbar and hotmail? We'll see in 1.9.1.6.
13 3RD PARTY BLOCKLIST RtlpCoalesceFreeBlocks bug 519340 dolske AVG released an updated version; will plan to blocklist old versions (with their approval) on Friday
14 js_Interpret bug 519363 dmandelin most popular subcrash fixed on trunk and 1.9.2; jorendorff is backporting a stack of 5 patches to 1.9.1.
15 FIXED nsWindow::GetParentWindow(int) bug 470487 jst, jimm fix landed for 1.9.1.6
16 RtlpWaitOnCriticalSection bug 511759, bug 527540 jst probably multiple bugs; bug 514505 to split signatures should be fixed by Nov 24; possible DLL blocklist nominee!
16 DEBUG nsCycleCollector::MarkRoots(GCGraphBuilder&) bug 437449 dbaron, peterv same as GraphWalker::DoWalk(nsDeque&)
17 objc_msgSend | IdleTimerVector bug 509130 smichaud caused by webkit (bug filed with Webkit and Radar issue on file); workaround landed for 1.9.2b3
18 arena_dalloc_small | arena_dalloc | free | XPT_DestroyArena bug 519356 ctalbert seems related to compatibility mode; need to grab a minidump to investigate
19 nsXPConnect::Traverse(void*, nsCycleCollectionTraversalCallback&) bug 500103 Tomcat
20 arena_chunk_init bug 515211 dmandelin fixed on trunk and 1.9.2; waiting for approval for landing to 1.9.1.
21 BLOCKLIST NPFFAddOn.dll@0x11867 bug 519343 tomcat was able to find this malware and with the help from marcia to extract this dll. AV Vendors are informed and a first one has found a new virus in this :) - Tomcat
22 3RD PARTY GoogleDesktopMozilla.dll@0x5512 bug 401513
23 js_TraceObject bug 503772 Tomcat taking and investigating
24 PL_DHashTableOperate | free | nsEventListenerManager::AddEventListenerByType(nsIDOMEventListener*, nsAString_internal const&, int, nsIDOMEventGroup*) bug 516113 ?
25 RtlpWaitForCriticalSection | RtlEnterCriticalSection
32 HostentBlob_WriteNameOrAlias bug 508292 dolske Windows DNS resolver library crash on Turkish domains. In contact with Microsoft.
44 FIXED nsXULDocument::ResumeWalk() bug 519767 tomcat fixed in 3.5.6
47 objc_msgSend | CanonIJPDE@0x1531e bug 519451 tomcat printer driver issue; seems fixed by new driver; need to test if new cocoa printing dialogs help this -> Josh think this will fix it, if not there is probably nothing we can do (Tomcat)
51 RaiseException | _CxxThrowException bug 511758 (was #24)
57 nsPluginHostImpl::TrySetUpPluginInstance(char const*, nsIURI*, nsIPluginInstanceOwner*) bug 519752 tomcat not reproducible so far
58 3RD PARTY DTToolbarFF.dll@0x4bc19 bug 512040 tomcat trying to repro, but still not crashing
63 nsBaseWidget::Destroy() bug 507928 jst, jimm Mac-version fixed in 1.9.1.4; now Windows-only
71 GoogleDesktopNetwork3.dll@0x3dfb bug 519344 tomcat Google has pushed a update - need to check the crash stats next week if the crashnumber has dropped
74 RtlAllocateHeap bug 519340 was in top 25; moved down
77 BLOCKLIST radhslib.dll@0x3b6f bug 519348 tomcat need to blocklist
121 FIXED nsHttpsHandler::GetProtocolFlags(unsigned int*) bug 519729 dolske correlated with ComputerBild magazine; johnath contacted; out of top 100 now; crashes in the last week
xx NPSWF32.dll@0x77bd0 bug 516780 jst Farmtown flash; need to know when Adobe will ship a fix; no longer in top 100 (crashes in the last week)
xx std::basic_string<unsigned short, std::char_traits<unsigned short>, std::allocator<unsigned short> >::assign(unsigned short const*) bug 514592 dolske Divx associated crash, in contact with DivX folks