CrashKill/2009-09-28

< CrashKill

Firefox 3.5.3 top crashes

  • dbaron noted that a small set of binaries may be the cause of many of our crashes, see his blog post on that topic
  • shaver posited that the majority of our crashes are coming from:
    • properly installed software which have incompatible DLLs or other libraries
    • malware or other software causing crashes
    • improperly installed software putting DLLs in our appdir
    • bugs in our code (Cairo, other areas; using valgrind and Purify to find these)
  • need to make sure that when we file a bug, it's got an owner who will drive towards a solution (gather data, find someone to help with analysis, figure out where the problem is, shepherd in a fix, see the bug closed)
  • most crashes are in Windows, so if you need help in figuring out what's the best way to set up a Windows VM, ask
    • action: anyone want to document that on CrashKill? -- will do - Tomcat
  • currently reports are throttled to 20% of what's submitted
    • might be able to get more capacity to see more of the actual submissions
    • action: shaver to talk to morgamic about pulling attributes like URLs out for all submissions
  • would be good to have processing categorize crash signatures along the lines shaver posited above
    • somehow mark signatures as "malware" or "external software" or more importantly "totally our code, nothing else loaded"
  • jonas was concerned that we were assuming too much about the cause of crashes, but was convinced that there's no harm to it as long as we continue the Purify and Valgrind investigations
  • dolske wondered if we should be broadcasting the "what caused the crash" piece to users
  • should we spend time telling users that Safe Mode might fix their problem?
    • beltzner felt that we could, but ultimately it's not as satisfying as either the Chrome solution (a crash doesn't take down the entire browser) or having the problem fixed on our side


Bugs

  • cooliris19.dll@0x351f2 - jst bug 519039
  • nsCycleCollectingAutoRefCnt::decr(nsISupports*) - dbaron bug 500879
  • nsGlobalWindow::cycleCollection::UnmarkPurple(nsISupports*) - dbaron bug 504392
  • nsEventListenerManager::Release() - jst bug 513334
  • UserCallWinProcCheckWow - bug 501429, - jst
  • _PR_MD_SEND - bug 489533 - Jonas
  • RtlpWaitForCriticalSection - Flash - JST bug 511757
  • RtlpWaitOnCriticalSection - JST - Not Flash, something else. bug 511759
  • @0x0 - bug 519616 - jrmuizel
  • nsStyleSet::FileRules(int (*)(nsIStyleRuleProcessor*, void*), RuleProcessorData*) - bug 492675 - Bug is real, dbaron owns.
  • _woutput_l - bug 511756 - dolske
  • KiFastSystemCallRet bug 514589 - Jonas
  • NPSWF32.dll@0x77bd0 - Farmtown flash - JST
  • GraphWalker::DoWalk(nsDeque&) bug 500105 - peterv
  • nsWindow::GetParentWindow(int) - bug 470487 - jst
  • NPFFAddOn.dll@0x11867 bug 519343 tomcat will file a bug and update this page.
  • RtlpCoalesceFreeBlocks bug 519340 - dolske will file a new bug.
  • memcpy | fillInCell bug 503770
  • nsBaseWidget::Destroy() bug 470487, bug 507928, bug 503196
  • GoogleDesktopNetwork3.dll@0x3dfb bug 519344 - Tomcat
  • @radhslib.dll@0x3b6f bug 519348 - Tomcat
  • js_Interpret - bug 519363 - dmandelin, see also 517077, 514593, 519129
  • PL_DHashTableOperate - 516113, 503638, 303511 - Need to get this added to the filter list as this is rarely the source. - This is likely not a top crash but a lot of smaller crashes. - Ted needs to add skiplist items.
  • Flash Player@0x92160 - bug 520058 Module data would be useful here (i.e., this is flash version X). - Josh
  • nsPresContext::Release() - bug 519878
  • arena_dalloc_small | arena_dalloc | free | XPT_DestroyArena - bug 519356 - Clint
  • arena_chunk_init - bug 515211 - dmandelin
  • wcslen bug 519355 and bug 519353 - dolske
  • objc_msgSend | CanonIJPDE@0x1531e bug 519451 - Tomcat
  • libobjc.A.dylib@0x15688 | IdleTimerVector] bug 519718 - Tomcat
  • nsHttpsHandler::GetProtocolFlags(unsigned int*) bug 519729 - Tomcat
  • DTToolbarFF.dll@0x4bc19 and related crashes on version 1.0.8.552 bug 512040 - Tomcat
  • nsPluginHostImpl::TrySetUpPluginInstance(char const*, nsIURI*, nsIPluginInstanceOwner*) bug 519752 - Tomcat
  • nsGlobalChromeWindow::Release() bug 519755 - Tomcat
  • nsXULDocument::ResumeWalk() bug 519767 - Tomcat
  • memmove | nsTArray_base::ShiftData(unsigned int, unsigned int, unsigned int, unsigned int) bug 519771 - Tomcat