CrashKill/QA
From MozillaWiki
Home and Overview over the QA Work for Crashkill
We will focus on Bugs that need to Steps to Reproduce and Testcases !
QA Crashkill Coordination:
Contents
Top CrashKill bugs
Some items for the table
- timr working on #3 - UserCallWinProcCheckWow seeing if we can get a test build to three people with reproducible test cases.
- tomcat working with AV venders on #10 NPFFAddOn.dll@0x11867
- timr, dolse, pike posted request to turkish locale team members for #22 HostentBlob_WriteNameOrAlias or bug 508292
Bug lists
- The CrashKill Bugs (Status Whiteboard: [crashkill])
- 3RD PARTY CrashKill Bugs caused by third parties (Status Whiteboard: [crashkill-thirdparty])
- BLOCKLIST Crashkill Bugs where we're considering blocking the addon/dll (Status Whiteboard: [crashkill-block])
- FIXED CrashKill Bugs where we've provided a fix of some kind, even if just a wallpaper or skidmark (Status Whiteboard: [crashkill-fix])
- DEBUG CrashKill Bugs where we've provide a patch only to help debug the problem (Status Whiteboard: [crashkill-debug])
3.6b4 Top Crash Bugs
Rank | Stacks | Bug | Owner / Dev | Owner / QA | QA Activity example: working on regression range" | QA Status Date | General Status |
1 | 3RD PARTY NPSWF32.dll@0x136a29 | bug 530989 | Tomcat | working on Automated Runs - if this does not help i will play the app | December 1st 2009 | Crashes at this signature, and crashes on yoville, are much worse in 3.6 betas than in 3.5. Can we figure out why, and what changed? | |
2 | 3RD PARTY FIXED PL_strlen | nsNPAPIPluginInstance::Initialize(nsIPluginInstanceOwner*, char const*) | bug 531290 | jst | Caused by IE Tab extension's plugin. jst has patch to fill in pointer with null so plugins that do null-check don't have uninitialized data | |||
3 | 3RD PARTY UserCallWinProcCheckWow | bug 501429, bug 531551 | jst,damon | hskupin | Currently about 50% of the UserCallWinProcCheckWow crashes (this 50% is bug 531551 are correlated with old versions of Adobe Acrobat (but not the current version). These crashes were not present in 3.5. Do we know what changed? | ||
4 | (signature unavailable) | bug 528798 | external devs | Tomcat /Tchung | Fixed on Zonealarm Exterm - Open on the Standalone Force field version | 1st December 2009 | crash-stats report changed to include empty sigs with 1.1; possibly Zone Alarm causes a bunch of these: need to get in contact with someone there |
5 | 3RD PARTY BLOCKLIST RtlpCoalesceFreeBlocks | bug 514612, etc. | damon | Now that the AVG issues are gone (bug 519340), 75% of the RtlpCoalesceFreeBlocks crashes on 3.5 and 90% of them on 3.6 are due to one LSP described in bug 514612. Should we investigate what it is and consider blocklisting? | |||
6 | 3RD PARTY BLOCKLIST ntdll.dll@0x38c39 | bug 527540 | damon | ||||
7 | 3RD PARTY Flash Player-10.6+@0x481904 | bug 532085 | ss | marcia | |||
8 | nsXULTreeAccessible::GetTreeItemAccessible(int, nsIAccessible**) | bug 528311 | surkov | thought it was fixed for beta4, but it's not | |||
9 | 3RD PARTY Flash Player-10.6+@0x4818fb | bug 532085 | ss | ||||
10 | 3RD PARTY NPSWF32.dll@0xca950 | bug 532011 | sicking | crash stopping a flash instance | |||
11 | RtlpWaitForCriticalSection | RtlEnterCriticalSection | bug 511757, bug 520639 | Majority (?) of these are flash crashes, but there are other causes as well. | ||||
12 | FIXED nsCycleCollector::MarkRoots(GCGraphBuilder&) | bug 500105 | peterv, dbaron | peterv landed a fix for a major cause of this for final | |||
13 | 3RD PARTY RtlDeleteCriticalSection | bug 521558 | jst | marcia | Crashes while unloading NPSWF32.DLL (in TryUnloadPlugin) | ||
14 | FIXED nsCOMPtr_base::assign_from_qi(nsQueryInterface, nsID const&) | nsScriptSecurityManager::doGetObjectPrincipal(JSObject*) | bug 530567, bug 519719 | jorendorff | The JS patch that I'd thought would fix this (bug 519719) is a blocker, but somehow didn't get merged in the tracemonkey merge before b4, so we don't know that for sure. | |||
15 | js_Interpret | dmandelin, lars (for splitting signatures) | see 3.5.5 table (but does that cover everything?) | ||||
16 | 3RD PARTY BLOCKLIST KERNELBASE.dll@0xb727 | bug 530518 | chofmann | Some sort of third-party app, perhaps malware. Could somebody take an action to figure out more, and whether we should blocklist? | |||
17 | FIXED nsScriptSecurityManager::doGetObjectPrincipal(JSObject*) | bug 519719 | jorendorff | This actually didn't get fixed for b4 and hasn't yet been merged from tracemonkey into either mozilla-central or mozilla-1.9.2 | |||
18 | @0x0 | @0x10b42bbd | BaseThreadStart | sicking | |||||
19 | 3RD PARTY NPSWF32.dll@0x139215 | ||||||
20 | 3RD PARTY NPSWF32.dll@0x17ba9f | ||||||
21 | RtlpWaitOnCriticalSection | RtlEqualString | ||||||
22 | npwinext.dll@0x5d8c4 | ||||||
23 | 3RD PARTY Flash Player@0x92160 | ||||||
24 | 3RD PARTY nsDocShell::SetupNewViewer(nsIContentViewer*) | bug 434403 | Can somebody take an action to figure out the top causes and investigate blocklisting? | ||||
25 | 3RD PARTY strchr | bug 530968 | Internet Download Manager | ||||
38 (was higher earlier) | nsFrame::BoxReflow(nsBoxLayoutState&, nsPresContext*, nsHTMLReflowMetrics&, nsIRenderingContext*, int, int, int, int, int) | This is historically correlated with various types of botched installs. Why is it still happening? |
3.5.5 Bugs (last week's list)
Nothing new in the top 25 in the last week.
Rank | Stacks | Bug | Owner / Development | Owner / QA | QA Activity example: working on regression range" | QA Status Date | Status |
1 | (signature unavailable) | bug 528798 | Tchung/Tomcat | Caused by Zonealarm Forcefield - now fixed in Zonealarm Extrem Security - need to be fixed on Forcefield standalone | 1st December 2009 | crash-stats report changed to include empty sigs with 1.1; possibly Zone Alarm causes a bunch of these: need to get in contact with someone there | |
2 | UserCallWinProcCheckWow | bug 501429 | rstrong | whimboo | Not fixed by never unloading plug-ins (bug 500925), rstrong will work on this 12/14-12/20 | ||
3 | 3RD PARTY _woutput_l | bug 511756 | dolske | likely TrendMicro toolbar, need to blocklist? | |||
4 | 3RD PARTY nsStyleSet::FileRules(int (*)(nsIStyleRuleProcessor*, void*), RuleProcessorData*) | bug 492675 | dbaron | possible fix landed for 1.9.1.6 but didn't work; looked at WOT code, not their fault, need to investigate more | |||
5 | 3RD PARTY nsGlobalWindow::cycleCollection::UnmarkPurple(nsISupports*) | bug 527339 | dbaron | correlated highly with bit defender; needs a new owner; will determine which version of bit defender | |||
7 | 3RD PARTY Flash Player@0x92160 | bug 520058 | josh | Flash; latest version too | |||
8 | DEBUG GraphWalker::DoWalk(nsDeque&) nsCycleCollector::MarkRoots(GCGraphBuilder&) |
bug 500105 | dbaron, peterv | landed debugging code for b2; investigated, but back to the drawing board | |||
9 | 3RD PARTY RtlpWaitForCriticalSection | bug 511757 | jst | Flash-related | |||
10 | 3RD PARTY NPSWF32.dll@0xca950 | Flash! | |||||
11 | 3RD PARTY NPSWF32.dll@0x17ba9f | Flash! | |||||
12 | nsScriptLoader::StartLoad(nsScriptLoadRequest*, nsAString_internal const&) | bug 519886 | jst, mrbkap | unable to reproduce, but likely wallpaper fix in the bug, landed for 1.9.1.6. Correlated with Skype toolbar and hotmail? We'll see in 1.9.1.6. | |||
13 | 3RD PARTY BLOCKLIST RtlpCoalesceFreeBlocks | bug 519340 | dolske | AVG released an updated version; will plan to blocklist old versions (with their approval) on Friday | |||
14 | js_Interpret | bug 519363 | dmandelin | most popular subcrash fixed on trunk and 1.9.2; jorendorff is backporting a stack of 5 patches to 1.9.1. | |||
15 | FIXED nsWindow::GetParentWindow(int) | bug 470487 | jst, jimm | fix landed for 1.9.1.6 | |||
16 | RtlpWaitOnCriticalSection | bug 511759, bug 527540 | jst | probably multiple bugs; bug 514505 to split signatures should be fixed by Nov 24; possible DLL blocklist nominee! | |||
16 | DEBUG nsCycleCollector::MarkRoots(GCGraphBuilder&) | bug 437449 | dbaron, peterv | same as GraphWalker::DoWalk(nsDeque&) | |||
17 | objc_msgSend | IdleTimerVector | bug 509130 | smichaud | caused by webkit (bug filed with Webkit and Radar issue on file); workaround landed for 1.9.2b3 | |||
18 | arena_dalloc_small | arena_dalloc | free | XPT_DestroyArena | bug 519356 | ctalbert | seems related to compatibility mode; need to grab a minidump to investigate | |||
19 | nsXPConnect::Traverse(void*, nsCycleCollectionTraversalCallback&) | bug 500103 | Tomcat | Tomcat | |||
20 | arena_chunk_init | bug 515211 | dmandelin | fixed on trunk and 1.9.2; waiting for approval for landing to 1.9.1. | |||
21 | BLOCKLIST NPFFAddOn.dll@0x11867 | bug 519343 | tomcat | Tomcat | was able to find this malware and with the help from marcia to extract this dll. AV Vendors are informed and a first one has found a new virus in this :) - Tomcat | ||
22 | 3RD PARTY GoogleDesktopMozilla.dll@0x5512 | bug 401513 | |||||
23 | js_TraceObject | bug 503772 | Tomcat | Tomcat | taking and investigating | ||
24 | PL_DHashTableOperate | free | nsEventListenerManager::AddEventListenerByType(nsIDOMEventListener*, nsAString_internal const&, int, nsIDOMEventGroup*) | bug 516113 | ? | ||||
25 | RtlpWaitForCriticalSection | RtlEnterCriticalSection | ||||||
32 | HostentBlob_WriteNameOrAlias | bug 508292 | dolske | Windows DNS resolver library crash on Turkish domains. In contact with Microsoft. | |||
47 | objc_msgSend | CanonIJPDE@0x1531e | bug 519451 | tomcat / josh | Tomcat | printer driver issue; seems fixed by new driver; need to test if new cocoa printing dialogs help this -> Josh think this will fix it, if not there is probably nothing we can do (Tomcat) | ||
51 | RaiseException | _CxxThrowException | bug 511758 | (was #24) | ||||
57 | nsPluginHostImpl::TrySetUpPluginInstance(char const*, nsIURI*, nsIPluginInstanceOwner*) | bug 519752 | tomcat | not reproducible so far | |||
58 | 3RD PARTY {{{1}}}DTToolbarFF.dll@0x4bc19 | bug 512040 | tomcat | trying to repro, but still not crashing | |||
63 | nsBaseWidget::Destroy() | bug 507928 | jst, jimm | Mac-version fixed in 1.9.1.4; now Windows-only | |||
71 | GoogleDesktopNetwork3.dll@0x3dfb | bug 519344 | tomcat | Google has pushed a update - need to check the crash stats next week if the crashnumber has dropped | |||
74 | RtlAllocateHeap | bug 519340 | was in top 25; moved down | ||||
77 | BLOCKLIST {{{1}}} radhslib.dll@0x3b6f | bug 519348 | tomcat | need to blocklist | |||
121 | FIXED nsHttpsHandler::GetProtocolFlags(unsigned int*) | bug 519729 | dolske | correlated with ComputerBild magazine; johnath contacted; out of top 100 now; crashes in the last week | |||
xx | NPSWF32.dll@0x77bd0 | bug 516780 | jst | Farmtown flash; need to know when Adobe will ship a fix; no longer in top 100 (crashes in the last week) | |||
xx | std::basic_string<unsigned short, std::char_traits<unsigned short>, std::allocator<unsigned short> >::assign(unsigned short const*) | bug 514592 | dolske | Divx associated crash, in contact with DivX folks |