Closed
Bug 849501
Opened 11 years ago
Closed 8 years ago
crash in mozilla::safebrowsing::KnockoutSubs with AMD Athlon XP processors
Categories
(Toolkit :: Safe Browsing, defect, P5)
Tracking
()
People
(Reporter: scoobidiver, Unassigned)
Details
(Keywords: crash, regression)
Crash Data
It's currently #41 browser crasher in the first day of 19.0.2 and first showed up in 19.0.2. It's likely a regression from bug 848644 although 20.0b4, 21.0a2 and 22.0a1 are so far unaffected. It seems related to viewing videos according to comments. Signature mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubComplete, mozilla::safebrowsing::AddComplete> More Reports Search UUID b569eded-5e1e-4d76-8c8e-dbe092130309 Date Processed 2013-03-09 06:25:37 Uptime 285 Last Crash 4.8 minutes before submission Install Age 3.6 hours since version was first installed. Install Time 2013-03-09 02:49:59 Product Firefox Version 19.0.2 Build ID 20130307023931 Release Channel release OS Windows NT OS Version 5.1.2600 Service Pack 3 Build Architecture x86 Build Architecture Info AuthenticAMD family 6 model 10 stepping 0 Crash Reason EXCEPTION_ACCESS_VIOLATION_READ Crash Address 0x7900000 User Comments あくしろよ App Notes AdapterVendorID: 0x1039, AdapterDeviceID: 0x6330, AdapterSubsysID: 125810cf, AdapterDriverVersion: 6.14.10.3570 D3D10 Layers? D3D10 Layers- D3D9 Layers? D3D9 Layers- Processor Notes sp-processor01.phx1.mozilla.com_6524:2008 EMCheckCompatibility True Adapter Vendor ID 0x1039 Adapter Device ID 0x6330 Total Virtual Memory 2147352576 Available Virtual Memory 1842114560 System Memory Use Percentage 66 Available Page File 1942925312 Available Physical Memory 346341376 Frame Module Signature Source 0 xul.dll mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubComplete,mozilla:: toolkit/components/url-classifier/HashStore.cpp:881 1 xul.dll mozilla::safebrowsing::HashStore::ProcessSubs toolkit/components/url-classifier/HashStore.cpp:999 2 xul.dll mozilla::safebrowsing::HashStore::Rebuild toolkit/components/url-classifier/HashStore.cpp:507 3 xul.dll mozilla::safebrowsing::Classifier::ApplyTableUpdates toolkit/components/url-classifier/Classifier.cpp:713 4 xul.dll mozilla::safebrowsing::Classifier::ApplyUpdates toolkit/components/url-classifier/Classifier.cpp:384 5 xul.dll nsUrlClassifierDBServiceWorker::ApplyUpdate toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:638 6 xul.dll nsUrlClassifierDBServiceWorker::FinishUpdate toolkit/components/url-classifier/nsUrlClassifierDBService.cpp:612 7 xul.dll nsRunnableMethodImpl<tag_nsresult obj-firefox/dist/include/nsThreadUtils.h:367 8 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:627 9 xul.dll nsThread::ThreadFunc xpcom/threads/nsThread.cpp:265 10 nspr4.dll _PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:395 11 nspr4.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:90 12 msvcr100.dll _callthreadstartex f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:314 13 msvcr100.dll _threadstartex f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c:292 14 kernel32.dll BaseThreadStart More reports at: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Asafebrowsing%3A%3AKnockoutSubs%3Cmozilla%3A%3Asafebrowsing%3A%3ASubComplete%2C+mozilla%3A%3Asafebrowsing%3A%3AAddComplete%3E
Reporter | ||
Comment 1•11 years ago
|
||
It seems there are a few crashes in 19.0 and below with a related signature: https://crash-stats.mozilla.com/report/list?signature=mozilla%3A%3Asafebrowsing%3A%3AKnockoutSubs%3Cmozilla%3A%3Asafebrowsing%3A%3ASubPrefix%2C+mozilla%3A%3Asafebrowsing%3A%3AAddPrefix%3E
Crash Signature: [@ mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubComplete, mozilla::safebrowsing::AddComplete>] → [@ mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubComplete, mozilla::safebrowsing::AddComplete>]
[@ mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubPrefix, mozilla::safebrowsing::AddPrefix> ]
Comment 2•11 years ago
|
||
The stacks aren't making any sense. Nor does this suddenly appearing in 19.0.2. Is some plugin pissing on our stack? (Would correlate with showing video...)
Reporter | ||
Comment 3•11 years ago
|
||
Comments about videos are from the same user. Other comments mention Facebook, restoring tabs or nothing specifically. Correlations are broken but a manual check of a few crash reports shows no correlation to some extensions or DLLs.
Reporter | ||
Comment 4•11 years ago
|
||
It's now #34 top browser crasher in 19.0.2. Correlations are now available and it's not correlated to something.
Comment 5•11 years ago
|
||
The stacks are completely bogus. We're supposed to be crashing here: http://hg.mozilla.org/releases/mozilla-release/annotate/6ffe3e9da8a8/toolkit/components/url-classifier/HashStore.cpp#l887 ++addIter; this is defined as: TAdd* addIter = aAdds->Elements(); So, it's crashing when incrementing a pointer on the stack. I don't think that's possible. 89% of the crashes are on Windows XP. 96% even for the other signature.
Reporter | ||
Updated•11 years ago
|
OS: Windows 7 → Windows XP
Comment 6•11 years ago
|
||
A few URLs: 10 http://www.facebook.com/ 10 about:blank 8 https://www.facebook.com/ 6 about:sessionrestore 6 http://www.globalresearch.ca/the-legacy-of-hugo-chavez-the-revolution-within-the-revolution-will-continue/5325652 6 http://play.cultures-online.de/co/bin/index.php 5 http://www.youtube.com/watch?v=7FGWyyQoG38 4 http://apps.facebook.com/farmville-two//index.php 4 https://www.facebook.com/home.php 6 http://espn.go.com/espnradio/ 3 http://www.gewinnspiele-info.de/ Scoobidiver, please don't randomly request URLs, this should only be done when QA or devs are actively working on reproducing and think they need it. It takes already-busy people multiple minutes to gather URLs because we need to look through them and sanitize them, and a bugs that cuts off longs URLs makes things even harder.
Comment 7•11 years ago
|
||
I also did a random sample on the reports and *all* of them were old AMD machines running Windows XP. Seriously, I think this signature are people with broken hardware.
Reporter | ||
Comment 8•11 years ago
|
||
Not all have an AMD GPU, some have a VIA, S3 Graphics, SIS, NVIDIA or an unknown GPU, but all have Direct3D10 disabled via the graphics blocklist feature
Summary: crash in mozilla::safebrowsing::KnockoutSubs → crash in mozilla::safebrowsing::KnockoutSubs with Direct3D 10 disabled by gfx blocklist
Comment 9•11 years ago
|
||
I doubt this has anything to do with graphics. As I said, they're all old machines (which is likely why D10 is disabled) with old AMD *CPUs*. Not that I think the CPUs itself are broken, but my best guess is that these are all so-so quality mainboards with so-so quality chipsets and so-so quality RAM :P I don't know why they would bomb out in this piece of code specifically, but one aspect of SafeBrowsing is that it regularly runs in the background even if the machine is idle otherwise.
Reporter | ||
Comment 10•11 years ago
|
||
It happens only on two kinds of processor: * AuthenticAMD family 6 model 8 stepping 1: AMD Athlon XP * AuthenticAMD family 6 model 10 stepping 0: AMD Athlon XP
Summary: crash in mozilla::safebrowsing::KnockoutSubs with Direct3D 10 disabled by gfx blocklist → crash in mozilla::safebrowsing::KnockoutSubs with AMD Athlon XP processors
Comment 11•11 years ago
|
||
+bsmedberg since this may point to another hardware/build-specific crash +ehsan in case he can imagine any correlation between bug 848644 and this crash (I sincerely doubt it) Since this isn't a top crash, I'm not even sure we'll have the time to get our hands on the devices in comment 10. No current plans to track for upcoming releases.
Comment 12•11 years ago
|
||
This bug appears to occur also only on graphics adapter vendor 0x1106 (VIA) and 0x1039 (SIS). It's interesting because it has the some of the characteristics of "the AMD crasher" but doesn't occur with the AMD graphics cards, but does occur with the AMD processors. It's really hard to correlate against CPUs because of the populations sizes and variability, but I can try to run a report to see whether there are clear non-independence markers. I'll pull a minidump tomorrow to look for the markers of 2-byte memory corruption we've seen in the past.
Comment 13•11 years ago
|
||
I own private browsing, not safebrowsing, so I'm not sure if I can help a lot here.
Reporter | ||
Updated•11 years ago
|
status-firefox20:
--- → affected
Assignee | ||
Updated•10 years ago
|
Product: Firefox → Toolkit
Updated•9 years ago
|
Crash Signature: [@ mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubComplete, mozilla::safebrowsing::AddComplete>]
[@ mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubPrefix, mozilla::safebrowsing::AddPrefix> ] → [@ mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubComplete, mozilla::safebrowsing::AddComplete>]
[@ mozilla::safebrowsing::KnockoutSubs<mozilla::safebrowsing::SubPrefix, mozilla::safebrowsing::AddPrefix> ]
[@ mozilla::safebrowsing::Knocko…
Updated•8 years ago
|
Priority: -- → P5
Comment 15•8 years ago
|
||
Marking as WONTFIX since it's an old crash and appears to be specific to some old hardware we don't have.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•