Closed Bug 1309355 Opened 9 years ago Closed 9 years ago

Crash in NotifyInitializeSpies

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
51 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1294903
Tracking Flags:
Tracking Status
firefox49 --- affected
firefox-esr45 --- affected
firefox50 --- affected
firefox51 --- affected
firefox52 --- affected

People

(Reporter: marcia, Unassigned)

Details

(Keywords: crash, sec-high, testcase-wanted)

Crash Data

This bug was filed from the Socorro interface and is report bp-a82be0a1-dcda-4791-9bf0-c83972161011. ============================================================= Seen while looking at Aurora crash stats: http://bit.ly/2e3J9wZ, Crashes on 51 seen to have started increasing using 20160930004005. This crash is also present on the 50 branch but in much smaller numbers. Currently #17 top crash in Aurora in the last 7 days. Here is the correlation data from Marco's tool: https://mozilla.github.io/stab-crashes/correlations.html?product=Firefox&channel=aurora&signature=NotifyInitializeSpies Because Socorro is calling out the exploitability to be high, I am marking this security sensitive.
Component: General → Untriaged
"EXCEPTION_ACCESS_VIOLATION_EXEC" is generally a sign of a sec-critical, although in this case it appears to be during COM shutdown so it might not be quite as critical. Folks on StackOverflow suggest one reason for crashing here can be uninitializing OLE twice. If you look at the build IDs that spike it hits different channels around the same time so it might be external software. Module correlations hint at that, too, although the number of crashes is small enough that could be misleading. Data from a single day's report, to be thorough we should look at a few others. Couldn't find this crash in the 9/26 report so I guess it fluctuates on different days From https://crash-analysis.mozilla.com/crash_analysis/20160925/20160925_Firefox_50.0b1-interesting-modules.txt.gz NotifyInitializeSpies|EXCEPTION_ACCESS_VIOLATION_EXEC (16 crashes) 100% (16/16) vs. 3% (375/12663) fdWCN.dll 100% (16/16) vs. 3% (376/12663) WcnApi.dll 100% (16/16) vs. 3% (377/12663) fdWNet.dll 100% (16/16) vs. 3% (387/12663) dtsh.dll 100% (16/16) vs. 3% (389/12663) fdProxy.dll 100% (16/16) vs. 3% (390/12663) fundisc.dll 100% (16/16) vs. 3% (393/12663) NetworkItemFactory.dll 100% (16/16) vs. 3% (428/12663) dfscli.dll 100% (16/16) vs. 3% (436/12663) browcli.dll 100% (16/16) vs. 5% (617/12663) FirewallAPI.dll 100% (16/16) vs. 5% (677/12663) msxml6.dll 100% (16/16) vs. 6% (780/12663) npmproxy.dll 100% (16/16) vs. 8% (1011/12663) EhStorAPI.dll 100% (16/16) vs. 9% (1107/12663) SearchFolder.dll 100% (16/16) vs. 9% (1110/12663) PortableDeviceApi.dll 100% (16/16) vs. 9% (1119/12663) msls31.dll 100% (16/16) vs. 10% (1298/12663) ieframe.dll 100% (16/16) vs. 11% (1430/12663) davclnt.dll 100% (16/16) vs. 11% (1430/12663) drprov.dll 100% (16/16) vs. 11% (1431/12663) ntlanman.dll 100% (16/16) vs. 12% (1466/12663) davhlpr.dll 100% (16/16) vs. 12% (1506/12663) StructuredQuery.dll 100% (16/16) vs. 12% (1518/12663) NetworkExplorer.dll 100% (16/16) vs. 13% (1688/12663) tiptsf.dll 100% (16/16) vs. 14% (1735/12663) ieproxy.dll 100% (16/16) vs. 14% (1757/12663) shdocvw.dll 100% (16/16) vs. 14% (1783/12663) thumbcache.dll 100% (16/16) vs. 15% (1867/12663) actxprxy.dll 100% (16/16) vs. 19% (2380/12663) EhStorShell.dll 100% (16/16) vs. 19% (2432/12663) mpr.dll 100% (16/16) vs. 22% (2831/12663) wkscli.dll 88% (14/16) vs. 13% (1680/12663) cscdll.dll 88% (14/16) vs. 14% (1728/12663) cscui.dll 100% (16/16) vs. 27% (3356/12663) WindowsCodecs.dll 94% (15/16) vs. 22% (2834/12663) dhcpcsvc6.DLL 75% (12/16) vs. 4% (470/12663) api-ms-win-downlevel-shell32-l1-1-0.dll 100% (16/16) vs. 36% (4543/12663) comdlg32.dll 100% (16/16) vs. 39% (4911/12663) xmllite.dll 75% (12/16) vs. 15% (1863/12663) api-ms-win-downlevel-advapi32-l2-1-0.dll 69% (11/16) vs. 9% (1113/12663) IconCodecService.dll 75% (12/16) vs. 16% (1971/12663) api-ms-win-downlevel-shlwapi-l2-1-0.dll 63% (10/16) vs. 3% (405/12663) credssp.dll 75% (12/16) vs. 17% (2143/12663) api-ms-win-downlevel-ole32-l1-1-0.dll 75% (12/16) vs. 17% (2214/12663) api-ms-win-downlevel-normaliz-l1-1-0.dll 75% (12/16) vs. 17% (2214/12663) api-ms-win-downlevel-version-l1-1-0.dll 75% (12/16) vs. 17% (2214/12663) api-ms-win-downlevel-user32-l1-1-0.dll 75% (12/16) vs. 18% (2221/12663) api-ms-win-downlevel-shlwapi-l1-1-0.dll 75% (12/16) vs. 18% (2222/12663) api-ms-win-downlevel-advapi32-l1-1-0.dll 63% (10/16) vs. 5% (652/12663) d3d10_1.dll 63% (10/16) vs. 5% (652/12663) d3d10_1core.dll 56% (9/16) vs. 0% (13/12663) IPSENG32.DLL 100% (16/16) vs. 44% (5605/12663) wship6.dll 56% (9/16) vs. 1% (69/12663) ccL120U.dll 56% (9/16) vs. 1% (84/12663) ccIPC.dll 56% (9/16) vs. 1% (84/12663) ccVrTrst.dll 56% (9/16) vs. 1% (109/12663) sysfer.dll 56% (9/16) vs. 1% (175/12663) EFACli.dll 100% (16/16) vs. 46% (5859/12663) apphelp.dll 100% (16/16) vs. 47% (5903/12663) d2d1.dll 100% (16/16) vs. 47% (5952/12663) RpcRtRemote.dll 69% (11/16) vs. 16% (2080/12663) igdusc32.dll 100% (16/16) vs. 48% (6097/12663) secur32.dll 69% (11/16) vs. 17% (2163/12663) igd10iumd32.dll 100% (16/16) vs. 48% (6121/12663) cscapi.dll 100% (16/16) vs. 49% (6190/12663) linkinfo.dll 100% (16/16) vs. 50% (6296/12663) ntshrui.dll 100% (16/16) vs. 50% (6355/12663) dui70.dll 100% (16/16) vs. 50% (6366/12663) duser.dll 100% (16/16) vs. 51% (6395/12663) ntdsapi.dll 69% (11/16) vs. 19% (2450/12663) ncrypt.dll 56% (9/16) vs. 7% (914/12663) msvcp100.dll 56% (9/16) vs. 8% (982/12663) msvcr100.dll 100% (16/16) vs. 52% (6583/12663) srvcli.dll 94% (15/16) vs. 46% (5850/12663) normaliz.dll 100% (16/16) vs. 53% (6758/12663) msmpeg2adec.dll 100% (16/16) vs. 54% (6785/12663) slc.dll 50% (8/16) vs. 4% (461/12663) PhotoMetadataHandler.dll 100% (16/16) vs. 57% (7155/12663) explorerframe.dll 100% (16/16) vs. 57% (7269/12663) FWPUCLNT.DLL 100% (16/16) vs. 58% (7293/12663) d3d11.dll 100% (16/16) vs. 59% (7410/12663) WSHTCPIP.DLL 100% (16/16) vs. 60% (7637/12663) ksuser.dll 100% (16/16) vs. 61% (7702/12663) dxgi.dll 100% (16/16) vs. 61% (7729/12663) Wldap32.dll 100% (16/16) vs. 62% (7913/12663) fastprox.dll 100% (16/16) vs. 63% (7920/12663) wbemsvc.dll 100% (16/16) vs. 63% (7930/12663) wbemcomn.dll 100% (16/16) vs. 63% (7944/12663) wbemprox.dll 38% (6/16) vs. 1% (122/12663) cscobj.dll 100% (16/16) vs. 64% (8063/12663) nssckbi.dll 38% (6/16) vs. 1% (160/12663) windowscodecsext.dll 100% (16/16) vs. 64% (8112/12663) nssdbm3.dll 100% (16/16) vs. 65% (8189/12663) netutils.dll 100% (16/16) vs. 65% (8194/12663) atl.dll 100% (16/16) vs. 65% (8259/12663) wevtapi.dll 100% (16/16) vs. 66% (8383/12663) dhcpcsvc.dll 100% (16/16) vs. 67% (8455/12663) rasadhlp.dll 100% (16/16) vs. 67% (8457/12663) DWrite.dll 56% (9/16) vs. 23% (2971/12663) wshbth.dll 100% (16/16) vs. 68% (8632/12663) samcli.dll 100% (16/16) vs. 69% (8704/12663) lpk.dll 100% (16/16) vs. 69% (8727/12663) samlib.dll 100% (16/16) vs. 71% (8959/12663) dbghelp.dll 100% (16/16) vs. 72% (9079/12663) avrt.dll 100% (16/16) vs. 72% (9081/12663) Wpc.dll 100% (16/16) vs. 72% (9136/12663) cryptsp.dll 31% (5/16) vs. 4% (470/12663) ATL90.dll 100% (16/16) vs. 73% (9182/12663) msmpeg2vdec.dll 100% (16/16) vs. 73% (9279/12663) iertutil.dll 100% (16/16) vs. 73% (9294/12663) evr.dll 100% (16/16) vs. 73% (9295/12663) mf.dll 100% (16/16) vs. 74% (9332/12663) dxva2.dll 31% (5/16) vs. 6% (719/12663) msvcp90.dll 25% (4/16) vs. 0% (5/12663) CNAB5SMK.DLL 25% (4/16) vs. 0% (5/12663) CNAB5MUI.DLL 25% (4/16) vs. 0% (5/12663) CNAB5M.DLL 100% (16/16) vs. 75% (9525/12663) winsta.dll 100% (16/16) vs. 75% (9547/12663) wininet.dll 31% (5/16) vs. 7% (857/12663) msvcr90.dll 100% (16/16) vs. 76% (9602/12663) bcrypt.dll 100% (16/16) vs. 77% (9737/12663) pnrpnsp.dll 100% (16/16) vs. 77% (9755/12663) nlaapi.dll 100% (16/16) vs. 77% (9762/12663) NapiNSP.dll 25% (4/16) vs. 3% (319/12663) D3Dx10_40.dll 100% (16/16) vs. 78% (9864/12663) CRYPTBASE.dll 100% (16/16) vs. 78% (9877/12663) mfplat.dll 100% (16/16) vs. 78% (9878/12663) rsaenh.dll 100% (16/16) vs. 78% (9884/12663) mozavutil.dll 100% (16/16) vs. 78% (9884/12663) mozavcodec.dll 100% (16/16) vs. 79% (10045/12663) sspicli.dll 100% (16/16) vs. 80% (10162/12663) winnsi.dll 100% (16/16) vs. 81% (10203/12663) api-ms-win-core-timezone-l1-1-0.dll 100% (16/16) vs. 81% (10203/12663) api-ms-win-core-synch-l1-2-0.dll 100% (16/16) vs. 81% (10203/12663) api-ms-win-core-localization-l1-2-0.dll 100% (16/16) vs. 81% (10203/12663) api-ms-win-core-processthreads-l1-1-1.dll 100% (16/16) vs. 81% (10203/12663) api-ms-win-core-file-l1-2-0.dll 100% (16/16) vs. 81% (10203/12663) api-ms-win-core-file-l2-1-0.dll 100% (16/16) vs. 81% (10237/12663) MMDevAPI.dll 100% (16/16) vs. 82% (10360/12663) powrprof.dll 100% (16/16) vs. 82% (10379/12663) softokn3.dll 25% (4/16) vs. 7% (942/12663) bcryptprimitives.dll 100% (16/16) vs. 83% (10461/12663) profapi.dll 100% (16/16) vs. 83% (10473/12663) propsys.dll 100% (16/16) vs. 83% (10474/12663) nsi.dll 19% (3/16) vs. 2% (248/12663) msiltcfg.dll 100% (16/16) vs. 83% (10549/12663) freebl3.dll 100% (16/16) vs. 83% (10551/12663) devobj.dll 100% (16/16) vs. 84% (10577/12663) sechost.dll 100% (16/16) vs. 84% (10577/12663) KERNELBASE.dll 19% (3/16) vs. 2% (301/12663) prnfldr.dll 94% (15/16) vs. 78% (9815/12663) AudioSes.dll 100% (16/16) vs. 84% (10624/12663) cfgmgr32.dll 100% (16/16) vs. 84% (10692/12663) IPHLPAPI.DLL 100% (16/16) vs. 84% (10693/12663) dwmapi.dll 19% (3/16) vs. 4% (484/12663) OFFICE.ODF 19% (3/16) vs. 4% (562/12663) sfc.dll 100% (16/16) vs. 86% (10951/12663) msctf.dll 25% (4/16) vs. 12% (1480/12663) igd10umd32.dll 19% (3/16) vs. 6% (778/12663) sfc_os.dll 19% (3/16) vs. 6% (793/12663) GROOVEEX.DLL 13% (2/16) vs. 0% (4/12663) hpc3r117.dll 13% (2/16) vs. 0% (4/12663) hpc6r117.DLL 13% (2/16) vs. 0% (4/12663) hpcbr117.dll 13% (2/16) vs. 0% (5/12663) TdmIconOverlay.dll 13% (2/16) vs. 0% (6/12663) hpmdp117.dll 19% (3/16) vs. 6% (810/12663) GrooveIntlResource.dll 13% (2/16) vs. 0% (30/12663) TmUmEvt.dll 13% (2/16) vs. 0% (30/12663) tmmon.dll 13% (2/16) vs. 0% (46/12663) unidrvui.dll 13% (2/16) vs. 0% (50/12663) UNIDRV.DLL 13% (2/16) vs. 1% (80/12663) UIAutomationCore.dll 19% (3/16) vs. 7% (923/12663) msi.dll 100% (16/16) vs. 89% (11305/12663) comctl32.dll 13% (2/16) vs. 3% (368/12663) mlang.dll 13% (2/16) vs. 4% (479/12663) netprofm.dll 19% (3/16) vs. 10% (1306/12663) activeds.dll 19% (3/16) vs. 10% (1306/12663) adsldpc.dll 100% (16/16) vs. 92% (11626/12663) winrnr.dll 13% (2/16) vs. 5% (600/12663) devrtl.dll 100% (16/16) vs. 93% (11725/12663) browsercomps.dll 13% (2/16) vs. 5% (649/12663) WLIDNSP.DLL 100% (16/16) vs. 93% (11778/12663) ntmarta.dll 100% (16/16) vs. 93% (11797/12663) firefox.exe 100% (16/16) vs. 94% (11865/12663) dnsapi.dll 6% (1/16) vs. 0% (1/12663) CNAB5809.DLL 6% (1/16) vs. 0% (8/12663) kerberos.dll 6% (1/16) vs. 0% (8/12663) dfshim.dll 6% (1/16) vs. 0% (9/12663) adsldp.dll 6% (1/16) vs. 0% (11/12663) logoncli.dll 6% (1/16) vs. 0% (13/12663) MSVCR120_CLR0400.dll 6% (1/16) vs. 0% (14/12663) netmsg.dll 6% (1/16) vs. 0% (18/12663) clr.dll 100% (16/16) vs. 94% (11893/12663) mswsock.dll 6% (1/16) vs. 0% (22/12663) mscoreei.dll 6% (1/16) vs. 0% (22/12663) mscoree.dll 6% (1/16) vs. 0% (43/12663) lpxpcom.dll 6% (1/16) vs. 0% (45/12663) MSOHEVI.DLL 6% (1/16) vs. 1% (79/12663) msxml5.dll 100% (16/16) vs. 95% (11983/12663) psapi.dll 25% (4/16) vs. 20% (2492/12663) oleacc.dll
Keywords: sec-high, testcase-wanted
aklotz, any chance this might be related to the a11y refactoring you're doing? I know that touches OLE a lot.
Flags: needinfo?(aklotz)
When I look at the stack in a debugger, I see: <snip> ole32!COIDTable::ThreadCleanup+0xcb ole32!FinishShutdown+0x9d ole32!ApartmentUninitialize+0x96 ole32!wCoUninitialize+0x153 ole32!CoUninitialize+0x72 fundisc!CNotificationQueue::ThreadProc+0x31b kernel32!BaseThreadInitThunk+0xe ntdll!__RtlUserThreadStart+0x70 ntdll!_RtlUserThreadStart+0x1b Which is the same signature as bug 1294903. Between that and looking at the correlations that show 100% occurrence on Windows 7, I'd say that NotifyInitializeSpies is an additional crash signature for that same bug.
Flags: needinfo?(aklotz)
Group: firefox-core-security
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Crash volume for signature 'NotifyInitializeSpies': - nightly (version 52): 14 crashes from 2016-09-19. - aurora (version 51): 225 crashes from 2016-09-19. - beta (version 50): 343 crashes from 2016-09-20. - release (version 49): 3 crashes from 2016-09-05. - esr (version 45): 1 crash from 2016-07-25. Crash volume on the last weeks (Week N is from 10-17 to 10-23): W. N-1 W. N-2 W. N-3 W. N-4 - nightly 0 4 10 0 - aurora 102 55 39 2 - beta 6 39 260 34 - release 1 0 1 0 - esr 0 0 0 0 Affected platform: Windows Crash rank on the last 7 days: Browser Content Plugin - nightly - aurora #8 - beta #1664 - release #11568 - esr
status-firefox49: --- → affected
status-firefox52: --- → affected
status-firefox-esr45: --- → affected
You need to log in before you can comment on or make changes to this bug.