Closed Bug 422044 Opened 17 years ago Closed 13 years ago

crash [@ SocketSend ]

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED INCOMPLETE
Tracking Flags:
Tracking Status
firefox7 - ---
firefox8 + ---
firefox9 + ---

People

(Reporter: timeless, Assigned: mcmanus)

References

Details

(Keywords: crash, Whiteboard: startupcrash)

Crash Data

Attachments

(1 file)

SocketSend crash time chart for Fx8 on October 2011
28.22 KB, image/png
Details
This is my guess: http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/nsprpub/pr/src/io/prlayer.c&rev=3.19&mark=538,560,565#535 http://bonsai.mozilla.org/cvsblame.cgi?file=/mozilla/nsprpub/pr/src/io/pripv6.c&rev=3.12&mark=368,370#351 Signature SocketSend UUID d67e137a-ea6d-11dc-9c2e-001a4bd43ed6 Time 2008-03-04 20:36:51-08:00 Uptime 0 Product Firefox Version 3.0b4pre Build ID 2008021607 OS Windows NT OS Version 5.1.2600 Service Pack 2 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 6 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x5 Comments Crashing Thread Frame Signature Source 0 SocketSend mozilla/nsprpub/pr/src/io/prsocket.c:701 1 SocketWrite mozilla/nsprpub/pr/src/io/prsocket.c:714 2 PR_SetPollableEvent mozilla/nsprpub/pr/src/io/prpolevt.c:498 3 nsSocketTransportService::OnDispatchedEvent(nsIThreadInternal*) mozilla/netwerk/base/src/nsSocketTransportService2.cpp:491 4 nsThread::PutEvent(nsIRunnable*) mozilla/xpcom/threads/nsThread.cpp:368 5 nsThread::Dispatch(nsIRunnable*, unsigned int) mozilla/xpcom/threads/nsThread.cpp:406 6 nsSocketTransportService::Dispatch(nsIRunnable*, unsigned int) mozilla/netwerk/base/src/nsSocketTransportService2.cpp:116 7 nsSocketTransport::PostEvent(unsigned int, unsigned int, nsISupports*) mozilla/netwerk/base/src/nsSocketTransport2.cpp:887 8 nsSocketTransport::OpenOutputStream(unsigned int, unsigned int, unsigned int, nsIOutputStream**) mozilla/netwerk/base/src/nsSocketTransport2.cpp:1691 9 nsHttpConnection::CreateTransport() mozilla/netwerk/protocol/http/src/nsHttpConnection.cpp:458 10 nsHttpConnection::Activate(nsAHttpTransaction*, unsigned char) mozilla/netwerk/protocol/http/src/nsHttpConnection.cpp:143 11 nsHttpConnectionMgr::DispatchTransaction(nsHttpConnectionMgr::nsConnectionEntry*, nsAHttpTransaction*, unsigned char, nsHttpConnection*) mozilla/netwerk/protocol/http/src/nsHttpConnectionMgr.cpp:598 12 nsHttpConnectionMgr::ProcessNewTransaction(nsHttpTransaction*) mozilla/netwerk/protocol/http/src/nsHttpConnectionMgr.cpp:729 13 nsHttpConnectionMgr::OnMsgNewTransaction(int, void*) mozilla/netwerk/protocol/http/src/nsHttpConnectionMgr.cpp:757 14 nsHttpConnectionMgr::nsConnEvent::Run() mozilla/netwerk/protocol/http/src/nsHttpConnectionMgr.h:247 15 nsThread::ProcessNextEvent(int, int*) mozilla/xpcom/threads/nsThread.cpp:510 16 NS_ProcessPendingEvents_P(nsIThread*, unsigned int) nsThreadUtils.cpp:183 17 nsSocketTransportService::Run() mozilla/netwerk/base/src/nsSocketTransportService2.cpp:552 18 nsThread::ProcessNextEvent(int, int*) mozilla/xpcom/threads/nsThread.cpp:510 19 NS_ProcessNextEvent_P(nsIThread*, int) nsThreadUtils.cpp:227 20 nsThread::ThreadFunc(void*) mozilla/xpcom/threads/nsThread.cpp:254 21 _PR_NativeRunThread mozilla/nsprpub/pr/src/threads/combined/pruthr.c:436 22 pr_root mozilla/nsprpub/pr/src/md/windows/w95thred.c:122 23 _callthreadstartex threadex.c:348 24 _threadstartex threadex.c:326 25 BaseThreadStart
most crashes look like that, the one exception is this (ssl but ipv6 is still the likely culprit and it's crashing on the same line number) Signature SocketSend UUID 64c980ee-e9f4-11dc-aad5-001a4bd46e84 Time 2008-03-04 06:07:33-08:00 Uptime 0 Product Firefox Version 3.0b4pre Build ID 2008030206 OS Windows NT OS Version 5.1.2600 Service Pack 2 CPU x86 CPU Info GenuineIntel family 15 model 4 stepping 9 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0xb4 Comments Crashing Thread Frame Signature Source 0 SocketSend mozilla/nsprpub/pr/src/io/prsocket.c:701 1 ssl_DefSend mozilla/security/nss/lib/ssl/ssldef.c:128 2 ssl3_SendRecord mozilla/security/nss/lib/ssl/ssl3con.c:2043 3 ssl3_FlushHandshake mozilla/security/nss/lib/ssl/ssl3con.c:2181 4 ssl3_SendClientHello mozilla/security/nss/lib/ssl/ssl3con.c:3736 5 ssl2_BeginClientHandshake mozilla/security/nss/lib/ssl/sslcon.c:3128 6 ssl_Do1stHandshake mozilla/security/nss/lib/ssl/sslsecur.c:151 7 ssl_SecureSend mozilla/security/nss/lib/ssl/sslsecur.c:1152 8 ssl_SecureWrite mozilla/security/nss/lib/ssl/sslsecur.c:1197 9 ssl_Write mozilla/security/nss/lib/ssl/sslsock.c:1472 10 nsSSLThread::Run() mozilla/security/manager/ssl/src/nsSSLThread.cpp:1029
The code in pripv6.c is not used by NSPR pollable events. You can inspect the code in PR_NewPollableEvent and PR_NewTCPSocketPair to verify that: http://lxr.mozilla.org/nspr/source/nsprpub/pr/src/io/prpolevt.c#413 http://lxr.mozilla.org/nspr/source/nsprpub/pr/src/io/prsocket.c#1510 If fd or fd->secret is NULL, we should have crashed inside the _PR_MD_SEND call earlier at prsocket.c line 694: http://lxr.mozilla.org/nspr/source/nsprpub/pr/src/md/windows/w95sock.c#348 This is all I can find out by code inspection in 20 minutes.
Summary: [ipv6?] crash [@ SocketSend] secret is probably null → crash [@ SocketSend]
do you have steps to reproduce the crash?
nope, if it was my crash, i'd have said so :(
small number of crashes in Thunderbird spot check only - crashes all versions of FF. https://crash-stats.mozilla.com/report/list?product=Firefox&build_id=&query_search=signature&query_type=exact&query=SocketSend&date=&range_value=4&range_unit=weeks&process_type=all&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&signature=SocketSend&missing_sig=&page=1 some stacks vary slightly. for example bp-73127b3c-73e6-4ce0-9cf9-88d702100319 v3.6 1 nspr4.dll SocketSend nsprpub/pr/src/io/prsocket.c:681 2 nspr4.dll PR_DestroyLock 3 nspr4.dll SocketWrite nsprpub/pr/src/io/prsocket.c:701 4 xul.dll nsSocketOutputStream::Write netwerk/base/src/nsSocketTransport2.cpp:576 5 xul.dll nsHttpConnection::OnReadSegment netwerk/protocol/http/src/nsHttpConnection.cpp:539 6 xul.dll nsHttpTransaction::ReadRequestSegment netwerk/protocol/http/src/nsHttpTransaction.cpp:433 7 xul.dll nsStringInputStream::ReadSegments xpcom/io/nsStringStream.cpp:276 8 xul.dll nsHttpTransaction::ReadSegments netwerk/protocol/http/src/nsHttpTransaction.cpp:458 versus bp-cae2d311-068b-4538-b51e-e6e262100319 v3.7 1 nspr4.dll SocketSend nsprpub/pr/src/io/prsocket.c:681 2 nspr4.dll PR_DestroyLock 3 xul.dll netwerk/protocol/http/src/nsHttpConnection.cpp:539 4 xul.dll netwerk/protocol/http/src/nsHttpTransaction.cpp:439 5 xul.dll 6 xul.dll nsHttpTransaction::ReadSegments 7 xul.dll nsHttpConnection::OnSocketWritable netwerk/protocol/http/src/nsHttpConnection.cpp:574 does the ipv6 crash need a separate bug? ipv6ToIpv4SocketSendTo bp-032fc788-cc82-4c4c-8cb2-a00002100319 1 nspr4.dll Ipv6ToIpv4SocketSendTo nsprpub/pr/src/io/pripv6.c:157 2 nspr4.dll PR_DestroyLock 3 nspr4.dll SocketWrite nsprpub/pr/src/io/prsocket.c:701 4 xul.dll nsSocketOutputStream::Write netwerk/base/src/nsSocketTransport2.cpp:576 5 xul.dll nsHttpConnection::OnReadSegment netwerk/protocol/http/src/nsHttpConnection.cpp:539 6 xul.dll nsHttpTransaction::ReadRequestSegment netwerk/protocol/http/src/nsHttpTransaction.cpp:433 7 xul.dll nsStringInputStream::ReadSegments xpcom/io/nsStringStream.cpp:276 8 xul.dll nsHttpTransaction::ReadSegments netwerk/protocol/http/src/nsHttpTransaction.cpp:458 9 xul.dll nsStringInputStream::Available xpcom/io/nsStringStream.cpp:250 10 xul.dll nsHttpConnection::OnSocketWritable netwerk/protocol/http/src/nsHttpConnection.cpp:574 11 xul.dll nsHttpConnection::OnOutputStreamReady netwerk/protocol/http/src/nsHttpConnection.cpp:785 12 xul.dll nsSocketOutputStream::OnSocketReady netwerk/base/src/nsSocketTransport2.cpp:515
Status: UNCONFIRMED → NEW
Ever confirmed: true
Firefox 4b8 reproducibly crashes at http://www.microsoft.com/security_essentials/ on this computer.
Bogus stacks. SocketWrite does not call PR_DestroyLock. PR_DestroyLock does not call SocketSend or any variant of it. SocketWrite *DOES* call SocketSend directly. SocketSend calls _PR_MD_SEND, which calls send, not Ipv6ToIpv4SocketSendTo.
nelson: just ignore the PR_DestroyLock frame. We're dealing w/ optimizers here so some things will look funny.
Optimizers often remove expected stack frames. They seldom insert new unexpected stack frames. I don't doubt that the number of stack frames shown is correct. I DO doubt the names shown for the functions for those frames.
It is #15 top crasher in 4.0RC1.
Keywords: topcrash
Crash Signature: [@ SocketSend]
There is a spike from October 12 across all versions and it happens now on startup. It's now #11 top crasher in 7.0.1 over the last 3 days, #2 top crasher in 8.0b3, #11 in 9.0a2. Crashes breakdown as follow on Fx 7: 2011-10-10: 24.254 crashes/1M ADU/day 2011-10-11: 27.764 crashes/1M ADU/day 2011-10-12: 49.651 crashes/1M ADU/day 2011-10-13: 49.286 crashes/1M ADU/day 2011-10-14: 302.373 crashes/1M ADU/day 2011-10-15: 215.301 crashes/1M ADU/day Oct-11 MS patch (http://technet.microsoft.com/en-us/security/bulletin/ms11-oct) contains for Windows: http://technet.microsoft.com/en-us/security/bulletin/ms11-075 http://technet.microsoft.com/en-us/security/bulletin/ms11-076 http://technet.microsoft.com/en-us/security/bulletin/ms11-077 http://technet.microsoft.com/en-us/security/bulletin/ms11-078 http://technet.microsoft.com/en-us/security/bulletin/ms11-081 http://support.microsoft.com/kb/890830
tracking-firefox7: --- → ?
tracking-firefox8: --- → ?
tracking-firefox9: --- → ?
OS: Windows XP → Windows 7
https://crash-stats.mozilla.com/report/list?signature=SocketSend indicates there is still a fair number of crashes happening across all versions.
And it's spiking again. Now topcrash #9 on 7 and #3 on 8 in yesterday's data.
Keywords: needURLs
Here are some URLs from October - seems as if session restore comes up quite a bit, but other than that many are pretty generic: 1481 1261 \N 352 jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 339 http://www.facebook.com/ 292 jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 292 jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 197 jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 168 https://www.facebook.com/login.php?login_attempt=1 159 about:blank 138 http://www.google.com/ 109 http://redirecturls.info/ 88 http://www.fullarticles.net/ 86 http://www.google.de/ 66 http://redirectsite.net/ 59 http://www.searchqu.com/406 57 http://www.yahoo.com/ 42 http://www.google.co.in/ 41 http://www.google.com.br/ 38 jar:file:///C:/Archivos%20de%20programa/Mozilla%20Firefox/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 34 http://www.yandex.ru/ 34 http://www.google.co.id/ 29 http://www.google.ro/ 29 http://redirect.avira.com/redirect.php?lngprod=en&type=av12upgradefromav10free 28 https://www.facebook.com/ 27 http://www.facebook.com/logout.php 26 jar:file:///C:/Program%20Files/Mozilla%20Firefox%204.0%20Beta%2011/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 26 jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox%204.0%20Beta%2011/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 26 http://google.com/ 24 http://www.ukr.net/ 23 http://love.mail.ru/my/messages.phtml 22 http://facebook.com/ 21 http://www.ask.com/?o=15573&l=dis 20 http://search.chatvibes.com/ 19 http://www.seznam.cz/ 18 http://www.youtube.com/ 18 http://www.google.pl/ 17 jar:file:///C:/Arquivos%20de%20programas/Mozilla%20Firefox/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 17 http://www.yahoo.com/?ilc=8 16 http://www.google.com.vn/ 15 jar:file:///C:/Program%20Files/Mozilla%20Firefox%204.0%20Beta%2012/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 15 jar:file:///C:/Arquivos%20de%20programas/Mozilla%20Firefox/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 15 jar:file:///C:/Archivos%20de%20programa/Mozilla%20Firefox/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 15 http://www.searchqu.com/ 15 http://www.google.com.my/ 15 http://start.icq.com/ 15 http://search.imesh.com/ 14 "javascript:""""" 14 http://www.mail.ru/cnt/5087 14 http://www.google.it/ 14 http://www.google.co.th/ 14 http://www.dsebd.org/ 14 http://search.conduit.com/?ctid=CT2233703&SearchSource=13 14 http://id.yahoo.com/ 14 http://google.de/ 13 jar:file:///C:/Program%20Files/Mozilla%20Firefox%204.0%20Beta%2012/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 12 http://www.t-online.de/ 12 http://www.google.lt/ 12 http://www.facebook.com/#!/ 12 http://best-articles.ch/ 11 http://www.google.nl/ 11 http://www.google.bg/ 11 http://id.yahoo.com/fr=mkg031 10 http://www.google.com.ar/ 10 http://vn.yahoo.com/?fr=mkg031 10 http://startsear.ch/?aff=1 9 jar:file:///C:/Program%20Files/Mozilla%20Firefox%204.0%20Beta%209/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 9 jar:file:///C:/Program%20Files/Mozilla%20Firefox%204.0%20Beta%2010/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 9 http://www.postaricles.com/ 9 http://www.google.fr/ 9 http://www.britishcouncil.org/uk/ukraine-teaching-centre-yl-dates-and-fees.htm 9 http://www.ask.com/?l=dis&o=1716&gct=hp 9 http://search.conduit.com/?ctid=CT3031607&SearchSource=13 9 http://google.com.vn/ 9 about:sessionrestore 8 jar:file:///C:/Program%20Files/Mozilla%20Firefox%204.0%20Beta%208/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 8 http://www.redirecturls.info/ 8 http://www.google.com/search?q=fb&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&source=hp&channel=np 8 http://www.facebook.com/?sk=lf 8 http://www.facebook.com/home.php?ref=hp 8 http://www.facebook.com/home.php 8 http://static.ak.facebook.com/common/referer_frame.php 8 http://id-id.facebook.com/ 8 http://google.com.br/ 8 http://firefox.yandex.ru/ 7 jar:file:///C:/Program%20Files/Mozilla%20Firefox%204.0%20Beta%2011/omni.jar!/chrome/browser/content/browser/aboutHome.xhtml 7 jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox%204.0%20Beta%206/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 7 jar:file:///C:/Program%20Files%20(x86)/Mozilla%20Firefox%204.0%20Beta%2012/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 7 jar:file:///C:/Archivos%20de%20programa/Mozilla%20Firefox%204.0%20Beta%207/omni.jar!/chrome/browser/content/browser/aboutSessionRestore.xhtml 7 http://www.google.es/ 7 http://www.google.co.uk/ 7 http://www.google.com.pk/
Keywords: needURLs
This is topcrash #8 on 7, and #3 on both 8 and 9 in yesterday's data. Can we please get some tracking on this?
WTC: are you still working on this bug? Does anyone have a reproducible test case? The URI in comment 6 is not crashing FF 8, at least.
Every I/O crash gets put in NSPR by default. They should be put in Core:Networking by default. Also, we should have separate bugs for separate stack traces.
Assignee: wtc → nobody
Component: NSPR → Networking
OS: Windows 7 → All
Product: NSPR → Core
QA Contact: nspr → networking
Hardware: x86 → All
Version: 4.7.3 → unspecified
What's the next step here? Is this still a concern for FF8?
(In reply to Alex Keybl [:akeybl] from comment #20) > Is this still a concern for FF8? Yes because it's #6 top crasher in 8.0 and #2 in 9.0b3. The SocketWrite crash signature (bug 662330) is #3 top crasher in 10.0a2 and #18 in 11.0a1.
Josh - can you get eyes on this bug or get it split out into bugs with next actions? This is being considered a top crasher.
Assignee: nobody → joshmoz
Brian, what are your thoughts on this one? I thought we had discussed it and you thought it was not our code.
Patrick, can you look into this?
Assignee: joshmoz → mcmanus
Making the crash signature more specific so we can sort out different stacks.
Crash Signature: [@ SocketSend] → [@ SocketSend | SocketWrite | PR_SetPollableEvent | nsSocketTransportService::OnDispatchedEvent(nsIThreadInternal*)]
Summary: crash [@ SocketSend] → crash [@ SocketSend | SocketWrite | PR_SetPollableEvent | nsSocketTransportService::OnDispatchedEvent(nsIThreadInternal*)]
(In reply to Brian Smith (:bsmith) from comment #25) > Making the crash signature more specific so we can sort out different stacks. That's not the way Socorro works. You should take a look at https://crash-analysis.mozilla.com/crash_stacks. If you know there are different stacks under the Socket* signature (I see only two types), file a bug to add SocketSend and SocketWrite to the skiplist: https://wiki.mozilla.org/Breakpad/Skip_List_How_To
Crash Signature: [@ SocketSend | SocketWrite | PR_SetPollableEvent | nsSocketTransportService::OnDispatchedEvent(nsIThreadInternal*)] → [@ SocketSend]
Summary: crash [@ SocketSend | SocketWrite | PR_SetPollableEvent | nsSocketTransportService::OnDispatchedEvent(nsIThreadInternal*)] → crash [@ SocketSend ]
Basically, we always need to have the caller of any/every NSPR/NSS function in the stack trace. I filed bug 716345 and wrote a patch to add basically the entire NSPR and NSS API to the skiplist.
Depends on: 716345
(In reply to Brian Smith (:bsmith) from comment #25) > Making the crash signature more specific so we can sort out different stacks. Is the more specific signature something actually reported in crash-stats? If not, it means that we don't get any crashes from there connected to this bug any more.
So as Kairo said in comment #28, I don't see this signature anymore for anything beyond 9.0. I do see signatures for... SocketWrite - https://bugzilla.mozilla.org/show_bug.cgi?id=662330 PR_SetPollableEvent - https://bugzilla.mozilla.org/show_bug.cgi?id=709847 nsSocketTransportService::OnDispatchedEvent(nsIThreadInternal*) - pretty low volume and not even logged as a bug. None of these are really a top crash. Does this mean this bug should be closed? What should I do with it.
70% of crashes occur within one minute. (In reply to Sheila Mooney from comment #29) > So as Kairo said in comment #28, I don't see this signature anymore for > anything beyond 9.0. The transition from 9.0.1 to 10.0.1 is not yet over, so let's let open it and remove the topcrash keyword. Bug 716345 should help for crashes like this.
Crash Signature: [@ SocketSend] → [@ SocketSend] [@ @0x0 | SocketSend]
Keywords: topcrash
OS: All → Windows XP
Hardware: All → x86
Whiteboard: startupcrash
As SocketSend is now in the skiplist, I close this meta bug as incomplete.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: