Closed Bug 530989 Opened 16 years ago Closed 16 years ago

crashes [@ NPSWF32.dll@0x136a29] (in Flash 10.0.32.18), many on yoville facebook app

Categories

(Core Graveyard :: Plug-ins, defect)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(status1.9.2 beta5-fixed)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
status1.9.2 --- beta5-fixed

People

(Reporter: dbaron, Unassigned)

References

Details

(Keywords: crash, topcrash, verified1.9.2, Whiteboard: [crashkill][#1 Firefox 3.6b4 topcrash])

Crash Data

The #2 topcrash in 3.6b3 (and likely to be #1 in 3.6b4) is crashes at NPSWF32.dll@0x136a29 . That dll offset is an offset into Flash 10.0.32.18, which is the current released flash version. The crashes are not on the main thread, although it's not uncommon for flash to be on the stack on the main thread as well. The most common URLs are: 44 http://apps.facebook.com/yoville/index.php?bypass_reminder=1 19 12 http://apps.facebook.com/yoville/index.php?poe=1 10 http://apps.facebook.com/yoville/index.php?sgskip=1&bypass_reminder=1 These crashes do not seem to be present in any significant numbers in 3.5.* (there are a very small number), but they're extremely common in 3.6 betas. (Of the ones that are on 3.5.5, none of the URLs are yoville.)
Flags: blocking1.9.2?
We see more total crashes with "yoville" in the URL field on 3.6b3 than we do on 3.5.5.
Signature NPSWF32.dll@0x136a29 UUID 8fd54e19-9f6a-442c-8488-c872c2091124 Time 2009-11-24 21:57:59.759432 Uptime 5946 Last Crash 5948 seconds before submission Product Firefox Version 3.6b3 Build ID 20091115182845 Branch 1.9.2 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 11 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x180c301c User Comments The browser just keeps crashing constantly on this entire website all the time. Processor Notes Related Bugs Crashing Thread Frame Module Signature [Expand] Source 0 NPSWF32.dll NPSWF32.dll@0x136a29 1 winmm.dll TimerCompletion 2 winmm.dll timeThread 3 kernel32.dll BaseThreadInitThunk 4 ntdll.dll __RtlUserThreadStart 5 ntdll.dll _RtlUserThreadStart NPSWF32.dll 10.0.32.18 C569605C15E5448BBFD9E1FE262649B61 NPSWF32.pdb
Assignee: nobody → msintov
Severity: normal → critical
Timeless: please don't assign release-blocking bugs to people without their consent (or, really, any bugs). Also, can you explain why this didn't happen in 3.5?
Assignee: msintov → nobody
I don't have to. Signature NPSWF32.dll@0x136a29 UUID d6459674-1338-43c0-b11b-52ca72091125 Time 2009-11-25 07:54:59.28426 Uptime 217 Last Crash 2269 seconds before submission Product Firefox Version 3.5.5 Build ID 20091102152451 Branch 1.9.1 OS Windows NT OS Version 5.1.2600 Service Pack 3 CPU x86 CPU Info GenuineIntel family 15 model 4 stepping 1 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x101c User Comments Processor Notes Related Bugs OPEN * 530989 NEW crashes [@ NPSWF32.dll@0x136a29] (in Flash 10.0.32.18) in Firefox 3.6 betas, many on yoville facebook app Crashing Thread Frame Module Signature [Expand] Source 0 NPSWF32.dll NPSWF32.dll@0x136a29 1 winmm.dll TimerCompletion 2 winmm.dll timeThread 3 kernel32.dll BaseThreadStart NPSWF32.dll 10.0.32.18 C569605C15E5448BBFD9E1FE262649B61 NPSWF32.pdb
Summary: crashes [@ NPSWF32.dll@0x136a29] (in Flash 10.0.32.18) in Firefox 3.6 betas, many on yoville facebook app → crashes [@ NPSWF32.dll@0x136a29] (in Flash 10.0.32.18), many on yoville facebook app
Timeless, you know that a crash in one module doesn't mean that module alone, or at all, is to blame. If the same Flash plugin crashes on 3.6 and not on 3.5, that suggests a bug in Mozilla code. It could still be a Flash bug; it could be a pair of bugs cooperating to bite. But we should look to our own code first. /be
brendan: sure, but this was an existence proof: > Also, can you explain why this didn't happen in 3.5? It crashes at the same address with the same stack in 3.5.5 with the same plugin version -- see the rest of comment 5. Crashes from Flash generally will change as Flash authors write new applets or update/enhance old ones. They'll tickle some previously unknown crash and won't necessarily immediately discover that their swf is crashing the flash runtime. Offhand, it sounds like it's audio related. - My w32 is incredibly rusty. Most likely the yoville people changed something audioish in their flash which happens to exercise some interesting bit of Flash code. The Flash team will figure this out. From our side, we can basically move plugins out of process and let Flash crash on its own.
Sure, there were crashes at that address in 3.5.5; I know that. But, as I said in comment 0, there are *more* in 3.6b3, with many fewer users. That's a regression. (And that statistic works both for crashes-at-this-signature and crashes-with-"yoville"-in-the-URL, IIRC.)
(In reply to comment #7) > Most likely the yoville people changed something audioish in their flash which > happens to exercise some interesting bit of Flash code. The Flash team will > figure this out. No, because then we'd see the crashes in 3.5.5 as well. I'm comparing crashes in 3.5.5 vs. 3.6b3 on the same day. > From our side, we can basically move plugins out of process and let Flash crash > on its own. You know quite well that (a) we're already working on that and (b) there's no way we can do that for 3.6. Please stop dragging this bug into covering other things than what it was filed about.
Or, in other words, compare the ratios of the numbers in the following two matrices: Firefox 3.6b3 crashes on 2009-11-24 (unthrottled): Crashes at all Crashes at signatures NPSWF32.dll@0x136a29 Crashes at any URL: 14927 515 Crashes with "yoville" in URL: 82 54 Firefox 3.5.3 crashes on 2009-11-24 (throttled): Crashes at all Crashes at signatures NPSWF32.dll@0x136a29 Crashes at any URL: 119703 5 Crashes with "yoville" in URL: 129 0
It would be useful to get steps to reproduce here. Then we could: * bisect to figure out when the problem started on the Mozilla side * probably have a better chance of getting help from Adobe
Keywords: qawanted
Whiteboard: [crashkill]
Whiteboard: [crashkill] → [crashkill][#1 Firefox 3.6b4 topcrash]
chofmann, can i get a list for testing ? :)
the high frequency sites seem to involve interaction. here is a pretty good list that didn't require sanitization. the high about:blank count might indicate leaving the page as part of the steps we should try. 695 http://apps.facebook.com/yoville/index.php?bypass_reminder=1 597 \N 198 http://apps.facebook.com/yoville/index.php?sgskip=1&bypass_reminder=1 134 about:blank 126 http://combatarms.nexon.net/ 104 http://www.ustream.tv/discovery/live/sports 65 http://profile.myspace.com/Modules/Applications/Pages/Canvas.aspx?appId=111238 62 http://www.ustream.tv/discovery/live/all 49 http://www.ustream.tv/ 48 http://dungeonfighter.nexon.net/ 41 34 http://www.baixaki.com.br/site/dwnld4866.htm 33 http://www.baixaki.com.br/site/dwnld41034.htm 28 http://www.baixaki.com.br/site/dwnld2657.htm 28 http://passport.nexon.net/Login.aspx 23 http://www.tagged.com/yoville.html 22 http://www.emulinhabrasil.xpg.com.br/ 21 http://www.ustream.tv/discovery/live/entertainment 21 http://www.baixaki.com.br/site/dwnld5576.htm 20 http://www.baixaki.com.br/site/dwnld42942.htm 19 http://www.orkut.com.br/Main#Home 19 http://www.ebay.com/ 19 http://www.baixaki.com.br/site/dwnld33061.htm 19 http://apps.facebook.com/onthefarm/index.php?ref=tab 18 http://www.youtube.com/ 18 http://www.winamp.com/player/download/en-us 18 http://www.narutowire.com/ 17 http://www.pingtest.net/ 17 http://stagevu.com/videos/Films_and_Movies 17 http://home.myspace.com/index.cfm?fuseaction=user 16 http://www.renren.com/SysHome.do 16 http://www.baixaki.com.br/site/dwnld37053.htm 16 http://m.www.yahoo.com/ 16 http://apps.facebook.com/yoville/index.php?src=xpromo&aff=zbar&crt=mafiawars 16 http://apps.facebook.com/cafeworld/?ref=bookmark 16 http://abc.go.com/watch/v/240273/241139/there-is-no-normal-anymore 15 http://www.chip.de/ 14 http://www.boygeniusreport.com/ 14 http://thereifixedit.com/ 14 http://abc.go.com/watch/v/240273/241852/a-bright-new-day 13 http://www.ustream.tv/discovery/live/gaming 13 http://www.ulla.com/u/CHAT/webstart.php 13 http://www.touslesdrivers.com/index.php?v_page=30&v_forum=0
Flags: blocking1.9.2? → blocking1.9.2+
Blocks: 532114
for some reason this signature has really jumped on 3.6b4. in previous beta's it was making up around 1-2% of all crashes, but now its making up about 4% of all crashes. here is a snapshot of 2009-11-30 release total-crashes NPSWF32.dll@0x136a29-crashes pct. total 233706 822 0.00351724 fx3015 50334 1 1.98673e-05 fx355 122547 3 2.44804e-05 *fx36b4*16576 695 *0.0419281* fx36b3 2703 59 0.0218276 fx36b2 1193 18 0.015088 fx36b1 2776 39 0.014049
Is crash-per-user up, or did this get higher because we fixed other crashes so it became a greater percentage without changing frequency?
I can reproduce this 100% on my Win Vista Lab machine by loading http://www.ulla.com/u/CHAT/webstart.php and clicking around a few times. I am using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2b5pre) Gecko/20091201 Namoroka/3.6b5pre (.NET CLR 3.5.30729).
jst asked me to test this using Beta 2 to see if I was able to reproduce the crash - using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2b2) Gecko/20091108 Firefox/3.6b2 (.NET CLR 3.5.30729) I crash loading the site in Comment 16, but the crash report shows something different at the top of the stack: [@RtlDeleteCriticalSection ] http://crash-stats.mozilla.com/report/index/bp-fcca692c-5ad2-41ab-baae-8a06d2091201 is my report. http://tinyurl.com/y8dfe72 is the link to the crashes in [@RtlDeleteCriticalSection ] in beta 4.
Just to clarify you don't have actually do anything but load the site and wait - no clicking is required to reproduce the bug. I also forgot to add the lab machine is running 64 bit Win Vista. Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2b1) Gecko/20091019 Firefox/3.6b1 (.NET CLR 3.5.30729) crashes in the same stack as Comment 17 loading the site: http://crash-stats.mozilla.com/report/index/2d088844-9b86-474e-8e79-ca4ea2091201 is the report. I also tested this on Windows 7 64 bit and it crashes using the latest Namoroka nightly, but with the latest version of flash on the labs.adobe.com site -> 10.1.51.45.
Using the same machine as in Comments 17 and 18, I installed the Alpha 1 - Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2a1) Gecko/20090806 Namoroka/3.6a1 (.NET CLR 3.5.30729). The site does not crash using Alpha 1, so I guess that narrows the window down to between Alpha and Beta 1.
(In reply to comment #15) > Is crash-per-user up, or did this get higher because we fixed other crashes so > it became a greater percentage without changing frequency? overall crash volume, and crashes per 100 users is up on beta4 https://wiki.mozilla.org/CrashKill/Crashr#Release_3.6b4 trying to sort out possible reasons for that in bug 532114 looks like this bug could be a contributor, along with a changing dynamic in the make up of the beta tester pool and content that they might be hitting.
Sorry, yeah, I meant "is this-crash-times-per-user up?"
I worked on trying to isolate the regression range: 20091005->Works 20091006->Crash Bug 520295 seems to be the only bug in that range that involved plugins in some way. chofmann wanted me to do a screencast of the site, but I think if you load http://www.ulla.com/u/CHAT/webstart.php you can see that the page continually keeps reloading, and the crash happens after about the 4th reload.
(In reply to comment #22) > 20091005->Works > 20091006->Crash Are those mozilla-central builds or mozilla-1.9.2 builds? (Getting a regression range for both mozilla-central and mozilla-1.9.2 might narrow things down further.) Shortly, I'll see if I can repro using your steps.
(In reply to comment #17) > jst asked me to test this using Beta 2 to see if I was able to reproduce the > crash - using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2b2) > Gecko/20091108 Firefox/3.6b2 (.NET CLR 3.5.30729) I crash loading the site in > Comment 16, but the crash report shows something different at the top of the > stack: [@RtlDeleteCriticalSection ] > > http://crash-stats.mozilla.com/report/index/bp-fcca692c-5ad2-41ab-baae-8a06d2091201 > is my report. Based on that, it looks like you're hitting bug 520639 then, which we also needed steps to reproduce for! :)
I was using 1.9.2 builds for the regression range in Comment 22. So it sounds as if I am hitting a different bug then according to Comment 24?
(In reply to comment #22) > I worked on trying to isolate the regression range: > > 20091005->Works > 20091006->Crash > > Bug 520295 seems to be the only bug in that range that involved plugins in some > way. I'm fairly sure that the checkin in that date range on 1.9.2 that "caused" the bug that Marcia hit here was the one for bug 514327, not 520295. In reality this problem has been around for a long time, it was just made significantly worse by bug 514327.
jst suggested to me that the fix for bug 520639 may have fixed this, and we haven't seen any of these crashes yet in today's builds, so it may well have.
I am no longer able to reproduce this using Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b5pre) Gecko/20091204 Namoroka/3.6b5pre and loading the site in Comment 16. To be thorough I also checked the Win Vista and Win XP latest nightlies and received the same result. Adding verified 1.9.2 keyword to this bug and removing qawanted.
Keywords: qawantedverified1.9.2
Marking fixed (fixed by the fix for bug 520639).
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
I am using the latest Shiretoko release: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7pre) Gecko/20091204 Shiretoko/3.5.7pre (.NET CLR 3.5.30729) and appears I am still being affected by this bug. But no automatic bug report is sent as the browser is not completely crashing, but just using a lot of CPU(40%) and becomes unresponsive on any page which contains a SWF file including youtube.com By disabling the SWF plugin, the browser works fine. Strangly I noticed that Safe-Mode isn't disabling the plugins?! Even if I start in safemode the browser will still become unresponsive with SWF files unless I then go to Addons and disable it manually. Using Shockwave Flash plugin version: 10.0.32.18 During the unresponsive time, examining the Firefox threads with ProcessExplorer shows: NPSWF32.dll+0x14fdda containing NPSWF32.dll+0x14fcfb
I don't see why you think your problem is *this* bug; this bug is about a crash at a particular address in the Flash library (NPSWF32.DLL). It sounds like you may also be having a problem that is related to Flash, but not this problem.
Crash Signature: [@ NPSWF32.dll@0x136a29]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.