Closed
Bug 538998
Opened 15 years ago
Closed 8 years ago
Spike in crashes [@ WSAStartup ] in early Jan 2010
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: chofmann, Unassigned)
References
Details
(Keywords: crash, Whiteboard: [crashkill][crashkill-thirdparty][crashkill-outreach][explosive])
Crash Data
early reports from 3.6 rc1 show this as the #10 top crash http://crash-stats.mozilla.com/report/index/d371a460-3506-41ed-a883-001792100110 Frame Module Signature [Expand] Source 0 @0x11a1626 1 ws2_32.dll WSAStartup all reports are within seconds of startup. and we are seeing a flood of these across all releases with a big ramp up on 2010 01 10 checking --- 20100110-crashdata.csv WSAStartup release total-crashes WSAStartup crashes pct. all 215352 3763 0.0174737 3.0.15 1958 34 0.0173647 3.0.16 4940 85 0.0172065 3.5.5 5270 53 0.0100569 3.5.6 16510 186 0.0112659 3.6 10425 192 0.0184173 3.6b5 14884 64 0.00429992 3.6b4 1505 0 3.6b3 721 0 3.6b2 729 0 3.6b1 2102 18 0.00856327 date WSAStartupcrashes 20100101-crashdata 0 WSAStartup 20100102-crashdata 0 WSAStartup 20100103-crashdata 0 WSAStartup 20100104-crashdata 0 WSAStartup 20100105-crashdata 60 WSAStartup 20100106-crashdata 115 WSAStartup 20100107-crashdata 100 WSAStartup 20100108-crashdata 94 WSAStartup 20100109-crashdata 115 WSAStartup 20100110-crashdata 3763 WSAStartup
|
Reporter | |
Comment 1•15 years ago
|
||
os breakdown 2037 0.541323 Windows NT5.1.2600 Service Pack 3 1234 0.32793 Windows NT5.1.2600 Service Pack 2 196 0.0520861 Windows NT6.0.6001 Service Pack 1 151 0.0401276 Windows NT6.0.6002 Service Pack 2 73 0.0193994 Windows NT6.0.6000 54 0.0143503 Windows NT5.1.2600 Service Pack 1 9 0.00239171 Windows NT5.1.2600 Service Pack 3, v.5857 8 0.00212596 Windows NT5.1.2600 1 0.000265745 Windows NT5.1.2600 Service Pack 3, v.3264
|
|
Reporter | |
Updated•15 years ago
|
Summary: Firefox 3.6 Crash Report [@ WSAStartup ] → Spike in crashes [@ WSAStartup ] in early Jan 2010
|
|
Reporter | |
Comment 2•15 years ago
|
||
no urls reported and the big upswing seems to have started at 1pm pacific time yesterday with 599 crash reports in that hour. hourly frequency of reports 10 2010011001 4 2010011002 9 2010011003 6 2010011004 12 2010011005 4 2010011006 9 2010011007 3 2010011008 9 2010011009 4 2010011010 12 2010011011 5 2010011012 599 2010011013 455 2010011014 368 2010011015 494 2010011016 351 2010011017 311 2010011018 206 2010011019 158 2010011020 101 2010011021 292 2010011022 341 2010011023
|
|
Reporter | |
Updated•15 years ago
|
Whiteboard: [crashkill][crashkill-thirdparty][crashkill-outreach][explosive]
|
|
Reporter | |
Comment 3•15 years ago
|
||
3.5.7 correlation report from 2010 01 11 shows
WSAStartup|EXCEPTION_ACCESS_VIOLATION (2107 crashes)
90% (1898/2107) vs. 74% (64614/87631) ws2help.dll
99% (2090/2107) vs. 91% (79341/87631) wininet.dll
72% (1517/2107) vs. 67% (58507/87631) normaliz.dll
but just scanning some random reports a few instances of H8SRT malware shows up
here is a sample.
http://crash-stats.mozilla.com/report/index/fe4abdd7-0050-447f-b862-ffb022100110
ws2_32.dll 5.1.2600.21801
http://crash-stats.mozilla.com/report/index/fe3034e5-8724-4fc8-a86c-fb8b62100110
ws2_32.dll 6.0.6001.180001
http://crash-stats.mozilla.com/report/index/fe2213d0-93eb-41ce-b98c-0e7ff2100110
H8SRTqmgdikjoot.dll
ws2_32.dll 5.1.2600.55121
http://crash-stats.mozilla.com/report/index/fe12187e-4f27-4bc6-8a66-5d36f2100110
ws2_32.dll 6.0.6001.180001
http://crash-stats.mozilla.com/report/index/fdea125b-11eb-4363-bcf2-f73d92100110
H8SRTfubvpiexjh.dll
ws2_32.dll 5.1.2600.21801
http://crash-stats.mozilla.com/report/index/fde288e0-3db2-4706-88a0-43fd72100110
H8SRTxsapbvvxqq.dll
ws2_32.dll 6.0.6001.180001
http://crash-stats.mozilla.com/report/index/fdde3e84-54a6-42c2-ae26-4a6d32100110
ws2_32.dll 5.1.2600.55121
http://crash-stats.mozilla.com/report/index/fdd921b7-703d-42d5-8d86-05deb2100110
H8SRTcyftodxobx.dll
ws2_32.dll 5.1.2600.21801
http://crash-stats.mozilla.com/report/index/fdd859ed-ed7b-498e-b4af-9806d2100110
ws2_32.dll 5.1.2600.55121
http://crash-stats.mozilla.com/report/index/fd9028b9-3216-4e6b-85b3-c3cec2100110
H8SRTunbmlidujy.dll
ws2_32.dll 5.1.2600.21801
http://crash-stats.mozilla.com/report/index/fd8caaba-edf7-4900-9885-551322100110
ws2_32.dll 5.1.2600.55121
http://crash-stats.mozilla.com/report/index/fd896616-280d-45f2-804c-daf8e2100110
H8SRTjymeaufurv.dll
ws2_32.dll 5.1.2600.55121|
|
Reporter | |
Comment 4•15 years ago
|
||
there are a few places where we seem to call this windows library in nspr, and in an ogg player test program. http://mxr.mozilla.org/mozilla1.9.2/search?string=WSAStartup /nsprpub/pr/src/md/windows/ntio.c (View Hg log or Hg annotations) * line 879 -- err = WSAStartup( WSAVersion, &WSAData ); /nsprpub/pr/src/md/windows/w95io.c (View Hg log or Hg annotations) * line 283 -- err = WSAStartup( WSAVersion, &WSAData ); /media/liboggplay/src/liboggplay/oggplay_tcp_reader.c (View Hg log or Hg annotations) * line 128 -- if (WSAStartup(wVersionRequested, &wsaData) == -1) {
WSAStartup initializes WinSock/Networking; I'd assume LSPs get initialized underneath this call.
yep. this should be yet another instance of LSP malware/badware/bugware. I have a patch which will let us seal off all of this gunk for at least 3 months (until the badware gets more aggressive which will be really fun).
|
||
Comment 7•13 years ago
|
||
http://test.kairo.at/socorro/2011-06-23.firefox.4.0.explosiveness.html shows a small spike in crashes in this signature showing up in recent 4.0 data.
|
||
Updated•13 years ago
|
Crash Signature: [@ WSAStartup ]
|
||
Comment 8•8 years ago
|
||
bp-7e4d67af-231a-408f-8f0f-7293f2160608 is only Thunderbird crash in 2.5 months. Whatever this is, it's rare and not enough info to be actionable
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•